public async Task <List <UserGuild> > GetUserGuilds(AuthEntry authEntry)
{
return(await memoryCache.GetOrCreateAsync($"userguilds={authEntry.UserId}", async (cacheEntry) =>
{
cacheEntry.AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(3);
return await discordHttp.GetCurrentUserGuilds(authEntry.AccessToken);
}));
}
private async Task <bool> IsAllowedAudio(AuthEntry authEntry, uint id)
{
var guildsTask = userService.GetAllowedUserGuilds(authEntry);
var audioOwnersTask = memoryCache.GetOrCreateAsync($"GetAudioOwnersByAudio({id})",
async(cacheEntry) =>
{
cacheEntry.AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(10);
return(await audioOwnerRepo.GetAudioOwnersByAudio(id));
});
await Task.WhenAll(guildsTask, audioOwnersTask);
var ownerIds = guildsTask.Result.Select(x => x.Id).Concat(authEntry.UserId.Yield()).ToList();
return(ownerIds.Join(audioOwnersTask.Result, ownerId => ownerId, ao => ao.OwnerId, (outer, inner) => (outer, inner)).Any());
}
/// <summary>
/// Checks to see if the currently authorized user has access to an action
/// </summary>
/// <param name="actionName">The action name to check for access to</param>
/// <returns>True if the employee has access to the action, false if otherwise</returns>
public bool HasAccess(string actionName)
{
// If the user auth object is an employee
if (User is Employee)
{
// Check the auth table for permission
AuthEntry entry = myAuths[((Employee)User).Role].FirstOrDefault((X) => X.ActionName.Equals(actionName));
// Return whether there was an entry, and if that entry allows us permission
return(entry != null && entry.IsAllowed);
}
// If the auth object is null or another type, search the NullAuths collection
else
{
return(User == null && myNullAuths.Contains(actionName));
}
}
public async Task <AuthEntry> CreateAuthEntry(AuthEntry entry)
{
var time = BitConverter.GetBytes(DateTimeOffset.UtcNow.ToUnixTimeMilliseconds());
byte[] key = new byte[32 + time.Length];
time.CopyTo(key, 0);
RandomNumberGenerator.Create().GetBytes(key, time.Length, key.Length - time.Length);
var table = GetAuthTable();
var doc = Document.FromAttributeMap(new System.Collections.Generic.Dictionary <string, AttributeValue>
{
{ "key", new AttributeValue {
B = new System.IO.MemoryStream(key)
} },
{ "access_token", new AttributeValue {
S = entry.AccessToken
} },
{ "expires", new AttributeValue {
N = entry.Expires.ToString()
} },
{ "refresh_token", new AttributeValue {
S = entry.RefreshToken
} },
{ "scope", new AttributeValue {
S = entry.Scope
} },
{ "user_id", new AttributeValue {
N = entry.UserId.ToString()
} },
{ "avatar", new AttributeValue {
S = entry.Avatar
} }
});
await table.PutItemAsync(doc);
return(new AuthEntry
{
AccessToken = entry.AccessToken,
Avatar = entry.Avatar,
Expires = entry.Expires,
Key = Convert.ToBase64String(key),
RefreshToken = entry.RefreshToken,
Scope = entry.Scope,
UserId = entry.UserId
});
}
public async Task <AuthEntry> GetAuthEntry(string key)
{
var table = GetAuthTable();
var doc = await table.GetItemAsync(new Primitive(new System.IO.MemoryStream(Convert.FromBase64String(key))));
if (doc == null)
{
return(null);
}
var result = new AuthEntry
{
AccessToken = doc["access_token"].AsString(),
Expires = doc["expires"].AsLong(),
Key = doc["key"].ToString(),
RefreshToken = doc["refresh_token"].AsString(),
Scope = doc["scope"].AsString(),
UserId = doc["user_id"].AsULong(),
Avatar = doc["avatar"].AsString()
};
return(result);
}
public Auth(string registry, AuthEntry entry)
: this()
{
this.Auths.Add(registry, entry);
}
public async Task <IActionResult> OAuth(string code = null, string state = null)
{
var now = DateTime.UtcNow;
if (string.IsNullOrWhiteSpace(code))
{
return(BadRequest());
}
if (string.IsNullOrWhiteSpace(state))
{
return(BadRequest());
}
var trysKey = $"oauthtrys={Request.HttpContext.Connection.RemoteIpAddress}";
var trys = (int?)memoryCache.Get(trysKey);
if (trys.HasValue)
{
memoryCache.Set(trysKey, trys.Value + 1, now.AddMinutes(1));
if (trys.Value > 5)
{
return(StatusCode(420, $"Too Many Requests. Try again after {now.AddSeconds(70).ToString("o")}"));
}
}
else
{
memoryCache.Set(trysKey, 1, TimeSpan.FromMinutes(1));
}
var storedState = Request.Cookies["state"];
if (storedState != state)
{
return(BadRequest());
}
Response.Cookies.Append("state", "", new CookieOptions
{
HttpOnly = true,
Expires = DateTimeOffset.Now.AddDays(-100),
IsEssential = true
});
var accessTokenResponse = await discordHttp.GetAccessToken(code);
if (!accessTokenResponse.Scopes.Contains("identify") ||
!accessTokenResponse.Scopes.Contains("guilds"))
{
return(BadRequest());
}
var userReponse = await discordHttp.GetCurrentUser(accessTokenResponse.AccessToken);
if (!ulong.TryParse(userReponse.Id, out var userId))
{
return(BadRequest());
}
var unixTime = now.AddSeconds(accessTokenResponse.ExpiresIn).ToUnixTime();
var authEntry = new AuthEntry
{
AccessToken = accessTokenResponse.AccessToken,
Expires = unixTime,
RefreshToken = accessTokenResponse.RefreshToken,
Scope = accessTokenResponse.Scope,
UserId = userId,
Avatar = userReponse.Avatar
};
var newAuthEntry = await authRepo.CreateAuthEntry(authEntry);
var cookieOptions = new CookieOptions
{
Expires = DateTimeOffset.FromUnixTimeSeconds(unixTime),
HttpOnly = true,
IsEssential = true,
};
Response.Cookies.Append("key", newAuthEntry.Key, cookieOptions);
memoryCache.Set($"key={newAuthEntry.Key}", authEntry, TimeSpan.FromMinutes(1));
return(RedirectToAction("Index", "Home"));
}
public Task <List <UserGuild> > AllowedGuildsFilter(List <UserGuild> guilds, AuthEntry authEntry)
{
var validGuilds = guilds.Where(x => x.Owner || (x.PermissionsInt & (uint)Permissions.Administrator) == (uint)Permissions.Administrator).ToList();
return(Task.FromResult(validGuilds));
}
public async Task <List <UserGuild> > GetAllowedUserGuilds(AuthEntry authEntry)
{
var guilds = await GetUserGuilds(authEntry);
return(await AllowedGuildsFilter(guilds, authEntry));
}