aboutsummaryrefslogtreecommitdiff
path: root/VPNAuth.Server/Program.cs
diff options
context:
space:
mode:
Diffstat (limited to 'VPNAuth.Server/Program.cs')
-rw-r--r--VPNAuth.Server/Program.cs195
1 files changed, 6 insertions, 189 deletions
diff --git a/VPNAuth.Server/Program.cs b/VPNAuth.Server/Program.cs
index e9dc036..b52abd8 100644
--- a/VPNAuth.Server/Program.cs
+++ b/VPNAuth.Server/Program.cs
@@ -2,6 +2,7 @@ using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using VPNAuth.Server;
+using VPNAuth.Server.Api;
using VPNAuth.Server.Database;
using VPNAuth.Server.Responses;
@@ -27,196 +28,12 @@ app.UseStaticFiles(new StaticFileOptions
{
RequestPath = "/static"
});
-app.UseRouting();
-
-app.MapGet("/accept-auth/{id}", async (HttpContext context, int id) =>
-{
- using var db = new Database();
- var authRequest = db.AuthRequests.Find(id);
- if (authRequest == null || authRequest.Accepted)
- {
- context.Response.StatusCode = StatusCodes.Status404NotFound;
- return;
- }
-
- if (authRequest.Username != context.GetUser()?.Username)
- {
- context.Response.StatusCode = StatusCodes.Status403Forbidden;
- return;
- }
-
- authRequest.Accepted = true;
- db.SaveChanges();
-
- var config = Config.Read();
- context.Response.StatusCode = StatusCodes.Status302Found;
- context.Response.Headers["Location"] = config.FindApp(authRequest.ClientId)!.RedirectUri!
- + "?code=" + authRequest.Code
- + "&state=" + authRequest.State;
-});
-
-app.MapPost("/access-token", async (HttpContext context) =>
-{
- var config = Config.Read();
- if (context.Request.Form["grant_type"] != "authorization_code")
- {
- context.Response.StatusCode = StatusCodes.Status400BadRequest;
- return;
- }
-
- var clientSecret = config.FindApp(context.Request.Form["client_id"]!)!.Secret; // FIXME: null pointer
- if (clientSecret != null && clientSecret != context.Request.Form["client_secret"])
- {
- context.Response.StatusCode = StatusCodes.Status403Forbidden;
- return;
- }
-
- using var db = new Database();
- var authRequest = db.AuthRequests
- .Where(request => request.Code == context.Request.Form["code"].ToString())
- .ToList()
- .FirstOrDefault();
- if (authRequest == null)
- {
- context.Response.StatusCode = StatusCodes.Status404NotFound;
- return;
- }
-
- if (!context.Request.Form.ContainsKey("code_verifier"))
- {
- context.Response.StatusCode = StatusCodes.Status400BadRequest;
- return;
- }
-
- using var sha256 = SHA256.Create();
- var removeCodeChallengeEnd = new Regex("=$");
-
- var verifier = context.Request.Form["code_verifier"];
- var verifierBytes = Encoding.ASCII.GetBytes(verifier.ToString());
- var hashedVerifierBytes = sha256.ComputeHash(verifierBytes);
- var expectedCodeChallenge = removeCodeChallengeEnd.Replace(Convert.ToBase64String(hashedVerifierBytes), "")
- .Replace("+", "-")
- .Replace("/", "_");
-
- if (expectedCodeChallenge != authRequest.CodeChallenge)
- {
- context.Response.StatusCode = StatusCodes.Status403Forbidden;
- return;
- }
-
- var accessTokenEntry = db.AccessTokens.Add(new AccessToken
- {
- ClientId = authRequest.ClientId,
- Scopes = authRequest.Scopes,
- CreationTime = DateTime.Now,
- Token = PkceUtils.GenerateToken(),
- Username = authRequest.Username
- });
- db.SaveChanges();
-
- await context.Response.WriteAsJsonAsync(new Token
- {
- AccessToken = accessTokenEntry.Entity.Token,
- TokenType = "Bearer",
- Expires = 0 // TODO: change to actual value
- });
-});
-
-app.MapPost("/user-info-settings", async (HttpContext context) =>
-{
- using var db = new Database();
-
- ConfigUser? configUser = context.GetUser();
-
- if (configUser == null)
- {
- context.Response.StatusCode = StatusCodes.Status401Unauthorized;
- }
- UserInformation? userInformation = db.UserInformation
- .Where(user => user.Sub == configUser!.Username)
- .ToList()
- .FirstOrDefault() ?? db.Add(new UserInformation
- {
- Sub = configUser!.Username
- }).Entity;
-
- if (context.Request.Form.ContainsKey("given-name"))
- userInformation.GivenName = context.Request.Form["given-name"]!;
-
- if (context.Request.Form.ContainsKey("family-name"))
- userInformation.FamilyName = context.Request.Form["family-name"]!;
-
- if (context.Request.Form.ContainsKey("preferred-username"))
- userInformation.PreferredUsername = context.Request.Form["preferred-username"]!;
-
- if (context.Request.Form.ContainsKey("email"))
- userInformation.Email = context.Request.Form["email"]!;
-
- if (context.Request.Form.ContainsKey("picture"))
- userInformation.Picture = context.Request.Form["picture"]!;
-
- userInformation.Name = userInformation.GivenName + " " + userInformation.FamilyName;
-
- db.SaveChanges();
-});
-
-app.Map("/user-info", (HttpContext context) =>
-{
- if (context.Request.Method != "GET" && context.Request.Method != "POST")
- {
- context.Response.StatusCode = StatusCodes.Status405MethodNotAllowed;
- return;
- }
-
- var tokenHeader = context.Request.Headers["Authorization"].First()?.Split(" ");
-
- if (tokenHeader?.Length == 1 || tokenHeader?[0] != "Bearer")
- {
- context.Response.StatusCode = StatusCodes.Status400BadRequest;
- return;
- }
-
- if (tokenHeader.Length < 2)
- {
- context.Response.StatusCode = StatusCodes.Status401Unauthorized;
- return;
- }
-
- using var db = new Database();
- var tokenDbEntry = db.AccessTokens
- .Where(tokenEntry => tokenEntry.Token == tokenHeader[1])
- .ToList()
- .FirstOrDefault();
-
- if (tokenDbEntry == null)
- {
- context.Response.StatusCode = StatusCodes.Status403Forbidden;
- return;
- }
-
- var userInformation = db.UserInformation
- .Where(entry => entry.Sub == tokenDbEntry.Username)
- .ToList()
- .FirstOrDefault();
-
- if (userInformation == null)
- {
- context.Response.StatusCode = StatusCodes.Status204NoContent;
- return;
- }
-
- context.Response.WriteAsJsonAsync(new UserInfo
- {
- Email = userInformation.Email,
- GivenName = userInformation.GivenName,
- FamilyName = userInformation.FamilyName,
- Name = userInformation.Name,
- Picture = userInformation.Picture,
- PreferredUsername = userInformation.PreferredUsername,
- Sub = userInformation.Sub
- });
-});
+app.UseRouting();
+app.MapGet("/accept-auth/{id}", OAuth2.AcceptAuthHandler);
+app.MapPost("/access-token", OAuth2.AccessTokenHandler);
+app.MapPost("/user-info-settings", UserInterface.UserSettingsHandler);
+app.Map("/user-info", Oidc.UserInfoHandler);
app.MapStaticAssets();
app.MapRazorPages()
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-04 21:40:17 +0000