Add API authentication for user management

Protect user endpoints with a bearer-token authentication filter.
Generate and hash an initial API password on startup when the user UI is enabled.
Register the new authentication services, bump the app version to 1.6.0.0, and refresh bundled web assets.

Author: androidseb25

Controller/UsersController.cs

@@ -10,18 +10,20 @@ namespace iGotify_Notification_Assist.Controller;
 public class UsersController : ControllerBase
 {
     [HttpGet]
+    [ServiceFilter(typeof(AuthenticationFilter))]
     public async Task<IActionResult> GetAllUsers()
     {
         List<Users> userList = await DatabaseService.GetUsers();
         return Ok(new { Message = "Users successfully retrieved!", Data = userList });
     }
-    
+
     [HttpPatch]
+    [ServiceFilter(typeof(AuthenticationFilter))]
     public async Task<IActionResult> PatchUser([FromBody] Users? user)
     {
         if (user == null)
             return Ok(new { Message = "User Body is empty!" });
-        
+
         bool isUpdated = await DatabaseService.UpdateUser(user);
 
         if (isUpdated)
@@ -30,11 +32,12 @@ public async Task<IActionResult> PatchUser([FromBody] Users? user)
             GotifySocketService.KillAllWsThread();
             gss.Start();
         }
-        
+
         return Ok(new { Message = isUpdated ? "User successfully updated!" : "User didn't updated!" });
     }
-    
+
     [HttpDelete("{userId}")]
+    [ServiceFilter(typeof(AuthenticationFilter))]
     public async Task<IActionResult> DeleteUser(int userId)
     {
         bool isDeleted = false;
@@ -49,7 +52,7 @@ public async Task<IActionResult> DeleteUser(int userId)
             GotifySocketService.KillAllWsThread();
             gss.Start();
         }
-        
+
         return Ok(new { Message = isDeleted ? "User successfully deleted!" : "User didn't deleted!" });
     }
 }

Program.cs

@@ -20,6 +20,13 @@
     options.SerializerOptions.PropertyNamingPolicy = null; // Preserve exact casing
 });
 
+
+if (Environments.enableUserUi)
+{
+    builder.Services.AddSingleton<PasswordGenerator>();
+    builder.Services.AddScoped<AuthenticationFilter>();
+}
+
 builder.Services.AddSingleton(builder.Configuration);
 builder.Services.AddOpenApi();
 builder.Services.AddTransient<IStartupFilter, StartUpBuilder>();

Services/AuthenticationFilter.cs

@@ -0,0 +1,38 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace iGotify_Notification_Assist.Services;
+
+public class AuthenticationFilter : IAsyncActionFilter, IAsyncAuthorizationFilter
+{
+    private string? token = "";
+
+    public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
+    {
+        //Console.WriteLine(token);
+        await next();
+    }
+
+    public void OnActionExecuted(ActionExecutedContext context)
+    {
+        // our code after action executes
+    }
+
+    public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
+    {
+        var auth = context.HttpContext.Request.Headers.Authorization;
+
+        if (auth.ToString().Length > 0 && auth.ToString().Contains("Bearer"))
+        {
+            var cleared = auth.ToString().Replace("Bearer ", "");
+            token = cleared;
+            var result = PasswordGenerator.IsValid(token);
+            if (!result)
+                context.Result = new UnauthorizedResult();
+        }
+        else
+        {
+            context.Result = new UnauthorizedResult();
+        }
+    }
+}

Services/PasswordGenerator.cs

@@ -0,0 +1,48 @@
+using System.Security.Cryptography;
+using Microsoft.AspNetCore.Identity;
+
+namespace iGotify_Notification_Assist.Services;
+
+public class PasswordGenerator
+{
+    public static void EnsurePasswordExists()
+    {
+        var path = $"{GetLocationsOf.App}/data/secure";
+        //Create Database File
+        var passwordFile = Path.Combine(path, "api-password.hash");
+        Directory.CreateDirectory(Path.GetDirectoryName(passwordFile)!);
+        if (File.Exists(passwordFile))
+            return;
+
+        var password = GenerateSecurePassword();
+        var hasher = new PasswordHasher<string>();
+        var hash = hasher.HashPassword("api", password);
+        File.WriteAllText(passwordFile, hash);
+        AppLog.Info("PG", "====================================================");
+        AppLog.Info("PG", "Initial API password generated:");
+        AppLog.Info("PG", $"{password}");
+        AppLog.Info("PG", "Please save this password. It will not be shown again.");
+        AppLog.Info("PG", "====================================================");
+    }
+
+    public static bool IsValid(string password)
+    {
+        var path = $"{GetLocationsOf.App}/data/secure";
+        //Create Database File
+        var passwordFile = Path.Combine(path, "api-password.hash");
+        if (!File.Exists(passwordFile))
+            return false;
+
+        var hash = File.ReadAllText(passwordFile);
+        var hasher = new PasswordHasher<string>();
+        var result = hasher.VerifyHashedPassword("api", hash, password);
+        return result == PasswordVerificationResult.Success || result == PasswordVerificationResult.SuccessRehashNeeded;
+    }
+
+    private static string GenerateSecurePassword(int length = 32)
+    {
+        const string chars = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789!@$%_-";
+        var bytes = RandomNumberGenerator.GetBytes(length);
+        return new string(bytes.Select(b => chars[b % chars.Length]).ToArray());
+    }
+}

Services/StartUpBuilder.cs

@@ -6,6 +6,7 @@ public Action<IApplicationBuilder> Configure(Action<IApplicationBuilder> next)
     {
         return builder =>
         {
+            PasswordGenerator.EnsurePasswordExists();
             // Create GotifyInstance after starting of the API
             var gss = GotifySocketService.getInstance();
             gss.Init();

iGotify Notification Assist.csproj

@@ -6,9 +6,9 @@
         <ImplicitUsings>enable</ImplicitUsings>
         <InvariantGlobalization>true</InvariantGlobalization>
         <RootNamespace>iGotify_Notification_Assist</RootNamespace>
-        <AssemblyVersion>1.5.1.3</AssemblyVersion>
-        <FileVersion>1.5.1.3</FileVersion>
-        <Version>1.5.1.3</Version>
+        <AssemblyVersion>1.6.0.0</AssemblyVersion>
+        <FileVersion>1.6.0.0</FileVersion>
+        <Version>1.6.0.0</Version>
         <LangVersion>default</LangVersion>
     </PropertyGroup>