Protected Browser Storage (#23553)

* Migrated protected browser storage.

* Added E2E tests.

* Added safeguard against using ProtectedBrowserStorage in wasm.

* Added TryGetValue.

* Added Microsoft.AspNetCore.Components.Web.Extensions

* Minor cleanup

* Moved ProtectedBrowserStorage out of Web.JS.

* Delete Microsoft.AspNetCore.Components.Web.Extensions.netcoreapp.cs

* Updated ProjectReferences.props

* Improvements and cleanup.

* Update Microsoft.AspNetCore.Components.Web.Extensions.csproj

* Added Web.Extensions to the VS solution.

Author: MackinnonBuck

AspNetCore.sln

@@ -63,6 +63,7 @@
     <ProjectReferenceProvider Include="Microsoft.AspNetCore.SignalR.Specification.Tests" ProjectPath="$(RepoRoot)src\SignalR\server\Specification.Tests\src\Microsoft.AspNetCore.SignalR.Specification.Tests.csproj"  />
     <ProjectReferenceProvider Include="Microsoft.AspNetCore.SignalR.StackExchangeRedis" ProjectPath="$(RepoRoot)src\SignalR\server\StackExchangeRedis\src\Microsoft.AspNetCore.SignalR.StackExchangeRedis.csproj"  />
     <ProjectReferenceProvider Include="Ignitor" ProjectPath="$(RepoRoot)src\Components\Ignitor\src\Ignitor.csproj"  />
+    <ProjectReferenceProvider Include="Microsoft.AspNetCore.Components.Web.Extensions" ProjectPath="$(RepoRoot)src\Components\Web.Extensions\src\Microsoft.AspNetCore.Components.Web.Extensions.csproj"  />
     <ProjectReferenceProvider Include="Microsoft.Authentication.WebAssembly.Msal" ProjectPath="$(RepoRoot)src\Components\WebAssembly\Authentication.Msal\src\Microsoft.Authentication.WebAssembly.Msal.csproj"  />
     <ProjectReferenceProvider Include="Microsoft.JSInterop.WebAssembly" ProjectPath="$(RepoRoot)src\Components\WebAssembly\JSInterop\src\Microsoft.JSInterop.WebAssembly.csproj"  />
     <ProjectReferenceProvider Include="Microsoft.AspNetCore.Components.WebAssembly.Server" ProjectPath="$(RepoRoot)src\Components\WebAssembly\Server\src\Microsoft.AspNetCore.Components.WebAssembly.Server.csproj"  />

eng/ProjectReferences.props

@@ -100,6 +100,8 @@
       "src\\Components\\test\\testassets\\ComponentsApp.Server\\ComponentsApp.Server.csproj",
       "src\\Components\\benchmarkapps\\Wasm.Performance\\Driver\\Wasm.Performance.Driver.csproj",
       "src\\Components\\benchmarkapps\\Wasm.Performance\\TestApp\\Wasm.Performance.TestApp.csproj",
+      "src\\Components\\Web.Extensions\\src\\Microsoft.AspNetCore.Components.Web.Extensions.csproj",
+      "src\\Components\\Web.Extensions\\test\\Microsoft.AspNetCore.Components.Web.Extensions.Tests.csproj",
       "src\\Components\\WebAssembly\\Server\\test\\Microsoft.AspNetCore.Components.WebAssembly.Server.Tests.csproj",
       "src\\Components\\WebAssembly\\Authentication.Msal\\src\\Microsoft.Authentication.WebAssembly.Msal.csproj",
       "src\\Components\\WebAssembly\\DebugProxy\\src\\Microsoft.AspNetCore.Components.WebAssembly.DebugProxy.csproj",

src/Components/Components.slnf

@@ -7,3 +7,4 @@
 [assembly: InternalsVisibleTo("Microsoft.AspNetCore.Components.Server.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100f33a29044fa9d740c9b3213a93e57c84b472c84e0b8a0e1ae48e67a9f8f6de9d5f7f3d52ac23e48ac51801f1dc950abe901da34d2a9e3baadb141a17c77ef3c565dd5ee5054b91cf63bb3c6ab83f72ab3aafe93d0fc3c2348b764fafb0b1c0733de51459aeab46580384bf9d74c4e28164b7cde247f891ba07891c9d872ad2bb")]
 [assembly: InternalsVisibleTo("Microsoft.AspNetCore.Components.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100f33a29044fa9d740c9b3213a93e57c84b472c84e0b8a0e1ae48e67a9f8f6de9d5f7f3d52ac23e48ac51801f1dc950abe901da34d2a9e3baadb141a17c77ef3c565dd5ee5054b91cf63bb3c6ab83f72ab3aafe93d0fc3c2348b764fafb0b1c0733de51459aeab46580384bf9d74c4e28164b7cde247f891ba07891c9d872ad2bb")]
 [assembly: InternalsVisibleTo("Microsoft.AspNetCore.Components.Web.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100f33a29044fa9d740c9b3213a93e57c84b472c84e0b8a0e1ae48e67a9f8f6de9d5f7f3d52ac23e48ac51801f1dc950abe901da34d2a9e3baadb141a17c77ef3c565dd5ee5054b91cf63bb3c6ab83f72ab3aafe93d0fc3c2348b764fafb0b1c0733de51459aeab46580384bf9d74c4e28164b7cde247f891ba07891c9d872ad2bb")]
+[assembly: InternalsVisibleTo("Microsoft.AspNetCore.Components.Web.Extensions.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100f33a29044fa9d740c9b3213a93e57c84b472c84e0b8a0e1ae48e67a9f8f6de9d5f7f3d52ac23e48ac51801f1dc950abe901da34d2a9e3baadb141a17c77ef3c565dd5ee5054b91cf63bb3c6ab83f72ab3aafe93d0fc3c2348b764fafb0b1c0733de51459aeab46580384bf9d74c4e28164b7cde247f891ba07891c9d872ad2bb")]

src/Components/Components/src/Properties/AssemblyInfo.cs

@@ -16,6 +16,8 @@
       "src\\Components\\Samples\\BlazorServerApp\\BlazorServerApp.csproj",
       "src\\Components\\Server\\src\\Microsoft.AspNetCore.Components.Server.csproj",
       "src\\Components\\Server\\test\\Microsoft.AspNetCore.Components.Server.Tests.csproj",
+      "src\\Components\\Web.Extensions\\src\\Microsoft.AspNetCore.Components.Web.Extensions.csproj",
+      "src\\Components\\Web.Extensions\\test\\Microsoft.AspNetCore.Components.Web.Extensions.Tests.csproj",
       "src\\Components\\WebAssembly\\Authentication.Msal\\src\\Microsoft.Authentication.WebAssembly.Msal.csproj",
       "src\\Components\\WebAssembly\\DebugProxy\\src\\Microsoft.AspNetCore.Components.WebAssembly.DebugProxy.csproj",
       "src\\Components\\WebAssembly\\DevServer\\src\\Microsoft.AspNetCore.Components.WebAssembly.DevServer.csproj",

src/Components/ComponentsNoDeps.slnf

@@ -0,0 +1,20 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
+    <Description>A collection of Blazor components for the web.</Description>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <RootNamespace>Microsoft.AspNetCore.Components</RootNamespace>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Reference Include="Microsoft.AspNetCore.DataProtection" />
+    <Reference Include="Microsoft.JSInterop" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Compile Include="..\..\Shared\src\JsonSerializerOptionsProvider.cs" />
+  </ItemGroup>
+
+</Project>

src/Components/Web.Extensions/src/Microsoft.AspNetCore.Components.Web.Extensions.csproj

@@ -0,0 +1,170 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Concurrent;
+using System.Runtime.InteropServices;
+using System.Text.Json;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.JSInterop;
+
+namespace Microsoft.AspNetCore.Components.Web.Extensions
+{
+    /// <summary>
+    /// Provides mechanisms for storing and retrieving data in the browser storage.
+    /// </summary>
+    public abstract class ProtectedBrowserStorage
+    {
+        private readonly string _storeName;
+        private readonly IJSRuntime _jsRuntime;
+        private readonly IDataProtectionProvider _dataProtectionProvider;
+        private readonly ConcurrentDictionary<string, IDataProtector> _cachedDataProtectorsByPurpose
+            = new ConcurrentDictionary<string, IDataProtector>(StringComparer.Ordinal);
+
+        /// <summary>
+        /// Constructs an instance of <see cref="ProtectedBrowserStorage"/>.
+        /// </summary>
+        /// <param name="storeName">The name of the store in which the data should be stored.</param>
+        /// <param name="jsRuntime">The <see cref="IJSRuntime"/>.</param>
+        /// <param name="dataProtectionProvider">The <see cref="IDataProtectionProvider"/>.</param>
+        protected ProtectedBrowserStorage(string storeName, IJSRuntime jsRuntime, IDataProtectionProvider dataProtectionProvider)
+        {
+            // Performing data protection on the client would give users a false sense of security, so we'll prevent this.
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Browser))
+            {
+                throw new PlatformNotSupportedException($"{GetType()} cannot be used when running in a browser.");
+            }
+
+            if (string.IsNullOrEmpty(storeName))
+            {
+                throw new ArgumentException("The value cannot be null or empty", nameof(storeName));
+            }
+
+            _storeName = storeName;
+            _jsRuntime = jsRuntime ?? throw new ArgumentNullException(nameof(jsRuntime));
+            _dataProtectionProvider = dataProtectionProvider ?? throw new ArgumentNullException(nameof(dataProtectionProvider));
+        }
+
+        /// <summary>
+        /// <para>
+        /// Asynchronously stores the specified data.
+        /// </para>
+        /// <para>
+        /// Since no data protection purpose is specified with this overload, the purpose is derived from
+        /// <paramref name="key"/> and the store name. This is a good default purpose to use if the keys come from a
+        /// fixed set known at compile-time.
+        /// </para>
+        /// </summary>
+        /// <param name="key">A <see cref="string"/> value specifying the name of the storage slot to use.</param>
+        /// <param name="value">A JSON-serializable value to be stored.</param>
+        /// <returns>A <see cref="ValueTask"/> representing the completion of the operation.</returns>
+        public ValueTask SetAsync(string key, object value)
+            => SetAsync(CreatePurposeFromKey(key), key, value);
+
+        /// <summary>
+        /// Asynchronously stores the supplied data.
+        /// </summary>
+        /// <param name="purpose">
+        /// A string that defines a scope for the data protection. The protected data can only
+        /// be unprotected by code that specifies the same purpose.
+        /// </param>
+        /// <param name="key">A <see cref="string"/> value specifying the name of the storage slot to use.</param>
+        /// <param name="value">A JSON-serializable value to be stored.</param>
+        /// <returns>A <see cref="ValueTask"/> representing the completion of the operation.</returns>
+        public ValueTask SetAsync(string purpose, string key, object value)
+        {
+            if (string.IsNullOrEmpty(purpose))
+            {
+                throw new ArgumentException("Cannot be null or empty", nameof(purpose));
+            }
+
+            if (string.IsNullOrEmpty(key))
+            {
+                throw new ArgumentException("Cannot be null or empty", nameof(key));
+            }
+
+            return SetProtectedJsonAsync(key, Protect(purpose, value));
+        }
+
+        /// <summary>
+        /// <para>
+        /// Asynchronously retrieves the specified data.
+        /// </para>
+        /// <para>
+        /// Since no data protection purpose is specified with this overload, the purpose is derived from
+        /// <paramref name="key"/> and the store name. This is a good default purpose to use if the keys come from a
+        /// fixed set known at compile-time.
+        /// </para>
+        /// </summary>
+        /// <param name="key">A <see cref="string"/> value specifying the name of the storage slot to use.</param>
+        /// <returns>A <see cref="ValueTask"/> representing the completion of the operation.</returns>
+        public ValueTask<ProtectedBrowserStorageResult<TValue>> GetAsync<TValue>(string key)
+            => GetAsync<TValue>(CreatePurposeFromKey(key), key);
+
+        /// <summary>
+        /// <para>
+        /// Asynchronously retrieves the specified data.
+        /// </para>
+        /// </summary>
+        /// <param name="purpose">
+        /// A string that defines a scope for the data protection. The protected data can only
+        /// be unprotected if the same purpose was previously specified when calling
+        /// <see cref="SetAsync(string, string, object)"/>.
+        /// </param>
+        /// <param name="key">A <see cref="string"/> value specifying the name of the storage slot to use.</param>
+        /// <returns>A <see cref="ValueTask"/> representing the completion of the operation.</returns>
+        public async ValueTask<ProtectedBrowserStorageResult<TValue>> GetAsync<TValue>(string purpose, string key)
+        {
+            var protectedJson = await GetProtectedJsonAsync(key);
+
+            return protectedJson == null ?
+                new ProtectedBrowserStorageResult<TValue>(false, default) :
+                new ProtectedBrowserStorageResult<TValue>(true, Unprotect<TValue>(purpose, protectedJson));
+        }
+
+        /// <summary>
+        /// Asynchronously deletes any data stored for the specified key.
+        /// </summary>
+        /// <param name="key">
+        /// A <see cref="string"/> value specifying the name of the storage slot whose value should be deleted.
+        /// </param>
+        /// <returns>A <see cref="ValueTask"/> representing the completion of the operation.</returns>
+        public ValueTask DeleteAsync(string key)
+            => _jsRuntime.InvokeVoidAsync($"{_storeName}.removeItem", key);
+
+        private string Protect(string purpose, object value)
+        {
+            var json = JsonSerializer.Serialize(value, options: JsonSerializerOptionsProvider.Options);
+            var protector = GetOrCreateCachedProtector(purpose);
+
+            return protector.Protect(json);
+        }
+
+        private TValue Unprotect<TValue>(string purpose, string protectedJson)
+        {
+            var protector = GetOrCreateCachedProtector(purpose);
+            var json = protector.Unprotect(protectedJson);
+
+            return JsonSerializer.Deserialize<TValue>(json, options: JsonSerializerOptionsProvider.Options)!;
+        }
+
+        private ValueTask SetProtectedJsonAsync(string key, string protectedJson)
+           => _jsRuntime.InvokeVoidAsync($"{_storeName}.setItem", key, protectedJson);
+
+        private ValueTask<string> GetProtectedJsonAsync(string key)
+            => _jsRuntime.InvokeAsync<string>($"{_storeName}.getItem", key);
+
+        // IDataProtect isn't disposable, so we're fine holding these indefinitely.
+        // Only a bounded number of them will be created, as the 'key' values should
+        // come from a bounded set known at compile-time. There's no use case for
+        // letting runtime data determine the 'key' values.
+        private IDataProtector GetOrCreateCachedProtector(string purpose)
+            => _cachedDataProtectorsByPurpose.GetOrAdd(
+                purpose,
+                _dataProtectionProvider.CreateProtector);
+
+        private string CreatePurposeFromKey(string key)
+            => $"{GetType().FullName}:{_storeName}:{key}";
+    }
+}

src/Components/Web.Extensions/src/ProtectedBrowserStorage/ProtectedBrowserStorage.cs

@@ -0,0 +1,28 @@
+using System.Diagnostics.CodeAnalysis;
+
+namespace Microsoft.AspNetCore.Components.Web.Extensions
+{
+    /// <summary>
+    /// Contains the result of a protected browser storage operation.
+    /// </summary>
+    public readonly struct ProtectedBrowserStorageResult<T>
+    {
+        /// <summary>
+        /// Gets whether the operation succeeded.
+        /// </summary>
+        public bool Success { get; }
+
+        /// <summary>
+        /// Gets the result value of the operation.
+        /// </summary>
+        [MaybeNull]
+        [AllowNull]
+        public T Value { get; }
+
+        internal ProtectedBrowserStorageResult(bool success, [AllowNull] T value)
+        {
+            Success = success;
+            Value = value;
+        }
+    }
+}

src/Components/Web.Extensions/src/ProtectedBrowserStorage/ProtectedBrowserStorageResult.cs

@@ -0,0 +1,24 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Components.Web.Extensions;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods for registering Protected Browser Storage services.
+    /// </summary>
+    public static class ProtectedBrowserStorageServiceCollectionExtensions
+    {
+        /// <summary>
+        /// Adds services for protected browser storage to the specified <see cref="IServiceCollection"/>.
+        /// </summary>
+        /// <param name="services">The <see cref="IServiceCollection"/>.</param>
+        public static void AddProtectedBrowserStorage(this IServiceCollection services)
+        {
+            services.AddDataProtection();
+            services.AddScoped<ProtectedLocalStorage>();
+            services.AddScoped<ProtectedSessionStorage>();
+        }
+    }
+}

src/Components/Web.Extensions/src/ProtectedBrowserStorage/ProtectedBrowserStorageServiceCollectionExtensions.cs

@@ -0,0 +1,30 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.JSInterop;
+
+namespace Microsoft.AspNetCore.Components.Web.Extensions
+{
+    /// <summary>
+    /// Provides mechanisms for storing and retrieving data in the browser's
+    /// 'localStorage' collection.
+    ///
+    /// This data will be scoped to the current user's browser, shared across
+    /// all tabs. The data will persist across browser restarts.
+    ///
+    /// See: https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage
+    /// </summary>
+    public class ProtectedLocalStorage : ProtectedBrowserStorage
+    {
+        /// <summary>
+        /// Constructs an instance of <see cref="ProtectedLocalStorage"/>.
+        /// </summary>
+        /// <param name="jsRuntime">The <see cref="IJSRuntime"/>.</param>
+        /// <param name="dataProtectionProvider">The <see cref="IDataProtectionProvider"/>.</param>
+        public ProtectedLocalStorage(IJSRuntime jsRuntime, IDataProtectionProvider dataProtectionProvider)
+            : base("localStorage", jsRuntime, dataProtectionProvider)
+        {
+        }
+    }
+}