From a3fd9ff79a98259590b7004fd1bbe79be7ff8e83 Mon Sep 17 00:00:00 2001
From: Tim <contact@bytim.eu>
Date: Tue, 22 Apr 2025 16:02:36 +0200
Subject: Add config option to only let specific users log into app

---
 VPNAuth.Server/Config.cs            | 7 ++++---
 VPNAuth.Server/Pages/Auth.cshtml.cs | 7 +++++--
 2 files changed, 9 insertions(+), 5 deletions(-)

(limited to 'VPNAuth.Server')

diff --git a/VPNAuth.Server/Config.cs b/VPNAuth.Server/Config.cs
index 32e72fa..cb57f11 100644
--- a/VPNAuth.Server/Config.cs
+++ b/VPNAuth.Server/Config.cs
@@ -13,6 +13,7 @@ public class ConfigApp
     public string? ClientId { get; set; }
     public string? RedirectUri { get; set; }
     public string? Secret { get; set; }
+    public List<string>? AllowedUsers { get; set; }
 }
 
 public class Config
@@ -20,7 +21,7 @@ public class Config
     public List<ConfigUser>? Users { get; set; }
     public List<ConfigApp>? Apps { get; set; }
 
-    public ConfigApp? FindApp(string clientId)
+    public ConfigApp? FindApp(string? clientId)
         => Apps?.Find(app => app.ClientId == clientId);
 
     private static string _filePath = "./config.json";
@@ -29,10 +30,10 @@ public class Config
     {
         if (File.Exists(_filePath)) return;
 
-        File.Create(_filePath);
         File.WriteAllText(_filePath, JsonSerializer.Serialize(new Config
         {
-            Users = []
+            Users = [],
+            Apps = []
         }));
     }
 
diff --git a/VPNAuth.Server/Pages/Auth.cshtml.cs b/VPNAuth.Server/Pages/Auth.cshtml.cs
index 1f75492..ea648cb 100644
--- a/VPNAuth.Server/Pages/Auth.cshtml.cs
+++ b/VPNAuth.Server/Pages/Auth.cshtml.cs
@@ -7,6 +7,7 @@ namespace VPNAuth.Server.Pages;
 public class Auth : PageModel
 {
     public Config Config;
+    public ConfigApp? ConfApp;
     public ConfigUser? User;
     public bool ValidRequest;
     public EntityEntry<AuthRequest>? RequestEntry;
@@ -23,12 +24,14 @@ public class Auth : PageModel
     public void OnGet()
     {
         Config = Config.Read();
+        ConfApp = Config.FindApp(Request.Query["client_id"]);
         User = HttpContext.GetUser();
 
         ValidRequest = RequiredQueryParams.All(key => Request.Query.ContainsKey(key))
-                            && Config.FindApp(Request.Query["client_id"]!) != null
+                            && ConfApp != null
                             && Request.Query["code_challenge_method"] == "S256"
-                            && User != null;
+                            && User != null
+                            && (ConfApp.AllowedUsers == null || ConfApp.AllowedUsers!.Contains(User.Username!));
 
         RequestEntry = null;
 
-- 
cgit v1.2.3