Revert ApiKey authentication

Author: usercode

src/DragonFly.ApiKeys/DragonFlyBuilderExtensions.cs

@@ -8,10 +8,9 @@
 using DragonFly.ApiKeys.AspNetCore.Services;
 using DragonFly.ApiKeys.Permissions;
 using Microsoft.Extensions.DependencyInjection;
+using DragonFly.ApiKeys.Handlers;
 using Microsoft.AspNetCore.Authorization;
 using DragonFly.AspNetCore.Builders;
-using Microsoft.AspNetCore.Builder;
-using DragonFly.ApiKeys.Middlewares;
 
 namespace DragonFly.AspNetCore;
 
@@ -24,6 +23,10 @@ public static IDragonFlyBuilder AddApiKeys(this IDragonFlyBuilder builder)
         builder.Services.AddSingleton<MongoIdentityStore>();
         builder.Services.AddSingleton<IAuthorizationHandler, PermissionHandler>();
 
+        builder.Services.AddAuthentication().AddApiKey(ApiKeyAuthenticationDefaults.AuthenticationScheme);
+
+        builder.AddPermissionScheme(ApiKeyAuthenticationDefaults.AuthenticationScheme);
+
         builder.Init(api =>
         {
             api.Permission()
@@ -36,7 +39,6 @@ public static IDragonFlyBuilder AddApiKeys(this IDragonFlyBuilder builder)
         });
 
         builder.AddEndpoint(x => x.MapApiKeyApi());
-        builder.UseApplicationBuilder(x => x.UseMiddleware<ApiKeysMiddleware>());
 
         return builder;
     }

src/DragonFly.ApiKeys/Handlers/ApiKeyAuthenticationDefaults.cs

@@ -0,0 +1,10 @@
+// Copyright (c) usercode
+// https://github.com/usercode/DragonFly
+// MIT License
+
+namespace DragonFly.ApiKeys.Handlers;
+
+public static class ApiKeyAuthenticationDefaults
+{
+    public const string AuthenticationScheme = $"{Permission.PolicyPrefix}ApiKey";
+}

src/DragonFly.ApiKeys/Handlers/ApiKeyAuthenticationExtensions.cs

@@ -0,0 +1,17 @@
+// Copyright (c) usercode
+// https://github.com/usercode/DragonFly
+// MIT License
+
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace DragonFly.ApiKeys.Handlers;
+
+public static class ApiKeyAuthenticationExtensions
+{
+    public static AuthenticationBuilder AddApiKey(this AuthenticationBuilder builder, string scheme, Action<ApiKeyAuthenticationOptions>? configureOptions = null)
+    {
+        builder.Services.AddOptions<ApiKeyAuthenticationOptions>(scheme);
+        return builder.AddScheme<ApiKeyAuthenticationOptions, ApiKeyAuthenticationHandler>(scheme, null, configureOptions);
+    }
+}

src/DragonFly.ApiKeys/Handlers/ApiKeyAuthenticationHandler.cs

@@ -0,0 +1,50 @@
+// Copyright (c) usercode
+// https://github.com/usercode/DragonFly
+// MIT License
+
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace DragonFly.ApiKeys.Handlers;
+
+internal class ApiKeyAuthenticationHandler : AuthenticationHandler<ApiKeyAuthenticationOptions>
+{
+    public ApiKeyAuthenticationHandler(
+                                IOptionsMonitor<ApiKeyAuthenticationOptions> options, 
+                                ILoggerFactory logger, 
+                                UrlEncoder encoder,
+                                IApiKeyService apiKeyService) 
+        : base(options, logger, encoder)
+    {
+        ApiKeyService = apiKeyService;
+    }
+
+    /// <summary>
+    /// ApiKeyService
+    /// </summary>
+    private IApiKeyService ApiKeyService { get; }
+
+    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+    {
+        string? requestApiKey = Context.Request.Headers["ApiKey"].FirstOrDefault();
+
+        if (requestApiKey != null)
+        {
+            ApiKey? apiKey = await ApiKeyService.GetApiKey(requestApiKey);
+
+            if (apiKey != null)
+            {
+                return AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(new ClaimsIdentity([new Claim("Name", $"apikey:{apiKey.Name}"), new Claim("ApiKeyId", apiKey.Id.ToString())], "ApiKey")), Scheme.Name));
+            }
+            else
+            {
+                return AuthenticateResult.Fail("Invalid api key");
+            }
+        }
+
+        return AuthenticateResult.NoResult();
+    }
+}

src/DragonFly.ApiKeys/Handlers/ApiKeyAuthenticationOptions.cs

@@ -0,0 +1,12 @@
+// Copyright (c) usercode
+// https://github.com/usercode/DragonFly
+// MIT License
+
+using Microsoft.AspNetCore.Authentication;
+
+namespace DragonFly.ApiKeys.Handlers;
+
+public class ApiKeyAuthenticationOptions : AuthenticationSchemeOptions
+{
+
+}

src/DragonFly.ApiKeys/Middlewares/ApiKeysMiddleware.cs

@@ -23,7 +23,7 @@ public static TBuilder RequirePermission<TBuilder>(this TBuilder builder)
     {
         return builder.RequireAuthorization(x => x
                                                 .RequireAuthenticatedUser()
-                                                .AddAuthenticationSchemes(PermissionConstants.AuthenticationScheme)
+                                                .AddAuthenticationSchemes(PermissionSchemeManager.GetAll())
                                                 );
     }
 }

src/DragonFly.AspNetCore/Permissions/AuthorizationEndpointExtensions.cs

@@ -0,0 +1,23 @@
+// Copyright (c) usercode
+// https://github.com/usercode/DragonFly
+// MIT License
+
+using DragonFly.AspNetCore.Builders;
+
+namespace DragonFly.AspNetCore;
+
+public static class BuilderPermissionExtensions
+{
+    /// <summary>
+    /// Adds permission scheme.
+    /// </summary>
+    /// <param name="builder"></param>
+    /// <param name="scheme"></param>
+    /// <returns></returns>
+    public static IDragonFlyBuilder AddPermissionScheme(this IDragonFlyBuilder builder, string scheme)
+    {
+        PermissionSchemeManager.Add(scheme);
+
+        return builder;
+    }
+}

src/DragonFly.AspNetCore/Permissions/BuilderPermissionExtensions.cs

@@ -11,7 +11,7 @@ public static class PermissionExtensions
 {
     public static AuthorizationPolicy ToAuthorizationPolicy(this Permission permission)
     {
-        var policy = new AuthorizationPolicyBuilder(PermissionConstants.AuthenticationScheme);
+        var policy = new AuthorizationPolicyBuilder(PermissionSchemeManager.GetAll());
         policy.RequireAuthenticatedUser();
         policy.AddRequirements(new PermissionRequirement(permission.Name));
 

src/DragonFly.AspNetCore/Permissions/PermissionConstants.cs

@@ -0,0 +1,35 @@
+// Copyright (c) usercode
+// https://github.com/usercode/DragonFly
+// MIT License
+
+namespace DragonFly.AspNetCore;
+
+/// <summary>
+/// PermissionSchemeManager
+/// </summary>
+public static class PermissionSchemeManager
+{
+    private static HashSet<string> _items = new HashSet<string>();
+
+    private static string[] _cache = Array.Empty<string>();
+
+    /// <summary>
+    /// Adds scheme.
+    /// </summary>
+    /// <param name="scheme"></param>
+    public static void Add(string scheme)
+    {
+        _items.Add(scheme);
+
+        _cache = _items.ToArray();
+    }
+
+    /// <summary>
+    /// Gets available schemes.
+    /// </summary>
+    /// <returns></returns>
+    public static string[] GetAll()
+    {
+        return _cache;
+    }
+}

src/DragonFly.AspNetCore/Permissions/PermissionExtensions.cs

@@ -31,8 +31,10 @@ public static IDragonFlyBuilder AddMongoDbIdentity(this IDragonFlyBuilder builde
         builder.Services.AddSingleton<IPasswordHashGenerator, PasswordHashGenerator>();
         builder.Services.AddSingleton<IAuthorizationHandler, PermissionHandler>();
 
-        builder.Services.AddAuthentication()
-                            .AddCookie(PermissionConstants.AuthenticationScheme, x => x.LoginPath = "/login");
+        builder.Services.AddAuthentication(IdentityAuthenticationDefaults.AuthenticationScheme)
+                            .AddCookie(IdentityAuthenticationDefaults.AuthenticationScheme, x => x.LoginPath = "/login");
+
+        builder.AddPermissionScheme(IdentityAuthenticationDefaults.AuthenticationScheme);
 
         builder.Init(api =>
         {

src/DragonFly.AspNetCore/Permissions/PermissionSchemeManager.cs

@@ -0,0 +1,9 @@
+// Copyright (c) usercode
+// https://github.com/usercode/DragonFly
+// MIT License
+
+namespace DragonFly.Identity.Services;
+public static class IdentityAuthenticationDefaults
+{
+    public const string AuthenticationScheme = $"{Permission.PolicyPrefix}Identity";
+}

src/DragonFly.Identity/DragonFlyBuilderExtensions.cs

@@ -84,7 +84,7 @@ public async Task<LoginResult> LoginAsync(string username, string password, bool
         //Blazor WebAssembly?
         if (HttpContextAccessor.HttpContext?.WebSockets.IsWebSocketRequest == false)
         {
-            await HttpContextAccessor.HttpContext.SignInAsync(PermissionConstants.AuthenticationScheme, principal, new AuthenticationProperties() { IsPersistent = isPersistent });
+            await HttpContextAccessor.HttpContext.SignInAsync(IdentityAuthenticationDefaults.AuthenticationScheme, principal, new AuthenticationProperties() { IsPersistent = isPersistent });
         }
 
         return new LoginResult(true) { Username = user.Username, Claims = claims.Select(x=> new ClaimItem(x.Type, x.Value)).ToList() };
@@ -94,7 +94,7 @@ public async Task Logout()
     {
         if (HttpContextAccessor.HttpContext?.WebSockets.IsWebSocketRequest == false)
         {
-            await HttpContextAccessor.HttpContext!.SignOutAsync(PermissionConstants.AuthenticationScheme);
+            await HttpContextAccessor.HttpContext!.SignOutAsync(IdentityAuthenticationDefaults.AuthenticationScheme);
         }
     }