requestcontext refactor

Author: tibitoth

src/Ahk.GradeManagement/Ahk.GradeManagement.Api/Ahk.GradeManagement.Api.csproj

@@ -34,6 +34,7 @@
   </ItemGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\Ahk.GradeManagement.Backend.Common\Ahk.GradeManagement.Backend.Common.csproj" />
     <ProjectReference Include="..\Ahk.GradeManagement.Dal\Ahk.GradeManagement.Dal.csproj" />
     <ProjectReference Include="..\Ahk.GradeManagement.Bll\Ahk.GradeManagement.Bll.csproj" />
     <ProjectReference Include="..\Ahk.GradeManagement.Shared\Ahk.GradeManagement.Shared.csproj" />

src/Ahk.GradeManagement/Ahk.GradeManagement.Api/Authorization/Handlers/DemonstratorOnSubjectRequirementHandler.cs

@@ -1,4 +1,5 @@
 using Ahk.GradeManagement.Api.Authorization.Policies;
+using Ahk.GradeManagement.Backend.Common.RequestContext;
 using Ahk.GradeManagement.Shared.Enums;
 
 using Microsoft.AspNetCore.Authorization;
@@ -7,7 +8,7 @@
 
 namespace Ahk.GradeManagement.Api.Authorization.Handlers;
 
-public class DemonstratorOnSubjectRequirementHandler(IHttpContextAccessor httpContextAccessor)
+public class DemonstratorOnSubjectRequirementHandler(IHttpContextAccessor httpContextAccessor, IRequestContext requestContext)
     : AuthorizationHandler<DemonstratorOnSubjectRequirement>
 {
     protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DemonstratorOnSubjectRequirement requirement)
@@ -25,13 +26,12 @@ protected override Task HandleRequirementAsync(AuthorizationHandlerContext conte
             return Task.CompletedTask;
         }
 
-        if (httpContext.Request.Headers.TryGetValue("X-Subject-Id-Value", out var subjectIdHeader)
-            && long.TryParse(subjectIdHeader, out var subjectId))
+        if (requestContext.CurrentUser?.CurrentSubjectId is not null)
         {
             var subjectAccessClaims = context.User.FindAll(CustomClaimTypes.SubjectAccess).Select(c => c.Value).ToList();
-            var roleOnSubjectClaim = context.User.FindFirst($"{CustomClaimTypes.AccessLevel}_{subjectId}");
+            var roleOnSubjectClaim = context.User.FindFirst($"{CustomClaimTypes.AccessLevel}_{requestContext.CurrentUser.CurrentSubjectId}");
 
-            if (subjectAccessClaims.Contains(subjectId.ToString(CultureInfo.InvariantCulture))
+            if (subjectAccessClaims.Contains(requestContext.CurrentUser.CurrentSubjectId.Value.ToString(CultureInfo.InvariantCulture))
                 && roleOnSubjectClaim != null
                 && (roleOnSubjectClaim.Value == UserRoleOnSubject.Demonstrator.ToString() || roleOnSubjectClaim.Value == UserRoleOnSubject.Teacher.ToString()))
             {

src/Ahk.GradeManagement/Ahk.GradeManagement.Api/Authorization/Handlers/TeacherOnSubjectRequirementHandler.cs

@@ -1,4 +1,5 @@
 using Ahk.GradeManagement.Api.Authorization.Policies;
+using Ahk.GradeManagement.Backend.Common.RequestContext;
 using Ahk.GradeManagement.Shared.Enums;
 
 using Microsoft.AspNetCore.Authorization;
@@ -7,7 +8,7 @@
 
 namespace Ahk.GradeManagement.Api.Authorization.Handlers;
 
-public class TeacherOnSubjectRequirementHandler(IHttpContextAccessor httpContextAccessor)
+public class TeacherOnSubjectRequirementHandler(IHttpContextAccessor httpContextAccessor, IRequestContext requestContext)
     : AuthorizationHandler<TeacherOnSubjectRequirement>
 {
     protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, TeacherOnSubjectRequirement requirement)
@@ -25,13 +26,12 @@ protected override Task HandleRequirementAsync(AuthorizationHandlerContext conte
             return Task.CompletedTask;
         }
 
-        if (httpContext.Request.Headers.TryGetValue("X-Subject-Id-Value", out var subjectIdHeader)
-            && long.TryParse(subjectIdHeader, out var subjectId))
+        if (requestContext.CurrentUser?.CurrentSubjectId is not null)
         {
             var subjectAccessClaims = context.User.FindAll(CustomClaimTypes.SubjectAccess).Select(c => c.Value).ToList();
-            var roleOnSubjectClaim = context.User.FindFirst($"{CustomClaimTypes.AccessLevel}_{subjectId}");
+            var roleOnSubjectClaim = context.User.FindFirst($"{CustomClaimTypes.AccessLevel}_{requestContext.CurrentUser.CurrentSubjectId}");
 
-            if (subjectAccessClaims.Contains(subjectId.ToString(CultureInfo.InvariantCulture))
+            if (subjectAccessClaims.Contains(requestContext.CurrentUser.CurrentSubjectId.Value.ToString(CultureInfo.InvariantCulture))
                 && roleOnSubjectClaim != null
                 && roleOnSubjectClaim.Value == UserRoleOnSubject.Teacher.ToString())
             {

src/Ahk.GradeManagement/Ahk.GradeManagement.Api/Controllers/SubjectController.cs

@@ -12,7 +12,7 @@ namespace Ahk.GradeManagement.Api.Controllers;
 
 [Route("api/subjects")]
 [ApiController]
-public class SubjectController(SubjectService subjectService, IHttpContextAccessor httpContextAccessor)
+public class SubjectController(SubjectService subjectService)
     : CrudControllerBase<SubjectRequest, SubjectResponse>(subjectService)
 {
     [HttpPut("{id:long}")]

src/Ahk.GradeManagement/Ahk.GradeManagement.Api/Middlewares/HeaderMiddleware.cs

@@ -1,6 +1,7 @@
 using Ahk.GradeManagement.Api.Authorization;
 using Ahk.GradeManagement.Api.Middlewares;
 using Ahk.GradeManagement.Api.Middlewares.ExceptionHandlers;
+using Ahk.GradeManagement.Api.RequestContext;
 using Ahk.GradeManagement.Bll;
 using Ahk.GradeManagement.Bll.Profiles;
 using Ahk.GradeManagement.Dal;
@@ -29,7 +30,7 @@ public static void Main(string[] args)
                 new DefaultAzureCredential());
         }
 
-        builder.Services.AddHttpContextAccessor();
+        builder.Services.AddRequestContext();
         builder.Services.AddHttpClient();
 
         builder.Services.AddMicrosoftIdentityWebApiAuthentication(builder.Configuration);
@@ -81,7 +82,6 @@ public static void Main(string[] args)
         app.UseHttpsRedirection();
 
         app.UseExceptionHandler();
-        app.UseMiddleware<HeaderMiddleware>();
 
         app.UseBlazorFrameworkFiles();
         app.UseStaticFiles();

src/Ahk.GradeManagement/Ahk.GradeManagement.Api/Program.cs

@@ -0,0 +1,23 @@
+using Ahk.GradeManagement.Backend.Common.RequestContext;
+using Ahk.GradeManagement.Bll.Services;
+using Ahk.GradeManagement.Shared.Constants;
+
+using Microsoft.Identity.Web;
+
+namespace Ahk.GradeManagement.Api.RequestContext;
+
+public class HttpRequestContext(IHttpContextAccessor httpContextAccessor) : IRequestContext
+{
+    public bool IsAuthenticated => HttpContext.User?.Identity?.IsAuthenticated ?? false;
+
+    public RequestUser? CurrentUser => HttpContext.User?.Identity?.IsAuthenticated ?? false
+        ? new RequestUser(
+            DisplayName: HttpContext.User.GetDisplayName()!,
+            Email: HttpContext.User.GetCurrentUserEmail(),
+            CurrentSubjectId: HttpContext.Request.Headers.TryGetValue(Headers.XSubjectId, out var subjectIdHeader) && long.TryParse(subjectIdHeader, out var subjectId) ? subjectId : null)
+        : null;
+
+    public CancellationToken RequestAborted => HttpContext.RequestAborted;
+
+    private HttpContext HttpContext => httpContextAccessor.HttpContext!;
+}

src/Ahk.GradeManagement/Ahk.GradeManagement.Api/RequestContext/HttpRequestContext.cs

@@ -0,0 +1,14 @@
+using Ahk.GradeManagement.Backend.Common.RequestContext;
+
+namespace Ahk.GradeManagement.Api.RequestContext;
+
+public static class RequestContextExtensions
+{
+    public static IServiceCollection AddRequestContext(this IServiceCollection services)
+    {
+        services.AddHttpContextAccessor();
+        services.AddSingleton<IRequestContext, HttpRequestContext>();
+
+        return services;
+    }
+}

src/Ahk.GradeManagement/Ahk.GradeManagement.Api/RequestContext/RequestContextExtensions.cs

@@ -0,0 +1,9 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net9.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+</Project>

src/Ahk.GradeManagement/Ahk.GradeManagement.Backend.Common/Ahk.GradeManagement.Backend.Common.csproj

@@ -0,0 +1,10 @@
+namespace Ahk.GradeManagement.Backend.Common.RequestContext;
+
+public interface IRequestContext
+{
+    public bool IsAuthenticated { get; }
+    public RequestUser? CurrentUser { get; }
+    public CancellationToken RequestAborted { get; }
+}
+
+public record RequestUser(string Email, string DisplayName, long? CurrentSubjectId);