ToxicMushroom/mare.server
1
0
Fork 0
mirror of https://github.com/Caraxi/mare.server.git synced 2025-12-29 23:03:39 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adjust Auth on server (#15)

Browse source 
* add auth that verifies identity is marked online

* few changes for testing

* handle identity with requirements

* remove unnecessary logging from auth handler

* change to UserRequirements

* fixes to checks

* fixes to UserRequirementHandler

Co-authored-by: rootdarkarchon <root.darkarchon@outlook.com>
This commit is contained in:
rootdarkarchon 2022-10-10 19:44:30 +02:00 committed by GitHub
parent 0d8a401f13
commit d37c1208fe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 163 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

31
MareSynchronosServer/MareSynchronosServer/Startup.cs
View file

@ -22,6 +22,7 @@ using System.Collections.Generic;
using MareSynchronosServer.Services;
using System.Net.Http;
using MareSynchronosServer.Utils;
using MareSynchronosServer.RequirementHandlers;
namespace MareSynchronosServer;
@ -119,6 +120,7 @@ public class Startup
});
services.AddSingleton<GrpcClientIdentificationService>();
services.AddTransient<IAuthorizationHandler, UserRequirementHandler>();
services.AddHostedService(p => p.GetService<GrpcClientIdentificationService>());
services.AddDbContextPool<MareDbContext>(options =>
@ -131,11 +133,32 @@ public class Startup
options.EnableThreadSafetyChecks(false);
}, mareConfig.GetValue("DbContextPoolSize", 1024));
services.AddAuthentication(options =>
services.AddAuthentication(SecretKeyGrpcAuthenticationHandler.AuthScheme)
.AddScheme<AuthenticationSchemeOptions, SecretKeyGrpcAuthenticationHandler>(SecretKeyGrpcAuthenticationHandler.AuthScheme, options => { options.Validate(); });
services.AddAuthorization(options =>
{
options.DefaultScheme = SecretKeyGrpcAuthenticationHandler.AuthScheme;
}).AddScheme<AuthenticationSchemeOptions, SecretKeyGrpcAuthenticationHandler>(SecretKeyGrpcAuthenticationHandler.AuthScheme, _ => { });
services.AddAuthorization(options => options.FallbackPolicy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(SecretKeyGrpcAuthenticationHandler.AuthScheme)
.RequireAuthenticatedUser().Build();
options.AddPolicy("Authenticated", policy =>
{
policy.AddAuthenticationSchemes(SecretKeyGrpcAuthenticationHandler.AuthScheme);
policy.RequireAuthenticatedUser();
});
options.AddPolicy("Identified", policy =>
{
policy.AddRequirements(new UserRequirement(UserRequirements.Identified));
});
options.AddPolicy("Admin", policy =>
{
policy.AddRequirements(new UserRequirement(UserRequirements.Identified | UserRequirements.Administrator));
});
options.AddPolicy("Moderator", policy =>
{
policy.AddRequirements(new UserRequirement(UserRequirements.Identified | UserRequirements.Moderator | UserRequirements.Administrator));
});
});
services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>();