Change IP Address from string to IPAddress type.

Author: mikernet

Source/Singulink.Net.Http.Api.Service/HttpContextExtensions.cs

@@ -1,10 +1,34 @@
+using System.Collections.Concurrent;
+using System.Reflection;
+
 namespace Singulink.Net.Http.Api.Service;
 
 /// <summary>
 /// Extension methods for <see cref="HttpContext"/>.
 /// </summary>
 public static class HttpContextExtensions
 {
+    private static readonly ConcurrentDictionary<ParameterInfo, (bool IsRequired, SessionAccessOptions Options)> _bindSessionTokenParamCache = [];
+
+    /// <summary>
+    /// Binds a session token from the HTTP context based on the parameter's nullability and attributes.
+    /// </summary>
+    public static async ValueTask<TSessionToken?> BindSessionTokenAsync<TSessionToken>(this HttpContext httpContext, ParameterInfo parameter)
+        where TSessionToken : class, ISessionToken
+    {
+        var (isRequired, options) = _bindSessionTokenParamCache.GetOrAdd(parameter, p =>
+        {
+            var nullabilityInfo = new NullabilityInfoContext().Create(parameter);
+
+            var sessionAccessAttr = p.GetCustomAttribute<SessionAccessAttribute>();
+            return (nullabilityInfo.WriteState is NullabilityState.NotNull, sessionAccessAttr?.Options ?? default);
+        });
+
+        return isRequired ?
+            await httpContext.GetRequiredSessionTokenAsync<TSessionToken>(options) :
+            await httpContext.GetSessionTokenAsync<TSessionToken>(options);
+    }
+
     /// <summary>
     /// Gets the session context from the HTTP context.
     /// </summary>

Source/Singulink.Net.Http.Api.Service/HttpSessionContext.cs

@@ -181,7 +181,7 @@ public override async ValueTask<TSessionToken> GetRequiredTokenAsync(SessionAcce
     /// <inheritdoc/>
     public override async Task<TSessionToken> SignInAsync(bool persistent, Func<SignInInfo, Task<TSessionToken>> createSessionFunc)
     {
-        var signInInfo = new SignInInfo(Device, IpAddressString, persistent ? _options.PersistentSessionExpiry : _options.TempSessionExpiry, persistent);
+        var signInInfo = new SignInInfo(Device, IpAddress, persistent ? _options.PersistentSessionExpiry : _options.TempSessionExpiry, persistent);
         var token = await createSessionFunc(signInInfo);
 
         // TODO: Clear token? Cache on HTTP context (here and in GetTokenAsync)?
@@ -271,7 +271,7 @@ private void ValidateUserIdPreconditionHeader(TSessionToken sessionToken, bool o
             if (sessionData.Generation != sessionToken.Generation + 1 ||
                 timeSinceDataRefresh > _options.MultipleRefreshGracePeriod ||
                 sessionData.Device != Device ||
-                sessionData.IpAddress != IpAddressString)
+                !Equals(sessionData.IpAddress, IpAddress))
             {
                 // Remove session as it may have been compromised.
 
@@ -284,7 +284,7 @@ private void ValidateUserIdPreconditionHeader(TSessionToken sessionToken, bool o
             var utcNow = DateTime.UtcNow;
 
             sessionData.Device = Device;
-            sessionData.IpAddress = IpAddressString;
+            sessionData.IpAddress = IpAddress;
             sessionData.RefreshedUtc = utcNow;
             sessionData.ValidFor = sessionData.IsPersistent ? _options.PersistentSessionExpiry : _options.TempSessionExpiry;
 

Source/Singulink.Net.Http.Api.Service/SessionAccessAttribute.cs

@@ -0,0 +1,22 @@
+namespace Singulink.Net.Http.Api.Service;
+
+/// <summary>
+/// Attribute for configuring options when binding session tokens from HTTP contexts.
+/// </summary>
+[AttributeUsage(AttributeTargets.Parameter, Inherited = false, AllowMultiple = false)]
+public class SessionAccessAttribute : Attribute
+{
+    /// <summary>
+    /// Gets options for configuring session access behavior.
+    /// </summary>
+    public SessionAccessOptions Options { get; }
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="SessionAccessAttribute"/> class.
+    /// </summary>
+    /// <param name="options">Options for configuring session access behavior.</param>
+    public SessionAccessAttribute(SessionAccessOptions options)
+    {
+        Options = options;
+    }
+}

Source/Singulink.Net.Http.Api.Service/SessionContext.cs

@@ -20,11 +20,6 @@ public abstract class SessionContext<TSessionToken> : IBindableFromHttpContext<S
     /// </summary>
     public abstract IPAddress? IpAddress { get; }
 
-    /// <summary>
-    /// Gets the IP address of the current request as a string. If the IP address cannot be determined, returns "Unknown".
-    /// </summary>
-    public string IpAddressString => field ??= IpAddress?.ToString() ?? "Unknown";
-
     /// <summary>
     /// Gets the session token from the current request. If the user is not signed in, throws an <see cref="UnauthorizedApiException"/>.
     /// </summary>

Source/Singulink.Net.Http.Api.Service/SignInInfo.cs

@@ -1,11 +1,13 @@
+using System.Net;
+
 namespace Singulink.Net.Http.Api.Service;
 
 /// <summary>
 /// Contains information about a sign-in request, such as device info, IP address, session expiry, and persistence.
 /// </summary>
 public class SignInInfo
 {
-    internal SignInInfo(string device, string ipAddress, TimeSpan sessionExpiry, bool persistent)
+    internal SignInInfo(string device, IPAddress? ipAddress, TimeSpan sessionExpiry, bool persistent)
     {
         Device = device;
         IpAddress = ipAddress;
@@ -21,7 +23,7 @@ internal SignInInfo(string device, string ipAddress, TimeSpan sessionExpiry, boo
     /// <summary>
     /// Gets the IP address of the device making the sign-in request.
     /// </summary>
-    public string IpAddress { get; }
+    public IPAddress? IpAddress { get; }
 
     /// <summary>
     /// Gets the duration after which the session will expire.

Source/Singulink.Net.Http.Api/ISessionData.cs

@@ -1,3 +1,5 @@
+using System.Net;
+
 namespace Singulink.Net.Http.Api;
 
 /// <summary>
@@ -13,7 +15,7 @@ public interface ISessionData : ISessionTokenRefreshInfo
     /// <summary>
     /// Gets or sets the last IP address associated with the session.
     /// </summary>
-    string IpAddress { get; set; }
+    IPAddress? IpAddress { get; set; }
 
     /// <summary>
     /// Gets or sets the date and time when the session was last refreshed (in UTC).