ln-dotnet
/
ln.http
3
0
Fork 0
Code Issues Pull Requests Releases 4 Wiki Activity

Improvements to A&A classes

master
Harald Wolff 2022-05-28 19:25:25 +02:00
parent 48370c7564
commit a47ced724c
3 changed files with 25 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
ln.http/HttpPrincipal.cs
View File

@ -1,6 +1,4 @@
using System.Collections.Generic; using System.Collections.Generic;
using System.Text;
using ln.http.router;
namespace ln.http namespace ln.http
{ {
@ -9,35 +7,30 @@ namespace ln.http
public string UniqueId { get; set; } public string UniqueId { get; set; }
public string Username { get; set; } public string Username { get; set; }
public HttpPrincipal AuthenticatedPrincipal { get; set; } /**
* If this principal is a delegated one, authenticated by another principal
*/
public HttpPrincipal AuthenticatedPrincipal { get; }
private Dictionary<string, HttpAccessRights> permissions = new Dictionary<string, HttpAccessRights>(); private HashSet<string> _roles = new HashSet<string>();
public IEnumerable<KeyValuePair<string, HttpAccessRights>> Permissions => permissions; public IReadOnlySet<string> Roles => _roles;
public void AddPermission(string roleName, HttpAccessRights accessRights) public bool HasRole(string role) => _roles.Contains(role);
public HttpPrincipal(string uniquedId, string username, string[] roles)
{ {
if (permissions.TryGetValue(roleName, out HttpAccessRights roleAccessFlags)) UniqueId = uniquedId;
{ Username = username;
roleAccessFlags |= accessRights; foreach (var role in roles)
permissions[roleName] = roleAccessFlags; _roles.Add(role);
}
else
{
permissions.Add(roleName, accessRights);
}
} }
public void RemovePermission(string roleName, HttpAccessRights accessRights)
{
if (permissions.TryGetValue(roleName, out HttpAccessRights roleAccessFlags))
{
roleAccessFlags &= ~accessRights;
permissions[roleName] = roleAccessFlags;
}
}
public bool HasPermission(string roleName, HttpAccessRights accessRights) =>
permissions.TryGetValue(roleName, out HttpAccessRights roleAccessFlags) &&
((roleAccessFlags & accessRights) == accessRights);
public HttpPrincipal(string uniquedId, string username, string[] roles, HttpPrincipal authenticatedPrincipal) :
this(uniquedId, username, roles)
{
AuthenticatedPrincipal = authenticatedPrincipal;
}
public override string ToString() public override string ToString()
{ {
if (AuthenticatedPrincipal is null) if (AuthenticatedPrincipal is null)

5
ln.http/HttpRouter.cs
View File

@ -162,7 +162,10 @@ namespace ln.http
public bool Route(HttpContext httpContext) public bool Route(HttpContext httpContext)
{ {
if (AuthenticationRequired && httpContext.AuthenticatedPrincipal is null) if (AuthenticationRequired && httpContext.AuthenticatedPrincipal is null)
return false; {
httpContext.Response = HttpResponse.Unauthorized().Header("WWW-Authenticate", "Basic");
return true;
}
if ((AuthorizationDelegate is not null) && (!AuthorizationDelegate(httpContext))) if ((AuthorizationDelegate is not null) && (!AuthorizationDelegate(httpContext)))
return false; return false;

4
ln.http/RoleAuthorization.cs
View File

@ -5,9 +5,9 @@ namespace ln.http
{ {
public static class RoleAuthorization public static class RoleAuthorization
{ {
public static HttpAuthorizationDelegate Require(string roleName, HttpAccessRights accessRights) public static HttpAuthorizationDelegate Require(string roleName)
{ {
return context => context.AuthenticatedPrincipal?.HasPermission(roleName, accessRights) ?? false; return context => context.AuthenticatedPrincipal?.HasRole(roleName) ?? false;
} }
public static HttpAuthorizationDelegate RequireAll(params HttpAuthorizationDelegate[] authorizationDelegates) public static HttpAuthorizationDelegate RequireAll(params HttpAuthorizationDelegate[] authorizationDelegates)