Refine APIs and documentation

Author: Kaliumhexacyanoferrat

Modules/Authentication.Web/Concern/WebAuthenticationBuilder.cs

@@ -1,42 +1,50 @@
-using GenHTTP.Api.Content;
-using GenHTTP.Api.Infrastructure;
-using GenHTTP.Modules.Authentication.Web.Integration;
-using System;
-
-namespace GenHTTP.Modules.Authentication.Web.Concern
-{
-
-    public sealed class WebAuthenticationBuilder : IConcernBuilder
-    {
-        private IWebAuthIntegration? _Integration;
-
-        private ISessionHandling? _SessionHandling;
-
-        #region Functionality
-
-        public WebAuthenticationBuilder Integration(IWebAuthIntegration integration)
-        {
-            _Integration = integration;
-            return this;
-        }
-
-        public WebAuthenticationBuilder SessionHandling(ISessionHandling sessionHandling)
-        {
-            _SessionHandling = sessionHandling;
-            return this;
-        }
-
-        public IConcern Build(IHandler parent, Func<IHandler, IHandler> contentFactory)
-        {
-            var integration = _Integration ?? throw new BuilderMissingPropertyException("Integration");
-
-            var sessionHandling = _SessionHandling ?? new DefaultSessionHandling();
-
-            return new WebAuthenticationConcern(parent, contentFactory, integration, sessionHandling);
-        }
-
-        #endregion
-
-    }
-
-}
+using System;
+
+using GenHTTP.Api.Content;
+using GenHTTP.Api.Content.Authentication;
+using GenHTTP.Api.Infrastructure;
+
+namespace GenHTTP.Modules.Authentication.Web.Concern
+{
+
+    public sealed class WebAuthenticationBuilder<TUser> : IConcernBuilder where TUser : class, IUser
+    {
+        private readonly IWebAuthIntegration<TUser> _Integration;
+
+        private ISessionHandling? _SessionHandling;
+
+        #region Functionality
+
+        public WebAuthenticationBuilder(IWebAuthIntegration<TUser> integration)
+        {
+            _Integration = integration;
+        }
+
+        /// <summary>
+        /// Configures the session handline to be used by this concern.
+        /// </summary>
+        /// <typeparam name="T">The class used to implement session handling</typeparam>
+        public WebAuthenticationBuilder<TUser> SessionHandling<T>() where T : ISessionHandling, new() => SessionHandling(new T());
+
+        /// <summary>
+        /// Configures the session handline instance to be used by this concern.
+        /// </summary>
+        /// <param name="sessionHandling">The session handling instance to be used</param>
+        public WebAuthenticationBuilder<TUser> SessionHandling(ISessionHandling sessionHandling)
+        {
+            _SessionHandling = sessionHandling;
+            return this;
+        }
+
+        public IConcern Build(IHandler parent, Func<IHandler, IHandler> contentFactory)
+        {
+            var sessionHandling = _SessionHandling ?? throw new BuilderMissingPropertyException("Session Handling");
+
+            return new WebAuthenticationConcern<TUser>(parent, contentFactory, _Integration, sessionHandling);
+        }
+
+        #endregion
+
+    }
+
+}

Modules/Authentication.Web/Concern/WebAuthenticationConcern.cs

@@ -10,7 +10,7 @@
 namespace GenHTTP.Modules.Authentication.Web.Concern
 {
 
-    public sealed class WebAuthenticationConcern : IConcern, IRootPathAppender, IHandlerResolver
+    public sealed class WebAuthenticationConcern<TUser> : IConcern, IRootPathAppender, IHandlerResolver where TUser : class, IUser
     {
 
         #region Get-/Setters
@@ -19,7 +19,7 @@ public sealed class WebAuthenticationConcern : IConcern, IRootPathAppender, IHan
 
         public IHandler Parent { get; }
 
-        private IWebAuthIntegration Integration { get; }
+        private IWebAuthIntegration<TUser> Integration { get; }
 
         private ISessionHandling SessionHandling { get; }
 
@@ -36,7 +36,7 @@ public sealed class WebAuthenticationConcern : IConcern, IRootPathAppender, IHan
         #region Initialization
 
         public WebAuthenticationConcern(IHandler parent, Func<IHandler, IHandler> contentFactory,
-                                        IWebAuthIntegration integration, ISessionHandling sessionHandling)
+                                        IWebAuthIntegration<TUser> integration, ISessionHandling sessionHandling)
         {
             Parent = parent;
             Content = contentFactory(this);
@@ -101,7 +101,7 @@ public WebAuthenticationConcern(IHandler parent, Func<IHandler, IHandler> conten
 
             if (token != null)
             {
-                var authenticatedUser = await Integration.VerifyTokenAsync(token);
+                var authenticatedUser = await Integration.VerifyTokenAsync(request, token);
 
                 if (authenticatedUser != null)
                 {
@@ -122,7 +122,7 @@ public WebAuthenticationConcern(IHandler parent, Func<IHandler, IHandler> conten
                 if (loginResponse != null)
                 {
                     // establish the session if the user was authenticated
-                    var authenticatedUser = request.GetUser<IUser>();
+                    var authenticatedUser = request.GetUser<TUser>();
 
                     if (authenticatedUser != null)
                     {
@@ -145,7 +145,7 @@ public WebAuthenticationConcern(IHandler parent, Func<IHandler, IHandler> conten
 
                 if (response != null)
                 {
-                    if (request.GetUser<IUser>() == null)
+                    if (request.GetUser<TUser>() == null)
                     {
                         SessionHandling.ClearToken(response);
                     }

Modules/Authentication.Web/Controllers/LoginController.cs

@@ -12,12 +12,12 @@
 namespace GenHTTP.Modules.Authentication.Web.Controllers
 {
 
-    public class LoginController 
+    public class LoginController<TUser> where TUser : IUser
     {
 
-        private Func<IRequest, string, string, ValueTask<IUser?>> PerformLogin { get; }
+        private Func<IRequest, string, string, ValueTask<TUser?>> PerformLogin { get; }
 
-        public LoginController(Func<IRequest, string, string, ValueTask<IUser?>> performLogin)
+        public LoginController(Func<IRequest, string, string, ValueTask<TUser?>> performLogin)
         {
             PerformLogin = performLogin;
         }

Modules/Authentication.Web/ISessionHandling.cs

@@ -3,13 +3,33 @@
 namespace GenHTTP.Modules.Authentication.Web
 {
 
+    /// <summary>
+    /// Defines how session references are sent to the client
+    /// and read from the incoming requests.
+    /// </summary>
     public interface ISessionHandling
     {
 
+        /// <summary>
+        /// Attempts to read a session token from the given request.
+        /// </summary>
+        /// <param name="request">The request to be analyzed</param>
+        /// <returns>The session token read from the request (if present)</returns>
         string? ReadToken(IRequest request);
 
+        /// <summary>
+        /// Modifies the given response to instruct the client to use the
+        /// given session token.
+        /// </summary>
+        /// <param name="response">The response to be modified</param>
+        /// <param name="sessionToken">The token to be written to the client</param>
         void WriteToken(IResponse response, string sessionToken);
 
+        /// <summary>
+        /// Configures the response to instruct the client that the
+        /// session token is no longer valid and should be discarded.
+        /// </summary>
+        /// <param name="response">The response to be modified</param>
         void ClearToken(IResponse response);
 
     }

Modules/Authentication.Web/ISimpleWebAuthIntegration.cs

@@ -1,34 +1,130 @@
-using System.Threading.Tasks;
-
-using GenHTTP.Api.Content.Authentication;
-using GenHTTP.Api.Protocol;
-
-namespace GenHTTP.Modules.Authentication.Web
-{
-    
-    public interface ISimpleWebAuthIntegration
-    {
-
-        bool AllowAnonymous { get => false; }
-
-        string SetupRoute { get => "setup"; }
-
-        string LoginRoute { get => "login"; }
-
-        string LogoutRoute { get => "logout"; }
-
-        string ResourceRoute { get => "auth-resources"; }
-
-        ValueTask<bool> CheckSetupRequired(IRequest request);
-
-        ValueTask PerformSetup(IRequest request, string username, string password);
-
-        ValueTask<IUser?> VerifyTokenAsync(string sessionToken);
-
-        ValueTask<string> StartSessionAsync(IRequest request, IUser user);
-
-        ValueTask<IUser?> PerformLogin(IRequest request, string username, string password);
-
-    }
-
-}
+using System.Threading.Tasks;
+
+using GenHTTP.Api.Content.Authentication;
+using GenHTTP.Api.Protocol;
+
+namespace GenHTTP.Modules.Authentication.Web
+{
+    
+    /// <summary>
+    /// Authentication and authorization logic to be used by the
+    /// web authentication concern.
+    /// </summary>
+    /// <typeparam name="TUser">The type of user managed by this integration</typeparam>
+    /// <remarks>
+    /// Use this kind of integration if you would like to quickly
+    /// add login forms to your application. This integration will
+    /// use a default set of controllers that render very simple
+    /// UIs to you app users. 
+    /// 
+    /// If you would like to customize the authentication workflow,
+    /// use <see cref="IWebAuthIntegration{TUser}" /> instead.
+    /// </remarks>
+    public interface ISimpleWebAuthIntegration<TUser> where TUser : IUser
+    {
+
+        /// <summary>
+        /// False if you would like to force non logged in users
+        /// to log in. 
+        /// </summary>
+        bool AllowAnonymous { get => false; }
+
+        /// <summary>
+        /// The route the setup functionality will be available
+        /// from (defaults to "/setup/").
+        /// </summary>
+        string SetupRoute { get => "setup"; }
+
+        /// <summary>
+        /// The route the login page will be available from
+        /// (defaults to "/login/").
+        /// </summary>
+        string LoginRoute { get => "login"; }
+
+        /// <summary>
+        /// The route the logout page will be available from
+        /// (defaults to "/logout/").
+        /// </summary>
+        string LogoutRoute { get => "logout"; }
+
+        /// <summary>
+        /// The route used to serve additional resources required
+        /// by the default controllers.
+        /// </summary>
+        /// <remarks>
+        /// This is used by the default controllers which implement
+        /// the simple integration flow to serve additional style sheets
+        /// to style the login page.
+        /// </remarks>
+        string ResourceRoute { get => "auth-resources"; }
+
+        /// <summary>
+        /// Return true to redirect users to a setup page that allows
+        /// an administrator setting up your application to initially
+        /// create an accont with.
+        /// </summary>
+        /// <param name="request">The currently handled request</param>
+        /// <returns>true if the application needs to be set up</returns>
+        /// <remarks>
+        /// This feature allows you to provision your application without
+        /// the need of using fixed user accounts which would compromise
+        /// the security of your deployments.
+        /// 
+        /// Typically you want to return true while there are no users
+        /// yet and false as soon as there are some.
+        /// 
+        /// To disable the feature completely, just return false here.
+        /// </remarks>
+        ValueTask<bool> CheckSetupRequired(IRequest request);
+
+        /// <summary>
+        /// Called by the setup controller to initialize your application
+        /// for the given admin user. 
+        /// </summary>
+        /// <param name="request">The currently handled request</param>
+        /// <param name="username">The name entered by the user</param>
+        /// <param name="password">The password entered by the user</param>
+        /// <remarks>
+        /// After this call, <see cref="CheckSetupRequired(IRequest)" /> is
+        /// expected to return false on subsequent calls.
+        /// </remarks>
+        ValueTask PerformSetup(IRequest request, string username, string password);
+
+        /// <summary>
+        /// Invoked with the session token read from the client connection
+        /// to actually load and check the session.
+        /// </summary>
+        /// <param name="request">The currently handled request</param>
+        /// <param name="sessionToken">The token read from the client connection</param>
+        /// <returns>The user record the session belongs to or null, if the session is not valid anymore</returns>
+        /// <remarks>
+        /// In this method you will need to verify the session specified by the client
+        /// against some session storage, e.g. a Redis or database server.
+        /// </remarks>
+        ValueTask<TUser?> VerifyTokenAsync(IRequest request, string sessionToken);
+
+        /// <summary>
+        /// Invoked to generate a new session token for the authenticated user.
+        /// </summary>
+        /// <param name="request">The currently handled request</param>
+        /// <param name="user">The user which just performed a login</param>
+        /// <returns>The newly created (or re-used) session token</returns>
+        ValueTask<string> StartSessionAsync(IRequest request, TUser user);
+
+        /// <summary>
+        /// Invoked to actually authenticate an user who entered their
+        /// credentials in the login form.
+        /// </summary>
+        /// <param name="request">The currently handled request</param>
+        /// <param name="username">The name of the user</param>
+        /// <param name="password">The password of the user</param>
+        /// <returns>The matching user record if the credentials are valid</returns>
+        /// <remarks>
+        /// If the user account does not exist or the credentials are incorrect,
+        /// return null to cause the controller to render an error message.
+        /// </remarks>
+        ValueTask<TUser?> PerformLoginAsync(IRequest request, string username, string password);
+
+    }
+
+}