🆕 feat: RequireAuthorization

masastack · Sep 11, 2024 · 5b69b6a · 5b69b6a
1 parent 5b0734f
commit 5b69b6a
Show file tree

Hide file tree

Showing 17 changed files with 84 additions and 2 deletions.
diff --git a/...th.Service.Admin/Infrastructure/Authorization/CodeAuthorizationMiddlewareResultHandler.cs b/...th.Service.Admin/Infrastructure/Authorization/CodeAuthorizationMiddlewareResultHandler.cs
@@ -31,6 +31,13 @@ public async Task HandleAsync(RequestDelegate next, HttpContext context, Authori
         //Enhance the default challenge or forbid responses.
         var endpoint = context.GetEndpoint();
         var masaAuthorizeAttribute = endpoint?.Metadata.GetMetadata<MasaAuthorizeAttribute>();
+
+        if (masaAuthorizeAttribute == null && context.User.Identity?.IsAuthenticated is true)
+        {
+            await next(context);
+            return;
+        }
+
         if (masaAuthorizeAttribute != null)
         {
             if (masaAuthorizeAttribute.Roles?.Split(',').ToList()
@@ -41,6 +48,7 @@ public async Task HandleAsync(RequestDelegate next, HttpContext context, Authori
                 return;
             }
         }
+
         var code = masaAuthorizeAttribute?.Code;
         var appId = string.Empty;
         var requirement = policy.Requirements.Where(r => r is DefaultRuleCodeRequirement)

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/ApiResourceService.cs b/src/Services/Masa.Auth.Service.Admin/Services/ApiResourceService.cs
@@ -7,6 +7,10 @@ public class ApiResourceService : RestServiceBase
     {
         public ApiResourceService() : base("api/sso/apiResource")
         {
+            RouteHandlerBuilder = builder =>
+            {
+                builder.RequireAuthorization();
+            };
         }
 
         private async Task<PaginationDto<ApiResourceDto>> GetListAsync(IEventBus eventBus, GetApiResourcesDto apiResource)

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/ApiScopeService.cs b/src/Services/Masa.Auth.Service.Admin/Services/ApiScopeService.cs
@@ -7,6 +7,10 @@ public class ApiScopeService : RestServiceBase
     {
         public ApiScopeService() : base("api/sso/apiScope")
         {
+            RouteHandlerBuilder = builder =>
+            {
+                builder.RequireAuthorization();
+            };
         }
 
         private async Task<PaginationDto<ApiScopeDto>> GetListAsync(IEventBus eventBus, GetApiScopesDto apiScope)

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/ClientSerivce.cs b/src/Services/Masa.Auth.Service.Admin/Services/ClientSerivce.cs
@@ -7,6 +7,11 @@ public class ClientSerivce : ServiceBase
 {
     public ClientSerivce() : base("api/sso/client")
     {
+        RouteHandlerBuilder = builder =>
+        {
+            builder.RequireAuthorization();
+        };
+
         MapGet(GetListAsync);
         MapGet(GetDetailAsync);
         MapGet(GetClientTypeListAsync);

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/CustomLoginService.cs b/src/Services/Masa.Auth.Service.Admin/Services/CustomLoginService.cs
@@ -7,6 +7,10 @@ public class CustomLoginService : RestServiceBase
     {
         public CustomLoginService() : base("api/sso/customLogin")
         {
+            RouteHandlerBuilder = builder =>
+            {
+                builder.RequireAuthorization();
+            };
         }
 
         private async Task<PaginationDto<CustomLoginDto>> GetListAsync(IEventBus eventBus, GetCustomLoginsDto customLogin)

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/DepartmentService.cs b/src/Services/Masa.Auth.Service.Admin/Services/DepartmentService.cs
@@ -7,6 +7,11 @@ public class DepartmentService : ServiceBase
 {
     public DepartmentService() : base("api/department")
     {
+        RouteHandlerBuilder = builder =>
+        {
+            builder.RequireAuthorization();
+        };
+
         MapGet(GetAsync);
         MapGet(ListAsync);
         MapGet(CountAsync);

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/IdentityResourceService.cs b/src/Services/Masa.Auth.Service.Admin/Services/IdentityResourceService.cs
@@ -7,6 +7,10 @@ public class IdentityResourceService : RestServiceBase
     {
         public IdentityResourceService() : base("api/sso/identityResource")
         {
+            RouteHandlerBuilder = builder =>
+            {
+                builder.RequireAuthorization();
+            };
         }
 
         private async Task<PaginationDto<IdentityResourceDto>> GetListAsync(IEventBus eventBus, GetIdentityResourcesDto idrs)

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/PermissionService.cs b/src/Services/Masa.Auth.Service.Admin/Services/PermissionService.cs
@@ -7,6 +7,11 @@ public class PermissionService : ServiceBase
 {
     public PermissionService() : base("api/permission")
     {
+        RouteHandlerBuilder = builder =>
+        {
+            builder.RequireAuthorization();
+        };
+
         MapGet(GetApplicationPermissionsAsync);
         MapGet(GetTypesAsync);
         MapGet(GetApiPermissionSelectAsync);

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/PositionService.cs b/src/Services/Masa.Auth.Service.Admin/Services/PositionService.cs
@@ -7,7 +7,10 @@ public class PositionService : RestServiceBase
 {
     public PositionService() : base("api/position")
     {
-
+        RouteHandlerBuilder = builder =>
+        {
+            builder.RequireAuthorization();
+        };
     }
 
     private async Task<PaginationDto<PositionDto>> GetListAsync(IEventBus eventBus, GetPositionsDto position)

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/RoleService.cs b/src/Services/Masa.Auth.Service.Admin/Services/RoleService.cs
@@ -7,6 +7,11 @@ public class RoleService : RestServiceBase
 {
     public RoleService() : base("api/role")
     {
+        RouteHandlerBuilder = builder =>
+        {
+            builder.RequireAuthorization();
+        };
+
         RouteOptions.DisableAutoMapRoute = false;
         MapGet(GetDetailExternalAsync, "external");
     }

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/StaffService.cs b/src/Services/Masa.Auth.Service.Admin/Services/StaffService.cs
@@ -7,6 +7,11 @@ public class StaffService : RestServiceBase
 {
     public StaffService() : base("api/staff")
     {
+        RouteHandlerBuilder = builder =>
+        {
+            builder.RequireAuthorization();
+        };
+
         MapPost(SyncAsync);
         MapPost(SelectByIdsAsync, "SelectByIds");
     }

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/TeamService.cs b/src/Services/Masa.Auth.Service.Admin/Services/TeamService.cs
@@ -7,6 +7,11 @@ public class TeamService : ServiceBase
 {
     public TeamService() : base("api/team")
     {
+        RouteHandlerBuilder = builder =>
+        {
+            builder.RequireAuthorization();
+        };
+
         MapGet(GetAsync);
         MapGet(GetDetailForExternalAsync, "detail");
         MapGet(ListAsync);
@@ -17,7 +22,7 @@ public TeamService() : base("api/team")
         MapDelete(RemoveAsync);
     }
 
-    [Authorize]
+    [MasaAuthorize]
     private async Task CreateAsync(IEventBus eventBus, [FromBody] AddTeamDto addTeamDto)
     {
         await eventBus.PublishAsync(new AddTeamCommand(addTeamDto));

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/ThirdPartyIdpService.cs b/src/Services/Masa.Auth.Service.Admin/Services/ThirdPartyIdpService.cs
@@ -7,6 +7,11 @@ public class ThirdPartyIdpService : RestServiceBase
 {
     public ThirdPartyIdpService() : base("api/thirdPartyIdp")
     {
+        RouteHandlerBuilder = builder =>
+        {
+            builder.RequireAuthorization();
+        };
+
         MapPost(LdapSaveAsync, "ldap/save");
         MapPost(LdapConnectTestAsync, "ldap/connect-test");
         MapGet(LdapDetailAsync, "ldap/detail");

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/ThirdPartyUserService.cs b/src/Services/Masa.Auth.Service.Admin/Services/ThirdPartyUserService.cs
@@ -7,6 +7,11 @@ public class ThirdPartyUserService : RestServiceBase
 {
     public ThirdPartyUserService() : base("api/thirdPartyUser")
     {
+        RouteHandlerBuilder = builder =>
+        {
+            builder.RequireAuthorization();
+        };
+
         MapGet(GetAsync, "");
         MapPost(RegisterAsync, "register");
         MapPost(LdapUsersAccountAsync, "ldapUsersAccount");

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/UserClaimService.cs b/src/Services/Masa.Auth.Service.Admin/Services/UserClaimService.cs
@@ -7,6 +7,10 @@ public class UserClaimService : RestServiceBase
 {
     public UserClaimService() : base("api/sso/userClaim")
     {
+        RouteHandlerBuilder = builder =>
+        {
+            builder.RequireAuthorization();
+        };
     }
 
     private async Task<PaginationDto<UserClaimDto>> GetListAsync(IEventBus eventBus, GetUserClaimsDto userClaim)

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/UserService.cs b/src/Services/Masa.Auth.Service.Admin/Services/UserService.cs
@@ -7,6 +7,11 @@ public class UserService : ServiceBase
 {
     public UserService() : base("api/user")
     {
+        RouteHandlerBuilder = builder =>
+        {
+            builder.RequireAuthorization();
+        };
+
         RouteOptions.DisableAutoMapRoute = false;
         MapGet(GetListByRoleAsync, "getListByRole");
         MapGet(GetClaimValuesAsync, "claim-values/{id}");
@@ -351,6 +356,7 @@ public async Task<List<UserModel>> GetListByRoleAsync(IEventBus eventBus, [FromQ
         return query.Result;
     }
 
+    [AllowAnonymous]
     public async Task PostLoginByAccountAsync(IEventBus eventBus, [FromBody] LoginByAccountCommand command)
     {
         await eventBus.PublishAsync(command);

diff --git a/src/Services/Masa.Auth.Service.Admin/Services/WebhookService.cs b/src/Services/Masa.Auth.Service.Admin/Services/WebhookService.cs
@@ -7,6 +7,11 @@ public class WebhookService : ServiceBase
 {
     public WebhookService() : base("api/webhook")
     {
+        RouteHandlerBuilder = builder =>
+        {
+            builder.RequireAuthorization();
+        };
+
         MapGet(GetAsync);
         MapGet(ListAsync);
         MapDelete(RemoveAsync);