using VPNAuth.Server.Responses;
namespace VPNAuth.Server.Api;
public static class Oidc
{
public static async Task UserInfoHandler(HttpContext context)
{
if (context.Request.Method != "GET" && context.Request.Method != "POST")
{
context.Response.StatusCode = StatusCodes.Status405MethodNotAllowed;
return;
}
var tokenHeader = context.Request.Headers["Authorization"].First()?.Split(" ");
if (tokenHeader?.Length == 1 || tokenHeader?[0] != "Bearer")
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
return;
}
if (tokenHeader.Length < 2)
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
return;
}
using var db = new Database.Database();
var tokenDbEntry = db.AccessTokens
.Where(tokenEntry => tokenEntry.Token == tokenHeader[1])
.ToList()
.FirstOrDefault();
if (tokenDbEntry == null)
{
context.Response.StatusCode = StatusCodes.Status403Forbidden;
return;
}
if (!tokenDbEntry.Scopes.Contains("openid"))
{
context.Response.StatusCode = StatusCodes.Status403Forbidden;
return;
}
var userInformation = db.UserInformation
.Where(entry => entry.Sub == tokenDbEntry.Username)
.ToList()
.FirstOrDefault();
if (userInformation == null)
{
context.Response.StatusCode = StatusCodes.Status204NoContent;
return;
}
var userInfoResponse = new UserInfo();
if (tokenDbEntry.Scopes.Contains("profile"))
{
userInfoResponse.GivenName = userInformation.GivenName;
userInfoResponse.FamilyName = userInformation.FamilyName;
userInfoResponse.Name = userInformation.Name;
userInfoResponse.Picture = userInformation.Picture;
userInfoResponse.PreferredUsername = userInformation.PreferredUsername;
}
if (tokenDbEntry.Scopes.Contains("email"))
userInfoResponse.Email = userInformation.Email;
userInfoResponse.Sub = userInformation.Sub;
await context.Response.WriteAsJsonAsync(userInfoResponse);
}
}