[FA-17] Update auth

2025-11-27 23:23:03 -05:00
parent 9c82d648cd
commit 75e96cbee5
23 changed files with 189 additions and 33 deletions
--- a/FictionArchive.Service.UserService/GraphQL/Mutation.cs
+++ b/FictionArchive.Service.UserService/GraphQL/Mutation.cs
@@ -1,10 +1,13 @@
+using FictionArchive.Service.Shared.Constants;
 using FictionArchive.Service.UserService.Models.Database;
 using FictionArchive.Service.UserService.Services;
+using HotChocolate.Authorization;

 namespace FictionArchive.Service.UserService.GraphQL;

 public class Mutation
 {
+    [Authorize(Roles = [AuthorizationConstants.Roles.Admin])]
    public async Task<User> RegisterUser(string username, string email, string oAuthProviderId,
        string? inviterOAuthProviderId, UserManagementService userManagementService)
    {
--- a/FictionArchive.Service.UserService/GraphQL/Query.cs
+++ b/FictionArchive.Service.UserService/GraphQL/Query.cs
@@ -1,10 +1,12 @@
 using FictionArchive.Service.UserService.Models.Database;
 using FictionArchive.Service.UserService.Services;
+using HotChocolate.Authorization;

 namespace FictionArchive.Service.UserService.GraphQL;

 public class Query
 {
+    [Authorize]
    public async Task<IQueryable<User>> GetUsers(UserManagementService userManagementService)
    {
        return userManagementService.GetUsers();
--- a/FictionArchive.Service.UserService/Program.cs
+++ b/FictionArchive.Service.UserService/Program.cs
@@ -1,3 +1,4 @@
+using FictionArchive.Common.Extensions;
 using FictionArchive.Service.Shared;
 using FictionArchive.Service.Shared.Extensions;
 using FictionArchive.Service.Shared.Services.EventBus.Implementations;
@@ -15,7 +16,8 @@ public class Program
        var isSchemaExport = SchemaExportDetector.IsSchemaExportMode(args);

        var builder = WebApplication.CreateBuilder(args);
-        
+        builder.AddLocalAppsettings();
+
        #region Event Bus

        if (!isSchemaExport)
@@ -31,7 +33,8 @@ public class Program
        
        #region GraphQL
        
-        builder.Services.AddDefaultGraphQl<Query, Mutation>();
+        builder.Services.AddDefaultGraphQl<Query, Mutation>()
+            .AddAuthorization();
        
        #endregion
        
@@ -41,7 +44,11 @@ public class Program
        builder.Services.AddTransient<UserManagementService>();

        builder.Services.AddHealthChecks();
-        
+
+        // Authentication & Authorization
+        builder.Services.AddOidcAuthentication(builder.Configuration);
+        builder.Services.AddFictionArchiveAuthorization();
+
        var app = builder.Build();
        
        // Update database (skip in schema export mode)
@@ -52,8 +59,11 @@ public class Program
            dbContext.UpdateDatabase();
        }
        
+        app.UseAuthentication();
+        app.UseAuthorization();
+
        app.MapGraphQL();
-        
+
        app.MapHealthChecks("/healthz");

        app.RunWithGraphQLCommands(args);
--- a/FictionArchive.Service.UserService/appsettings.json
+++ b/FictionArchive.Service.UserService/appsettings.json
@@ -12,5 +12,15 @@
    "ConnectionString": "amqp://localhost",
    "ClientIdentifier": "UserService"
  },
-  "AllowedHosts": "*"
+  "AllowedHosts": "*",
+  "OIDC": {
+    "Authority": "https://auth.orfl.xyz/application/o/fiction-archive/",
+    "ClientId": "fictionarchive-api",
+    "Audience": "fictionarchive-api",
+    "ValidIssuer": "https://auth.orfl.xyz/application/o/fiction-archive/",
+    "ValidateIssuer": true,
+    "ValidateAudience": true,
+    "ValidateLifetime": true,
+    "ValidateIssuerSigningKey": true
+  }
 }