From b4c8edf959cf408e83c3d84cf06f2cb40e8abdb7 Mon Sep 17 00:00:00 2001 From: Hadeed Ahmad Date: Thu, 5 Dec 2024 17:28:04 +0500 Subject: [PATCH] Add custom auth handler --- .dockerignore | 32 +-- .gitignore | 486 +-------------------------------- Authentication.cs | 35 +++ Dockerfile | 6 +- Program.cs | 40 ++- Properties/launchSettings.json | 2 +- appsettings.Development.json | 3 + docker-compose.yml | 2 +- pages.csproj | 5 +- 9 files changed, 68 insertions(+), 543 deletions(-) create mode 100644 Authentication.cs create mode 100644 appsettings.Development.json diff --git a/.dockerignore b/.dockerignore index da789cd..a9b288c 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,27 +1,5 @@ -**/.dockerignore -**/.env -**/.git -**/.gitignore -**/.project -**/.settings -**/.toolstarget -**/.vs -**/.vscode -**/.idea -**/*.*proj.user -**/*.dbmdl -**/*.jfm -**/azds.yaml -**/bin -**/charts -**/docker-compose* -**/Dockerfile* -**/node_modules -**/npm-debug.log -**/obj -**/secrets.dev.yaml -**/values.dev.yaml -LICENSE -README.md - -wwwroot/ \ No newline at end of file +.git/ +.idea/ +bin/ +obj/ +pages/ diff --git a/.gitignore b/.gitignore index 16ac094..01a6a01 100644 --- a/.gitignore +++ b/.gitignore @@ -1,484 +1,6 @@ -## Ignore Visual Studio temporary files, build results, and -## files generated by popular Visual Studio add-ons. -## -## Get latest from `dotnet new gitignore` - -# dotenv files -.env - -# User-specific files -*.rsuser -*.suo -*.user -*.userosscache -*.sln.docstates - -# User-specific files (MonoDevelop/Xamarin Studio) -*.userprefs - -# Mono auto generated files -mono_crash.* - -# Build results -[Dd]ebug/ -[Dd]ebugPublic/ -[Rr]elease/ -[Rr]eleases/ -x64/ -x86/ -[Ww][Ii][Nn]32/ -[Aa][Rr][Mm]/ -[Aa][Rr][Mm]64/ -bld/ -[Bb]in/ -[Oo]bj/ -[Ll]og/ -[Ll]ogs/ - -# Visual Studio 2015/2017 cache/options directory -.vs/ -# Uncomment if you have tasks that create the project's static files in wwwroot -wwwroot/ - -# Visual Studio 2017 auto generated files -Generated\ Files/ - -# MSTest test Results -[Tt]est[Rr]esult*/ -[Bb]uild[Ll]og.* - -# NUnit -*.VisualState.xml -TestResult.xml -nunit-*.xml - -# Build Results of an ATL Project -[Dd]ebugPS/ -[Rr]eleasePS/ -dlldata.c - -# Benchmark Results -BenchmarkDotNet.Artifacts/ - -# .NET -project.lock.json -project.fragment.lock.json -artifacts/ - -# Tye -.tye/ - -# ASP.NET Scaffolding -ScaffoldingReadMe.txt - -# StyleCop -StyleCopReport.xml - -# Files built by Visual Studio -*_i.c -*_p.c -*_h.h -*.ilk -*.meta -*.obj -*.iobj -*.pch -*.pdb -*.ipdb -*.pgc -*.pgd -*.rsp -*.sbr -*.tlb -*.tli -*.tlh -*.tmp -*.tmp_proj -*_wpftmp.csproj -*.log -*.tlog -*.vspscc -*.vssscc -.builds -*.pidb -*.svclog -*.scc - -# Chutzpah Test files -_Chutzpah* - -# Visual C++ cache files -ipch/ -*.aps -*.ncb -*.opendb -*.opensdf -*.sdf -*.cachefile -*.VC.db -*.VC.VC.opendb - -# Visual Studio profiler -*.psess -*.vsp -*.vspx -*.sap - -# Visual Studio Trace Files -*.e2e - -# TFS 2012 Local Workspace -$tf/ - -# Guidance Automation Toolkit -*.gpState - -# ReSharper is a .NET coding add-in -_ReSharper*/ -*.[Rr]e[Ss]harper *.DotSettings.user +.idea/ +bin/ +obj/ -# TeamCity is a build add-in -_TeamCity* - -# DotCover is a Code Coverage Tool -*.dotCover - -# AxoCover is a Code Coverage Tool -.axoCover/* -!.axoCover/settings.json - -# Coverlet is a free, cross platform Code Coverage Tool -coverage*.json -coverage*.xml -coverage*.info - -# Visual Studio code coverage results -*.coverage -*.coveragexml - -# NCrunch -_NCrunch_* -.*crunch*.local.xml -nCrunchTemp_* - -# MightyMoose -*.mm.* -AutoTest.Net/ - -# Web workbench (sass) -.sass-cache/ - -# Installshield output folder -[Ee]xpress/ - -# DocProject is a documentation generator add-in -DocProject/buildhelp/ -DocProject/Help/*.HxT -DocProject/Help/*.HxC -DocProject/Help/*.hhc -DocProject/Help/*.hhk -DocProject/Help/*.hhp -DocProject/Help/Html2 -DocProject/Help/html - -# Click-Once directory -publish/ - -# Publish Web Output -*.[Pp]ublish.xml -*.azurePubxml -# Note: Comment the next line if you want to checkin your web deploy settings, -# but database connection strings (with potential passwords) will be unencrypted -*.pubxml -*.publishproj - -# Microsoft Azure Web App publish settings. Comment the next line if you want to -# checkin your Azure Web App publish settings, but sensitive information contained -# in these scripts will be unencrypted -PublishScripts/ - -# NuGet Packages -*.nupkg -# NuGet Symbol Packages -*.snupkg -# The packages folder can be ignored because of Package Restore -**/[Pp]ackages/* -# except build/, which is used as an MSBuild target. -!**/[Pp]ackages/build/ -# Uncomment if necessary however generally it will be regenerated when needed -#!**/[Pp]ackages/repositories.config -# NuGet v3's project.json files produces more ignorable files -*.nuget.props -*.nuget.targets - -# Microsoft Azure Build Output -csx/ -*.build.csdef - -# Microsoft Azure Emulator -ecf/ -rcf/ - -# Windows Store app package directories and files -AppPackages/ -BundleArtifacts/ -Package.StoreAssociation.xml -_pkginfo.txt -*.appx -*.appxbundle -*.appxupload - -# Visual Studio cache files -# files ending in .cache can be ignored -*.[Cc]ache -# but keep track of directories ending in .cache -!?*.[Cc]ache/ - -# Others -ClientBin/ -~$* -*~ -*.dbmdl -*.dbproj.schemaview -*.jfm -*.pfx -*.publishsettings -orleans.codegen.cs - -# Including strong name files can present a security risk -# (https://github.com/github/gitignore/pull/2483#issue-259490424) -#*.snk - -# Since there are multiple workflows, uncomment next line to ignore bower_components -# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) -#bower_components/ - -# RIA/Silverlight projects -Generated_Code/ - -# Backup & report files from converting an old project file -# to a newer Visual Studio version. Backup files are not needed, -# because we have git ;-) -_UpgradeReport_Files/ -Backup*/ -UpgradeLog*.XML -UpgradeLog*.htm -ServiceFabricBackup/ -*.rptproj.bak - -# SQL Server files -*.mdf -*.ldf -*.ndf - -# Business Intelligence projects -*.rdl.data -*.bim.layout -*.bim_*.settings -*.rptproj.rsuser -*- [Bb]ackup.rdl -*- [Bb]ackup ([0-9]).rdl -*- [Bb]ackup ([0-9][0-9]).rdl - -# Microsoft Fakes -FakesAssemblies/ - -# GhostDoc plugin setting file -*.GhostDoc.xml - -# Node.js Tools for Visual Studio -.ntvs_analysis.dat -node_modules/ - -# Visual Studio 6 build log -*.plg - -# Visual Studio 6 workspace options file -*.opt - -# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) -*.vbw - -# Visual Studio 6 auto-generated project file (contains which files were open etc.) -*.vbp - -# Visual Studio 6 workspace and project file (working project files containing files to include in project) -*.dsw -*.dsp - -# Visual Studio 6 technical files -*.ncb -*.aps - -# Visual Studio LightSwitch build output -**/*.HTMLClient/GeneratedArtifacts -**/*.DesktopClient/GeneratedArtifacts -**/*.DesktopClient/ModelManifest.xml -**/*.Server/GeneratedArtifacts -**/*.Server/ModelManifest.xml -_Pvt_Extensions - -# Paket dependency manager -.paket/paket.exe -paket-files/ - -# FAKE - F# Make -.fake/ - -# CodeRush personal settings -.cr/personal - -# Python Tools for Visual Studio (PTVS) -__pycache__/ -*.pyc - -# Cake - Uncomment if you are using it -# tools/** -# !tools/packages.config - -# Tabs Studio -*.tss - -# Telerik's JustMock configuration file -*.jmconfig - -# BizTalk build output -*.btp.cs -*.btm.cs -*.odx.cs -*.xsd.cs - -# OpenCover UI analysis results -OpenCover/ - -# Azure Stream Analytics local run output -ASALocalRun/ - -# MSBuild Binary and Structured Log -*.binlog - -# NVidia Nsight GPU debugger configuration file -*.nvuser - -# MFractors (Xamarin productivity tool) working folder -.mfractor/ - -# Local History for Visual Studio -.localhistory/ - -# Visual Studio History (VSHistory) files -.vshistory/ - -# BeatPulse healthcheck temp database -healthchecksdb - -# Backup folder for Package Reference Convert tool in Visual Studio 2017 -MigrationBackup/ - -# Ionide (cross platform F# VS Code tools) working folder -.ionide/ - -# Fody - auto-generated XML schema -FodyWeavers.xsd - -# VS Code files for those working on multiple tools -.vscode/* -!.vscode/settings.json -!.vscode/tasks.json -!.vscode/launch.json -!.vscode/extensions.json -*.code-workspace - -# Local History for Visual Studio Code -.history/ - -# Windows Installer files from build outputs -*.cab -*.msi -*.msix -*.msm -*.msp - -# JetBrains Rider -*.sln.iml -.idea - -## -## Visual studio for Mac -## - - -# globs -Makefile.in -*.userprefs -*.usertasks -config.make -config.status -aclocal.m4 -install-sh -autom4te.cache/ -*.tar.gz -tarballs/ -test-results/ - -# Mac bundle stuff -*.dmg -*.app - -# content below from: https://github.com/github/gitignore/blob/master/Global/macOS.gitignore -# General -.DS_Store -.AppleDouble -.LSOverride - -# Icon must end with two \r -Icon - - -# Thumbnails -._* - -# Files that might appear in the root of a volume -.DocumentRevisions-V100 -.fseventsd -.Spotlight-V100 -.TemporaryItems -.Trashes -.VolumeIcon.icns -.com.apple.timemachine.donotpresent - -# Directories potentially created on remote AFP share -.AppleDB -.AppleDesktop -Network Trash Folder -Temporary Items -.apdisk - -# content below from: https://github.com/github/gitignore/blob/master/Global/Windows.gitignore -# Windows thumbnail cache files -Thumbs.db -ehthumbs.db -ehthumbs_vista.db - -# Dump file -*.stackdump - -# Folder config file -[Dd]esktop.ini - -# Recycle Bin used on file shares -$RECYCLE.BIN/ - -# Windows Installer files -*.cab -*.msi -*.msix -*.msm -*.msp - -# Windows shortcuts -*.lnk - -# Vim temporary swap files -*.swp +pages/ diff --git a/Authentication.cs b/Authentication.cs new file mode 100644 index 0000000..05565f4 --- /dev/null +++ b/Authentication.cs @@ -0,0 +1,35 @@ +using System.Security.Claims; +using System.Text.Encodings.Web; +using Microsoft.AspNetCore.Authentication; +using Microsoft.Extensions.Options; + +namespace pages; + +public class FixedTokenAuthenticationHandler : AuthenticationHandler { + private readonly IConfiguration _configuration; + + public FixedTokenAuthenticationHandler(IOptionsMonitor options, ILoggerFactory logger, + UrlEncoder encoder, IConfiguration configuration) : base(options, logger, encoder) { + _configuration = configuration; + } + + protected override Task HandleAuthenticateAsync() { + string? token = _configuration["API_TOKEN"]; + + if (string.IsNullOrEmpty(token)) + throw new ArgumentException("API_TOKEN not found."); + + if (!Request.Headers.TryGetValue("Authorization", out var headerValue)) + return Task.FromResult(AuthenticateResult.Fail("No Authorization header.")); + + string providedToken = headerValue.ToString().Replace("Bearer ", ""); + if (providedToken != token) + return Task.FromResult(AuthenticateResult.Fail("Invalid token.")); + + var identity = new ClaimsIdentity([], Scheme.Name); + var principal = new ClaimsPrincipal(identity); + var ticket = new AuthenticationTicket(principal, Scheme.Name); + + return Task.FromResult(AuthenticateResult.Success(ticket)); + } +} diff --git a/Dockerfile b/Dockerfile index 8246699..f0c1196 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,9 @@ -FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build +FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build WORKDIR /src -COPY ["pages.csproj", "./"] -RUN dotnet restore "pages.csproj" COPY . . RUN dotnet publish "pages.csproj" -c Release -o /app/publish /p:UseAppHost=false -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +FROM mcr.microsoft.com/dotnet/aspnet:9.0 WORKDIR /app COPY --from=build /app/publish . diff --git a/Program.cs b/Program.cs index f6d2881..29a03df 100644 --- a/Program.cs +++ b/Program.cs @@ -1,21 +1,28 @@ using System.IO.Compression; +using Microsoft.AspNetCore.Authentication; +using Microsoft.Extensions.FileProviders; +using pages; -if (!Directory.Exists("wwwroot")) - Directory.CreateDirectory("wwwroot"); +if (!Directory.Exists("pages")) + Directory.CreateDirectory("pages"); WebApplicationBuilder builder = WebApplication.CreateBuilder(args); + +builder.Services.AddAuthentication().AddScheme("token", null); +builder.Services.AddAuthorization(); + WebApplication app = builder.Build(); -if (Environment.GetEnvironmentVariable("API_TOKEN") is null) - throw new InvalidOperationException("API_TOKEN is not set"); - app.UseStatusCodePages(); + app.UseDefaultFiles(); app.UseStaticFiles(new StaticFileOptions { - ServeUnknownFileTypes = true, - DefaultContentType = "text/plain" + FileProvider = new PhysicalFileProvider(Path.Combine(Directory.GetCurrentDirectory(), "pages")) }); +app.UseAuthentication(); +app.UseAuthorization(); + app.MapPost("/pages/{projectName}", async (string projectName, HttpRequest request) => { if (!request.HasFormContentType || request.Form.Files["zipfile"] is null) return Results.BadRequest(); @@ -24,7 +31,7 @@ app.MapPost("/pages/{projectName}", async (string projectName, HttpRequest reque if (zipFile.Length == 0) return Results.BadRequest(); - var extractPath = Path.Combine(app.Environment.WebRootPath, projectName); + var extractPath = Path.Combine("pages", projectName); if (Directory.Exists(extractPath)) Directory.Delete(extractPath, true); @@ -41,21 +48,6 @@ app.MapPost("/pages/{projectName}", async (string projectName, HttpRequest reque } return Results.Ok(); -}).DisableAntiforgery().AddEndpointFilter(async (context, next) => { - var token = GetBearerToken(context.HttpContext); - if (token is not null && token == Environment.GetEnvironmentVariable("API_TOKEN")) - return await next(context); - return Results.Unauthorized(); -}); +}).RequireAuthorization(); app.Run(); - -return; - -string? GetBearerToken(HttpContext httpContext) { - var authHeader = httpContext.Request.Headers.Authorization.ToString(); - return authHeader.StartsWith("Bearer ", - StringComparison.OrdinalIgnoreCase) - ? authHeader["Bearer ".Length..].Trim() - : null; -} diff --git a/Properties/launchSettings.json b/Properties/launchSettings.json index b3f89f9..95feeea 100644 --- a/Properties/launchSettings.json +++ b/Properties/launchSettings.json @@ -5,7 +5,7 @@ "commandName": "Project", "applicationUrl": "http://localhost:8080", "environmentVariables": { - "API_TOKEN": "api_token" + "ASPNETCORE_ENVIRONMENT": "Development" } } } diff --git a/appsettings.Development.json b/appsettings.Development.json new file mode 100644 index 0000000..e508d05 --- /dev/null +++ b/appsettings.Development.json @@ -0,0 +1,3 @@ +{ + "API_TOKEN": "API_TOKEN" +} diff --git a/docker-compose.yml b/docker-compose.yml index dd9cf82..548facc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,7 +6,7 @@ services: environment: API_TOKEN: "api_token" volumes: - - pages_data:/app/wwwroot + - pages_data:/app/pages ports: - "8080:80" diff --git a/pages.csproj b/pages.csproj index 9cf218d..0164e95 100644 --- a/pages.csproj +++ b/pages.csproj @@ -1,10 +1,7 @@ - - net8.0 + net9.0 enable enable - Linux -