♻️ Refactored authorize device system (wip) (skip ci)

DysonNetwork.Pass/Auth/AuthController.cs

@@ -57,6 +57,7 @@ public class AuthController(
             .FirstOrDefaultAsync();
         if (existingChallenge is not null) return existingChallenge;
 
+        var device = await auth.GetOrCreateDeviceAsync(account.Id, request.DeviceId);
         var challenge = new AuthChallenge
         {
             ExpiredAt = Instant.FromDateTimeUtc(DateTime.UtcNow.AddHours(1)),
@@ -67,7 +68,7 @@ public class AuthController(
             IpAddress = ipAddress,
             UserAgent = userAgent,
             Location = geo.GetPointFromIp(ipAddress),
-            DeviceId = request.DeviceId,
+            DeviceId = device.Id,
             AccountId = account.Id
         }.Normalize();
 

DysonNetwork.Pass/Auth/AuthDevice.cs

@@ -0,0 +1,17 @@
+using System.ComponentModel.DataAnnotations;
+using System.Text.Json.Serialization;
+using DysonNetwork.Shared.Data;
+using Microsoft.EntityFrameworkCore;
+
+namespace DysonNetwork.Pass.Auth;
+
+[Index(nameof(DeviceId), IsUnique = true)]
+public class AuthDevice : ModelBase
+{
+    public Guid Id { get; set; } = Guid.NewGuid();
+    [MaxLength(1024)] public string DeviceName { get; set; } = string.Empty;
+    [MaxLength(1024)] public string DeviceId { get; set; } = string.Empty;
+    
+    public Guid AccountId { get; set; }
+    [JsonIgnore] public Account.Account Account { get; set; } = null!;
+}

DysonNetwork.Pass/Auth/AuthService.cs

@@ -100,6 +100,21 @@ public class AuthService(
 
         return session;
     }
+    
+    public async Task<AuthDevice> GetOrCreateDeviceAsync(Guid accountId, string deviceId)
+    {
+        var device = await db.AuthDevices.FirstOrDefaultAsync(d => d.DeviceId == deviceId && d.AccountId == accountId);
+        if (device is not null) return device;
+        device = new AuthDevice
+        {
+            DeviceId = deviceId,
+            AccountId = accountId
+        };
+        db.AuthDevices.Add(device);
+        await db.SaveChangesAsync();
+
+        return device;
+    }
 
     public async Task<bool> ValidateCaptcha(string token)
     {

DysonNetwork.Pass/Auth/OpenId/OidcService.cs

@@ -217,6 +217,7 @@ public abstract class OidcService(
 
         // Create a challenge that's already completed
         var now = SystemClock.Instance.GetCurrentInstant();
+        var device = await auth.GetOrCreateDeviceAsync(account.Id, deviceId);
         var challenge = new AuthChallenge
         {
             ExpiredAt = now.Plus(Duration.FromHours(1)),
@@ -226,7 +227,7 @@ public abstract class OidcService(
             Audiences = [ProviderName],
             Scopes = ["*"],
             AccountId = account.Id,
-            DeviceId = deviceId,
+            DeviceId = device.Id,
             IpAddress = request.Connection.RemoteIpAddress?.ToString() ?? null,
             UserAgent = request.Request.Headers.UserAgent,
         };

DysonNetwork.Pass/Auth/Session.cs

@@ -67,12 +67,13 @@ public class AuthChallenge : ModelBase
     [Column(TypeName = "jsonb")] public List<string> Scopes { get; set; } = new();
     [MaxLength(128)] public string? IpAddress { get; set; }
     [MaxLength(512)] public string? UserAgent { get; set; }
-    [MaxLength(256)] public string? DeviceId { get; set; }
     [MaxLength(1024)] public string? Nonce { get; set; }
     public Point? Location { get; set; }
 
     public Guid AccountId { get; set; }
     [JsonIgnore] public Account.Account Account { get; set; } = null!;
+    public Guid DeviceId { get; set; }
+    public AuthDevice Device { get; set; } = null!;
 
     public AuthChallenge Normalize()
     {
@@ -94,7 +95,7 @@ public class AuthChallenge : ModelBase
         Scopes = { Scopes },
         IpAddress = IpAddress,
         UserAgent = UserAgent,
-        DeviceId = DeviceId,
+        DeviceId = DeviceId.ToString(),
         Nonce = Nonce,
         AccountId = AccountId.ToString()
     };