Libs/VNLib.Plugins.Essentials.Sessions.OAuth/O2SessionProviderEntry.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125


using System.Text.Json;

using VNLib.Net.Http;
using VNLib.Utils.Logging;
using VNLib.Utils.Extensions;
using VNLib.Plugins.Essentials.Oauth;
using VNLib.Plugins.Essentials.Oauth.Applications;
using VNLib.Plugins.Essentials.Sessions.OAuth;
using VNLib.Plugins.Essentials.Sessions.OAuth.Endpoints;
using VNLib.Plugins.Extensions.Loading;
using VNLib.Plugins.Extensions.Loading.Sql;
using VNLib.Plugins.Extensions.Loading.Events;
using VNLib.Plugins.Extensions.Loading.Routing;
using VNLib.Plugins.Extensions.Loading.Configuration;

namespace VNLib.Plugins.Essentials.Sessions.Oauth
{
    public sealed class O2SessionProviderEntry : IRuntimeSessionProvider
    {
        const string VNCACHE_CONFIG_KEY = "vncache";
        const string OAUTH2_CONFIG_KEY = "oauth2";

        private OAuth2SessionProvider? _sessions;

        bool IRuntimeSessionProvider.CanProcess(IHttpEvent entity)
        {
            //If authorization header is set try to process as oauth2 session
            return entity.Server.Headers.HeaderSet(System.Net.HttpRequestHeader.Authorization);
        }

        ValueTask<SessionHandle> ISessionProvider.GetSessionAsync(IHttpEvent entity, CancellationToken cancellationToken)
        {
            return _sessions!.GetSessionAsync(entity, cancellationToken);
        }
        

        void IRuntimeSessionProvider.Load(PluginBase plugin, ILogProvider localized)
        {
            //Try get vncache config element
            IReadOnlyDictionary<string, JsonElement> cacheConfig = plugin.GetConfig(VNCACHE_CONFIG_KEY);
            
            IReadOnlyDictionary<string, JsonElement> oauth2Config = plugin.GetConfig(OAUTH2_CONFIG_KEY);

            string tokenEpPath = oauth2Config["token_path"].GetString() ?? throw new KeyNotFoundException($"Missing required 'token_path' in '{OAUTH2_CONFIG_KEY}' config");

            //Optional application jwt token 
            Task<JsonDocument?> jwtTokenSecret = plugin.TryGetSecretAsync("application_token_key")
                .ContinueWith(static t => t.Result == null ? null : JsonDocument.Parse(t.Result));

            //Init auth endpoint
            AccessTokenEndpoint authEp = new(tokenEpPath, plugin, CreateTokenDelegateAsync, jwtTokenSecret);

            //route auth endpoint
            plugin.Route(authEp);
            
            //Route revocation endpoint
            plugin.Route<RevocationEndpoint>();

            //Run
            _ = CacheWokerDoWorkAsync(plugin, localized, cacheConfig, oauth2Config);
        }

        private async Task<IOAuth2TokenResult?> CreateTokenDelegateAsync(HttpEntity entity, UserApplication app, CancellationToken cancellation)
        {
            return await _sessions!.CreateAccessTokenAsync(entity, app, cancellation).ConfigureAwait(false);
        }

        /*
         * Starts and monitors the VNCache connection
         */

        private async Task CacheWokerDoWorkAsync(PluginBase plugin, ILogProvider localized, 
            IReadOnlyDictionary<string, JsonElement> cacheConfig, 
            IReadOnlyDictionary<string, JsonElement> oauth2Config)
        {
            //Init cache client
            using VnCacheClient cache = new(plugin.IsDebug() ? plugin.Log : null, Utils.Memory.Memory.Shared);
            
            try
            {
                int cacheLimit = oauth2Config["cache_size"].GetInt32();
                int maxTokensPerApp = oauth2Config["max_tokens_per_app"].GetInt32();
                int sessionIdSize = (int)oauth2Config["access_token_size"].GetUInt32();
                TimeSpan tokenValidFor = oauth2Config["token_valid_for_sec"].GetTimeSpan(TimeParseType.Seconds);
                TimeSpan cleanupInterval = oauth2Config["gc_interval_sec"].GetTimeSpan(TimeParseType.Seconds);
                string sessionIdPrefix = oauth2Config["cache_prefix"].GetString() ?? throw new KeyNotFoundException($"Missing required key 'cache_prefix' in '{OAUTH2_CONFIG_KEY}' config");

                //init the id provider
                OAuth2SessionIdProvider idProv = new(sessionIdPrefix, maxTokensPerApp, sessionIdSize, tokenValidFor);

                //Try loading config
                await cache.LoadConfigAsync(plugin, cacheConfig);

                //Init session provider now that client is loaded
                _sessions = new(cache.Resource!, cacheLimit, idProv, plugin.GetContextOptions());

                //Schedule cleanup interval with the plugin scheduler
                plugin.ScheduleInterval(_sessions, cleanupInterval);

                localized.Information("Session provider loaded");

                //Run and wait for exit
                await cache.RunAsync(localized, plugin.UnloadToken);

            }
            catch (OperationCanceledException)
            {}
            catch (KeyNotFoundException e)
            {
                localized.Error("Missing required configuration variable for VnCache client: {0}", e.Message);
            }
            catch (Exception ex)
            {
                localized.Error(ex, "Cache client error occured in session provider");
            }
            finally
            {
                _sessions = null;
            }

            localized.Information("Cache client exited");
        }
    }
}