Account flags

NostrStreamer/NostrAuth.cs

@@ -2,16 +2,19 @@ using System.Security.Claims;
 using System.Text;
 using System.Text.Encodings.Web;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Options;
 using Newtonsoft.Json;
 using Nostr.Client.Json;
 using Nostr.Client.Messages;
+using NostrStreamer.Database;
 
 namespace NostrStreamer;
 
 public static class NostrAuth
 {
     public const string Scheme = "Nostr";
+    public const string RoleAdmin = "admin";
 }
 
 public class NostrAuthOptions : AuthenticationSchemeOptions
@@ -20,9 +23,12 @@ public class NostrAuthOptions : AuthenticationSchemeOptions
 
 public class NostrAuthHandler : AuthenticationHandler<NostrAuthOptions>
 {
-    public NostrAuthHandler(IOptionsMonitor<NostrAuthOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) :
-        base(options, logger, encoder, clock)
+    private readonly StreamerContext _db;
+    public NostrAuthHandler(IOptionsMonitor<NostrAuthOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock,
+        StreamerContext db)
+        : base(options, logger, encoder, clock)
     {
+        _db = db;
     }
 
     protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
@@ -69,14 +75,14 @@ public class NostrAuthHandler : AuthenticationHandler<NostrAuthOptions>
 
         var urlTag = ev.Tags!.FirstOrDefault(a => a.TagIdentifier == "u");
         var methodTag = ev.Tags!.FirstOrDefault(a => a.TagIdentifier == "method");
-        if (string.IsNullOrEmpty(urlTag?.AdditionalData[0] as string) ||
-            !new Uri((urlTag.AdditionalData[0] as string)!).AbsolutePath.Equals(Request.Path, StringComparison.InvariantCultureIgnoreCase))
+        if (string.IsNullOrEmpty(urlTag?.AdditionalData[0]) ||
+            !new Uri(urlTag.AdditionalData[0]).AbsolutePath.Equals(Request.Path, StringComparison.InvariantCultureIgnoreCase))
         {
             return AuthenticateResult.Fail("Invalid nostr event, url tag invalid");
         }
 
-        if (string.IsNullOrEmpty(methodTag?.AdditionalData[0] as string) ||
-            !((methodTag.AdditionalData[0] as string)?.Equals(Request.Method, StringComparison.InvariantCultureIgnoreCase) ?? false))
+        if (string.IsNullOrEmpty(methodTag?.AdditionalData[0]) ||
+            !methodTag.AdditionalData[0].Equals(Request.Method, StringComparison.InvariantCultureIgnoreCase))
         {
             return AuthenticateResult.Fail("Invalid nostr event, method tag invalid");
         }
@@ -86,6 +92,15 @@ public class NostrAuthHandler : AuthenticationHandler<NostrAuthOptions>
             new Claim(ClaimTypes.Name, ev.Pubkey!)
         });
 
+        var user = await _db.Users
+            .AsNoTracking()
+            .SingleOrDefaultAsync(a => a.PubKey == ev.Pubkey!);
+
+        if (user is {IsAdmin: true})
+        {
+            principal.AddClaim(new Claim(ClaimTypes.Role, NostrAuth.RoleAdmin));
+        }
+
         return AuthenticateResult.Success(new(new ClaimsPrincipal(new[] {principal}), Scheme.Name));
     }
 }