feat: returning access token to ui

Author: ProgrammingByPermutation

src/Nullinside.Api.Common.AspNetCore/Middleware/BasicAuthenticationHandler.cs

@@ -61,6 +61,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync() {
         .AsNoTracking()
         .FirstOrDefaultAsync(u => !string.IsNullOrWhiteSpace(u.Token) &&
                                   u.Token == token &&
+                                  u.TokenExpires > DateTime.UtcNow &&
                                   !u.IsBanned)
         .ConfigureAwait(false);
 

src/Nullinside.Api.Common/Twitch/TwitchAccessToken.cs renamed to src/Nullinside.Api.Common/Auth/OAuthToken.cs

@@ -1,9 +1,9 @@
-namespace Nullinside.Api.Common.Twitch;
+namespace Nullinside.Api.Common.Auth;
 
 /// <summary>
 ///   Represents an OAuth token in the Twitch workflow.
 /// </summary>
-public class TwitchAccessToken {
+public class OAuthToken {
   /// <summary>
   ///   The Twitch access token.
   /// </summary>

src/Nullinside.Api.Common/Twitch/ITwitchApiProxy.cs

@@ -1,4 +1,5 @@
-using Nullinside.Api.Common.Twitch.Json;
+using Nullinside.Api.Common.Auth;
+using Nullinside.Api.Common.Twitch.Json;
 
 using TwitchLib.Api.Helix.Models.Chat.GetChatters;
 using TwitchLib.Api.Helix.Models.Moderation.BanUser;
@@ -14,7 +15,7 @@ public interface ITwitchApiProxy {
   /// <summary>
   ///   The Twitch access token. These are the credentials used for all requests.
   /// </summary>
-  TwitchAccessToken? OAuth { get; set; }
+  OAuthToken? OAuth { get; set; }
 
   /// <summary>
   ///   The Twitch app configuration. These are used for all requests.
@@ -28,15 +29,15 @@ public interface ITwitchApiProxy {
   /// <param name="token">The cancellation token.</param>
   /// <remarks>The object will have its <see cref="OAuth" /> updated with the new settings for the token.</remarks>
   /// <returns>The OAuth details if successful, null otherwise.</returns>
-  Task<TwitchAccessToken?> CreateAccessToken(string code, CancellationToken token = new());
+  Task<OAuthToken?> CreateAccessToken(string code, CancellationToken token = new());
 
   /// <summary>
   ///   Refreshes the access token.
   /// </summary>
   /// <param name="token">The cancellation token.</param>
   /// <remarks>The object will have its <see cref="OAuth" /> updated with the new settings for the token.</remarks>
   /// <returns>The OAuth details if successful, null otherwise.</returns>
-  Task<TwitchAccessToken?> RefreshAccessToken(CancellationToken token = new());
+  Task<OAuthToken?> RefreshAccessToken(CancellationToken token = new());
 
   /// <summary>
   ///   Determines if the <see cref="OAuth" /> is valid.

src/Nullinside.Api.Common/Twitch/TwitchApiProxy.cs

@@ -4,6 +4,7 @@
 
 using Newtonsoft.Json;
 
+using Nullinside.Api.Common.Auth;
 using Nullinside.Api.Common.Twitch.Json;
 
 using TwitchLib.Api;
@@ -60,7 +61,7 @@ public TwitchApiProxy() {
   /// </param>
   public TwitchApiProxy(string token, string refreshToken, DateTime tokenExpires, string? clientId = null,
     string? clientSecret = null, string? clientRedirect = null) {
-    OAuth = new TwitchAccessToken {
+    OAuth = new OAuthToken {
       AccessToken = token,
       RefreshToken = refreshToken,
       ExpiresUtc = tokenExpires
@@ -79,21 +80,21 @@ public TwitchApiProxy(string token, string refreshToken, DateTime tokenExpires,
   public int Retries { get; set; } = 3;
 
   /// <inheritdoc />
-  public virtual TwitchAccessToken? OAuth { get; set; }
+  public virtual OAuthToken? OAuth { get; set; }
 
   /// <inheritdoc />
   public virtual TwitchAppConfig? TwitchAppConfig { get; set; }
 
   /// <inheritdoc />
-  public virtual async Task<TwitchAccessToken?> CreateAccessToken(string code, CancellationToken token = new()) {
+  public virtual async Task<OAuthToken?> CreateAccessToken(string code, CancellationToken token = new()) {
     ITwitchAPI api = GetApi();
     AuthCodeResponse? response = await api.Auth.GetAccessTokenFromCodeAsync(code, TwitchAppConfig?.ClientSecret,
       TwitchAppConfig?.ClientRedirect).ConfigureAwait(false);
     if (null == response) {
       return null;
     }
 
-    OAuth = new TwitchAccessToken {
+    OAuth = new OAuthToken {
       AccessToken = response.AccessToken,
       RefreshToken = response.RefreshToken,
       ExpiresUtc = DateTime.UtcNow + TimeSpan.FromSeconds(response.ExpiresIn)
@@ -102,7 +103,7 @@ public TwitchApiProxy(string token, string refreshToken, DateTime tokenExpires,
   }
 
   /// <inheritdoc />
-  public virtual async Task<TwitchAccessToken?> RefreshAccessToken(CancellationToken token = new()) {
+  public virtual async Task<OAuthToken?> RefreshAccessToken(CancellationToken token = new()) {
     try {
       if (string.IsNullOrWhiteSpace(TwitchAppConfig?.ClientSecret) || string.IsNullOrWhiteSpace(TwitchAppConfig?.ClientId)) {
         return null;
@@ -114,7 +115,7 @@ public TwitchApiProxy(string token, string refreshToken, DateTime tokenExpires,
         return null;
       }
 
-      OAuth = new TwitchAccessToken {
+      OAuth = new OAuthToken {
         AccessToken = response.AccessToken,
         RefreshToken = response.RefreshToken,
         ExpiresUtc = DateTime.UtcNow + TimeSpan.FromSeconds(response.ExpiresIn)

src/Nullinside.Api.Model/Shared/UserHelpers.cs

@@ -23,11 +23,12 @@ public static class UserHelpers {
   /// <param name="twitchUsername">The username of the user on twitch.</param>
   /// <param name="twitchId">The id of the user on twitch.</param>
   /// <returns>The bearer token if successful, null otherwise.</returns>
-  public static async Task<string?> GenerateTokenAndSaveToDatabase(INullinsideContext dbContext, string email, 
+  public static async Task<OAuthToken?> GenerateTokenAndSaveToDatabase(INullinsideContext dbContext, string email, 
     TimeSpan tokenExpires, string? authToken = null, string? refreshToken = null, DateTime? expires = null,
     string? twitchUsername = null, string? twitchId = null, CancellationToken cancellationToken = new()) {
     string bearerToken = AuthUtils.GenerateToken();
     string bearerRefreshToken = AuthUtils.GenerateToken();
+    DateTime expiresUtc = DateTime.UtcNow + tokenExpires;
     try {
       User? existing = await dbContext.Users.FirstOrDefaultAsync(u => u.Email == email && !u.IsBanned, cancellationToken).ConfigureAwait(false);
       if (null == existing && !string.IsNullOrWhiteSpace(twitchUsername)) {
@@ -75,7 +76,11 @@ public static class UserHelpers {
       }
 
       await dbContext.SaveChangesAsync(cancellationToken).ConfigureAwait(false);
-      return bearerToken;
+      return new() {
+        AccessToken = bearerToken, 
+        RefreshToken = bearerRefreshToken, 
+        ExpiresUtc = expiresUtc
+      };
     }
     catch {
       return null;

src/Nullinside.Api.Tests/Nullinside.Api.Model/Shared/UserHelpersTests.cs

@@ -23,12 +23,12 @@ public async Task GenerateTokenForExistingUser() {
     Assert.That(_db.Users.Count(), Is.EqualTo(1));
 
     // Generate a new token
-    string? token = await UserHelpers.GenerateTokenAndSaveToDatabase(_db, "email", Constants.OAUTH_TOKEN_TIME_LIMIT).ConfigureAwait(false);
+    var token = await UserHelpers.GenerateTokenAndSaveToDatabase(_db, "email", Constants.OAUTH_TOKEN_TIME_LIMIT).ConfigureAwait(false);
     Assert.That(token, Is.Not.Null);
 
     // Verify we still only have one user
     Assert.That(_db.Users.Count(), Is.EqualTo(1));
-    Assert.That(_db.Users.First().Token, Is.EqualTo(token));
+    Assert.That(_db.Users.First().Token, Is.EqualTo(token.AccessToken));
   }
 
   /// <summary>
@@ -48,12 +48,12 @@ public async Task GenerateTokenForNewUser() {
     Assert.That(_db.Users.Count(), Is.EqualTo(1));
 
     // Generate a new token
-    string? token = await UserHelpers.GenerateTokenAndSaveToDatabase(_db, "email", Constants.OAUTH_TOKEN_TIME_LIMIT).ConfigureAwait(false);
+    var token = await UserHelpers.GenerateTokenAndSaveToDatabase(_db, "email", Constants.OAUTH_TOKEN_TIME_LIMIT).ConfigureAwait(false);
     Assert.That(token, Is.Not.Null);
 
     // Verify we have a new user
     Assert.That(_db.Users.Count(), Is.EqualTo(2));
-    Assert.That(_db.Users.FirstOrDefault(u => u.Email == "email")?.Token, Is.EqualTo(token));
+    Assert.That(_db.Users.FirstOrDefault(u => u.Email == "email")?.Token, Is.EqualTo(token.AccessToken));
 
     // Verfy the old user is untouched
     Assert.That(_db.Users.FirstOrDefault(u => u.Email == "email2")?.Token, Is.Null);
@@ -65,7 +65,7 @@ public async Task GenerateTokenForNewUser() {
   [Test]
   public async Task HandleUnexpectedErrors() {
     // Force an error to occur.
-    string? token = await UserHelpers.GenerateTokenAndSaveToDatabase(null!, "email", Constants.OAUTH_TOKEN_TIME_LIMIT).ConfigureAwait(false);
+    var token = await UserHelpers.GenerateTokenAndSaveToDatabase(null!, "email", Constants.OAUTH_TOKEN_TIME_LIMIT).ConfigureAwait(false);
     Assert.That(token, Is.Null);
   }
 }

src/Nullinside.Api.Tests/Nullinside.Api/Controllers/UserControllerTests.cs

@@ -9,6 +9,7 @@
 
 using Moq;
 
+using Nullinside.Api.Common.Auth;
 using Nullinside.Api.Common.Twitch;
 using Nullinside.Api.Controllers;
 using Nullinside.Api.Model;
@@ -139,7 +140,7 @@ public async Task GoToErrorOnBadGmailResponse() {
   public async Task PerformTwitchLoginExisting() {
     // Tells us twitch parsed the code successfully.
     _twitchApi.Setup(a => a.CreateAccessToken(It.IsAny<string>(), It.IsAny<CancellationToken>()))
-      .Returns(() => Task.FromResult<TwitchAccessToken?>(new TwitchAccessToken()));
+      .Returns(() => Task.FromResult<OAuthToken?>(new OAuthToken()));
 
     // Gets a matching email address from our database
     _twitchApi.Setup(a => a.GetUserEmail(It.IsAny<CancellationToken>()))
@@ -174,7 +175,7 @@ public async Task PerformTwitchLoginExisting() {
   public async Task PerformTwitchLoginNewUser() {
     // Tells us twitch parsed the code successfully.
     _twitchApi.Setup(a => a.CreateAccessToken(It.IsAny<string>(), It.IsAny<CancellationToken>()))
-      .Returns(() => Task.FromResult<TwitchAccessToken?>(new TwitchAccessToken()));
+      .Returns(() => Task.FromResult<OAuthToken?>(new OAuthToken()));
 
     // Gets a matching email address from our database
     _twitchApi.Setup(a => a.GetUserEmail(It.IsAny<CancellationToken>()))
@@ -201,7 +202,7 @@ public async Task PerformTwitchLoginNewUser() {
   public async Task PerformTwitchLoginBadTwitchResponse() {
     // Tells us twitch thinks it was a bad code.
     _twitchApi.Setup(a => a.CreateAccessToken(It.IsAny<string>(), It.IsAny<CancellationToken>()))
-      .Returns(() => Task.FromResult<TwitchAccessToken?>(null));
+      .Returns(() => Task.FromResult<OAuthToken?>(null));
 
     // Make the call and ensure it's successful.
     var controller = new TestableUserController(_configuration, _db, _webSocketPersister.Object);
@@ -218,7 +219,7 @@ public async Task PerformTwitchLoginBadTwitchResponse() {
   public async Task PerformTwitchLoginWithNoEmailAccount() {
     // Tells us twitch parsed the code successfully.
     _twitchApi.Setup(a => a.CreateAccessToken(It.IsAny<string>(), It.IsAny<CancellationToken>()))
-      .Returns(() => Task.FromResult<TwitchAccessToken?>(new TwitchAccessToken()));
+      .Returns(() => Task.FromResult<OAuthToken?>(new OAuthToken()));
 
     // Make the call and ensure it's successful.
     var controller = new TestableUserController(_configuration, _db, _webSocketPersister.Object);
@@ -237,7 +238,7 @@ public async Task PerformTwitchLoginDbFailure() {
 
     // Tells us twitch parsed the code successfully.
     _twitchApi.Setup(a => a.CreateAccessToken(It.IsAny<string>(), It.IsAny<CancellationToken>()))
-      .Returns(() => Task.FromResult<TwitchAccessToken?>(new TwitchAccessToken()));
+      .Returns(() => Task.FromResult<OAuthToken?>(new OAuthToken()));
 
     // Gets an email address from twitch
     _twitchApi.Setup(a => a.GetUserEmail(It.IsAny<CancellationToken>()))

src/Nullinside.Api/Controllers/UserController.cs

@@ -1,5 +1,6 @@
 using System.Net.WebSockets;
 using System.Security.Claims;
+using System.Text;
 
 using Google.Apis.Auth;
 
@@ -11,6 +12,7 @@
 
 using Newtonsoft.Json;
 
+using Nullinside.Api.Common.Auth;
 using Nullinside.Api.Common.Extensions;
 using Nullinside.Api.Common.Twitch;
 using Nullinside.Api.Model;
@@ -19,6 +21,8 @@
 using Nullinside.Api.Shared;
 using Nullinside.Api.Shared.Json;
 
+using Org.BouncyCastle.Utilities.Encoders;
+
 namespace Nullinside.Api.Controllers;
 
 /// <summary>
@@ -77,12 +81,13 @@ public UserController(IConfiguration configuration, INullinsideContext dbContext
         return Redirect($"{siteUrl}/user/login?error=1");
       }
 
-      string? bearerToken = await UserHelpers.GenerateTokenAndSaveToDatabase(_dbContext, credentials.Email, Constants.OAUTH_TOKEN_TIME_LIMIT, cancellationToken: token).ConfigureAwait(false);
-      if (string.IsNullOrWhiteSpace(bearerToken)) {
+      var bearerToken = await UserHelpers.GenerateTokenAndSaveToDatabase(_dbContext, credentials.Email, Constants.OAUTH_TOKEN_TIME_LIMIT, cancellationToken: token).ConfigureAwait(false);
+      if (null == bearerToken) {
         return Redirect($"{siteUrl}/user/login?error=2");
       }
-
-      return Redirect($"{siteUrl}/user/login?token={bearerToken}");
+      
+      var json = JsonConvert.SerializeObject(bearerToken);
+      return Redirect($"{siteUrl}/user/login?token={Convert.ToBase64String(Encoding.UTF8.GetBytes(json))}");
     }
     catch (InvalidJwtException) {
       return Redirect($"{siteUrl}/user/login?error=1");
@@ -127,12 +132,13 @@ public async Task<RedirectResult> TwitchLogin([FromQuery] string code, [FromServ
       return Redirect($"{siteUrl}/user/login?error=4");
     }
 
-    string? bearerToken = await UserHelpers.GenerateTokenAndSaveToDatabase(_dbContext, email, Constants.OAUTH_TOKEN_TIME_LIMIT, cancellationToken: token).ConfigureAwait(false);
-    if (string.IsNullOrWhiteSpace(bearerToken)) {
+    var bearerToken = await UserHelpers.GenerateTokenAndSaveToDatabase(_dbContext, email, Constants.OAUTH_TOKEN_TIME_LIMIT, cancellationToken: token).ConfigureAwait(false);
+    if (null == bearerToken) {
       return Redirect($"{siteUrl}/user/login?error=2");
     }
 
-    return Redirect($"{siteUrl}/user/login?token={bearerToken}");
+    var json = JsonConvert.SerializeObject(bearerToken);
+    return Redirect($"{siteUrl}/user/login?token={Convert.ToBase64String(Encoding.UTF8.GetBytes(json))}");
   }
 
   /// <summary>
@@ -170,7 +176,7 @@ public async Task<RedirectResult> TwitchStreamingToolsLogin([FromQuery] string c
     // socket so we will pull up that socket and give them their oauth information. 
     try {
       WebSocket socket = _webSockets.WebSockets[state];
-      var oAuth = new TwitchAccessToken {
+      var oAuth = new OAuthToken {
         AccessToken = api.OAuth?.AccessToken ?? string.Empty,
         RefreshToken = api.OAuth?.RefreshToken ?? string.Empty,
         ExpiresUtc = api.OAuth?.ExpiresUtc ?? DateTime.MinValue
@@ -232,7 +238,7 @@ public async Task<RedirectResult> TwitchStreamingToolsLogin([FromQuery] string c
   [Route("twitch-login/twitch-streaming-tools")]
   public async Task<IActionResult> TwitchStreamingToolsRefreshToken([FromForm] string refreshToken, [FromServices] ITwitchApiProxy api,
     CancellationToken token = new()) {
-    api.OAuth = new TwitchAccessToken {
+    api.OAuth = new OAuthToken {
       AccessToken = null,
       RefreshToken = refreshToken,
       ExpiresUtc = DateTime.MinValue
@@ -242,7 +248,7 @@ public async Task<IActionResult> TwitchStreamingToolsRefreshToken([FromForm] str
       return BadRequest();
     }
 
-    return Ok(new TwitchAccessToken {
+    return Ok(new OAuthToken {
       AccessToken = api.OAuth.AccessToken ?? string.Empty,
       RefreshToken = api.OAuth.RefreshToken ?? string.Empty,
       ExpiresUtc = api.OAuth.ExpiresUtc ?? DateTime.MinValue