| | | 1 | | using System.Security.Claims; |
| | | 2 | | using System.Text.RegularExpressions; |
| | | 3 | | using Microsoft.AspNetCore.Authentication; |
| | | 4 | | using Kestrun.Claims; |
| | | 5 | | using Kestrun.Hosting; |
| | | 6 | | |
| | | 7 | | namespace Kestrun.Authentication; |
| | | 8 | | |
| | | 9 | | /// <summary> |
| | | 10 | | /// Options for configuring Basic Authentication in Kestrun. |
| | | 11 | | /// </summary> |
| | | 12 | | public partial class BasicAuthenticationOptions : AuthenticationSchemeOptions, IAuthenticationCommonOptions, IOpenApiAut |
| | | 13 | | { |
| | | 14 | | /// <inheritdoc/> |
| | 14 | 15 | | public string? DisplayName { get; set; } |
| | | 16 | | /// <inheritdoc/> |
| | 22 | 17 | | public bool GlobalScheme { get; set; } |
| | | 18 | | |
| | | 19 | | /// <inheritdoc/> |
| | 22 | 20 | | public string? Description { get; set; } |
| | | 21 | | |
| | | 22 | | /// <inheritdoc/> |
| | 89 | 23 | | public string[] DocumentationId { get; set; } = []; |
| | | 24 | | |
| | | 25 | | /// <inheritdoc/> |
| | 66 | 26 | | public KestrunHost Host { get; set; } = default!; |
| | | 27 | | |
| | | 28 | | /// <inheritdoc/> |
| | 22 | 29 | | public bool Deprecated { get; set; } |
| | | 30 | | |
| | | 31 | | private Serilog.ILogger? _logger; |
| | | 32 | | /// <inheritdoc/> |
| | | 33 | | public Serilog.ILogger Logger |
| | | 34 | | { |
| | 14 | 35 | | get => _logger ?? (Host is null ? Serilog.Log.Logger : Host.Logger); set => _logger = value; |
| | | 36 | | } |
| | | 37 | | /// <summary> |
| | | 38 | | /// Gets or sets the name of the HTTP header used for authentication. |
| | | 39 | | /// </summary> |
| | 84 | 40 | | public string HeaderName { get; set; } = "Authorization"; |
| | | 41 | | /// <summary> |
| | | 42 | | /// Gets or sets a value indicating whether the credentials are Base64 encoded. |
| | | 43 | | /// </summary> |
| | 85 | 44 | | public bool Base64Encoded { get; set; } = true; |
| | | 45 | | |
| | | 46 | | /// <summary> |
| | | 47 | | /// Gets or sets the regular expression used to separate the username and password in the credentials. |
| | | 48 | | /// </summary> |
| | 91 | 49 | | public Regex SeparatorRegex { get; set; } = MyRegex(); |
| | | 50 | | |
| | | 51 | | /// <summary> |
| | | 52 | | /// Gets or sets the authentication realm used in the WWW-Authenticate header. |
| | | 53 | | /// </summary> |
| | 59 | 54 | | public string Realm { get; set; } = "Kestrun"; |
| | | 55 | | |
| | | 56 | | [GeneratedRegex("^([^:]*):(.*)$", RegexOptions.Compiled)] |
| | | 57 | | private static partial Regex MyRegex(); |
| | | 58 | | |
| | | 59 | | /// <summary> |
| | | 60 | | /// Gets or sets a value indicating whether to allow insecure HTTP connections. |
| | | 61 | | /// </summary> |
| | 42 | 62 | | public bool AllowInsecureHttp { get; set; } |
| | | 63 | | |
| | | 64 | | /// <summary> |
| | | 65 | | /// Gets or sets a value indicating whether to suppress the WWW-Authenticate header in responses. |
| | | 66 | | /// </summary> |
| | 16 | 67 | | public bool SuppressWwwAuthenticate { get; set; } |
| | | 68 | | |
| | | 69 | | /// <summary> |
| | | 70 | | /// Delegate to validate user credentials. |
| | | 71 | | /// Parameters: HttpContext, username, password. Returns: Task<bool> indicating validity. |
| | | 72 | | /// </summary> |
| | 99 | 73 | | public Func<HttpContext, string, string, Task<bool>> ValidateCredentialsAsync { get; set; } = (_, _, _) => Task.From |
| | | 74 | | |
| | | 75 | | /// <summary> |
| | | 76 | | /// Settings for the authentication code, if using a script. |
| | | 77 | | /// </summary> |
| | | 78 | | /// <remarks> |
| | | 79 | | /// This allows you to specify the language, code, and additional imports/refs. |
| | | 80 | | /// </remarks> |
| | 69 | 81 | | public AuthenticationCodeSettings ValidateCodeSettings { get; set; } = new(); |
| | | 82 | | |
| | | 83 | | /// <summary> |
| | | 84 | | /// After credentials are valid, this is called to add extra Claims. |
| | | 85 | | /// Parameters: HttpContext, username → IEnumerable of extra claims. |
| | | 86 | | /// </summary> |
| | 24 | 87 | | public Func<HttpContext, string, Task<IEnumerable<Claim>>>? IssueClaims { get; set; } |
| | | 88 | | |
| | | 89 | | /// <summary> |
| | | 90 | | /// Settings for the claims issuing code, if using a script. |
| | | 91 | | /// </summary> |
| | | 92 | | /// <remarks> |
| | | 93 | | /// This allows you to specify the language, code, and additional imports/refs for claims issuance. |
| | | 94 | | /// </remarks> |
| | 69 | 95 | | public AuthenticationCodeSettings IssueClaimsCodeSettings { get; set; } = new(); |
| | | 96 | | |
| | | 97 | | /// <summary> |
| | | 98 | | /// Gets or sets the claim policy configuration. |
| | | 99 | | /// </summary> |
| | | 100 | | /// <remarks> |
| | | 101 | | /// This allows you to define multiple authorization policies based on claims. |
| | | 102 | | /// Each policy can specify a claim type and allowed values. |
| | | 103 | | /// </remarks> |
| | 20 | 104 | | public ClaimPolicyConfig? ClaimPolicyConfig { get; set; } |
| | | 105 | | |
| | | 106 | | /// <summary> |
| | | 107 | | /// Helper to copy values from a user-supplied BasicAuthenticationOptions instance to the instance |
| | | 108 | | /// created by the framework inside AddBasic(). Reassigning the local variable (opts = source) would |
| | | 109 | | /// not work because only the local reference changes – the framework keeps the original instance. |
| | | 110 | | /// </summary> |
| | | 111 | | /// <param name="target">The target instance to which values will be copied. </param> |
| | | 112 | | public void ApplyTo(BasicAuthenticationOptions target) |
| | | 113 | | { |
| | | 114 | | // Copy properties from the provided configure object |
| | 7 | 115 | | target.HeaderName = HeaderName; |
| | 7 | 116 | | target.Base64Encoded = Base64Encoded; |
| | 7 | 117 | | if (SeparatorRegex is not null) |
| | | 118 | | { |
| | 7 | 119 | | target.SeparatorRegex = new Regex(SeparatorRegex.ToString(), SeparatorRegex.Options); |
| | | 120 | | } |
| | | 121 | | |
| | 7 | 122 | | target.Realm = Realm; |
| | 7 | 123 | | target.AllowInsecureHttp = AllowInsecureHttp; |
| | 7 | 124 | | target.SuppressWwwAuthenticate = SuppressWwwAuthenticate; |
| | 7 | 125 | | target.ValidateCredentialsAsync = ValidateCredentialsAsync; |
| | | 126 | | // Copy properties from the provided configure object |
| | 7 | 127 | | target.ValidateCodeSettings = ValidateCodeSettings; |
| | 7 | 128 | | target.IssueClaimsCodeSettings = IssueClaimsCodeSettings; |
| | 7 | 129 | | target.IssueClaims = IssueClaims; |
| | | 130 | | // Claims policy configuration |
| | 7 | 131 | | target.ClaimPolicyConfig = ClaimPolicyConfig; |
| | | 132 | | |
| | | 133 | | // Copy IAuthenticationHostOptions properties |
| | 7 | 134 | | target.Host = Host; |
| | | 135 | | // OpenAPI / documentation properties(IOpenApiAuthenticationOptions) |
| | 7 | 136 | | target.GlobalScheme = GlobalScheme; |
| | 7 | 137 | | target.Description = Description; |
| | 7 | 138 | | target.DocumentationId = DocumentationId; |
| | 7 | 139 | | target.DisplayName = DisplayName; |
| | 7 | 140 | | target.Deprecated = Deprecated; |
| | 7 | 141 | | } |
| | | 142 | | } |