From 4b2ad030fa381662f4b0c2464e97b0d2c5f6a716 Mon Sep 17 00:00:00 2001
From: Tim <contact@bytim.eu>
Date: Fri, 18 Apr 2025 12:25:59 +0200
Subject: Initial commit

---
 VPNAuth.Server/Program.cs | 98 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 98 insertions(+)
 create mode 100644 VPNAuth.Server/Program.cs

(limited to 'VPNAuth.Server/Program.cs')

diff --git a/VPNAuth.Server/Program.cs b/VPNAuth.Server/Program.cs
new file mode 100644
index 0000000..6ea0b40
--- /dev/null
+++ b/VPNAuth.Server/Program.cs
@@ -0,0 +1,98 @@
+using VPNAuth.Server;
+using VPNAuth.Server.Database;
+using VPNAuth.Server.Responses;
+
+Config.CreateIfNotExists();
+
+var builder = WebApplication.CreateBuilder(args);
+
+// Add services to the container.
+builder.Services.AddRazorPages();
+
+var app = builder.Build();
+
+// Configure the HTTP request pipeline.
+if (!app.Environment.IsDevelopment())
+{
+    app.UseExceptionHandler("/Error");
+    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
+    app.UseHsts();
+}
+
+app.UseHttpsRedirection();
+
+app.UseRouting();
+
+app.UseAuthorization();
+
+app.MapGet("/accept-auth/{id}", async (HttpContext context, int id) =>
+{
+    using var db = new Database();
+    var authRequest = db.AuthRequests.Find(id);
+    if (authRequest == null || authRequest.Accepted)
+    {
+        context.Response.StatusCode = StatusCodes.Status404NotFound;
+        return;
+    }
+
+    authRequest.Accepted = true;
+    db.SaveChanges();
+
+    var config = Config.Read();
+    context.Response.StatusCode = StatusCodes.Status302Found;
+    context.Response.Headers["Location"] = config.FindApp(authRequest.ClientId)!.RedirectUri!
+                                           + "?code=" + authRequest.Code
+                                           + "&state=" + authRequest.State;
+});
+
+app.MapPost("/access-token", async (HttpContext context) =>
+{
+    var config = Config.Read();
+    if (context.Request.Form["grant_type"] != "authorization_code")
+    {
+        context.Response.StatusCode = StatusCodes.Status400BadRequest;
+        return;
+    }
+
+    var clientSecret = config.FindApp(context.Request.Form["client_id"]!)!.Secret; // FIXME: null pointer
+    if (clientSecret != null && clientSecret != context.Request.Form["client_secret"])
+    {
+        context.Response.StatusCode = StatusCodes.Status403Forbidden;
+        return;
+    }
+
+    using var db = new Database();
+    var authRequest = db.AuthRequests
+        .Where(request => request.Code == context.Request.Form["code"].ToString())
+        .ToList()
+        .FirstOrDefault();
+    if (authRequest == null)
+    {
+        context.Response.StatusCode = StatusCodes.Status404NotFound;
+        return;
+    }
+
+    // TODO: validate code verifier -> context.Request.Form["code_verifier"]
+
+    var accessTokenEntry = db.AccessTokens.Add(new AccessToken
+    {
+        ClientId = authRequest.ClientId,
+        Scopes = authRequest.Scopes,
+        CreationTime = DateTime.Now,
+        Token = PkceUtils.GenerateToken()
+    });
+    db.SaveChanges();
+
+    await context.Response.WriteAsJsonAsync(new Token
+    {
+        AccessToken = accessTokenEntry.Entity.Token,
+        TokenType = "Bearer",
+        Expires = 0 // TODO: change to actual value
+    });
+});
+
+app.MapStaticAssets();
+app.MapRazorPages()
+    .WithStaticAssets();
+
+app.Run("http://localhost:8080");
-- 
cgit v1.2.3