:drunk: AI trying to fix bugs

2025-07-06 21:15:30 +08:00
parent 3391c08c04
commit 7d1f096e87
70 changed files with 681 additions and 66945 deletions
--- a/DysonNetwork.Common/Services/Permission/PermissionMiddleware.cs
+++ b/DysonNetwork.Common/Services/Permission/PermissionMiddleware.cs
@ -0,0 +1,100 @@
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.DependencyInjection;
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using DysonNetwork.Common.Extensions;
+using Microsoft.AspNetCore.Http.Extensions;
+
+namespace DysonNetwork.Common.Services.Permission;
+
+[AttributeUsage(AttributeTargets.Method, Inherited = true)]
+public class RequiredPermissionAttribute(string area, string key) : Attribute
+{
+    public string Area { get; set; } = area;
+    public string Key { get; } = key;
+}
+
+public class PermissionMiddleware<TDbContext> where TDbContext : DbContext
+{
+    private readonly RequestDelegate _next;
+    private readonly IServiceProvider _serviceProvider;
+
+    public PermissionMiddleware(RequestDelegate next, IServiceProvider serviceProvider)
+    {
+        _next = next;
+        _serviceProvider = serviceProvider;
+    }
+
+    public async Task InvokeAsync(HttpContext httpContext)
+    {
+        using var scope = _serviceProvider.CreateScope();
+        var permissionService = new PermissionService<TDbContext>(
+            scope.ServiceProvider.GetRequiredService<TDbContext>(),
+            scope.ServiceProvider.GetRequiredService<ICacheService>()
+        );
+
+        var endpoint = httpContext.GetEndpoint();
+        var attr = endpoint?.Metadata.OfType<RequiredPermissionAttribute>().FirstOrDefault();
+
+        if (attr != null)
+        {
+            if (httpContext.User.Identity?.IsAuthenticated != true)
+            {
+                httpContext.Response.StatusCode = StatusCodes.Status403Forbidden;
+                await httpContext.Response.WriteAsync("Unauthorized");
+                return;
+            }
+
+            var currentUserId = httpContext.User.GetUserId();
+            if (currentUserId == Guid.Empty)
+            {
+                httpContext.Response.StatusCode = StatusCodes.Status403Forbidden;
+                await httpContext.Response.WriteAsync("Unauthorized");
+                return;
+            }
+
+            // TODO: Check for superuser from PassClient
+            // if (currentUser.IsSuperuser)
+            // {
+            //     await _next(httpContext);
+            //     return;
+            // }
+
+            var actor = $"user:{currentUserId}";
+            var hasPermission = await permissionService.HasPermissionAsync(actor, attr.Area, attr.Key);
+
+            if (!hasPermission)
+            {
+                httpContext.Response.StatusCode = StatusCodes.Status403Forbidden;
+                await httpContext.Response.WriteAsync("Forbidden");
+                return;
+            }
+        }
+
+        await _next.Invoke(httpContext);
+    }
+}
+
+public static class PermissionServiceExtensions
+{
+    public static IServiceCollection AddPermissionService<TDbContext>(this IServiceCollection services) 
+        where TDbContext : DbContext
+    {
+        services.AddScoped<PermissionService<TDbContext>>(sp => 
+            new PermissionService<TDbContext>(
+                sp.GetRequiredService<TDbContext>(),
+                sp.GetRequiredService<ICacheService>()
+            ));
+        
+        return services;
+    }
+
+    public static IApplicationBuilder UsePermissionMiddleware<TDbContext>(this IApplicationBuilder builder)
+        where TDbContext : DbContext
+    {
+        return builder.UseMiddleware<PermissionMiddleware<TDbContext>>(builder.ApplicationServices);
+    }
+}