using VPNAuth.Server.Responses; namespace VPNAuth.Server.Api; public static class Oidc { public static async Task UserInfoHandler(HttpContext context) { if (context.Request.Method != "GET" && context.Request.Method != "POST") { context.Response.StatusCode = StatusCodes.Status405MethodNotAllowed; return; } var tokenHeader = context.Request.Headers["Authorization"].First()?.Split(" "); if (tokenHeader?.Length == 1 || tokenHeader?[0] != "Bearer") { context.Response.StatusCode = StatusCodes.Status400BadRequest; return; } if (tokenHeader.Length < 2) { context.Response.StatusCode = StatusCodes.Status401Unauthorized; return; } using var db = new Database.Database(); var tokenDbEntry = db.AccessTokens .Where(tokenEntry => tokenEntry.Token == tokenHeader[1]) .ToList() .FirstOrDefault(); if (tokenDbEntry == null) { context.Response.StatusCode = StatusCodes.Status403Forbidden; return; } if (!tokenDbEntry.Scopes.Contains("openid")) { context.Response.StatusCode = StatusCodes.Status403Forbidden; return; } var userInformation = db.UserInformation .Where(entry => entry.Sub == tokenDbEntry.Username) .ToList() .FirstOrDefault(); if (userInformation == null) { context.Response.StatusCode = StatusCodes.Status204NoContent; return; } var userInfoResponse = new UserInfo(); if (tokenDbEntry.Scopes.Contains("profile")) { userInfoResponse.GivenName = userInformation.GivenName; userInfoResponse.FamilyName = userInformation.FamilyName; userInfoResponse.Name = userInformation.Name; userInfoResponse.Picture = userInformation.Picture; userInfoResponse.PreferredUsername = userInformation.PreferredUsername; } if (tokenDbEntry.Scopes.Contains("email")) userInfoResponse.Email = userInformation.Email; userInfoResponse.Sub = userInformation.Sub; await context.Response.WriteAsJsonAsync(userInfoResponse); } }