Merge pull request #337 from neuroglia-io/auth-runtime-expression-parameter

Added a new 'AUTHZ' runtime expression parameter, which describes a function's authorization scheme, if any

Author: cdavernas

deployment/docker-compose/.gitignore

@@ -0,0 +1 @@
+secrets/

src/apps/Synapse.Worker/AuthorizationInfo.cs

@@ -0,0 +1,94 @@
+/*
+ * Copyright © 2022-Present The Synapse Authors
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+using Microsoft.Extensions.DependencyInjection;
+using System.Text;
+
+namespace Synapse.Worker;
+
+/// <summary>
+/// Describes the credentials used to authenticate a user agent with an application
+/// </summary>
+public class AuthorizationInfo
+{
+
+    /// <summary>
+    /// Initializes a new <see cref="AuthorizationInfo"/>
+    /// </summary>
+    public AuthorizationInfo() { }
+
+    /// <summary>
+    /// Initializes a new <see cref="AuthorizationInfo"/>
+    /// </summary>
+    /// <param name="scheme">The authorization scheme</param>
+    /// <param name="parameters">The authorization parameters</param>
+    public AuthorizationInfo(string scheme, string parameters)
+    {
+        this.Scheme = scheme;
+        this.Parameters = parameters;
+    }
+
+    /// <summary>
+    /// Gets the authorization scheme
+    /// </summary>
+    public virtual string Scheme { get; set; } = null!;
+
+    /// <summary>
+    /// Gets the authorization parameters
+    /// </summary>
+    public virtual string Parameters { get; set; } = null!;
+
+    /// <inheritdoc/>
+    public override string ToString() => $"{this.Scheme} {this.Parameters}";
+
+    /// <summary>
+    /// Creates a new <see cref="AuthorizationInfo"/> from the specified <see cref="AuthenticationDefinition"/>
+    /// </summary>
+    /// <param name="serviceProvider">The current <see cref="ISerializerProvider"/></param>
+    /// <param name="authentication">The <see cref="AuthenticationDefinition"/> that describes the authentication mechanism to use</param>
+    /// <param name="cancellationToken">A <see cref="CancellationToken"/></param>
+    /// <returns>A new <see cref="AuthorizationInfo"/></returns>
+    /// <exception cref="NullReferenceException"></exception>
+    /// <exception cref="NotSupportedException"></exception>
+    public static async Task<AuthorizationInfo?> CreateAsync(IServiceProvider serviceProvider, AuthenticationDefinition? authentication, CancellationToken cancellationToken = default)
+    {
+        if (authentication == null) return null;
+        string scheme;
+        string value;
+        switch (authentication.Properties)
+        {
+            case BasicAuthenticationProperties basic:
+                scheme = "Basic";
+                value = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{basic.Username}:{basic.Password}"));
+                break;
+            case BearerAuthenticationProperties bearer:
+                scheme = "Bearer";
+                value = bearer.Token;
+                break;
+            case OAuth2AuthenticationProperties oauth:
+                scheme = "Bearer";
+                var token = await serviceProvider.GetRequiredService<IOAuth2TokenManager>().GetTokenAsync(oauth, cancellationToken);
+                if (token == null) throw new NullReferenceException($"Failed to generate an OAUTH2 token");
+                value = token.AccessToken!;
+                break;
+            default:
+                throw new NotSupportedException($"The specified authentication schema '{EnumHelper.Stringify(authentication.Scheme)}' is not supported");
+        }
+        return new(scheme, value);
+    }
+
+}

src/apps/Synapse.Worker/Extensions/HttpClientExtensions.cs

@@ -15,9 +15,7 @@
  *
  */
 
-using Microsoft.Extensions.DependencyInjection;
 using System.Net.Http.Headers;
-using System.Text;
 
 namespace Synapse.Worker
 {
@@ -29,40 +27,15 @@ public static class HttpClientExtensions
     {
 
         /// <summary>
-        /// Configures the <see cref="HttpClient"/> to use the specified <see cref="AuthenticationDefinition"/>
+        /// Configures the <see cref="HttpClient"/> to use the specified <see cref="AuthorizationInfo"/>
         /// </summary>
         /// <param name="httpClient">The <see cref="HttpClient"/> to configure</param>
-        /// <param name="serviceProvider">The current <see cref="IServiceProvider"/></param>
-        /// <param name="authentication">The <see cref="AuthenticationDefinition"/> that describes how to configure authorization</param>
-        /// <param name="cancellationToken">A <see cref="CancellationToken"/></param>
+        /// <param name="authorization">An object that describes the authorization mechanism to use</param>
         /// <returns>A new awaitable <see cref="Task"/></returns>
-        public static async Task ConfigureAuthorizationAsync(this HttpClient httpClient, IServiceProvider serviceProvider, AuthenticationDefinition? authentication, CancellationToken cancellationToken = default)
+        public static void UseAuthorization(this HttpClient httpClient, AuthorizationInfo? authorization)
         {
-            if (authentication == null)
-                return;
-            string? scheme;
-            string? value;
-            switch (authentication.Properties)
-            {
-                case BasicAuthenticationProperties basic:
-                    scheme = "Basic";
-                    value = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{basic.Username}:{basic.Password}"));
-                    break;
-                case BearerAuthenticationProperties bearer:
-                    scheme = "Bearer";
-                    value = bearer.Token;
-                    break;
-                case OAuth2AuthenticationProperties oauth:
-                    scheme = "Bearer";
-                    var token = await serviceProvider.GetRequiredService<IOAuth2TokenManager>().GetTokenAsync(oauth, cancellationToken);
-                    if (token == null)
-                        throw new NullReferenceException($"Failed to generate an OAUTH2 token");
-                    value = token.AccessToken;
-                    break;
-                default:
-                    throw new NotSupportedException($"The specified authentication schema '{EnumHelper.Stringify(authentication.Scheme)}' is not supported");
-            }
-            httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(scheme, value);
+            if (authorization == null) return;
+            httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(authorization.Scheme, authorization.Parameters);
         }
 
     }

src/apps/Synapse.Worker/Extensions/IWorkflowRuntimeContextExtensions.cs

@@ -36,15 +36,16 @@ public static class IWorkflowRuntimeContextExtensions
         /// <param name="context">The current <see cref="IWorkflowRuntimeContext"/></param>
         /// <param name="expressionObject">The object to evaluate</param>
         /// <param name="data">The data to evaluate the object against</param>
+        /// <param name="authorization">The current <see cref="AuthorizationInfo"/>, if any</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/></param>
         /// <returns>The evaluated object</returns>
-        public static async Task<object?> EvaluateObjectAsync(this IWorkflowRuntimeContext context, object expressionObject, object data, CancellationToken cancellationToken = default)
+        public static async Task<object?> EvaluateObjectAsync(this IWorkflowRuntimeContext context, object expressionObject, object data, AuthorizationInfo? authorization, CancellationToken cancellationToken = default)
         {
             var json = JsonConvert.SerializeObject(expressionObject, new JsonSerializerSettings() { NullValueHandling = NullValueHandling.Ignore }); ;
             foreach (var match in Regex.Matches(json, @"""\$\{.+?\}""", RegexOptions.Compiled).Cast<Match>())
             {
                 var expression = Regex.Unescape(match.Value[3..^2].Trim().Replace(@"\""", @""""));
-                var evaluationResult = await context.EvaluateAsync(expression, data, cancellationToken);
+                var evaluationResult = await context.EvaluateAsync(expression, data, authorization, cancellationToken);
                 if (evaluationResult == null) continue;
                 var valueToken = JToken.FromObject(evaluationResult);
                 var value = null as string;
@@ -62,6 +63,19 @@ public static class IWorkflowRuntimeContextExtensions
             return JsonConvert.DeserializeObject<ExpandoObject>(json)!;
         }
 
+        /// <summary>
+        /// Evaluates an object against the specified data
+        /// </summary>
+        /// <param name="context">The current <see cref="IWorkflowRuntimeContext"/></param>
+        /// <param name="expressionObject">The object to evaluate</param>
+        /// <param name="data">The data to evaluate the object against</param>
+        /// <param name="cancellationToken">A <see cref="CancellationToken"/></param>
+        /// <returns>The evaluated object</returns>
+        public static Task<object?> EvaluateObjectAsync(this IWorkflowRuntimeContext context, object expressionObject, object data, CancellationToken cancellationToken = default)
+        {
+            return EvaluateObjectAsync(context, expressionObject, data, null, cancellationToken);
+        }
+
         /// <summary>
         /// Evaluates the specified condition expression
         /// </summary>
@@ -123,9 +137,7 @@ public static async Task<bool> EvaluateConditionAsync(this IWorkflowRuntimeConte
         /// <returns>The filtered output</returns>
         public static async Task<object?> FilterOutputAsync(this IWorkflowRuntimeContext context, StateDefinition state, object output, CancellationToken cancellationToken = default)
         {
-            if (state.DataFilter == null
-                || string.IsNullOrWhiteSpace(state.DataFilter.Output))
-                return output;
+            if (state.DataFilter == null || string.IsNullOrWhiteSpace(state.DataFilter.Output)) return output;
             return await context.EvaluateAsync(state.DataFilter.Output, output, cancellationToken);
         }
 
@@ -135,14 +147,28 @@ public static async Task<bool> EvaluateConditionAsync(this IWorkflowRuntimeConte
         /// <param name="context">The <see cref="IWorkflowRuntimeContext"/> to use</param>
         /// <param name="action">The <see cref="ActionDefinition"/> to filter the output for</param>
         /// <param name="output">The output data to filter</param>
+        /// <param name="authorization">The current <see cref="AuthorizationInfo"/>, if any</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/></param>
         /// <returns>The filtered output</returns>
-        public static async Task<object?> FilterOutputAsync(this IWorkflowRuntimeContext context, ActionDefinition action, object output, CancellationToken cancellationToken = default)
+        public static async Task<object?> FilterOutputAsync(this IWorkflowRuntimeContext context, ActionDefinition action, object output, AuthorizationInfo? authorization, CancellationToken cancellationToken = default)
         {
             if (action.ActionDataFilter == null
                 || string.IsNullOrWhiteSpace(action.ActionDataFilter.Results))
                 return output;
-            return await context.EvaluateAsync(action.ActionDataFilter.Results, output, cancellationToken);
+            return await context.EvaluateAsync(action.ActionDataFilter.Results, output, authorization, cancellationToken);
+        }
+
+        /// <summary>
+        /// Filters the output of the specified <see cref="ActionDefinition"/>
+        /// </summary>
+        /// <param name="context">The <see cref="IWorkflowRuntimeContext"/> to use</param>
+        /// <param name="action">The <see cref="ActionDefinition"/> to filter the output for</param>
+        /// <param name="output">The output data to filter</param>
+        /// <param name="cancellationToken">A <see cref="CancellationToken"/></param>
+        /// <returns>The filtered output</returns>
+        public static Task<object?> FilterOutputAsync(this IWorkflowRuntimeContext context, ActionDefinition action, object output, CancellationToken cancellationToken = default)
+        {
+            return FilterOutputAsync(context, action, output, cancellationToken);
         }
 
         /// <summary>

src/apps/Synapse.Worker/Services/IWorkflowRuntimeContext.cs

@@ -41,6 +41,16 @@ public interface IWorkflowRuntimeContext
         /// <returns>A new awaitable <see cref="Task"/></returns>
         Task InitializeAsync(CancellationToken cancellationToken);
 
+        /// <summary>
+        /// Evaluates a runtime expression against an object
+        /// </summary>
+        /// <param name="runtimeExpression">The runtime expression to evaluate</param>
+        /// <param name="data">The data to evaluate the expression against</param>
+        /// <param name="authorization">The current <see cref="AuthorizationInfo"/>, if any</param>
+        /// <param name="cancellationToken">A <see cref="CancellationToken"/></param>
+        /// <returns>The evaluation result</returns>
+        Task<object?> EvaluateAsync(string runtimeExpression, object? data, AuthorizationInfo? authorization, CancellationToken cancellationToken = default);
+
         /// <summary>
         /// Evaluates a runtime expression against an object
         /// </summary>

src/apps/Synapse.Worker/Services/OAuth2TokenManager.cs

@@ -86,7 +86,7 @@ public virtual async Task<OAuth2Token> GetTokenAsync(OAuth2AuthenticationPropert
                 }
             }
             var discoveryDocument = await this.HttpClient.GetDiscoveryDocumentAsync(oauthProperties.Authority.ToString(), cancellationToken);
-            using var request = new HttpRequestMessage(HttpMethod.Post, discoveryDocument.TokenEndpoint)
+            using var request = new HttpRequestMessage(HttpMethod.Post, new Uri(oauthProperties.Authority, discoveryDocument.TokenEndpoint))
             {
                 Content = new FormUrlEncodedContent(properties)
             };