🐛 Cors, and bug fixes
This commit is contained in:
parent
5cef6d72e4
commit
31d98199e7
@ -1,4 +1,5 @@
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
|
||||
@ -6,7 +7,7 @@ namespace DysonNetwork.Sphere.Account;
|
||||
|
||||
[ApiController]
|
||||
[Route("/accounts")]
|
||||
public class AccountController(AppDatabase db)
|
||||
public class AccountController(AppDatabase db, IHttpContextAccessor httpContext)
|
||||
{
|
||||
[HttpGet("{name}")]
|
||||
[ProducesResponseType<Account>(StatusCodes.Status200OK)]
|
||||
@ -22,13 +23,22 @@ public class AccountController(AppDatabase db)
|
||||
[Required] [MaxLength(256)] public string Name { get; set; } = string.Empty;
|
||||
[Required] [MaxLength(256)] public string Nick { get; set; } = string.Empty;
|
||||
[Required] [MaxLength(1024)] public string Email { get; set; } = string.Empty;
|
||||
[Required] [MinLength(4)] [MaxLength(128)] public string Password { get; set; } = string.Empty;
|
||||
|
||||
[Required]
|
||||
[MinLength(4)]
|
||||
[MaxLength(128)]
|
||||
public string Password { get; set; } = string.Empty;
|
||||
}
|
||||
|
||||
|
||||
[HttpPost]
|
||||
[ProducesResponseType<Account>(StatusCodes.Status200OK)]
|
||||
[ProducesResponseType(StatusCodes.Status400BadRequest)]
|
||||
public async Task<ActionResult<Account>> CreateAccount([FromBody] AccountCreateRequest request)
|
||||
{
|
||||
var dupeNameCount = await db.Accounts.Where(a => a.Name == request.Name).CountAsync();
|
||||
if (dupeNameCount > 0)
|
||||
return new BadRequestObjectResult("The name is already taken.");
|
||||
|
||||
var account = new Account
|
||||
{
|
||||
Name = request.Name,
|
||||
@ -50,9 +60,23 @@ public class AccountController(AppDatabase db)
|
||||
}.HashSecret()
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
await db.Accounts.AddAsync(account);
|
||||
await db.SaveChangesAsync();
|
||||
return account;
|
||||
}
|
||||
|
||||
[Authorize]
|
||||
[HttpGet("me")]
|
||||
[ProducesResponseType<Account>(StatusCodes.Status200OK)]
|
||||
public async Task<ActionResult<Account>> GetMe()
|
||||
{
|
||||
var userIdClaim = httpContext.HttpContext?.User.FindFirst("user_id")?.Value;
|
||||
long? userId = long.TryParse(userIdClaim, out var id) ? id : null;
|
||||
if (userId is null) return new BadRequestObjectResult("Invalid or missing user_id claim.");
|
||||
|
||||
var account = await db.Accounts.FindAsync(userId);
|
||||
|
||||
return new OkObjectResult(account);
|
||||
}
|
||||
}
|
@ -24,11 +24,23 @@ public class AuthController(AppDatabase db, AccountService accounts, AuthService
|
||||
public async Task<ActionResult<Challenge>> StartChallenge([FromBody] ChallengeRequest request)
|
||||
{
|
||||
var account = await accounts.LookupAccount(request.Account);
|
||||
if (account is null) return new NotFoundResult();
|
||||
if (account is null) return new NotFoundObjectResult("Account was not found.");
|
||||
|
||||
var ipAddress = httpContext.HttpContext?.Connection.RemoteIpAddress?.ToString();
|
||||
var userAgent = httpContext.HttpContext?.Request.Headers.UserAgent.ToString();
|
||||
|
||||
var now = Instant.FromDateTimeUtc(DateTime.UtcNow);
|
||||
|
||||
// Trying to pick up challenges from the same IP address and user agent
|
||||
var existingChallenge = await db.AuthChallenges
|
||||
.Where(e => e.Account == account)
|
||||
.Where(e => e.IpAddress == ipAddress)
|
||||
.Where(e => e.UserAgent == userAgent)
|
||||
.Where(e => e.StepRemain > 0)
|
||||
.Where(e => e.ExpiredAt != null && now < e.ExpiredAt)
|
||||
.FirstOrDefaultAsync();
|
||||
if (existingChallenge is not null) return existingChallenge;
|
||||
|
||||
var challenge = new Challenge
|
||||
{
|
||||
Account = account,
|
||||
@ -149,7 +161,10 @@ public class AuthController(AppDatabase db, AccountService accounts, AuthService
|
||||
if (!Guid.TryParse(sessionIdClaim, out var sessionId))
|
||||
return new UnauthorizedObjectResult("Invalid or missing session_id claim in refresh token.");
|
||||
|
||||
session = await db.AuthSessions.FirstOrDefaultAsync(s => s.Id == sessionId);
|
||||
session = await db.AuthSessions
|
||||
.Include(e => e.Account)
|
||||
.Include(e => e.Challenge)
|
||||
.FirstOrDefaultAsync(s => s.Id == sessionId);
|
||||
if (session is null)
|
||||
return new NotFoundObjectResult("Session not found or expired.");
|
||||
|
||||
|
@ -45,6 +45,7 @@ builder.Services.AddSingleton<IAuthorizationHandler, CasbinAuthorizationHandler>
|
||||
|
||||
// Other pipelines
|
||||
|
||||
builder.Services.AddCors();
|
||||
builder.Services.AddAuthorization();
|
||||
builder.Services.AddAuthentication("Bearer").AddJwtBearer(options =>
|
||||
{
|
||||
@ -108,6 +109,12 @@ builder.Services.AddScoped<AuthService>();
|
||||
|
||||
var app = builder.Build();
|
||||
|
||||
using (var scope = app.Services.CreateScope())
|
||||
{
|
||||
var db = scope.ServiceProvider.GetRequiredService<AppDatabase>();
|
||||
db.Database.Migrate();
|
||||
}
|
||||
|
||||
if (app.Environment.IsDevelopment()) app.MapOpenApi();
|
||||
|
||||
app.UseSwagger();
|
||||
@ -118,11 +125,11 @@ app.UseForwardedHeaders(new ForwardedHeadersOptions
|
||||
ForwardedHeaders = ForwardedHeaders.All
|
||||
});
|
||||
|
||||
using (var scope = app.Services.CreateScope())
|
||||
{
|
||||
var db = scope.ServiceProvider.GetRequiredService<AppDatabase>();
|
||||
db.Database.Migrate();
|
||||
}
|
||||
app.UseCors(opts =>
|
||||
opts.SetIsOriginAllowed(_ => true)
|
||||
.AllowCredentials()
|
||||
.AllowAnyHeader()
|
||||
.AllowAnyMethod());
|
||||
|
||||
app.UseHttpsRedirection();
|
||||
app.UseAuthorization();
|
||||
|
@ -1,5 +1,6 @@
|
||||
<wpf:ResourceDictionary xml:space="preserve" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:s="clr-namespace:System;assembly=mscorlib" xmlns:ss="urn:shemas-jetbrains-com:settings-storage-xaml" xmlns:wpf="http://schemas.microsoft.com/winfx/2006/xaml/presentation">
|
||||
<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003AClaim_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FLibrary_003FApplication_0020Support_003FJetBrains_003FRider2024_002E3_003Fresharper_002Dhost_003FDecompilerCache_003Fdecompiler_003Fa7fdc52b6e574ae7b9822133be91162a15800_003Ff7_003Feebffd8d_003FClaim_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
|
||||
<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003ACorsPolicyBuilder_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FLibrary_003FApplication_0020Support_003FJetBrains_003FRider2024_002E3_003Fresharper_002Dhost_003FDecompilerCache_003Fdecompiler_003F051ad509d0504b7ca10dedd9c2cabb9914200_003F8e_003Fb28257cb_003FCorsPolicyBuilder_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
|
||||
<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003ADbContext_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FLibrary_003FApplication_0020Support_003FJetBrains_003FRider2024_002E3_003Fresharper_002Dhost_003FSourcesCache_003Fa0b45f29f34f594814a7b1fbc25fe5ef3c18257956ed4f4fbfa68717db58_003FDbContext_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
|
||||
<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003AEntityFrameworkServiceCollectionExtensions_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FLibrary_003FApplication_0020Support_003FJetBrains_003FRider2024_002E3_003Fresharper_002Dhost_003FSourcesCache_003F4a28847852ee9ba45fd3107526c0a749a733bd4f4ebf33aa3c9a59737a3f758_003FEntityFrameworkServiceCollectionExtensions_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
|
||||
<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003AEnumerable_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FLibrary_003FApplication_0020Support_003FJetBrains_003FRider2024_002E3_003Fresharper_002Dhost_003FDecompilerCache_003Fdecompiler_003F832399abc13b45b6bdbabfa022e4a28487e00_003F7f_003F7aece4dd_003FEnumerable_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
|
||||
|
Loading…
x
Reference in New Issue
Block a user