public async Task <List <UserGuild> > GetUserGuilds(AuthEntry authEntry) { return(await memoryCache.GetOrCreateAsync($"userguilds={authEntry.UserId}", async (cacheEntry) => { cacheEntry.AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(3); return await discordHttp.GetCurrentUserGuilds(authEntry.AccessToken); })); }
private async Task <bool> IsAllowedAudio(AuthEntry authEntry, uint id) { var guildsTask = userService.GetAllowedUserGuilds(authEntry); var audioOwnersTask = memoryCache.GetOrCreateAsync($"GetAudioOwnersByAudio({id})", async(cacheEntry) => { cacheEntry.AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(10); return(await audioOwnerRepo.GetAudioOwnersByAudio(id)); }); await Task.WhenAll(guildsTask, audioOwnersTask); var ownerIds = guildsTask.Result.Select(x => x.Id).Concat(authEntry.UserId.Yield()).ToList(); return(ownerIds.Join(audioOwnersTask.Result, ownerId => ownerId, ao => ao.OwnerId, (outer, inner) => (outer, inner)).Any()); }
/// <summary> /// Checks to see if the currently authorized user has access to an action /// </summary> /// <param name="actionName">The action name to check for access to</param> /// <returns>True if the employee has access to the action, false if otherwise</returns> public bool HasAccess(string actionName) { // If the user auth object is an employee if (User is Employee) { // Check the auth table for permission AuthEntry entry = myAuths[((Employee)User).Role].FirstOrDefault((X) => X.ActionName.Equals(actionName)); // Return whether there was an entry, and if that entry allows us permission return(entry != null && entry.IsAllowed); } // If the auth object is null or another type, search the NullAuths collection else { return(User == null && myNullAuths.Contains(actionName)); } }
public async Task <AuthEntry> CreateAuthEntry(AuthEntry entry) { var time = BitConverter.GetBytes(DateTimeOffset.UtcNow.ToUnixTimeMilliseconds()); byte[] key = new byte[32 + time.Length]; time.CopyTo(key, 0); RandomNumberGenerator.Create().GetBytes(key, time.Length, key.Length - time.Length); var table = GetAuthTable(); var doc = Document.FromAttributeMap(new System.Collections.Generic.Dictionary <string, AttributeValue> { { "key", new AttributeValue { B = new System.IO.MemoryStream(key) } }, { "access_token", new AttributeValue { S = entry.AccessToken } }, { "expires", new AttributeValue { N = entry.Expires.ToString() } }, { "refresh_token", new AttributeValue { S = entry.RefreshToken } }, { "scope", new AttributeValue { S = entry.Scope } }, { "user_id", new AttributeValue { N = entry.UserId.ToString() } }, { "avatar", new AttributeValue { S = entry.Avatar } } }); await table.PutItemAsync(doc); return(new AuthEntry { AccessToken = entry.AccessToken, Avatar = entry.Avatar, Expires = entry.Expires, Key = Convert.ToBase64String(key), RefreshToken = entry.RefreshToken, Scope = entry.Scope, UserId = entry.UserId }); }
public async Task <AuthEntry> GetAuthEntry(string key) { var table = GetAuthTable(); var doc = await table.GetItemAsync(new Primitive(new System.IO.MemoryStream(Convert.FromBase64String(key)))); if (doc == null) { return(null); } var result = new AuthEntry { AccessToken = doc["access_token"].AsString(), Expires = doc["expires"].AsLong(), Key = doc["key"].ToString(), RefreshToken = doc["refresh_token"].AsString(), Scope = doc["scope"].AsString(), UserId = doc["user_id"].AsULong(), Avatar = doc["avatar"].AsString() }; return(result); }
public Auth(string registry, AuthEntry entry) : this() { this.Auths.Add(registry, entry); }
public async Task <IActionResult> OAuth(string code = null, string state = null) { var now = DateTime.UtcNow; if (string.IsNullOrWhiteSpace(code)) { return(BadRequest()); } if (string.IsNullOrWhiteSpace(state)) { return(BadRequest()); } var trysKey = $"oauthtrys={Request.HttpContext.Connection.RemoteIpAddress}"; var trys = (int?)memoryCache.Get(trysKey); if (trys.HasValue) { memoryCache.Set(trysKey, trys.Value + 1, now.AddMinutes(1)); if (trys.Value > 5) { return(StatusCode(420, $"Too Many Requests. Try again after {now.AddSeconds(70).ToString("o")}")); } } else { memoryCache.Set(trysKey, 1, TimeSpan.FromMinutes(1)); } var storedState = Request.Cookies["state"]; if (storedState != state) { return(BadRequest()); } Response.Cookies.Append("state", "", new CookieOptions { HttpOnly = true, Expires = DateTimeOffset.Now.AddDays(-100), IsEssential = true }); var accessTokenResponse = await discordHttp.GetAccessToken(code); if (!accessTokenResponse.Scopes.Contains("identify") || !accessTokenResponse.Scopes.Contains("guilds")) { return(BadRequest()); } var userReponse = await discordHttp.GetCurrentUser(accessTokenResponse.AccessToken); if (!ulong.TryParse(userReponse.Id, out var userId)) { return(BadRequest()); } var unixTime = now.AddSeconds(accessTokenResponse.ExpiresIn).ToUnixTime(); var authEntry = new AuthEntry { AccessToken = accessTokenResponse.AccessToken, Expires = unixTime, RefreshToken = accessTokenResponse.RefreshToken, Scope = accessTokenResponse.Scope, UserId = userId, Avatar = userReponse.Avatar }; var newAuthEntry = await authRepo.CreateAuthEntry(authEntry); var cookieOptions = new CookieOptions { Expires = DateTimeOffset.FromUnixTimeSeconds(unixTime), HttpOnly = true, IsEssential = true, }; Response.Cookies.Append("key", newAuthEntry.Key, cookieOptions); memoryCache.Set($"key={newAuthEntry.Key}", authEntry, TimeSpan.FromMinutes(1)); return(RedirectToAction("Index", "Home")); }
public Task <List <UserGuild> > AllowedGuildsFilter(List <UserGuild> guilds, AuthEntry authEntry) { var validGuilds = guilds.Where(x => x.Owner || (x.PermissionsInt & (uint)Permissions.Administrator) == (uint)Permissions.Administrator).ToList(); return(Task.FromResult(validGuilds)); }
public async Task <List <UserGuild> > GetAllowedUserGuilds(AuthEntry authEntry) { var guilds = await GetUserGuilds(authEntry); return(await AllowedGuildsFilter(guilds, authEntry)); }