Use ASP.NET authentication principles

API/Controller/Account/Authenticated/_ApiController.cs

@@ -1,40 +1,30 @@
 using Asp.Versioning;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using OpenShock.API.Services.Account;
-using OpenShock.Common.Authentication.Attributes;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.ControllerBase;
-using OpenShock.Common.OpenShockDb;
-using OpenShock.Common.Services.Session;
-using Redis.OM.Contracts;
 
 namespace OpenShock.API.Controller.Account.Authenticated;
 
 /// <summary>
 /// User account management
 /// </summary>
 [ApiController]
-[UserSessionOnly]
 [ApiVersion("1")]
 [Route("/{version:apiVersion}/account")]
+[Authorize(AuthenticationSchemes = OpenShockAuthSchemas.UserSessionCookie)]
 public sealed partial class AuthenticatedAccountController : AuthenticatedSessionControllerBase
 {
-    private readonly OpenShockContext _db;
-    private readonly IRedisConnectionProvider _redis;
-    private readonly ILogger<AuthenticatedAccountController> _logger;
     private readonly IAccountService _accountService;
-    private readonly ISessionService _sessionService;
+    private readonly ILogger<AuthenticatedAccountController> _logger;
 
     public AuthenticatedAccountController(
-        OpenShockContext db,
-        IRedisConnectionProvider redis,
-        ILogger<AuthenticatedAccountController> logger,
         IAccountService accountService,
-        ISessionService sessionService)
+        ILogger<AuthenticatedAccountController> logger
+        )
     {
-        _db = db;
-        _redis = redis;
-        _logger = logger;
         _accountService = accountService;
-        _sessionService = sessionService;
+        _logger = logger;
     }
 }

API/Controller/Account/Logout.cs

@@ -16,9 +16,9 @@ public async Task<IActionResult> Logout(
         [FromServices] ApiConfig apiConfig)
     {
         // Remove session if valid
-        if (HttpContext.TryGetSessionKey(out var sessionKey))
+        if (HttpContext.TryGetUserSessionCookie(out var sessionCookie))
         {
-            await sessionService.DeleteSessionById(sessionKey);
+            await sessionService.DeleteSessionById(sessionCookie);
         }
 
         // Make sure cookie is removed, no matter if authenticated or not

API/Controller/Account/_ApiController.cs

@@ -12,22 +12,17 @@ namespace OpenShock.API.Controller.Account;
 /// User account management
 /// </summary>
 [ApiController]
-[AllowAnonymous]
 [ApiVersion("1")]
 [ApiVersion("2")]
 [Route("/{version:apiVersion}/account")]
 public sealed partial class AccountController : OpenShockControllerBase
 {
-    private readonly OpenShockContext _db;
-    private readonly IRedisConnectionProvider _redis;
-    private readonly ILogger<Authenticated.AuthenticatedAccountController> _logger;
     private readonly IAccountService _accountService;
+    private readonly ILogger<AccountController> _logger;
 
-    public AccountController(OpenShockContext db, IRedisConnectionProvider redis, ILogger<Authenticated.AuthenticatedAccountController> logger, IAccountService accountService)
+    public AccountController(IAccountService accountService, ILogger<AccountController> logger)
     {
-        _db = db;
-        _redis = redis;
-        _logger = logger;
         _accountService = accountService;
+        _logger = logger;
     }
 }

API/Controller/Admin/_ApiController.cs

@@ -1,16 +1,15 @@
-using Microsoft.AspNetCore.Mvc;
-using OpenShock.Common.Authentication.Attributes;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.ControllerBase;
-using OpenShock.Common.Models;
 using OpenShock.Common.OpenShockDb;
 using Redis.OM.Contracts;
 
 namespace OpenShock.API.Controller.Admin;
 
 [ApiController]
-[Rank(RankType.Admin)]
-[UserSessionOnly]
 [Route("/{version:apiVersion}/admin")]
+[Authorize(AuthenticationSchemes = OpenShockAuthSchemas.UserSessionCookie, Policy = OpenShockAuthPolicies.AdminAccess)]
 public sealed partial class AdminController : AuthenticatedSessionControllerBase
 {
     private readonly OpenShockContext _db;

API/Controller/Device/_ApiController.cs

@@ -1,4 +1,6 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.ControllerBase;
 using OpenShock.Common.OpenShockDb;
 using Redis.OM.Contracts;
@@ -10,7 +12,8 @@ namespace OpenShock.API.Controller.Device;
 /// </summary>
 [ApiController]
 [Route("/{version:apiVersion}/device")]
-public sealed partial class DeviceController : AuthenticatedDeviceControllerBase
+[Authorize(AuthenticationSchemes = OpenShockAuthSchemas.HubToken)]
+public sealed partial class DeviceController : AuthenticatedHubControllerBase
 {
     private readonly OpenShockContext _db;
     private readonly IRedisConnectionProvider _redis;

API/Controller/Devices/DeviceOtaController.cs

@@ -1,8 +1,10 @@
 using System.Net;
 using System.Net.Mime;
 using Asp.Versioning;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.Attributes;
 using OpenShock.Common.Errors;
 using OpenShock.Common.Models;
@@ -22,10 +24,10 @@ public sealed partial class DevicesController
     /// <response code="200">OK</response>
     /// <response code="404">Could not find device or you do not have access to it</response>
     [HttpGet("{deviceId}/ota")]
-    [UserSessionOnly]
+    [MapToApiVersion("1")]
+    [Authorize(Policy = OpenShockAuthPolicies.UserAccess)]
     [ProducesResponseType<BaseResponse<IReadOnlyCollection<OtaItem>>>(StatusCodes.Status200OK, MediaTypeNames.Application.Json)]
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status404NotFound, MediaTypeNames.Application.ProblemJson)] // DeviceNotFound
-    [MapToApiVersion("1")]
     public async Task<IActionResult> GetOtaUpdateHistory([FromRoute] Guid deviceId, [FromServices] IOtaService otaService)
     {
         // Check if user owns device or has a share

API/Controller/Devices/_ApiController.cs

@@ -1,5 +1,7 @@
 using Asp.Versioning;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.ControllerBase;
 using OpenShock.Common.OpenShockDb;
 using Redis.OM.Contracts;
@@ -10,9 +12,10 @@ namespace OpenShock.API.Controller.Devices;
 /// Device management
 /// </summary>
 [ApiController]
-[Route("/{version:apiVersion}/devices")]
 [ApiVersion("1")]
 [ApiVersion("2")]
+[Route("/{version:apiVersion}/devices")]
+[Authorize(AuthenticationSchemes = OpenShockAuthSchemas.UserSessionApiTokenCombo)]
 public sealed partial class DevicesController : AuthenticatedSessionControllerBase
 {
     private readonly OpenShockContext _db;

API/Controller/Public/_ApiController.cs

@@ -8,7 +8,6 @@ namespace OpenShock.API.Controller.Public;
 
 [ApiController]
 [Route("/{version:apiVersion}/public")]
-[AllowAnonymous]
 public sealed partial class PublicController : OpenShockControllerBase
 {
     private readonly OpenShockContext _db;

API/Controller/Sessions/SessionSelf.cs

@@ -1,6 +1,8 @@
 using System.Net.Mime;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using OpenShock.API.Models.Response;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.Attributes;
 using OpenShock.Common.Authentication.Services;
 using OpenShock.Common.Problems;
@@ -16,7 +18,6 @@ public sealed partial class SessionsController
     /// <returns></returns>
     /// <exception cref="Exception"></exception>
     [HttpGet("self")]
-    [UserSessionOnly]
     [ProducesResponseType<LoginSessionResponse>(StatusCodes.Status200OK, MediaTypeNames.Application.Json)]
     public LoginSessionResponse GetSelfSession([FromServices] IUserReferenceService userReferenceService)
     {

API/Controller/Sessions/_ApiController.cs

@@ -1,5 +1,7 @@
 using Asp.Versioning;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.Attributes;
 using OpenShock.Common.Authentication.ControllerBase;
 using OpenShock.Common.Services.Session;
@@ -10,9 +12,9 @@ namespace OpenShock.API.Controller.Sessions;
 /// Session management
 /// </summary>
 [ApiController]
-[UserSessionOnly]
 [ApiVersion("1")]
 [Route("/{version:apiVersion}/sessions")]
+[Authorize(AuthenticationSchemes = OpenShockAuthSchemas.UserSessionCookie)]
 public sealed partial class SessionsController : AuthenticatedSessionControllerBase
 {
     private readonly ISessionService _sessionService;

API/Controller/Shares/Links/_ApiController.cs

@@ -1,4 +1,6 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.ControllerBase;
 using OpenShock.Common.OpenShockDb;
 
@@ -9,6 +11,7 @@ namespace OpenShock.API.Controller.Shares.Links;
 /// </summary>
 [ApiController]
 [Route("/{version:apiVersion}/shares/links")]
+[Authorize(AuthenticationSchemes = OpenShockAuthSchemas.UserSessionApiTokenCombo)]
 public sealed partial class ShareLinksController : AuthenticatedSessionControllerBase
 {
     private readonly OpenShockContext _db;

API/Controller/Shares/_ApiController.cs

@@ -1,5 +1,7 @@
 using Asp.Versioning;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.ControllerBase;
 using OpenShock.Common.OpenShockDb;
 
@@ -9,9 +11,10 @@ namespace OpenShock.API.Controller.Shares;
 /// Shocker share management
 /// </summary>
 [ApiController]
-[Route("/{version:apiVersion}/shares")]
 [ApiVersion("1")]
 [ApiVersion("2")]
+[Route("/{version:apiVersion}/shares")]
+[Authorize(AuthenticationSchemes = OpenShockAuthSchemas.UserSessionApiTokenCombo)]
 public sealed partial class SharesController : AuthenticatedSessionControllerBase
 {
     private readonly OpenShockContext _db;

API/Controller/Shockers/_ApiController.cs

@@ -1,5 +1,7 @@
 using Asp.Versioning;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.ControllerBase;
 using OpenShock.Common.OpenShockDb;
 
@@ -12,6 +14,7 @@ namespace OpenShock.API.Controller.Shockers;
 [ApiVersion("1")]
 [ApiVersion("2")]
 [Route("/{version:apiVersion}/shockers")]
+[Authorize(AuthenticationSchemes = OpenShockAuthSchemas.UserSessionApiTokenCombo)]
 public sealed partial class ShockerController : AuthenticatedSessionControllerBase
 {
     private readonly OpenShockContext _db;

API/Controller/Tokens/TokenController.cs

@@ -1,11 +1,13 @@
 using System.ComponentModel.DataAnnotations;
 using System.Net;
 using System.Net.Mime;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using OpenShock.API.Models.Response;
 using OpenShock.API.Utils;
 using OpenShock.Common;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.Attributes;
 using OpenShock.Common.Constants;
 using OpenShock.Common.Errors;
@@ -23,7 +25,7 @@ public sealed partial class TokensController
     /// </summary>
     /// <response code="200">All tokens for the current user</response>
     [HttpGet]
-    [UserSessionOnly]
+    [Authorize(Policy = OpenShockAuthPolicies.UserAccess)]
     [ProducesResponseType<IEnumerable<TokenResponse>>(StatusCodes.Status200OK, MediaTypeNames.Application.Json)]
     public async Task<IEnumerable<TokenResponse>> ListTokens()
     {
@@ -50,7 +52,7 @@ public async Task<IEnumerable<TokenResponse>> ListTokens()
     /// <response code="200">The token</response>
     /// <response code="404">The token does not exist or you do not have access to it.</response>
     [HttpGet("{tokenId}")]
-    [UserSessionOnly]
+    [Authorize(Policy = OpenShockAuthPolicies.UserAccess)]
     [ProducesResponseType<TokenResponse>(StatusCodes.Status200OK, MediaTypeNames.Application.Json)]
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status404NotFound, MediaTypeNames.Application.ProblemJson)] // ApiTokenNotFound    
     public async Task<IActionResult> GetTokenById([FromRoute] Guid tokenId)
@@ -79,7 +81,7 @@ public async Task<IActionResult> GetTokenById([FromRoute] Guid tokenId)
     /// <response code="200">Successfully deleted token</response>
     /// <response code="404">The token does not exist or you do not have access to it.</response>
     [HttpDelete("{tokenId}")]
-    [UserSessionOnly]
+    [Authorize(Policy = OpenShockAuthPolicies.UserAccess)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status404NotFound, MediaTypeNames.Application.ProblemJson)] // ApiTokenNotFound    
     public async Task<IActionResult> DeleteToken([FromRoute] Guid tokenId)
@@ -103,7 +105,7 @@ public async Task<IActionResult> DeleteToken([FromRoute] Guid tokenId)
     /// <param name="body"></param>
     /// <response code="200">The created token</response>
     [HttpPost]
-    [UserSessionOnly]
+    [Authorize(Policy = OpenShockAuthPolicies.UserAccess)]
     [ProducesResponseType<TokenCreatedResponse>(StatusCodes.Status200OK, MediaTypeNames.Application.Json)]
     public async Task<TokenCreatedResponse> CreateToken([FromBody] CreateTokenRequest body)
     {
@@ -137,7 +139,7 @@ public async Task<TokenCreatedResponse> CreateToken([FromBody] CreateTokenReques
     /// <response code="200">The edited token</response>
     /// <response code="404">The token does not exist or you do not have access to it.</response>
     [HttpPatch("{tokenId}")]
-    [UserSessionOnly]
+    [Authorize(Policy = OpenShockAuthPolicies.UserAccess)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status404NotFound, MediaTypeNames.Application.ProblemJson)] // ApiTokenNotFound    
     public async Task<IActionResult> EditToken([FromRoute] Guid tokenId, [FromBody] EditTokenRequest body)

API/Controller/Tokens/TokenSelfController.cs

@@ -1,6 +1,8 @@
 using System.Net.Mime;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using OpenShock.API.Models.Response;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.Attributes;
 using OpenShock.Common.Authentication.Services;
 using OpenShock.Common.OpenShockDb;
@@ -17,7 +19,7 @@ public sealed partial class TokensController
     /// <returns></returns>
     /// <exception cref="Exception"></exception>
     [HttpGet("self")]
-    [TokenOnly]
+    [Authorize(Policy = OpenShockAuthPolicies.TokenSessionOnly)]
     [ProducesResponseType<TokenResponse>(StatusCodes.Status200OK, MediaTypeNames.Application.Json)]
     public TokenResponse GetSelfToken([FromServices] IUserReferenceService userReferenceService)
     {

API/Controller/Tokens/_ApiController.cs

@@ -1,4 +1,6 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.ControllerBase;
 using OpenShock.Common.OpenShockDb;
 using Redis.OM.Contracts;
@@ -7,6 +9,7 @@ namespace OpenShock.API.Controller.Tokens;
 
 [ApiController]
 [Route("/{version:apiVersion}/tokens")]
+[Authorize(AuthenticationSchemes = OpenShockAuthSchemas.UserSessionApiTokenCombo)]
 public sealed partial class TokensController : AuthenticatedSessionControllerBase
 {
     private readonly OpenShockContext _db;

API/Controller/Users/_ApiController.cs

@@ -1,4 +1,6 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using OpenShock.Common.Authentication;
 using OpenShock.Common.Authentication.ControllerBase;
 using OpenShock.Common.OpenShockDb;
 using Redis.OM.Contracts;
@@ -7,6 +9,7 @@ namespace OpenShock.API.Controller.Users;
 
 [ApiController]
 [Route("/{version:apiVersion}/users")]
+[Authorize(AuthenticationSchemes = OpenShockAuthSchemas.UserSessionApiTokenCombo)]
 public sealed partial class UsersController : AuthenticatedSessionControllerBase
 {
     private readonly OpenShockContext _db;

API/Controller/Version/_ApiController.cs

@@ -15,7 +15,6 @@ namespace OpenShock.API.Controller.Version;
 /// Version stuff
 /// </summary>
 [ApiController]
-[AllowAnonymous]
 [Route("/{version:apiVersion}")]
 public sealed partial class VersionController : OpenShockControllerBase
 {

API/Program.cs

@@ -15,6 +15,7 @@
 using OpenShock.Common.Services.LCGNodeProvisioner;
 using OpenShock.Common.Services.Ota;
 using OpenShock.Common.Services.Turnstile;
+using OpenShock.Common.Swagger;
 using Scalar.AspNetCore;
 using Serilog;