[FA-17] Update auth

FictionArchive.Service.SchedulerService/GraphQL/Mutation.cs

@@ -1,6 +1,7 @@
 using System.Data;
 using FictionArchive.Service.SchedulerService.Models;
 using FictionArchive.Service.SchedulerService.Services;
+using FictionArchive.Service.Shared.Constants;
 using HotChocolate.Authorization;
 using HotChocolate.Types;
 using Quartz;
@@ -11,21 +12,21 @@ public class Mutation
 {
     [Error<DuplicateNameException>]
     [Error<FormatException>]
-    [Authorize(Roles = new[] { "admin" })]
+    [Authorize(Roles = [AuthorizationConstants.Roles.Admin])]
     public async Task<SchedulerJob> ScheduleEventJob(string key, string description, string eventType, string eventData, string cronSchedule, JobManagerService jobManager)
     {
         return await jobManager.ScheduleEventJob(key, description, eventType, eventData, cronSchedule);
     }
 
     [Error<JobPersistenceException>]
-    [Authorize(Roles = new[] { "admin" })]
+    [Authorize(Roles = [AuthorizationConstants.Roles.Admin])]
     public async Task<bool> RunJob(string jobKey, JobManagerService jobManager)
     {
         return await jobManager.TriggerJob(jobKey);
     }
 
     [Error<KeyNotFoundException>]
-    [Authorize(Roles = new[] { "admin" })]
+    [Authorize(Roles = [AuthorizationConstants.Roles.Admin])]
     public async Task<bool> DeleteJob(string jobKey, JobManagerService jobManager)
     {
         bool deleted = await jobManager.DeleteJob(jobKey);

FictionArchive.Service.SchedulerService/Program.cs

@@ -17,10 +17,15 @@ public class Program
         var builder = WebApplication.CreateBuilder(args);
         
         // Services
-        builder.Services.AddDefaultGraphQl<Query, Mutation>();
+        builder.Services.AddDefaultGraphQl<Query, Mutation>()
+            .AddAuthorization();
         builder.Services.AddHealthChecks();
         builder.Services.AddTransient<JobManagerService>();
-        
+
+        // Authentication & Authorization
+        builder.Services.AddOidcAuthentication(builder.Configuration);
+        builder.Services.AddFictionArchiveAuthorization();
+
         #region Database
         
         builder.Services.RegisterDbContext<SchedulerServiceDbContext>(
@@ -87,7 +92,10 @@ public class Program
         app.UseHttpsRedirection();
 
         app.MapHealthChecks("/healthz");
-        
+
+        app.UseAuthentication();
+        app.UseAuthorization();
+
         app.MapGraphQL();
         
         app.RunWithGraphQLCommands(args);

FictionArchive.Service.SchedulerService/appsettings.json

@@ -12,5 +12,15 @@
   "ConnectionStrings": {
     "DefaultConnection": "Host=localhost;Database=FictionArchive_SchedulerService;Username=postgres;password=postgres"
   },
-  "AllowedHosts": "*"
+  "AllowedHosts": "*",
+  "OIDC": {
+    "Authority": "https://auth.orfl.xyz/application/o/fiction-archive/",
+    "ClientId": "fictionarchive-api",
+    "Audience": "fictionarchive-api",
+    "ValidIssuer": "https://auth.orfl.xyz/application/o/fiction-archive/",
+    "ValidateIssuer": true,
+    "ValidateAudience": true,
+    "ValidateLifetime": true,
+    "ValidateIssuerSigningKey": true
+  }
 }