feat(verification): add verification endpoint

Author: cyberhck

Micro.AppRegistration.Api/StartupExtensions/DependencyInjection.cs

@@ -6,6 +6,7 @@
 using Micro.AppRegistration.Api.ListApplications;
 using Micro.AppRegistration.Api.Models;
 using Micro.AppRegistration.Api.Uuid;
+using Micro.AppRegistration.Api.VerifySecret;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -23,6 +24,7 @@ public static void ConfigureRequiredDependencies(this IServiceCollection service
             services.AddScoped<ICreateApplicationRepository, CreateApplicationRepository>();
             services.AddScoped<IListApplicationRepository, ListApplicationRepository>();
             services.AddScoped<IListApplicationService, ListApplicationsService>();
+            services.AddScoped<IVerifySecretService, VerifySecretService>();
             services.AddSingleton<IPasswordHasher<Application>, PasswordHasher<Application>>();
             services.AddSingleton(SetupKeyStoreHttpClient(configuration.GetSection("Services").Get<Services>().KeyStore));
         }

Micro.AppRegistration.Api/ValidationAttributes/StartsWith.cs

@@ -0,0 +1,21 @@
+using System;
+using System.ComponentModel.DataAnnotations;
+
+namespace Micro.AppRegistration.Api.ValidationAttributes
+{
+    [AttributeUsage(AttributeTargets.Property | AttributeTargets.Field | AttributeTargets.Parameter)]
+    public class StartsWith : ValidationAttribute
+    {
+        private readonly string _prefix;
+
+        public StartsWith(string prefix) : base($"The {{0}} field must start with {prefix}")
+        {
+            _prefix = prefix;
+        }
+
+        public override bool IsValid(object value)
+        {
+            return value != null && value is string stringVal && stringVal.StartsWith(_prefix);
+        }
+    }
+}

Micro.AppRegistration.Api/VerifySecret/BadBasicAuthorizationDataException.cs

@@ -0,0 +1,11 @@
+using System;
+
+namespace Micro.AppRegistration.Api.VerifySecret
+{
+    public class BadBasicAuthorizationDataException : Exception
+    {
+        public BadBasicAuthorizationDataException(string message, Exception innerException) : base(message, innerException)
+        {
+        }
+    }
+}

Micro.AppRegistration.Api/VerifySecret/VerifySecretController.cs

@@ -0,0 +1,65 @@
+using System;
+using System.ComponentModel.DataAnnotations;
+using System.Text;
+using System.Threading.Tasks;
+using Micro.AppRegistration.Api.ValidationAttributes;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Micro.AppRegistration.Api.VerifySecret
+{
+    [ApiController]
+    [Route("api/[controller]")]
+    public class VerifySecretController : ControllerBase
+    {
+        private readonly IVerifySecretService _verifySecretService;
+
+        public VerifySecretController(IVerifySecretService verifySecretService)
+        {
+            _verifySecretService = verifySecretService;
+        }
+
+        [HttpPost]
+        public async Task<IActionResult> Verify([FromHeader(Name = "Authorization")] [Required] [StartsWith("Basic ")]
+            string authorization)
+        {
+            try
+            {
+                var (appId, secret) = GetBasicAuthData(authorization);
+                var result = await _verifySecretService.Verify(appId, secret);
+                return Ok(new VerifySecretResponse
+                {
+                    Success = result
+                });
+            }
+            catch (BadBasicAuthorizationDataException e)
+            {
+                return BadRequest(new ProblemDetails
+                {
+                    Title = "authorization data is invalid"
+                });
+            }
+            catch (Exception e)
+            {
+                return StatusCode(StatusCodes.Status500InternalServerError, new ProblemDetails
+                {
+                    Title = "error handling request"
+                });
+            }
+        }
+
+        private static (string, string) GetBasicAuthData(string authorizationHeader)
+        {
+            try
+            {
+                var token = authorizationHeader.Substring("Basic ".Length).Trim();
+                var parts = Encoding.UTF8.GetString(Convert.FromBase64String(token)).Split(":");
+                return (parts[0], parts[1]);
+            }
+            catch (Exception e)
+            {
+                throw new BadBasicAuthorizationDataException("bad data", e);
+            }
+        }
+    }
+}

Micro.AppRegistration.Api/VerifySecret/VerifySecretResponse.cs

@@ -0,0 +1,7 @@
+namespace Micro.AppRegistration.Api.VerifySecret
+{
+    public class VerifySecretResponse
+    {
+        public bool Success { set; get; }
+    }
+}

Micro.AppRegistration.Api/VerifySecret/VerifySecretService.cs

@@ -0,0 +1,32 @@
+using System.Threading.Tasks;
+using Micro.AppRegistration.Api.ListApplications;
+using Micro.AppRegistration.Api.Models;
+using Microsoft.AspNetCore.Identity;
+
+namespace Micro.AppRegistration.Api.VerifySecret
+{
+    public interface IVerifySecretService
+    {
+        Task<bool> Verify(string appId, string secret);
+    }
+    public class VerifySecretService : IVerifySecretService
+    {
+        private readonly IPasswordHasher<Application> _secretHasher;
+        private readonly IListApplicationRepository _applicationRepository;
+
+        public VerifySecretService(IPasswordHasher<Application> secretHasher, IListApplicationRepository applicationRepository)
+        {
+            _secretHasher = secretHasher;
+            _applicationRepository = applicationRepository;
+        }
+
+        public async Task<bool> Verify(string appId, string secret)
+        {
+            var application = await _applicationRepository.FindById(appId);
+            var result = _secretHasher.VerifyHashedPassword(null, application.Secret, secret);
+            // todo: if result returns a rehash needed, we need re-hash password and save it in database.
+            // to be done after MVP
+            return result == PasswordVerificationResult.Success || result == PasswordVerificationResult.SuccessRehashNeeded;
+        }
+    }
+}