checkpoint

2021-12-19 17:52:23 -06:00
parent 433ab2772a
commit a18b7974c8
5 changed files with 231 additions and 155 deletions
--- a/Gameboard.ShogiUI.Sockets/AnonymousSessionMiddleware.cs
+++ b/Gameboard.ShogiUI.Sockets/AnonymousSessionMiddleware.cs
@@ -0,0 +1,39 @@
+namespace Gameboard.ShogiUI.Sockets
+{
+  namespace anonymous_session.Middlewares
+  {
+    using Microsoft.AspNetCore.Http;
+    using Microsoft.AspNetCore.Authentication;
+    using System.Security.Claims;
+
+    /// <summary>
+    /// TODO: Use this example in the guest session logic instead of custom claims.
+    /// </summary>
+    public class AnonymousSessionMiddleware
+    {
+      private readonly RequestDelegate _next;
+
+      public AnonymousSessionMiddleware(RequestDelegate next)
+      {
+        _next = next;
+      }
+
+      public async System.Threading.Tasks.Task InvokeAsync(HttpContext context)
+      {
+        if (!context.User.Identity.IsAuthenticated)
+        {
+          if (string.IsNullOrEmpty(context.User.FindFirstValue(ClaimTypes.Anonymous)))
+          {
+            var claim = new Claim(ClaimTypes.Anonymous, System.Guid.NewGuid().ToString());
+            context.User.AddIdentity(new ClaimsIdentity(new[] { claim }));
+
+            string scheme = Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme;
+            await context.SignInAsync(scheme, context.User, new AuthenticationProperties { IsPersistent = false });
+          }
+        }
+
+        await _next(context);
+      }
+    }
+  }
+}
--- a/Gameboard.ShogiUI.Sockets/Controllers/GameController.cs
+++ b/Gameboard.ShogiUI.Sockets/Controllers/GameController.cs
@@ -241,6 +241,21 @@ namespace Gameboard.ShogiUI.Sockets.Controllers
 			return Ok();
 		}

+		[Authorize(Roles = "Admin, Shogi")]
+		[HttpDelete("{gameName}")]
+		public async Task<IActionResult> DeleteSession([FromRoute] string gameName)
+		{
+			var user = await ReadUserOrThrow();
+			if (user.IsAdmin)
+			{
+				return Ok();
+			}
+			else
+			{
+				return Unauthorized();
+			}
+		}
+
 		private async Task<Models.User> ReadUserOrThrow()
 		{
 			var user = await gameboardManager.ReadUser(User);
--- a/Gameboard.ShogiUI.Sockets/Models/User.cs
+++ b/Gameboard.ShogiUI.Sockets/Models/User.cs
@@ -37,6 +37,8 @@ namespace Gameboard.ShogiUI.Sockets.Models

 		public bool IsGuest => LoginPlatform == WhichLoginPlatform.Guest;

+		public bool IsAdmin => LoginPlatform == WhichLoginPlatform.Microsoft && Id == "Hauth@live.com";
+
 		public User(string id, string displayName, WhichLoginPlatform platform)
 		{
 			Id = id;
--- a/Gameboard.ShogiUI.Sockets/Startup.cs
+++ b/Gameboard.ShogiUI.Sockets/Startup.cs
@@ -96,14 +96,33 @@ namespace Gameboard.ShogiUI.Sockets

 			services.AddSwaggerDocument(config =>
 			{
-        config.AddSecurity("Bearer", new NSwag.OpenApiSecurityScheme
+				//config.AddSecurity("bearer", Enumerable.Empty<string>(), new NSwag.OpenApiSecurityScheme
+				//{
+				//	Type = NSwag.OpenApiSecuritySchemeType.OAuth2,
+				//	Flow = NSwag.OpenApiOAuth2Flow.Implicit,
+				//	Flows = new NSwag.OpenApiOAuthFlows
+				//	{
+				//		Implicit = new NSwag.OpenApiOAuthFlow
+				//		{
+				//			Scopes = 
+				//		}
+				//	}
+				//});
+
+				// This just ensures anyone with a microsoft account can make API calls.
+				config.AddSecurity("bearer", new NSwag.OpenApiSecurityScheme
 				{
 					Type = NSwag.OpenApiSecuritySchemeType.OAuth2,
-          Flow = NSwag.OpenApiOAuth2Flow.AccessCode,
+					Flow = NSwag.OpenApiOAuth2Flow.Implicit,
 					AuthorizationUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
 					TokenUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token",
-          Scopes = new Dictionary<string, string> { { "api://c1e94676-cab0-42ba-8b6c-9532b8486fff/access_as_user", "The scope" } },
-          Scheme = "Bearer"
+					Scopes = new Dictionary<string, string> {
+						{ "api://c1e94676-cab0-42ba-8b6c-9532b8486fff/access_as_user", "The scope" },
+						{ "api://c1e94676-cab0-42ba-8b6c-9532b8486fff/ShogiAdmin", "Admin scope" }
+					},
+					Scheme = "bearer",
+					BearerFormat = "JWT",
+					In = NSwag.OpenApiSecurityApiKeyLocation.Header,
 				});
 				config.PostProcess = document =>
 				{
@@ -135,7 +154,7 @@ namespace Gameboard.ShogiUI.Sockets
 					.WithLogging(
 						(level, message, pii) =>
 						{
-
+							Console.WriteLine(message);
 						},
 						LogLevel.Verbose,
 						true,
--- a/Gameboard.ShogiUI.Sockets/appsettings.json
+++ b/Gameboard.ShogiUI.Sockets/appsettings.json
@@ -16,7 +16,8 @@
    "Instance": "https://login.microsoftonline.com/",
    "ClientId": "c1e94676-cab0-42ba-8b6c-9532b8486fff",
    "TenantId": "common",
-    "Audience": "c1e94676-cab0-42ba-8b6c-9532b8486fff"
+    "Audience": "c1e94676-cab0-42ba-8b6c-9532b8486fff",
+    "ClientSecret":  ""
  },
  "AllowedHosts": "*"
 }