39 lines
1.8 KiB
C#
39 lines
1.8 KiB
C#
using System.Security.Cryptography;
|
|
using System.Text;
|
|
using Authinator.Backend.Database;
|
|
using Authinator.Backend.Database.Tables;
|
|
using Isopoh.Cryptography.Argon2;
|
|
|
|
namespace Authinator.Backend.Utils;
|
|
|
|
public static class AuthUtils {
|
|
public const string OverrideAuthCli = "--disable-auth";
|
|
private const string InternalUserPrefix = "_";
|
|
private const string GuestUser = $"{InternalUserPrefix}guest";
|
|
private const string FallbackUser = $"{InternalUserPrefix}debug";
|
|
|
|
private static readonly string[] FallbackGroups = { "admin" };
|
|
|
|
public static readonly bool OverrideAuth = Environment.GetCommandLineArgs().Contains(OverrideAuthCli);
|
|
|
|
public static string GetRemoteUsername(this HttpContext ctx, DatabaseContext db)
|
|
=> (OverrideAuth ? FallbackUser : db.Users.ValidateAuthToken(ctx.Request.Cookies[ConfigCache.CookieName]!)?.Username) ?? GuestUser;
|
|
|
|
public static User? GetRemoteUser(this HttpContext ctx, DatabaseContext db) => db.Users.ValidateAuthToken(ctx.Request.Cookies[ConfigCache.CookieName]!);
|
|
|
|
public static bool IsAuthenticated(this HttpContext ctx, DatabaseContext db)
|
|
=> OverrideAuth || (ctx.Request.Cookies.ContainsKey(ConfigCache.CookieName) && db.Users.ValidateAuthToken(ctx.Request.Cookies[ConfigCache.CookieName]!) != null);
|
|
|
|
public static bool IsAdmin(this HttpContext ctx, DatabaseContext db) => OverrideAuth
|
|
|| (ctx.Request.Cookies.ContainsKey(ConfigCache.CookieName)
|
|
&& ctx.GetRemoteUser(db) != null
|
|
&& ctx.GetRemoteUser(db)!.Groups.Any(p => p.Name == ConfigCache.AdminGroup));
|
|
|
|
public static IEnumerable<string> GetRemoteGroups(this HttpContext ctx) {
|
|
if (OverrideAuth)
|
|
return FallbackGroups;
|
|
|
|
return ctx.Request.Headers.TryGetValue("Remote-Groups", out var header) ? header.ToString().Split(",") : Array.Empty<string>();
|
|
}
|
|
}
|