2019-10-07 18:35:37 -04:00
|
|
|
|
using Microsoft.AspNetCore.Authentication;
|
|
|
|
|
using Microsoft.AspNetCore.Http;
|
2020-05-22 22:38:38 -04:00
|
|
|
|
using SharedLibraryCore;
|
2019-10-07 18:35:37 -04:00
|
|
|
|
using SharedLibraryCore.Interfaces;
|
|
|
|
|
using System.Collections.Generic;
|
|
|
|
|
using System.Linq;
|
|
|
|
|
using System.Security.Claims;
|
|
|
|
|
using System.Threading.Tasks;
|
2021-03-22 12:09:25 -04:00
|
|
|
|
using Data.Models.Client;
|
2022-04-19 19:43:58 -04:00
|
|
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
2019-10-07 18:35:37 -04:00
|
|
|
|
using static SharedLibraryCore.GameEvent;
|
|
|
|
|
|
|
|
|
|
namespace WebfrontCore.Middleware
|
|
|
|
|
{
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Facilitates the removal of identity claims when client is demoted
|
|
|
|
|
/// </summary>
|
|
|
|
|
internal class ClaimsPermissionRemoval
|
|
|
|
|
{
|
|
|
|
|
private readonly IManager _manager;
|
|
|
|
|
private readonly List<int> _privilegedClientIds;
|
|
|
|
|
private readonly RequestDelegate _nextRequest;
|
|
|
|
|
|
|
|
|
|
public ClaimsPermissionRemoval(RequestDelegate nextRequest, IManager manager)
|
|
|
|
|
{
|
|
|
|
|
_manager = manager;
|
2020-05-22 22:38:38 -04:00
|
|
|
|
_manager.OnGameEventExecuted += OnGameEvent;
|
2019-10-07 18:35:37 -04:00
|
|
|
|
_privilegedClientIds = new List<int>();
|
|
|
|
|
_nextRequest = nextRequest;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Callback for the game event
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="sender"></param>
|
2020-05-22 22:38:38 -04:00
|
|
|
|
/// <param name="gameEvent"></param>
|
|
|
|
|
private void OnGameEvent(object sender, GameEvent gameEvent)
|
2019-10-07 18:35:37 -04:00
|
|
|
|
{
|
2022-06-15 20:37:34 -04:00
|
|
|
|
if (gameEvent.Type != EventType.ChangePermission || gameEvent.Extra is not EFClient.Permission perm)
|
2019-10-07 18:35:37 -04:00
|
|
|
|
{
|
2022-06-15 20:37:34 -04:00
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lock (_privilegedClientIds)
|
|
|
|
|
{
|
|
|
|
|
switch (perm)
|
2019-10-07 18:35:37 -04:00
|
|
|
|
{
|
2022-06-15 20:37:34 -04:00
|
|
|
|
// we want to remove the claims when the client is demoted
|
|
|
|
|
case < EFClient.Permission.Trusted:
|
2019-10-07 18:35:37 -04:00
|
|
|
|
{
|
2020-05-22 22:38:38 -04:00
|
|
|
|
_privilegedClientIds.RemoveAll(id => id == gameEvent.Target.ClientId);
|
2022-06-15 20:37:34 -04:00
|
|
|
|
break;
|
2019-10-07 18:35:37 -04:00
|
|
|
|
}
|
2022-06-15 20:37:34 -04:00
|
|
|
|
// and add if promoted
|
|
|
|
|
case > EFClient.Permission.Trusted when !_privilegedClientIds.Contains(gameEvent.Target.ClientId):
|
2019-10-07 18:35:37 -04:00
|
|
|
|
{
|
2020-05-22 22:38:38 -04:00
|
|
|
|
_privilegedClientIds.Add(gameEvent.Target.ClientId);
|
2022-06-15 20:37:34 -04:00
|
|
|
|
break;
|
2019-10-07 18:35:37 -04:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public async Task Invoke(HttpContext context)
|
|
|
|
|
{
|
|
|
|
|
// we want to load the initial list of privileged clients
|
2022-06-15 20:37:34 -04:00
|
|
|
|
bool hasAny;
|
|
|
|
|
lock (_privilegedClientIds)
|
|
|
|
|
{
|
|
|
|
|
hasAny = _privilegedClientIds.Any();
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-15 22:00:01 -04:00
|
|
|
|
if (!hasAny)
|
2019-10-07 18:35:37 -04:00
|
|
|
|
{
|
|
|
|
|
var ids = (await _manager.GetClientService().GetPrivilegedClients())
|
2022-06-15 20:37:34 -04:00
|
|
|
|
.Select(client => client.ClientId);
|
2019-10-07 18:35:37 -04:00
|
|
|
|
|
|
|
|
|
lock (_privilegedClientIds)
|
|
|
|
|
{
|
|
|
|
|
_privilegedClientIds.AddRange(ids);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// sid stores the clientId
|
2022-06-15 20:37:34 -04:00
|
|
|
|
var claimsId = context.User.Claims.FirstOrDefault(claim => claim.Type == ClaimTypes.Sid)?.Value;
|
2019-10-07 18:35:37 -04:00
|
|
|
|
|
|
|
|
|
if (!string.IsNullOrEmpty(claimsId))
|
|
|
|
|
{
|
2022-06-15 20:37:34 -04:00
|
|
|
|
var clientId = int.Parse(claimsId);
|
|
|
|
|
bool hasKey;
|
|
|
|
|
lock (_privilegedClientIds)
|
|
|
|
|
{
|
|
|
|
|
hasKey = _privilegedClientIds.Contains(clientId);
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-07 18:35:37 -04:00
|
|
|
|
// they've been removed
|
2022-06-15 20:37:34 -04:00
|
|
|
|
if (!hasKey && clientId != 1)
|
2019-10-07 18:35:37 -04:00
|
|
|
|
{
|
2022-04-19 19:43:58 -04:00
|
|
|
|
await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
2019-10-07 18:35:37 -04:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
await _nextRequest.Invoke(context);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|