[FA-17] Update auth

2025-11-27 23:23:03 -05:00
parent 9c82d648cd
commit 75e96cbee5
23 changed files with 189 additions and 33 deletions
--- a/FictionArchive.Service.TranslationService/GraphQL/Mutation.cs
+++ b/FictionArchive.Service.TranslationService/GraphQL/Mutation.cs
@@ -5,15 +5,17 @@ using FictionArchive.Service.TranslationService.Models.Enums;
 using FictionArchive.Service.TranslationService.Services;
 using FictionArchive.Service.TranslationService.Services.Database;
 using FictionArchive.Service.TranslationService.Services.TranslationEngines;
+using HotChocolate.Authorization;

 namespace FictionArchive.Service.TranslationService.GraphQL;

 public class Mutation
 {
+    [Authorize]
    public async Task<TranslationResult> TranslateText(string text, Language from, Language to, string translationEngineKey, TranslationEngineService translationEngineService)
    {
        var result = await translationEngineService.Translate(from, to, text, translationEngineKey);
-        
+
        return result;
    }
 }
--- a/FictionArchive.Service.TranslationService/GraphQL/Query.cs
+++ b/FictionArchive.Service.TranslationService/GraphQL/Query.cs
@@ -2,19 +2,22 @@ using FictionArchive.Service.TranslationService.Models;
 using FictionArchive.Service.TranslationService.Models.Database;
 using FictionArchive.Service.TranslationService.Services.Database;
 using FictionArchive.Service.TranslationService.Services.TranslationEngines;
+using HotChocolate.Authorization;
 using Microsoft.EntityFrameworkCore;

 namespace FictionArchive.Service.TranslationService.GraphQL;

 public class Query
 {
+    [Authorize]
    [UseFiltering]
    [UseSorting]
    public IEnumerable<TranslationEngineDescriptor> GetTranslationEngines(IEnumerable<ITranslationEngine> engines)
    {
        return engines.Select(engine => engine.Descriptor);
    }
-    
+
+    [Authorize]
    [UsePaging]
    [UseProjection]
    [UseFiltering]
--- a/FictionArchive.Service.TranslationService/Program.cs
+++ b/FictionArchive.Service.TranslationService/Program.cs
@@ -50,7 +50,8 @@ public class Program
        
        #region GraphQL
        
-        builder.Services.AddDefaultGraphQl<Query, Mutation>();
+        builder.Services.AddDefaultGraphQl<Query, Mutation>()
+            .AddAuthorization();
        
        #endregion
        
@@ -63,9 +64,13 @@ public class Program
        builder.Services.AddTransient<ITranslationEngine, DeepLTranslationEngine>();

        builder.Services.AddTransient<TranslationEngineService>();
-        
+
        #endregion

+        // Authentication & Authorization
+        builder.Services.AddOidcAuthentication(builder.Configuration);
+        builder.Services.AddFictionArchiveAuthorization();
+
        var app = builder.Build();
        
        // Update database (skip in schema export mode)
@@ -79,7 +84,10 @@ public class Program
        app.UseHttpsRedirection();

        app.MapHealthChecks("/healthz");
-        
+
+        app.UseAuthentication();
+        app.UseAuthorization();
+
        app.MapGraphQL();

        app.RunWithGraphQLCommands(args);
--- a/FictionArchive.Service.TranslationService/appsettings.json
+++ b/FictionArchive.Service.TranslationService/appsettings.json
@@ -15,5 +15,15 @@
    "ConnectionString": "amqp://localhost",
    "ClientIdentifier": "TranslationService"
  },
-  "AllowedHosts": "*"
+  "AllowedHosts": "*",
+  "OIDC": {
+    "Authority": "https://auth.orfl.xyz/application/o/fiction-archive/",
+    "ClientId": "fictionarchive-api",
+    "Audience": "fictionarchive-api",
+    "ValidIssuer": "https://auth.orfl.xyz/application/o/fiction-archive/",
+    "ValidateIssuer": true,
+    "ValidateAudience": true,
+    "ValidateLifetime": true,
+    "ValidateIssuerSigningKey": true
+  }
 }