-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathBasicAuthenticateRequestHandler.cs
More file actions
139 lines (119 loc) · 6.96 KB
/
BasicAuthenticateRequestHandler.cs
File metadata and controls
139 lines (119 loc) · 6.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
// The Sisk Framework source code
// Copyright (c) 2024- PROJECT PRINCIPIUM and all Sisk contributors
//
// The code below is licensed under the MIT license as
// of the date of its publication, available at
//
// File name: BasicAuthenticateRequestHandler.cs
// Repository: https://github.com/sisk-http/core
using Sisk.Core.Http;
using Sisk.Core.Routing;
namespace Sisk.BasicAuth;
/// <summary>
/// Gets a <see cref="IRequestHandler"/> that serves as an authenticator for the Basic Authentication scheme, which can validate a user id and password.
/// </summary>
public class BasicAuthenticateRequestHandler : IRequestHandler {
const string DefaultRealm = "Access to the protected webpage";
private Func<BasicAuthenticationCredentials, HttpContext, HttpResponse?> validateDefault;
/// <summary>
/// Initializes a new instance of the <see cref="BasicAuthenticateRequestHandler"/> class with default settings.
/// </summary>
public BasicAuthenticateRequestHandler () : this ( ( a, b ) => null, null ) {
}
/// <summary>
/// Initializes a new instance of the <see cref="BasicAuthenticateRequestHandler"/> class with a custom authentication function and realm message.
/// </summary>
/// <param name="authenticateRequest">A function that validates the <see cref="BasicAuthenticationCredentials"/> against the provided <see cref="HttpContext"/>. It should return an <see cref="HttpResponse"/> if authentication fails, otherwise <see langword="null"/>.</param>
/// <param name="realmMessage">The realm message to be used in the Basic Authentication challenge.</param>
public BasicAuthenticateRequestHandler ( Func<BasicAuthenticationCredentials, HttpContext, HttpResponse?> authenticateRequest, string? realmMessage = null ) {
Realm = realmMessage ?? DefaultRealm;
validateDefault = authenticateRequest;
}
/// <summary>
/// Initializes a new instance of the <see cref="BasicAuthenticateRequestHandler"/> class with an asynchronous custom authentication function and realm message.
/// </summary>
/// <param name="authenticateRequestAsync">An asynchronous function that validates the <see cref="BasicAuthenticationCredentials"/> against the provided <see cref="HttpContext"/>. It should return an <see cref="HttpResponse"/> if authentication fails, otherwise <see langword="null"/>.</param>
/// <param name="asyncCancellation">A <see cref="CancellationToken"/> to observe while waiting for the task to complete. If the token is already cancelled, this method returns immediately without waiting for the task.</param>
/// <param name="realmMessage">The realm message to be used in the Basic Authentication challenge. If <see langword="null"/>, <see cref="DefaultRealm"/> is used.</param>
public BasicAuthenticateRequestHandler ( Func<BasicAuthenticationCredentials, HttpContext, Task<HttpResponse?>> authenticateRequestAsync, CancellationToken asyncCancellation = default, string? realmMessage = null ) {
Realm = realmMessage ?? DefaultRealm;
validateDefault = delegate ( BasicAuthenticationCredentials key, HttpContext ctx ) {
var task = authenticateRequestAsync ( key, ctx );
task.Wait ( asyncCancellation );
return task.Result;
};
}
/// <summary>
/// Gets or sets when this RequestHandler should run.
/// </summary>
public RequestHandlerExecutionMode ExecutionMode { get; init; } = RequestHandlerExecutionMode.BeforeResponse;
/// <summary>
/// Gets or sets a message to show the client which protection scope it needs to authenticate to.
/// </summary>
public string Realm { get; set; }
/// <summary>
/// Indicates the method that is called to validate a request with client credentials. When returning an <see cref="HttpResponse"/>,
/// it will be sent immediately to the client and the rest of the stack will not be executed. If the return is null, it
/// is interpretable that the authentication was successful and the execution should continue.
/// </summary>
/// <param name="credentials">Represents the credentials sent by the client, already decoded and ready for use.</param>
/// <param name="context">Represents the Http context.</param>
public virtual HttpResponse? OnValidating ( BasicAuthenticationCredentials credentials, HttpContext context ) {
return validateDefault.Invoke ( credentials, context );
}
/// <summary>
/// This method is called by the <see cref="Router"/> before executing a request when the <see cref="Route"/> instantiates an object that implements this interface. If it returns
/// a <see cref="HttpResponse"/> object, the route callback is not called and all execution of the route is stopped. If it returns "null", the execution is continued.
/// </summary>
public HttpResponse? Execute ( HttpRequest request, HttpContext context ) {
string? authorization = request.Headers.Authorization;
if (authorization == null) {
return CreateUnauthorizedResponse ();
}
else {
try {
var auth = ParseAuth ( authorization );
if (auth == null) {
return DefaultMessagePage.Instance.CreateMessageHtml ( HttpStatusInformation.BadRequest, "Invalid Authorization Header" );
}
var res = OnValidating ( auth, context );
return res;
}
catch (Exception) {
return CreateUnauthorizedResponse ();
}
}
}
/// <summary>
/// Creates an empty HTTP response with the WWW-Authenticate header and an custom realm message.
/// </summary>
/// <param name="realm">Defines the realm message to send back to the client.</param>
public HttpResponse CreateUnauthorizedResponse ( string realm ) {
var unauth = new HttpResponse ( System.Net.HttpStatusCode.Unauthorized );
unauth.Headers.Add ( "WWW-Authenticate", $"Basic realm=\"{realm}\"" );
return unauth;
}
/// <summary>
/// Creates an empty HTTP response with the WWW-Authenticate header and with the realm message defined in this class instance.
/// </summary>
public HttpResponse CreateUnauthorizedResponse () {
return new HttpResponse () {
Status = HttpStatusInformation.Unauthorized,
Headers = new () {
WWWAuthenticate = $"Basic realm=\"{Realm}\""
}
};
}
private BasicAuthenticationCredentials? ParseAuth ( string s ) {
var schemeSeparator = s.IndexOf ( ' ' );
if (schemeSeparator == -1)
return null;
var scheme = s [ 0..schemeSeparator ];
if (scheme.Equals ( "Basic", StringComparison.OrdinalIgnoreCase ) == false)
return null;
var credentialsParts = s [ (schemeSeparator + 1).. ].Split ( ':' );
if (credentialsParts.Length != 2)
return null;
return new BasicAuthenticationCredentials ( credentialsParts [ 0 ], credentialsParts [ 1 ] );
}
}