-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathBasicAuthenticateRequestHandler.cs
145 lines (133 loc) · 5.45 KB
/
BasicAuthenticateRequestHandler.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
// The Sisk Framework source code
// Copyright (c) 2024- PROJECT PRINCIPIUM and all Sisk contributors
//
// The code below is licensed under the MIT license as
// of the date of its publication, available at
//
// File name: BasicAuthenticateRequestHandler.cs
// Repository: https://github.com/sisk-http/core
using System.Text;
using Sisk.Core.Http;
using Sisk.Core.Routing;
namespace Sisk.BasicAuth;
/// <summary>
/// Gets a <see cref="IRequestHandler"/> that serves as an authenticator for the Basic Authentication scheme, which can validate a user id and password.
/// </summary>
/// <definition>
/// public class BasicAuthenticateRequestHandler : IRequestHandler
/// </definition>
/// <type>
/// Class
/// </type>
public class BasicAuthenticateRequestHandler : IRequestHandler {
/// <summary>
/// Gets or sets when this RequestHandler should run.
/// </summary>
/// <definition>
/// public RequestHandlerExecutionMode ExecutionMode { get; init; }
/// </definition>
/// <type>
/// Property
/// </type>
public RequestHandlerExecutionMode ExecutionMode { get; init; } = RequestHandlerExecutionMode.BeforeResponse;
/// <summary>
/// Gets or sets a message to show the client which protection scope it needs to authenticate to.
/// </summary>
/// <definition>
/// public string Realm { get; set; }
/// </definition>
/// <type>
/// Property
/// </type>
public string Realm { get; set; } = "Access to the protected webpage";
/// <summary>
/// Indicates the method that is called to validate a request with client credentials. When returning an <see cref="HttpResponse"/>,
/// it will be sent immediately to the client and the rest of the stack will not be executed. If the return is null, it
/// is interpretable that the authentication was successful and the execution should continue.
/// </summary>
/// <param name="credentials">Represents the credentials sent by the client, already decoded and ready for use.</param>
/// <param name="context">Represents the Http context.</param>
/// <definition>
/// public virtual HttpResponse? OnValidating(BasicAuthenticationCredentials credentials, HttpContext context)
/// </definition>
/// <type>
/// Method
/// </type>
public virtual HttpResponse? OnValidating ( BasicAuthenticationCredentials credentials, HttpContext context ) {
return null;
}
/// <summary>
/// This method is called by the <see cref="Router"/> before executing a request when the <see cref="Route"/> instantiates an object that implements this interface. If it returns
/// a <see cref="HttpResponse"/> object, the route callback is not called and all execution of the route is stopped. If it returns "null", the execution is continued.
/// </summary>
/// <definition>
/// public HttpResponse? Execute(HttpRequest request, HttpContext context)
/// </definition>
/// <type>
/// Method
/// </type>
public HttpResponse? Execute ( HttpRequest request, HttpContext context ) {
string? authorization = request.Headers [ "Authorization" ];
if (authorization == null) {
return this.CreateUnauthorizedResponse ();
}
else {
try {
var auth = this.ParseAuth ( authorization );
if (auth == null) {
throw new Exception ();
}
var res = this.OnValidating ( auth, context );
return res;
}
catch (Exception) {
return this.CreateUnauthorizedResponse ();
}
}
}
/// <summary>
/// Creates an empty HTTP response with the WWW-Authenticate header and an custom realm message.
/// </summary>
/// <param name="realm">Defines the realm message to send back to the client.</param>
/// <definition>
/// public HttpResponse CreateUnauthorizedResponse(string realm)
/// </definition>
/// <type>
/// Method
/// </type>
public HttpResponse CreateUnauthorizedResponse ( string realm ) {
var unauth = new HttpResponse ( System.Net.HttpStatusCode.Unauthorized );
unauth.Headers.Add ( "WWW-Authenticate", $"Basic realm=\"{realm}\"" );
return unauth;
}
/// <summary>
/// Creates an empty HTTP response with the WWW-Authenticate header and with the realm message defined in this class instance.
/// </summary>
/// <definition>
/// public HttpResponse CreateUnauthorizedResponse()
/// </definition>
/// <type>
/// Method
/// </type>
public HttpResponse CreateUnauthorizedResponse () {
var unauth = new HttpResponse ( System.Net.HttpStatusCode.Unauthorized );
unauth.Headers.Add ( "WWW-Authenticate", $"Basic realm=\"{this.Realm}\"" );
return unauth;
}
private BasicAuthenticationCredentials? ParseAuth ( string s ) {
try {
s = s.Substring ( s.IndexOf ( ' ' ) + 1 );
byte [] authBytes = Convert.FromBase64String ( s );
string authString = Encoding.UTF8.GetString ( authBytes );
int colonIndex = authString.IndexOf ( ':' );
if (colonIndex == -1)
return null;
string userid = authString.Substring ( 0, colonIndex );
string pass = authString.Substring ( colonIndex + 1 );
return new BasicAuthenticationCredentials ( userid, pass );
}
catch (Exception) {
return null;
}
}
}