From 879fb614c6853ab3bb83155c82722afb2933fc60 Mon Sep 17 00:00:00 2001 From: crupest Date: Fri, 2 Dec 2022 11:04:34 +0800 Subject: ... --- .../CrupestApi.Secrets/CrupestApi.Secrets.csproj | 4 +++ .../CrupestApi.Secrets/ISecretsService.cs | 21 +++++++++++ .../CrupestApi/CrupestApi.Secrets/SecretInfo.cs | 21 +++++++++++ .../CrupestApi.Secrets/SecretModifyRequest.cs | 30 ++++++++++++++++ .../CrupestApi.Secrets/SecretNotExistException.cs | 18 ++++++++++ .../CrupestApi.Secrets/SecretsConstants.cs | 6 ++++ .../SecretsWebApplicationExtensions.cs | 42 ++++++++++++++++++++++ .../CrupestApi.Secrets/VerifySecretException.cs | 11 ++++++ 8 files changed, 153 insertions(+) create mode 100644 docker/crupest-api/CrupestApi/CrupestApi.Secrets/ISecretsService.cs create mode 100644 docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretInfo.cs create mode 100644 docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretModifyRequest.cs create mode 100644 docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretNotExistException.cs create mode 100644 docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsConstants.cs create mode 100644 docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs create mode 100644 docker/crupest-api/CrupestApi/CrupestApi.Secrets/VerifySecretException.cs (limited to 'docker/crupest-api/CrupestApi/CrupestApi.Secrets') diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/CrupestApi.Secrets.csproj b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/CrupestApi.Secrets.csproj index 72a1294..2d78adb 100644 --- a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/CrupestApi.Secrets.csproj +++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/CrupestApi.Secrets.csproj @@ -1,5 +1,9 @@ + + + + net7.0 enable diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/ISecretsService.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/ISecretsService.cs new file mode 100644 index 0000000..c42fbdc --- /dev/null +++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/ISecretsService.cs @@ -0,0 +1,21 @@ +namespace CrupestApi.Secrets; + +public interface ISecretsService +{ + Task> GetSecretListAsync(bool includeExpired = false, bool includeRevoked = false); + + Task> GetSecretListByKeyAsync(string key, bool includeExpired = false, bool includeRevoked = false); + + Task VerifySecretAsync(string key, string secret); + + // Check if "secret" query param exists and is only one. Then check the secret is valid for given key. + // If check fails, will throw a VerifySecretException with proper message that can be send to client. + Task VerifySecretForHttpRequestAsync(HttpRequest request, string key, string queryKey = "secret"); + + Task CreateSecretAsync(string key, string description, DateTime? expireTime = null); + + Task RevokeSecretAsync(string secret); + + // Throw SecretNotExistException if request secret does not exist. + Task ModifySecretAsync(string secret, SecretModifyRequest modifyRequest); +} diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretInfo.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretInfo.cs new file mode 100644 index 0000000..46ce501 --- /dev/null +++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretInfo.cs @@ -0,0 +1,21 @@ +namespace CrupestApi.Secrets; + +public class SecretInfo +{ + public SecretInfo(string key, string secret, string description, DateTime? expireTime, bool revoked, DateTime createdTime) + { + Key = key; + Secret = secret; + Description = description; + ExpireTime = expireTime; + Revoked = revoked; + CreateTime = createdTime; + } + + public string Key { get; set; } + public string Secret { get; set; } + public string Description { get; set; } + public DateTime? ExpireTime { get; set; } + public bool Revoked { get; set; } + public DateTime CreateTime { get; set; } +} diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretModifyRequest.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretModifyRequest.cs new file mode 100644 index 0000000..dfff347 --- /dev/null +++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretModifyRequest.cs @@ -0,0 +1,30 @@ +namespace CrupestApi.Secrets; + +public class SecretModifyRequest +{ + public SecretModifyRequest() + { + + } + + public SecretModifyRequest(string? key, string? description) + { + Key = key; + Description = description; + SetExpireTime = false; + ExpireTime = null; + } + + public SecretModifyRequest(string? key, string? description, DateTime? expireTime) + { + Key = key; + Description = description; + SetExpireTime = true; + ExpireTime = expireTime; + } + + public string? Key { get; set; } + public string? Description { get; set; } + public bool SetExpireTime { get; set; } + public DateTime? ExpireTime { get; set; } +} diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretNotExistException.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretNotExistException.cs new file mode 100644 index 0000000..ad082ee --- /dev/null +++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretNotExistException.cs @@ -0,0 +1,18 @@ +namespace CrupestApi.Secrets; + +public class SecretNotExistException : Exception +{ + public SecretNotExistException(string requestSecret) + : base($"Request secret {requestSecret} not found.") + { + RequestSecret = requestSecret; + } + + public SecretNotExistException(string requestSecret, string message) + : base(message) + { + RequestSecret = requestSecret; + } + + public string RequestSecret { get; set; } +} \ No newline at end of file diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsConstants.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsConstants.cs new file mode 100644 index 0000000..ea659a9 --- /dev/null +++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsConstants.cs @@ -0,0 +1,6 @@ +namespace CrupestApi.Secrets; + +public static class SecretsConstants +{ + public const string SecretManagementKey = "crupest.secrets.management"; +} diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs new file mode 100644 index 0000000..a771547 --- /dev/null +++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/SecretsWebApplicationExtensions.cs @@ -0,0 +1,42 @@ +using CrupestApi.Commons; + +namespace CrupestApi.Secrets; + +public static class SecretsWebApplicationExtensions +{ + public static WebApplication UseCatchVerifySecretException(this WebApplication app) + { + app.Use(async (context, next) => + { + try + { + await next(context); + } + catch (VerifySecretException e) + { + await context.Response.WriteErrorMessageAsync(e.Message, 401); + } + }); + + return app; + } + + public static async Task CheckSecret(this HttpContext context, string key) + { + var secretsService = context.RequestServices.GetRequiredService(); + await secretsService.VerifySecretForHttpRequestAsync(context.Request, SecretsConstants.SecretManagementKey); + } + + public static WebApplication MapSecrets(this WebApplication app, string path) + { + app.MapGet(path, async (context) => + { + await context.CheckSecret(SecretsConstants.SecretManagementKey); + var secretsService = context.RequestServices.GetRequiredService(); + var secrets = secretsService.GetSecretListAsync(); + await context.Response.WriteJsonAsync(secrets); + }); + + return app; + } +} diff --git a/docker/crupest-api/CrupestApi/CrupestApi.Secrets/VerifySecretException.cs b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/VerifySecretException.cs new file mode 100644 index 0000000..c9f60a1 --- /dev/null +++ b/docker/crupest-api/CrupestApi/CrupestApi.Secrets/VerifySecretException.cs @@ -0,0 +1,11 @@ +namespace CrupestApi.Secrets; + +public class VerifySecretException : Exception +{ + public VerifySecretException(string requestKey, string message) : base(message) + { + RequestKey = requestKey; + } + + public string RequestKey { get; set; } +} \ No newline at end of file -- cgit v1.2.3