InteIIigeNET · Artem-Rzhankoff · May 14, 2024 · May 14, 2024 · May 26, 2024
diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/AccountController.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/AccountController.cs
@@ -121,6 +121,15 @@ public async Task<IActionResult> RefreshToken()
             var tokenMeta = await AuthServiceClient.RefreshToken(UserId!);
             return Ok(tokenMeta);
         }
+
+        [HttpGet("getGuestToken")]
+        [Authorize(Roles = Roles.LecturerRole)]
+        [ProducesResponseType(typeof(TokenCredentials), (int)HttpStatusCode.OK)]
+        public async Task<IActionResult> GetGuestToken([FromQuery] string courseId)
+        {
+            var tokenMeta = await AuthServiceClient.GetGuestToken(courseId);
+            return Ok(tokenMeta);
+        }
 
         [HttpPut("edit")]
         [Authorize]

diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/StatisticsController.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/StatisticsController.cs
@@ -7,6 +7,7 @@
 using HwProj.Models.CoursesService.ViewModels;
 using HwProj.Models.Roles;
 using HwProj.SolutionsService.Client;
+using HwProj.Utils.Auth;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
@@ -70,14 +71,16 @@ public async Task<IActionResult> GetCourseStatistics(long courseId)
         }
 
         [HttpGet("{courseId}/charts")]
+        [Authorize(AuthenticationSchemes = AuthSchemeConstants.QueryStringTokenOrDefaultAuthentication)]
         [ProducesResponseType(typeof(AdvancedCourseStatisticsViewModel), (int)HttpStatusCode.OK)]
-        public async Task<IActionResult> GetChartStatistics(long courseId)
+        public async Task<IActionResult> GetChartStatistics(long courseId, [FromQuery] string token)
         {
             var course = await _coursesClient.GetCourseById(courseId);
             if (course == null) 
                 return Forbid();
 
             var statistics = await _solutionClient.GetCourseStatistics(courseId, UserId);
+
             var studentIds = statistics.Select(t => t.StudentId).ToArray();
             var studentsData = await AuthServiceClient.GetAccountsData(studentIds);
 

diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Startup.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Startup.cs
@@ -1,9 +1,11 @@
-using HwProj.AuthService.Client;
+using System.Threading.Tasks;
+using HwProj.AuthService.Client;
 using HwProj.CoursesService.Client;
 using HwProj.NotificationsService.Client;
 using HwProj.SolutionsService.Client;
 using HwProj.Utils.Auth;
 using HwProj.Utils.Configuration;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
@@ -27,7 +29,10 @@ public void ConfigureServices(IServiceCollection services)
 
             const string authenticationProviderKey = "GatewayKey";
 
-            services.AddAuthentication()
+            services.AddAuthentication(options =>
+                {
+                    options.DefaultScheme = authenticationProviderKey;
+                })
                 .AddJwtBearer(authenticationProviderKey, x =>
                 {
                     x.RequireHttpsMetadata = false;
@@ -40,6 +45,55 @@ public void ConfigureServices(IServiceCollection services)
                         IssuerSigningKey = AuthorizationKey.SecurityKey,
                         ValidateIssuerSigningKey = true
                     };
+                })
+                .AddJwtBearer(AuthSchemeConstants.QueryStringTokenAuthentication, options =>
+                {
+                    options.RequireHttpsMetadata = false;
+                    options.TokenValidationParameters = new TokenValidationParameters
+                    {
+                        ValidateIssuer = true,
+                        ValidIssuer = "AuthService",
+                        ValidateLifetime = false,
+                        ValidateAudience = false,
+                        IssuerSigningKey = AuthorizationKey.SecurityKey
+                    };
+
+                    options.Events = new JwtBearerEvents
+                    {
+                        OnMessageReceived = context =>
+                        {
+                            if (context.Request.Query.ContainsKey("token"))
+                            {
+                                context.Token = context.Request.Query["token"];
+                            }
+                            else
+                            {
+                                context.Fail("Unauthorized");
+                            }
+
+                            return Task.CompletedTask;
+                        },
+                        OnTokenValidated = async context =>
+                        {
+                            var courseIdClaim = context.Principal.FindFirst("_courseId");
+                            if (courseIdClaim == null)
+                            {
+                                context.Fail("Unauthorized");
+                                return;
+                            }
+
+                            var authServiceClient = context.HttpContext.RequestServices
+                                .GetRequiredService<IAuthServiceClient>();
+                            var statsAccessToken = await authServiceClient.GetGuestToken(courseIdClaim.Value);
+                            var guestToken = context.Request.Query["token"];
+
+                            if (statsAccessToken.AccessToken != guestToken)
+                            {
+                                context.Fail("Unauthorized");
+                            }
+                        }
+                    };
+
                 });
 
             services.AddHttpClient();

diff --git a/HwProj.AuthService/HwProj.AuthService.API/Controllers/AccountController.cs b/HwProj.AuthService/HwProj.AuthService.API/Controllers/AccountController.cs
@@ -82,6 +82,14 @@ public async Task<IActionResult> RefreshToken(string userId)
             var tokenMeta = await _accountService.RefreshToken(userId);
             return Ok(tokenMeta);
         }
+
+        [HttpGet("getGuestToken")]
+        [ProducesResponseType(typeof(TokenCredentials), (int)HttpStatusCode.OK)]
+        public Task<IActionResult> GetGuestToken([FromQuery] string courseId)
+        {
+            var tokenMeta = _accountService.GetGuestToken(courseId);
+            return Task.FromResult<IActionResult>(Ok(tokenMeta));
+        }
 
         [HttpPut("edit/{userId}")]
         [ProducesResponseType(typeof(Result), (int)HttpStatusCode.OK)]

diff --git a/HwProj.AuthService/HwProj.AuthService.API/Services/AccountService.cs b/HwProj.AuthService/HwProj.AuthService.API/Services/AccountService.cs
@@ -134,6 +134,11 @@ public async Task<Result<TokenCredentials>> RefreshToken(string userId)
                 ? Result<TokenCredentials>.Failed("Пользователь не найден")
                 : await GetToken(user);
         }
+
+        public TokenCredentials GetGuestToken(string courseId)
+        {
+            return _tokenService.GetGuestToken(courseId);
+        }
 
         public async Task<Result<TokenCredentials>> RegisterUserAsync(RegisterDataDTO model)
         {

diff --git a/HwProj.AuthService/HwProj.AuthService.API/Services/AuthTokenService.cs b/HwProj.AuthService/HwProj.AuthService.API/Services/AuthTokenService.cs
@@ -51,5 +51,26 @@ public async Task<TokenCredentials> GetTokenAsync(User user)
 
             return tokenCredentials;
         }
+
+        public TokenCredentials GetGuestToken(string courseId)
+        {
+            var securityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_configuration["SecurityKey"]));
+
+            var token = new JwtSecurityToken(
+                issuer: _configuration["ApiName"],
+                claims: new[]
+                {
+                    new Claim("_courseId", courseId),
+                    new Claim("_isGuest", "true")
+                },
+                signingCredentials: new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256));
+
+            var tokenCredentials = new TokenCredentials
+            {
+                AccessToken = new JwtSecurityTokenHandler().WriteToken(token)
+            };
+
+            return tokenCredentials;
+        }
     }
 }
diff --git a/HwProj.AuthService/HwProj.AuthService.API/Services/IAccountService.cs b/HwProj.AuthService/HwProj.AuthService.API/Services/IAccountService.cs
@@ -16,6 +16,7 @@ public interface IAccountService
         Task<Result> EditAccountAsync(string accountId, EditDataDTO model);
         Task<Result<TokenCredentials>> LoginUserAsync(LoginViewModel model);
         Task<Result<TokenCredentials>> RefreshToken(string userId);
+        TokenCredentials GetGuestToken(string courseId);
         Task<Result> InviteNewLecturer(string emailOfInvitedUser);
         Task<IList<User>> GetUsersInRole(string role);
         Task<Result> RequestPasswordRecovery(RequestPasswordRecoveryViewModel model);

diff --git a/HwProj.AuthService/HwProj.AuthService.API/Services/IAuthTokenService.cs b/HwProj.AuthService/HwProj.AuthService.API/Services/IAuthTokenService.cs
@@ -7,5 +7,6 @@ namespace HwProj.AuthService.API.Services
     public interface IAuthTokenService
     {
         Task<TokenCredentials> GetTokenAsync(User user);
+        TokenCredentials GetGuestToken(string courseId);
     }
 }
diff --git a/HwProj.AuthService/HwProj.AuthService.Client/AuthServiceClient.cs b/HwProj.AuthService/HwProj.AuthService.Client/AuthServiceClient.cs
@@ -99,6 +99,16 @@ public async Task<Result<TokenCredentials>> RefreshToken(string userId)
             var response = await _httpClient.SendAsync(httpRequest);
             return await response.DeserializeAsync<Result<TokenCredentials>>();
         }
+
+        public async Task<TokenCredentials> GetGuestToken(string courseId)
+        {
+            using var httpRequest = new HttpRequestMessage(
+                HttpMethod.Get,
+                _authServiceUri + $"api/account/getGuestToken/?courseId={courseId}");
+
+            var response = await _httpClient.SendAsync(httpRequest);
+            return await response.DeserializeAsync<TokenCredentials>();
+        }
 
         public async Task<Result> Edit(EditAccountViewModel model, string userId)
         {

diff --git a/HwProj.AuthService/HwProj.AuthService.Client/IAuthServiceClient.cs b/HwProj.AuthService/HwProj.AuthService.Client/IAuthServiceClient.cs
@@ -13,6 +13,7 @@ public interface IAuthServiceClient
         Task<Result<TokenCredentials>> Register(RegisterViewModel model);
         Task<Result<TokenCredentials>> Login(LoginViewModel model);
         Task<Result<TokenCredentials>> RefreshToken(string userId);
+        Task<TokenCredentials> GetGuestToken(string courseId);
         Task<Result> Edit(EditAccountViewModel model, string userId);
         Task<Result> InviteNewLecturer(InviteLecturerViewModel model);
         Task<string> FindByEmailAsync(string email);

diff --git a/HwProj.Common/HwProj.HttpUtils/RequestHeaderBuilder.cs b/HwProj.Common/HwProj.HttpUtils/RequestHeaderBuilder.cs
@@ -10,5 +10,12 @@ public static void TryAddUserId(this HttpRequestMessage request, IHttpContextAcc
             var userId = httpContextAccessor.HttpContext.User.FindFirst("_id");
             if (userId != null) request.Headers.Add("UserId", userId.Value);
         }
+
+        public static void TryAddGuestMode(this HttpRequestMessage request, IHttpContextAccessor httpContextAccessor)
+        {
+            var guestMode = httpContextAccessor.HttpContext.User.FindFirst("_isGuest");
+            if (guestMode != null) 
+                request.Headers.Add("GuestMode", guestMode.Value);
+        }
     }
 }
diff --git a/HwProj.Common/HwProj.Utils/Auth/AuthExtensions.cs b/HwProj.Common/HwProj.Utils/Auth/AuthExtensions.cs
@@ -11,6 +11,9 @@ public static class AuthExtensions
     {
         public static string? GetUserIdFromHeader(this HttpRequest request) =>
             request.Headers.TryGetValue("UserId", out var id) ? id.FirstOrDefault() : null;
+
+        public static string? GetGuestModeFromHeader(this HttpRequest request) =>
+            request.Headers.TryGetValue("GuestMode", out var isGuest) ? isGuest.FirstOrDefault() : null;
 
         public static AccountDataDto ToAccountDataDto(this User user, string role)
         {

diff --git a/HwProj.Common/HwProj.Utils/Auth/GuestModeAuthenticationHandler.cs b/HwProj.Common/HwProj.Utils/Auth/GuestModeAuthenticationHandler.cs
@@ -0,0 +1,45 @@
+using System.Collections.Generic;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using HwProj.Utils.Authorization;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace HwProj.Utils.Auth
+{
+    public class GuestModeAuthenticationOptions : AuthenticationSchemeOptions
+    {
+    }
+
+    public class GuestModeAuthenticationHandler : AuthenticationHandler<GuestModeAuthenticationOptions>
+    {
+        public GuestModeAuthenticationHandler(
+            IOptionsMonitor<GuestModeAuthenticationOptions> options,
+            ILoggerFactory logger,
+            UrlEncoder encoder,
+            ISystemClock clock)
+            : base(options, logger, encoder, clock)
+        {
+        }
+
+        protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            var isGuest = Request.GetGuestModeFromHeader();
+            if (isGuest != "true")
+                return Task.FromResult(AuthenticateResult.Fail("Unauthorized"));
+
+            var claims = new List<Claim>
+            {
+                new Claim("_isGuest", isGuest)
+            };
+
+            var identity = new ClaimsIdentity(claims, Scheme.Name);
+            var principal = new System.Security.Principal.GenericPrincipal(identity, null);
+            var ticket = new AuthenticationTicket(principal, Scheme.Name);
+
+            return Task.FromResult(AuthenticateResult.Success(ticket));
+        }
+    }
+}
diff --git a/HwProj.Common/HwProj.Utils/Auth/UserIdAuthenticationHandler.cs b/HwProj.Common/HwProj.Utils/Auth/UserIdAuthenticationHandler.cs
@@ -12,6 +12,10 @@ namespace HwProj.Utils.Auth
     public static class AuthSchemeConstants
     {
         public const string UserIdAuthentication = "UserIdAuth";
+        public const string GuestModeAuthentication = "GuestModeAuth";
+        public const string QueryStringTokenAuthentication = "QueryStringTokenAuth";
+        public const string QueryStringTokenOrDefaultAuthentication = QueryStringTokenAuthentication + "," + "GatewayKey";
+        public const string GuestModeOrUseridAuthentication = GuestModeAuthentication + "," + UserIdAuthentication;
     }
 
     public class UserIdAuthenticationOptions : AuthenticationSchemeOptions

diff --git a/HwProj.Common/HwProj.Utils/Configuration/StartupExtensions.cs b/HwProj.Common/HwProj.Utils/Configuration/StartupExtensions.cs
@@ -9,6 +9,7 @@
 using HwProj.EventBus.Client.Interfaces;
 using HwProj.Utils.Auth;
 using HwProj.Utils.Configuration.Middleware;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -179,14 +180,22 @@ public static IApplicationBuilder ConfigureHwProj(this IApplicationBuilder app,
             return app;
         }
 
-        public static IServiceCollection AddUserIdAuthentication(this IServiceCollection services)
+        public static AuthenticationBuilder AddUserIdAuthentication(this AuthenticationBuilder builder)
         {
-            services
-                .AddAuthentication(AuthSchemeConstants.UserIdAuthentication)
+            builder
                 .AddScheme<UserIdAuthenticationOptions, UserIdAuthenticationHandler>(
                     AuthSchemeConstants.UserIdAuthentication, null);
 
-            return services;
+            return builder;
+        }
+
+        public static AuthenticationBuilder AddGuestModeAuthentication(this AuthenticationBuilder builder)
+        {
+            builder
+                .AddScheme<GuestModeAuthenticationOptions, GuestModeAuthenticationHandler>(
+                    AuthSchemeConstants.GuestModeAuthentication, null);
+
+            return builder;
         }
     }
 }
diff --git a/HwProj.CoursesService/HwProj.CoursesService.API/Filters/CourseDataFilterAttribute.cs b/HwProj.CoursesService/HwProj.CoursesService.API/Filters/CourseDataFilterAttribute.cs
@@ -16,13 +16,13 @@ public class CourseDataFilterAttribute : ResultFilterAttribute
     {
         public override async Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
         {
+            var isGuest = context.HttpContext.Request.GetGuestModeFromHeader();
             var userId = context.HttpContext.Request.GetUserIdFromHeader();
-
-            if (userId == null)
+            if (userId == null && isGuest != "true")
             {
                 context.Result = new ForbidResult();
             }
-            else
+            else if (isGuest == null)
             {
                 var result = context.Result as ObjectResult;
                 if (result?.Value is CourseDTO courseDto && !courseDto.MentorIds.Contains(userId))

diff --git a/HwProj.CoursesService/HwProj.CoursesService.Client/CoursesServiceClient.cs b/HwProj.CoursesService/HwProj.CoursesService.Client/CoursesServiceClient.cs
@@ -58,6 +58,7 @@ public async Task<CoursePreview[]> GetAllCourses()
                 _coursesServiceUri + $"api/Courses/{courseId}");
 
             httpRequest.TryAddUserId(_httpContextAccessor);
+            httpRequest.TryAddGuestMode(_httpContextAccessor);
             var response = await _httpClient.SendAsync(httpRequest);
             return response.IsSuccessStatusCode ? await response.DeserializeAsync<CourseDTO>() : null;
         }