Split the greenfield authhandler in two classes

2026-02-22 22:54:23 +01:00 · 2020-03-27 13:06:41 +09:00
parent afdee9d8a2
commit d219ba5d32
4 changed files with 74 additions and 41 deletions
--- a/BTCPayServer/Security/GreenField/APIKeysAuthenticationHandler.cs
+++ b/BTCPayServer/Security/GreenField/APIKeysAuthenticationHandler.cs
@@ -0,0 +1,62 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Text;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using BTCPayServer.Client;
+using BTCPayServer.Data;
+using BTCPayServer.Security.Bitpay;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace BTCPayServer.Security.GreenField
+{
+    public class APIKeysAuthenticationHandler : AuthenticationHandler<GreenFieldAuthenticationOptions>
+    {
+        private readonly APIKeyRepository _apiKeyRepository;
+        private readonly IOptionsMonitor<IdentityOptions> _identityOptions;
+        private readonly SignInManager<ApplicationUser> _signInManager;
+        private readonly UserManager<ApplicationUser> _userManager;
+
+        public APIKeysAuthenticationHandler(
+            APIKeyRepository apiKeyRepository,
+            IOptionsMonitor<IdentityOptions> identityOptions,
+            IOptionsMonitor<GreenFieldAuthenticationOptions> options,
+            ILoggerFactory logger,
+            UrlEncoder encoder,
+            ISystemClock clock,
+            SignInManager<ApplicationUser> signInManager,
+            UserManager<ApplicationUser> userManager) : base(options, logger, encoder, clock)
+        {
+            _apiKeyRepository = apiKeyRepository;
+            _identityOptions = identityOptions;
+            _signInManager = signInManager;
+            _userManager = userManager;
+        }
+
+        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            if (!Context.Request.HttpContext.GetAPIKey(out var apiKey) || string.IsNullOrEmpty(apiKey))
+                return AuthenticateResult.NoResult();
+
+            var key = await _apiKeyRepository.GetKey(apiKey);
+
+            if (key == null)
+            {
+                return AuthenticateResult.Fail("ApiKey authentication failed");
+            }
+
+            List<Claim> claims = new List<Claim>();
+            claims.Add(new Claim(_identityOptions.CurrentValue.ClaimsIdentity.UserIdClaimType, key.UserId));
+            claims.AddRange(Permission.ToPermissions(key.Permissions).Select(permission =>
+                new Claim(GreenFieldConstants.ClaimTypes.Permission, permission.ToString())));
+            return AuthenticateResult.Success(new AuthenticationTicket(
+                new ClaimsPrincipal(new ClaimsIdentity(claims, GreenFieldConstants.AuthenticationType)),
+                GreenFieldConstants.AuthenticationType));
+        }
+    }
+}