Broker implementation updated.

2025-07-05 08:48:14 +02:00
parent 8735510dfc
commit 91a1f7aa61
22 changed files with 587 additions and 510 deletions
--- a/code/MessengerBroker/Handlers/CustomBearerAuthenticationHandler.cs
+++ b/code/MessengerBroker/Handlers/CustomBearerAuthenticationHandler.cs
@ -0,0 +1,78 @@
+using MessengerBroker.Configuration.Model;
+using MessengerBroker.Models;
+using MessengerBroker.Models.Scoped;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.Caching.Memory;
+using Microsoft.Extensions.Options;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+
+namespace MessengerBroker.Handlers
+{
+    /// <summary>
+    /// Validates our permananet API keys sent over as Bearer tokens.
+    /// </summary>
+    public class CustomBearerAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
+    {
+        private readonly IMemoryCache memoryCache;
+        private readonly BrokerConfiguration configuration;
+
+        public CustomBearerAuthenticationHandler(
+        IOptionsMonitor<AuthenticationSchemeOptions> options,
+        ILoggerFactory loggerFactory,
+        UrlEncoder encoder,
+        IMemoryCache memoryCache,
+        BrokerConfiguration configuration)
+        : base(options, loggerFactory, encoder)
+        {
+            this.memoryCache = memoryCache;
+            this.configuration = configuration;
+        }
+
+        protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            const string HEADER = "Authorization";
+            const string PREFIX = "Bearer ";
+
+            if (!Request.Headers.TryGetValue(HEADER, out var authHeader) ||
+                !authHeader.ToString().StartsWith(PREFIX))
+            {
+                return Task.FromResult(AuthenticateResult.NoResult());
+            }
+            
+            var token = authHeader.ToString().Substring(PREFIX.Length).Trim();
+
+            if(memoryCache.TryGetValue(token, out CachedIdentity oldCache))
+            {
+                var identity = Context.RequestServices.GetRequiredService<Identity>();
+                identity.Server = oldCache.Server;
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(oldCache.ClaimsPrincipal, Scheme.Name)));
+            }
+            else
+            {
+                var brokerId = Guid.Parse(token);
+                var server = configuration.SlaveServers.SingleOrDefault(x => x.BrokerId == brokerId);
+
+                var principal = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    new List<Claim>
+                    {
+                        new Claim(ClaimTypes.NameIdentifier, token),
+                        new Claim(ClaimTypes.Name, token)
+                    }, Scheme.Name));
+
+                var cache = new CachedIdentity
+                {
+                    ClaimsPrincipal = principal,
+                    Server = server
+                };
+
+                memoryCache.Set(token, cache, TimeSpan.FromMinutes(5));
+
+                var identity = Context.RequestServices.GetRequiredService<Identity>();
+                identity.Server = server;
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(cache.ClaimsPrincipal, Scheme.Name)));
+            }
+        }
+    }
+}