Added oidc service to webapi with a dumb way of authenticating incoming tokens

WebAPI/Controllers/BaseController.cs

@@ -0,0 +1,16 @@
+using System;
+using System.Linq;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Net.Http.Headers;
+
+namespace WebAPI.Controllers
+{
+    public class BaseController : ControllerBase
+    {
+        protected string BearerToken =>
+            Request.Headers.Keys.Contains(HeaderNames.Authorization) &&
+            Request.Headers[HeaderNames.Authorization].Count > 0
+                ? Request.Headers[HeaderNames.Authorization].First()
+                : String.Empty;
+    }
+}

WebAPI/Controllers/HelloWorldController.cs

@@ -10,20 +10,26 @@ namespace WebAPI.Controllers
 {
     [Route("api/[controller]")]
     [ApiController]
-    public class HelloWorldController : ControllerBase
+    public class HelloWorldController : BaseController
     {
         private readonly PterodactylService _pterodactylService;
+        private readonly OIDCService _oidcService;
 
-        public HelloWorldController(PterodactylService pterodactylService)
+        public HelloWorldController(PterodactylService pterodactylService, OIDCService oidcService)
         {
             _pterodactylService = pterodactylService;
+            _oidcService = oidcService;
         }
 
         [HttpGet]
         public async Task<string> HelloWorld()
         {
-            await Task.Delay(5000);
-            return AppSettings.PterodactylAPIKey;
+            if (await _oidcService.ValidateAccessToken(BearerToken))
+            {
+                return "Validated";
+            }
+            return "Failed";
         }
+        
     }
 }

WebAPI/Data/AppSettings.cs

@@ -7,6 +7,7 @@ namespace WebAPI.Data
     {
         public static string PterodactylAPIKey { get; private set; }
         public static string PterodactylPanelURL { get; private set; }
+        public static string OIDCUserInfoEndpoint { get; private set; }
         public static void Init(IConfiguration configuration)
         {
             var fields = typeof(AppSettings).GetProperties();

WebAPI/Data/OIDCService.cs

@@ -0,0 +1,39 @@
+using System;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+
+namespace WebAPI.Data
+{
+    public class OIDCService
+    {
+        private HttpClient _httpClient { get; set; }
+        private ILogger<OIDCService> _logger { get; set; }
+        public OIDCService(ILogger<OIDCService> logger)
+        {
+            _logger = logger;
+            _httpClient = new HttpClient();
+        }
+
+        /// <summary>
+        /// Simple check of an OIDC access token by attempting to hit the userinfo endpoint.
+        /// </summary>
+        /// <param name="accessToken">access token to check</param>
+        /// <returns>success</returns>
+        public async Task<bool> ValidateAccessToken(string accessToken)
+        {
+            Uri requestUri = new Uri($"{AppSettings.OIDCUserInfoEndpoint}");
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUri);
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
+            HttpResponseMessage response = await _httpClient.SendAsync(request);
+            if (!response.IsSuccessStatusCode)
+            {
+                return false;
+            }
+            return false;
+        }
+        
+    }
+}

WebAPI/Startup.cs

@@ -30,9 +30,39 @@ namespace WebAPI
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddControllers();
-            services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new OpenApiInfo {Title = "Petrie Panel Web API", Version = "v1"}); });
+            services.AddSwaggerGen(c =>
+            {
+                c.SwaggerDoc("v1", new OpenApiInfo {Title = "Petrie Panel Web API", Version = "v1"});
+                c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme()
+                {
+                    Description = "JWT Token",
+                    Name = "Authorization",
+                    In = ParameterLocation.Header,
+                    Type = SecuritySchemeType.ApiKey,
+                    Scheme = "Bearer"
+                });
+                c.AddSecurityRequirement(new OpenApiSecurityRequirement()
+                {
+                    {
+                        new OpenApiSecurityScheme
+                        {
+                            Reference = new OpenApiReference
+                            {
+                                Type = ReferenceType.SecurityScheme,
+                                Id = "Bearer"
+                            },
+                            Scheme = "oauth2",
+                            Name = "Bearer",
+                            In = ParameterLocation.Header,
+
+                        },
+                        new List<string>()
+                    }
+                });
+            });
             services.AddDbContext<AppDbContext>(options => options.UseNpgsql(Configuration.GetConnectionString("DefaultConnection")));
             services.AddSingleton<PterodactylService>();
+            services.AddSingleton<OIDCService>();
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

WebAPI/WebAPI.csproj

@@ -16,8 +16,4 @@
         <PackageReference Include="Swashbuckle.AspNetCore" Version="5.6.3" />
     </ItemGroup>
 
-    <ItemGroup>
-      <Folder Include="Controllers" />
-    </ItemGroup>
-
 </Project>

WebAPI/appsettings.json

@@ -11,5 +11,6 @@
   },
   "AllowedHosts": "*",
   "PterodactylAPIKey": "REPLACE_ME",
-  "PterodactylPanelURL": "https://panel.orfl.xyz"
+  "PterodactylPanelURL": "https://panel.orfl.xyz",
+  "OIDCUserInfoEndpoint": "https://authentik.mattstop.com/application/o/userinfo"
 }