Slopper

Name	Message	Date
📄 YouTubeAuthExtensions.cs	UI for YouTube upload	1 day ago
📄 YouTubeCredentialsProvider.cs	Upload to YouTube in a job	1 day ago
📄 YouTubeScopeAuthorizationHandler.cs	Upload the latest clip to YouTube	3 days ago
📄 YouTubeScopeRequirement.cs	Upload the latest clip to YouTube	3 days ago

📄 src/Api/YouTubeAuth/YouTubeAuthExtensions.cs

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85

using System.Threading.Tasks;
using Google.Apis.Auth.AspNetCore3;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Slopper.Infrastructure.YouTube;

namespace Slopper.Api.YouTubeAuth;

public static class YouTubeAuthExtensions
{
    extension(AuthenticationBuilder auth)
    {
        public AuthenticationBuilder AddYouTube()
        {
            auth.AddGoogleOpenIdConnect(
                GoogleOpenIdConnectDefaults.AuthenticationScheme,
                options =>
                {
                    options.CallbackPath = "/admin/redirect/youtube";
                    options.ResponseMode = OpenIdConnectResponseMode.Query;
                    options.TokenValidationParameters.NameClaimType = "name";
                    options.Events = new()
                    {
                        OnRedirectToIdentityProvider = context =>
                        {
                            if (context.Request.Headers.GetCommaSeparatedValues("Sec-Fetch-Mode") is ["navigate"])
                            {
                                return Task.CompletedTask;
                            }

                            context.Response.OnStarting(
                                static response =>
                                {
                                    ((HttpResponse)response).StatusCode = StatusCodes.Status403Forbidden;
                                    return Task.CompletedTask;
                                },
                                context.Response
                            );
                            return Task.CompletedTask;
                        },
                    };
                }
            );

            auth.Services.AddOptions<OpenIdConnectOptions>(GoogleOpenIdConnectDefaults.AuthenticationScheme)
                .BindConfiguration("YouTube");

            auth.Services.AddTransient<IAuthorizationHandler, YouTubeScopeAuthorizationHandler>();

            auth.Services.AddSingleton<YouTubeCredentialsProvider>();
            auth.Services.AddSingleton<IYouTubeCredentialsProvider>(sp =>
                sp.GetRequiredService<YouTubeCredentialsProvider>()
            );

            return auth;
        }
    }

    private const string YouTubePolicyName = "YouTube";

    extension(AuthorizationBuilder auth)
    {
        public AuthorizationBuilder AddYouTubePolicy() =>
            auth.AddPolicy(
                YouTubePolicyName,
                policy =>
                    policy
                        .AddAuthenticationSchemes(GoogleOpenIdConnectDefaults.AuthenticationScheme)
                        .RequireAuthenticatedUser()
                        .AddRequirements(new YouTubeScopeRequirement("https://www.googleapis.com/auth/youtube.upload"))
            );
    }

    extension<TBuilder>(TBuilder builder)
        where TBuilder : IEndpointConventionBuilder
    {
        public TBuilder RequireYouTubeAuthorization() => builder.RequireAuthorization(YouTubePolicyName);
    }
}