PetriePanel-Team/PetriePanel
2
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

Added oidc service to webapi with a dumb way of authenticating incoming tokens

Browse Source
This commit is contained in:
littlefoot
2021-10-13 22:26:45 -04:00
parent cccd609233
commit 33cbb4f136
13 changed files with 120 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Web/Data/WeatherForecast.cs
View File

@@ -1,15 +0,0 @@
using System;
namespace Web.Data
{
public class WeatherForecast
{
public DateTime Date { get; set; }
public int TemperatureC { get; set; }
public int TemperatureF => 32 + (int) (TemperatureC / 0.5556);
public string Summary { get; set; }
}
}

25
Web/Data/WeatherForecastService.cs
View File

@@ -1,25 +0,0 @@
using System;
using System.Linq;
using System.Threading.Tasks;
namespace Web.Data
{
public class WeatherForecastService
{
private static readonly string[] Summaries = new[]
{
"Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
};
public Task<WeatherForecast[]> GetForecastAsync(DateTime startDate)
{
var rng = new Random();
return Task.FromResult(Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = startDate.AddDays(index),
TemperatureC = rng.Next(-20, 55),
Summary = Summaries[rng.Next(Summaries.Length)]
}).ToArray());
}
}
}

17
Web/Pages/Counter.razor
View File

@@ -1,17 +0,0 @@
@page "/counter"
<h1>Counter</h1>
<p>Current count: @currentCount</p>
<button class="btn btn-primary" @onclick="IncrementCount">Click me</button>
@code {
private int currentCount = 0;
private void IncrementCount()
{
currentCount++;
}
}

21
Web/Pages/CreateServer.razor Normal file
View File

@@ -0,0 +1,21 @@
@page "/CreateServer"
@using Microsoft.AspNetCore.Http
@using Microsoft.AspNetCore.Authentication
@inject IHttpContextAccessor _httpContextAccessor
<AuthorizeView>
<Authorized>
</Authorized>
<NotAuthorized>
<h1>You must be logged in to view this page!</h1>
</NotAuthorized>
</AuthorizeView>
@code {
protected async override Task OnInitializedAsync()
{
string token = await _httpContextAccessor.HttpContext.GetTokenAsync("access_token");
var t = 2;
}
}

46
Web/Pages/FetchData.razor
View File

@@ -1,46 +0,0 @@
@page "/fetchdata"
@using Web.Data
@inject WeatherForecastService ForecastService
<h1>Weather forecast</h1>
<p>This component demonstrates fetching data from a service.</p>
@if (forecasts == null)
{
<p><em>Loading...</em></p>
}
else
{
<table class="table">
<thead>
<tr>
<th>Date</th>
<th>Temp. (C)</th>
<th>Temp. (F)</th>
<th>Summary</th>
</tr>
</thead>
<tbody>
@foreach (var forecast in forecasts)
{
<tr>
<td>@forecast.Date.ToShortDateString()</td>
<td>@forecast.TemperatureC</td>
<td>@forecast.TemperatureF</td>
<td>@forecast.Summary</td>
</tr>
}
</tbody>
</table>
}
@code {
private WeatherForecast[] forecasts;
protected override async Task OnInitializedAsync()
{
forecasts = await ForecastService.GetForecastAsync(DateTime.Now);
}
}

1
Web/Startup.cs
View File

@@ -33,7 +33,6 @@ namespace Web
services.AddRazorPages();
services.AddServerSideBlazor();
services.AddHttpContextAccessor();
services.AddSingleton<WeatherForecastService>();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;

16
WebAPI/Controllers/BaseController.cs Normal file
View File

@@ -0,0 +1,16 @@
using System;
using System.Linq;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Net.Http.Headers;
namespace WebAPI.Controllers
{
public class BaseController : ControllerBase
{
protected string BearerToken =>
Request.Headers.Keys.Contains(HeaderNames.Authorization) &&
Request.Headers[HeaderNames.Authorization].Count > 0
? Request.Headers[HeaderNames.Authorization].First()
: String.Empty;
}
}

14
WebAPI/Controllers/HelloWorldController.cs
View File

@@ -10,20 +10,26 @@ namespace WebAPI.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class HelloWorldController : ControllerBase
public class HelloWorldController : BaseController
{
private readonly PterodactylService _pterodactylService;
private readonly OIDCService _oidcService;
public HelloWorldController(PterodactylService pterodactylService)
public HelloWorldController(PterodactylService pterodactylService, OIDCService oidcService)
{
_pterodactylService = pterodactylService;
_oidcService = oidcService;
}
[HttpGet]
public async Task<string> HelloWorld()
{
await Task.Delay(5000);
return AppSettings.PterodactylAPIKey;
if (await _oidcService.ValidateAccessToken(BearerToken))
{
return "Validated";
}
return "Failed";
}
}
}

1
WebAPI/Data/AppSettings.cs
View File

@@ -7,6 +7,7 @@ namespace WebAPI.Data
{
public static string PterodactylAPIKey { get; private set; }
public static string PterodactylPanelURL { get; private set; }
public static string OIDCUserInfoEndpoint { get; private set; }
public static void Init(IConfiguration configuration)
{
var fields = typeof(AppSettings).GetProperties();

39
WebAPI/Data/OIDCService.cs Normal file
View File

@@ -0,0 +1,39 @@
using System;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
namespace WebAPI.Data
{
public class OIDCService
{
private HttpClient _httpClient { get; set; }
private ILogger<OIDCService> _logger { get; set; }
public OIDCService(ILogger<OIDCService> logger)
{
_logger = logger;
_httpClient = new HttpClient();
}
/// <summary>
/// Simple check of an OIDC access token by attempting to hit the userinfo endpoint.
/// </summary>
/// <param name="accessToken">access token to check</param>
/// <returns>success</returns>
public async Task<bool> ValidateAccessToken(string accessToken)
{
Uri requestUri = new Uri($"{AppSettings.OIDCUserInfoEndpoint}");
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUri);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
HttpResponseMessage response = await _httpClient.SendAsync(request);
if (!response.IsSuccessStatusCode)
{
return false;
}
return false;
}
}
}

32
WebAPI/Startup.cs
View File

@@ -30,9 +30,39 @@ namespace WebAPI
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new OpenApiInfo {Title = "Petrie Panel Web API", Version = "v1"}); });
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo {Title = "Petrie Panel Web API", Version = "v1"});
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme()
{
Description = "JWT Token",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
Scheme = "Bearer"
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement()
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
},
Scheme = "oauth2",
Name = "Bearer",
In = ParameterLocation.Header,
},
new List<string>()
}
});
});
services.AddDbContext<AppDbContext>(options => options.UseNpgsql(Configuration.GetConnectionString("DefaultConnection")));
services.AddSingleton<PterodactylService>();
services.AddSingleton<OIDCService>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

4
WebAPI/WebAPI.csproj
View File

@@ -16,8 +16,4 @@
<PackageReference Include="Swashbuckle.AspNetCore" Version="5.6.3" />
</ItemGroup>
<ItemGroup>
<Folder Include="Controllers" />
</ItemGroup>
</Project>

3
WebAPI/appsettings.json
View File

@@ -11,5 +11,6 @@
},
"AllowedHosts": "*",
"PterodactylAPIKey": "REPLACE_ME",
"PterodactylPanelURL": "https://panel.orfl.xyz"
"PterodactylPanelURL": "https://panel.orfl.xyz",
"OIDCUserInfoEndpoint": "https://authentik.mattstop.com/application/o/userinfo"
}