chore(identity): configure partial identity (#1)

* feat(applications): add create application endpoint

Author: cyberhck

Dockerfile

@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/core/sdk:3.0-alpine3.9 as build
+FROM mcr.microsoft.com/dotnet/core/sdk:3.1-alpine as build
 WORKDIR /app
 COPY . .
 RUN dotnet restore

Micro.AppRegistration.Api/Auth/CustomClaims.cs

@@ -0,0 +1,7 @@
+namespace Micro.AppRegistration.Api.Auth
+{
+    public class CustomClaims
+    {
+        public const string Permission = "Permission";
+    }
+}

Micro.AppRegistration.Api/Auth/Exceptions/KeyNotFoundException.cs

@@ -0,0 +1,11 @@
+using System;
+
+namespace Micro.AppRegistration.Api.Auth.Exceptions
+{
+    public class KeyNotFoundException : Exception
+    {
+        public KeyNotFoundException(string message) : base(message)
+        {
+        }
+    }
+}

Micro.AppRegistration.Api/Auth/KeyResolver.cs

@@ -0,0 +1,31 @@
+using System.Threading.Tasks;
+using Fossapps.Micro.KeyStore;
+using Fossapps.Micro.KeyStore.Models;
+using Micro.AppRegistration.Api.Auth.Exceptions;
+
+namespace Micro.AppRegistration.Api.Auth
+{
+    public interface IKeyResolver
+    {
+        Task<string> ResolveKey(string keyId);
+    }
+    public class KeyResolver : IKeyResolver
+    {
+        private readonly IKeyStoreClient _keyStoreClient;
+
+        public KeyResolver(IKeyStoreClient keyStoreClient)
+        {
+            _keyStoreClient = keyStoreClient;
+        }
+
+        public async Task<string> ResolveKey(string keyId)
+        {
+            var response = await _keyStoreClient.Keys.GetAsync(keyId);
+            return response switch
+            {
+                KeyCreatedResponse keyCreatedResponse => keyCreatedResponse.Body,
+                _ => throw new KeyNotFoundException($"key: '{keyId}' not found")
+            };
+        }
+    }
+}

Micro.AppRegistration.Api/Auth/RequirePermission.cs

@@ -0,0 +1,32 @@
+using System;
+using System.Linq;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace Micro.AppRegistration.Api.Auth
+{
+    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true)]
+    public class RequirePermission : Attribute, IAuthorizeData, IAuthorizationFilter
+    {
+        public string AuthenticationSchemes { get; set; }
+        public string Policy { get; set; }
+        public string Roles { get; set; }
+        private readonly string _permission;
+
+        public RequirePermission(string permission)
+        {
+            _permission = permission;
+        }
+
+        public void OnAuthorization(AuthorizationFilterContext context)
+        {
+            var permissionClaims = context.HttpContext?.User?.Claims?.Where(c => c.Type == CustomClaims.Permission);
+            var hasClaim = permissionClaims?.Any(x => x.Value == _permission || x.Value == "sudo");
+            if (!hasClaim.HasValue || !hasClaim.Value)
+            {
+                context.Result = new ForbidResult();
+            }
+        }
+    }
+}

Micro.AppRegistration.Api/Configs/Services.cs

@@ -0,0 +1,12 @@
+namespace Micro.AppRegistration.Api.Configs
+{
+    public class Services
+    {
+        public KeyStoreConfig KeyStore { set; get; }
+    }
+
+    public class KeyStoreConfig
+    {
+        public string Url { set; get; }
+    }
+}