Changed the authorize attribute to take a list of Role enums instead of a string

Author: mikey-t

.editorconfig

@@ -12,3 +12,6 @@ indent_size = 2
 [*.cs]
 indent_style = space
 indent_size = 4
+
+[*.{ts, tsx, js}]
+quote_type = single

.vscode/launch.json

@@ -15,10 +15,10 @@
       "cwd": "${workspaceFolder}/src/WebServer",
       "stopAtEntry": false,
       // Enable launching a web browser when ASP.NET Core starts. For more information: https://aka.ms/VSCode-CS-LaunchJson-WebBrowser
-      "serverReadyAction": {
-        "action": "openExternally",
-        "pattern": "\\bNow listening on:\\s+(https?://\\S+)"
-      },
+      // "serverReadyAction": {
+      //   "action": "openExternally",
+      //   "pattern": "\\bNow listening on:\\s+(https?://\\S+)"
+      // },
       "env": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       },
@@ -29,7 +29,7 @@
     {
       "name": ".NET Core Attach",
       "type": "coreclr",
-      "request": "attach"
+      "request": "attach",
     }
   ]
 }

src/WebServer/Auth/AuthorizeAttribute.cs

@@ -5,14 +5,18 @@
 using Microsoft.AspNetCore.Mvc.Filters;
 using Serilog;
 using WebServer.Model.Auth;
-using JsonSerializer = System.Text.Json.JsonSerializer;
 
 namespace WebServer.Auth;
 
 [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
 public class AuthorizeAttribute : Attribute, IAuthorizationFilter
 {
-    public string Roles { get; set; } = "";
+    private readonly Role[] _roles;
+
+    public AuthorizeAttribute(params Role[] roles)
+    {
+        _roles = roles;
+    }
 
     public void OnAuthorization(AuthorizationFilterContext context)
     {
@@ -28,25 +32,19 @@ public void OnAuthorization(AuthorizationFilterContext context)
             return;
         }
 
-        var unauthorizedResult = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized };
-
         var account = (Account?)context.HttpContext?.Items?[GlobalConstants.CONTEXT_ACCOUNT_KEY];
 
-        logger.Debug("Account: {Account}", JsonSerializer.Serialize(account));
-        logger.Debug("Roles: {Roles}", Roles);
-
         if (account == null)
         {
-            context.Result = unauthorizedResult;
+            context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized };
             return;
         }
 
-        if (string.IsNullOrWhiteSpace(Roles)) return;
-
-        var roleList = Roles.Split(",").Select(r => r.Trim().ToUpper());
-
-        if (roleList.All(role => account.Roles.Contains(role))) return;
+        if (_roles.Length == 0 || _roles.Any(role => account.Roles.Contains(role.ToString().ToUpper())))
+        {
+            return;
+        }
 
-        context.Result = unauthorizedResult;
+        context.Result = new JsonResult(new { message = "Forbidden" }) { StatusCode = 403 };
     }
 }

src/WebServer/Controllers/AdminControllers/LoginWhitelistController.cs

@@ -7,7 +7,7 @@
 
 namespace WebServer.Controllers.AdminControllers;
 
-[Authorize(Roles = nameof(Role.SUPER_ADMIN))]
+[Authorize(Role.SUPER_ADMIN)]
 [ApiController]
 [Route("api/admin/login-whitelist")]
 public class LoginWhitelistController : ControllerBase

src/WebServer/Controllers/AdminControllers/UserController.cs

@@ -8,7 +8,7 @@
 
 namespace WebServer.Controllers.AdminControllers;
 
-[Authorize(Roles = nameof(Role.SUPER_ADMIN))]
+[Authorize(Role.SUPER_ADMIN)]
 [ApiController]
 [Route("api/admin/user")]
 public class UserController : ControllerBase

src/WebServer/Controllers/ProtectedController.cs

@@ -1,11 +1,12 @@
 using Microsoft.AspNetCore.Mvc;
 using WebServer.Auth;
+using WebServer.Model.Auth;
 
 namespace WebServer.Controllers;
 
 [ApiController]
 [Route("api/[controller]")]
-[Authorize(Roles = Roles.USER)]
+[Authorize(Role.USER)]
 public class ProtectedController : ControllerBase
 {
     private readonly ILogger<ProtectedController> _logger;

src/WebServer/Controllers/WeatherForecastController.cs

@@ -23,11 +23,10 @@ public WeatherForecastController(ILogger<WeatherForecastController> logger)
     public IEnumerable<WeatherForecast> Get()
     {
         return Enumerable.Range(1, 5).Select(index => new WeatherForecast
-            {
-                Date = DateTime.Now.AddDays(index),
-                TemperatureC = Random.Shared.Next(-20, 55),
-                Summary = Summaries[Random.Shared.Next(Summaries.Length)]
-            })
-            .ToArray();
+        {
+            Date = DateTime.Now.AddDays(index),
+            TemperatureC = Random.Shared.Next(-20, 55),
+            Summary = Summaries[Random.Shared.Next(Summaries.Length)]
+        }).ToArray();
     }
 }

src/client/src/logic/ProtectedApi.ts

@@ -0,0 +1,8 @@
+import ApiResponse from '../model/ApiResponse'
+import ApiBase from './ApiBase'
+
+export default class ProtectedApi extends ApiBase {
+    async getProtectedTest(): Promise<ApiResponse<string | null>> {
+        return await this.get<string>('protected/test')
+    }
+}

src/client/src/pages/protected/Account.tsx

@@ -1,8 +1,33 @@
-export default function Account() {
+import Button from '@mui/material/Button/Button'
+import { useState } from 'react'
+import ProtectedApi from '../../logic/ProtectedApi'
+
+const api = new ProtectedApi()
+
+export default function Account() {
+  const [data, setData] = useState<string>('')
+
+  const getData = async () => {
+    const res = await api.getProtectedTest()
+    if (res.isError()) {
+      console.log(res.exception?.toJson())
+      return
+    }
+
+    setData(res.data || '')
+  }
+
+  const clear = () => {
+    setData('')
+  }
+
   return (
     <>
       <h1>Account</h1>
       <p>This page requires authentication.</p>
+      <Button variant="contained" onClick={getData}>Test protected endpoint</Button>&nbsp;
+      <Button variant="contained" onClick={clear}>Clear</Button>
+      <div>{data}</div>
     </>
   )
 }