WIP

2020-11-17 20:07:28 -05:00 · 2020-11-17 20:07:28 -05:00 · 167b8b7bb4
commit 167b8b7bb4
parent db40a5cffd
3 changed files with 41 additions and 6 deletions
--- a/src/JobsJobsJobs.Api/Auth.fs
+++ b/src/JobsJobsJobs.Api/Auth.fs
@ -12,13 +12,14 @@ type FSharpJsonSerializer () =
      Json.deserialize<'T> json


+open Data
+open Domain
+open JWT.Algorithms
+open JWT.Builder
+open System
 open System.Net.Http
 open System.Net.Http.Headers
-open Data
-open JWT.Builder
-open JobsJobsJobs.Api.Domain
-open JWT.Algorithms
-open System
+open JWT.Exceptions

 /// Verify a user's credentials with No Agenda Social
 let verifyWithMastodon accessToken = async {
@ -53,3 +54,18 @@ let createJwt citizenId = async {
  | Ok None -> return Error (exn "Citizen record not found")
  | Error exn -> return Error exn
  }
+
+/// Validate the given token
+let validateJwt token =
+  try
+    let paylod =
+      JwtBuilder()
+        .WithAlgorithm(HMACSHA256Algorithm ())
+        // TODO: generate separate secret for server
+        .WithSecret(config.auth.secret)
+        .MustVerifySignature()
+        .Decode<Map<string, obj>> token
+    CitizenId.tryParse (paylod.["sub"] :?> string)
+  with
+  | :? TokenExpiredException          -> Error "Token is expired"
+  | :? SignatureVerificationException -> Error "Invalid token signature"
--- a/src/JobsJobsJobs.Api/Handlers.fs
+++ b/src/JobsJobsJobs.Api/Handlers.fs
@ -12,10 +12,28 @@ module private Internal =
  
  open Suave.Writers

+  /// Read the JWT and get the authorized user ID
+  let authorizedUser : WebPart =
+    fun ctx ->
+      match ctx.request.header "Authorization" with
+      | Choice1Of2 bearer ->
+          let token = (bearer.Split " ").[1]
+          match Auth.validateJwt token with
+          | Ok citizenId ->
+              setUserData "citizenId" citizenId ctx
+          | Error err ->
+              RequestErrors.BAD_REQUEST err ctx
+      | Choice2Of2 _ ->
+          RequestErrors.BAD_REQUEST "Authorization header must be specified" ctx
+
  /// Send a JSON response
  let json x =
    Successful.OK (Json.serialize x)
    >=> setMimeType "application/json; charset=utf-8"
+  
+  /// Get the current citizen ID from the context
+  let currentCitizenId ctx =
+    ctx.userState.["citizenId"] :?> CitizenId


 /// Handler to return the Vue application
--- a/src/JobsJobsJobs.Api/JobsJobsJobs.Api.fsproj
+++ b/src/JobsJobsJobs.Api/JobsJobsJobs.Api.fsproj
@ -2,7 +2,8 @@

  <PropertyGroup>
    <OutputType>Exe</OutputType>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net5.0</TargetFramework>
+    <LangVersion>preview</LangVersion>
  </PropertyGroup>

  <ItemGroup>