checkpoint
This commit is contained in:
39
Gameboard.ShogiUI.Sockets/AnonymousSessionMiddleware.cs
Normal file
39
Gameboard.ShogiUI.Sockets/AnonymousSessionMiddleware.cs
Normal file
@@ -0,0 +1,39 @@
|
|||||||
|
namespace Gameboard.ShogiUI.Sockets
|
||||||
|
{
|
||||||
|
namespace anonymous_session.Middlewares
|
||||||
|
{
|
||||||
|
using Microsoft.AspNetCore.Http;
|
||||||
|
using Microsoft.AspNetCore.Authentication;
|
||||||
|
using System.Security.Claims;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// TODO: Use this example in the guest session logic instead of custom claims.
|
||||||
|
/// </summary>
|
||||||
|
public class AnonymousSessionMiddleware
|
||||||
|
{
|
||||||
|
private readonly RequestDelegate _next;
|
||||||
|
|
||||||
|
public AnonymousSessionMiddleware(RequestDelegate next)
|
||||||
|
{
|
||||||
|
_next = next;
|
||||||
|
}
|
||||||
|
|
||||||
|
public async System.Threading.Tasks.Task InvokeAsync(HttpContext context)
|
||||||
|
{
|
||||||
|
if (!context.User.Identity.IsAuthenticated)
|
||||||
|
{
|
||||||
|
if (string.IsNullOrEmpty(context.User.FindFirstValue(ClaimTypes.Anonymous)))
|
||||||
|
{
|
||||||
|
var claim = new Claim(ClaimTypes.Anonymous, System.Guid.NewGuid().ToString());
|
||||||
|
context.User.AddIdentity(new ClaimsIdentity(new[] { claim }));
|
||||||
|
|
||||||
|
string scheme = Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme;
|
||||||
|
await context.SignInAsync(scheme, context.User, new AuthenticationProperties { IsPersistent = false });
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
await _next(context);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -241,6 +241,21 @@ namespace Gameboard.ShogiUI.Sockets.Controllers
|
|||||||
return Ok();
|
return Ok();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Authorize(Roles = "Admin, Shogi")]
|
||||||
|
[HttpDelete("{gameName}")]
|
||||||
|
public async Task<IActionResult> DeleteSession([FromRoute] string gameName)
|
||||||
|
{
|
||||||
|
var user = await ReadUserOrThrow();
|
||||||
|
if (user.IsAdmin)
|
||||||
|
{
|
||||||
|
return Ok();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return Unauthorized();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private async Task<Models.User> ReadUserOrThrow()
|
private async Task<Models.User> ReadUserOrThrow()
|
||||||
{
|
{
|
||||||
var user = await gameboardManager.ReadUser(User);
|
var user = await gameboardManager.ReadUser(User);
|
||||||
|
|||||||
@@ -37,6 +37,8 @@ namespace Gameboard.ShogiUI.Sockets.Models
|
|||||||
|
|
||||||
public bool IsGuest => LoginPlatform == WhichLoginPlatform.Guest;
|
public bool IsGuest => LoginPlatform == WhichLoginPlatform.Guest;
|
||||||
|
|
||||||
|
public bool IsAdmin => LoginPlatform == WhichLoginPlatform.Microsoft && Id == "Hauth@live.com";
|
||||||
|
|
||||||
public User(string id, string displayName, WhichLoginPlatform platform)
|
public User(string id, string displayName, WhichLoginPlatform platform)
|
||||||
{
|
{
|
||||||
Id = id;
|
Id = id;
|
||||||
|
|||||||
@@ -96,14 +96,33 @@ namespace Gameboard.ShogiUI.Sockets
|
|||||||
|
|
||||||
services.AddSwaggerDocument(config =>
|
services.AddSwaggerDocument(config =>
|
||||||
{
|
{
|
||||||
config.AddSecurity("Bearer", new NSwag.OpenApiSecurityScheme
|
//config.AddSecurity("bearer", Enumerable.Empty<string>(), new NSwag.OpenApiSecurityScheme
|
||||||
|
//{
|
||||||
|
// Type = NSwag.OpenApiSecuritySchemeType.OAuth2,
|
||||||
|
// Flow = NSwag.OpenApiOAuth2Flow.Implicit,
|
||||||
|
// Flows = new NSwag.OpenApiOAuthFlows
|
||||||
|
// {
|
||||||
|
// Implicit = new NSwag.OpenApiOAuthFlow
|
||||||
|
// {
|
||||||
|
// Scopes =
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
//});
|
||||||
|
|
||||||
|
// This just ensures anyone with a microsoft account can make API calls.
|
||||||
|
config.AddSecurity("bearer", new NSwag.OpenApiSecurityScheme
|
||||||
{
|
{
|
||||||
Type = NSwag.OpenApiSecuritySchemeType.OAuth2,
|
Type = NSwag.OpenApiSecuritySchemeType.OAuth2,
|
||||||
Flow = NSwag.OpenApiOAuth2Flow.AccessCode,
|
Flow = NSwag.OpenApiOAuth2Flow.Implicit,
|
||||||
AuthorizationUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
|
AuthorizationUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
|
||||||
TokenUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token",
|
TokenUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token",
|
||||||
Scopes = new Dictionary<string, string> { { "api://c1e94676-cab0-42ba-8b6c-9532b8486fff/access_as_user", "The scope" } },
|
Scopes = new Dictionary<string, string> {
|
||||||
Scheme = "Bearer"
|
{ "api://c1e94676-cab0-42ba-8b6c-9532b8486fff/access_as_user", "The scope" },
|
||||||
|
{ "api://c1e94676-cab0-42ba-8b6c-9532b8486fff/ShogiAdmin", "Admin scope" }
|
||||||
|
},
|
||||||
|
Scheme = "bearer",
|
||||||
|
BearerFormat = "JWT",
|
||||||
|
In = NSwag.OpenApiSecurityApiKeyLocation.Header,
|
||||||
});
|
});
|
||||||
config.PostProcess = document =>
|
config.PostProcess = document =>
|
||||||
{
|
{
|
||||||
@@ -135,7 +154,7 @@ namespace Gameboard.ShogiUI.Sockets
|
|||||||
.WithLogging(
|
.WithLogging(
|
||||||
(level, message, pii) =>
|
(level, message, pii) =>
|
||||||
{
|
{
|
||||||
|
Console.WriteLine(message);
|
||||||
},
|
},
|
||||||
LogLevel.Verbose,
|
LogLevel.Verbose,
|
||||||
true,
|
true,
|
||||||
|
|||||||
@@ -16,7 +16,8 @@
|
|||||||
"Instance": "https://login.microsoftonline.com/",
|
"Instance": "https://login.microsoftonline.com/",
|
||||||
"ClientId": "c1e94676-cab0-42ba-8b6c-9532b8486fff",
|
"ClientId": "c1e94676-cab0-42ba-8b6c-9532b8486fff",
|
||||||
"TenantId": "common",
|
"TenantId": "common",
|
||||||
"Audience": "c1e94676-cab0-42ba-8b6c-9532b8486fff"
|
"Audience": "c1e94676-cab0-42ba-8b6c-9532b8486fff",
|
||||||
|
"ClientSecret": ""
|
||||||
},
|
},
|
||||||
"AllowedHosts": "*"
|
"AllowedHosts": "*"
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user