Add bindings for csharp modules to use JWT claims (#3414)

# Description of Changes

This exposes JWT claims for csharp modules, similar to how they are
exposed to rust modules in
#3288.

This adds the new types `AuthCtx` and `JwtClaims`, and adds an `AuthCtx`
to the `ReducerContext`.

`AuthCtx` represents the credentials associated with the request, and
`JwtClaims` represents a jwt token.

One difference from the rust version is that I didn't create helpers to
build an `AuthCtx` from a jwt payload. The reason is that we would need
to be able to compute the identity from the payload claims, which
requires a blake3 hash implementation. The first two c# libraries I
found had issues at runtime
([Blake3](https://www.nuget.org/packages/Blake3) is wrapping a rust
implementation, and
[HashifyNet](https://github.com/Deskasoft/HashifyNET/tree/main/HashifyNet/Algorithms/Blake3)
seems to be broken by our trimming because it uses reflection heavily).
I can look into taking the implementation from `HashifyNet`, since it is
MIT licensed, but I don't think we need to block merging on that.

# API and ABI breaking changes

This adds the new types `AuthCtx` and `JwtClaims`, and adds an `AuthCtx`
to the `ReducerContext`.

This also adds a csharp wrapper for the get_jwt ABI function added in
#3288.

# Expected complexity level and risk

2.

# Testing

This has a very minimal unit test of JwtClaims.

I manually tested using this locally with the csharp quickstart, and I
was able to print jwt tokens inside the module.

Author: jsdt

crates/bindings-csharp/Codegen.Tests/fixtures/diag/snapshots/Module#FFI.verified.cs

@@ -14,6 +14,7 @@ public sealed record ReducerContext : DbContext<Local>, Internal.IReducerContext
         public readonly ConnectionId? ConnectionId;
         public readonly Random Rng;
         public readonly Timestamp Timestamp;
+        public readonly AuthCtx AuthCtx;
 
         // We need this property to be non-static for parity with client SDK.
         public Identity Identity => Internal.IReducerContext.GetIdentity();
@@ -29,6 +30,7 @@ Timestamp time
             ConnectionId = connectionId;
             Rng = random;
             Timestamp = time;
+            AuthCtx = AuthCtx.BuildFromSystemTables(connectionId, identity);
         }
     }
 

crates/bindings-csharp/Codegen.Tests/fixtures/server/snapshots/Module#FFI.verified.cs

@@ -1111,6 +1111,7 @@ public sealed record ReducerContext : DbContext<Local>, Internal.IReducerContext
                             public readonly ConnectionId? ConnectionId;
                             public readonly Random Rng;
                             public readonly Timestamp Timestamp;
+                            public readonly AuthCtx AuthCtx;
 
                             // We need this property to be non-static for parity with client SDK.
                             public Identity Identity => Internal.IReducerContext.GetIdentity();
@@ -1120,6 +1121,7 @@ internal ReducerContext(Identity identity, ConnectionId? connectionId, Random ra
                                 ConnectionId = connectionId;
                                 Rng = random;
                                 Timestamp = time;
+                                AuthCtx = AuthCtx.BuildFromSystemTables(connectionId, identity);
                             }
                         }
 

crates/bindings-csharp/Codegen/Module.cs

@@ -0,0 +1,18 @@
+namespace Runtime.Tests;
+
+using SpacetimeDB;
+
+public class JwtClaimsTest
+{
+    [Fact]
+    public void TestSubject()
+    {
+        var jwt = new JwtClaims(
+            "{\"sub\":\"123\",\"name\":\"John Doe\",\"iss\":\"example.com\"}",
+            Identity.FromHexString(
+                "c200ef884364c1a99be0298dc68f2004e6b97c09d1b1658b7db22f51fb662059"
+            )
+        );
+        Assert.Equal("123", jwt.Subject);
+    }
+}

crates/bindings-csharp/Runtime.Tests/JwtClaimsTest.cs

@@ -0,0 +1,27 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+
+    <IsPackable>false</IsPackable>
+    <IsTestProject>true</IsTestProject>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="coverlet.collector" Version="6.0.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+    <PackageReference Include="xunit" Version="2.5.3" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.3" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Using Include="Xunit" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Runtime\Runtime.csproj" />
+  </ItemGroup>
+
+</Project>

crates/bindings-csharp/Runtime.Tests/Runtime.Tests.csproj

@@ -0,0 +1,88 @@
+namespace SpacetimeDB;
+
+using System;
+
+public sealed class AuthCtx
+{
+    private readonly bool _isInternal;
+    private readonly Lazy<JwtClaims?> _jwtLazy;
+
+    private AuthCtx(bool isInternal, Func<JwtClaims?> jwtFactory)
+    {
+        _isInternal = isInternal;
+        _jwtLazy = new Lazy<JwtClaims?>(() => jwtFactory?.Invoke());
+    }
+
+    /// <summary>
+    /// Create an AuthCtx for an internal call, with no JWT.
+    /// </summary>
+    private static AuthCtx Internal()
+    {
+        return new AuthCtx(isInternal: true, jwtFactory: () => null);
+    }
+
+    /// <summary>
+    /// Create an AuthCtx by looking up the credentials for a connection id in system tables.
+    ///
+    /// Ideally this would not be part of the public API.
+    /// This should only be called inside of a reducer.
+    /// </summary>
+    public static AuthCtx BuildFromSystemTables(ConnectionId? connectionId, Identity identity)
+    {
+        if (connectionId == null)
+        {
+            return Internal();
+        }
+        return FromConnectionId(connectionId.Value, identity);
+    }
+
+    /// <summary>
+    /// Create an AuthCtx that reads JWT for a given connection ID.
+    /// </summary>
+    private static AuthCtx FromConnectionId(ConnectionId connectionId, Identity identity)
+    {
+        return new AuthCtx(
+            isInternal: false,
+            jwtFactory: () =>
+            {
+                var result = SpacetimeDB.Internal.FFI.get_jwt(ref connectionId, out var source);
+                SpacetimeDB.Internal.FFI.CheckedStatus.Marshaller.ConvertToManaged(result);
+                var bytes = SpacetimeDB.Internal.Module.Consume(source);
+                if (bytes == null || bytes.Length == 0)
+                {
+                    return null;
+                }
+                var jwt = System.Text.Encoding.UTF8.GetString(bytes);
+                return jwt != null ? new JwtClaims(jwt, identity) : null;
+            }
+        );
+    }
+
+    /// <summary>
+    /// True if this reducer was spawned from inside the database.
+    /// </summary>
+    public bool IsInternal => _isInternal;
+
+    /// <summary>
+    /// Check if there is a JWT present.
+    /// If IsInternal is true, this will be false.
+    /// </summary>
+    public bool HasJwt
+    {
+        get
+        {
+            if (_isInternal)
+            {
+                return false;
+            }
+
+            // At this point we do load the bytes.
+            return _jwtLazy.Value != null;
+        }
+    }
+
+    /// <summary>
+    /// Load and get the JwtClaims.
+    /// </summary>
+    public JwtClaims? Jwt => _jwtLazy.Value;
+}

crates/bindings-csharp/Runtime/AuthCtx.cs

@@ -61,6 +61,14 @@ internal static partial class FFI
 #endif
     ;
 
+    const string StdbNamespace10_2 =
+#if EXPERIMENTAL_WASM_AOT
+        "spacetime_10.2"
+#else
+        "bindings"
+#endif
+    ;
+
     [NativeMarshalling(typeof(Marshaller))]
     public struct CheckedStatus
     {
@@ -307,4 +315,7 @@ uint args_len
 
     [DllImport(StdbNamespace10_1)]
     public static extern Errno bytes_source_remaining_length(BytesSource source, ref uint len);
+
+    [DllImport(StdbNamespace10_2)]
+    public static extern Errno get_jwt(ref ConnectionId connectionId, out BytesSource source);
 }

crates/bindings-csharp/Runtime/Internal/FFI.cs

@@ -123,7 +123,7 @@ public static void RegisterClientVisibilityFilter(Filter rlsFilter)
     public static void RegisterTableDefaultValue(string table, ushort colId, byte[] value) =>
         moduleDef.RegisterTableDefaultValue(table, colId, value);
 
-    private static byte[] Consume(this BytesSource source)
+    public static byte[] Consume(this BytesSource source)
     {
         if (source == BytesSource.INVALID)
         {

crates/bindings-csharp/Runtime/Internal/Module.cs

@@ -0,0 +1,88 @@
+namespace SpacetimeDB;
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text.Json;
+
+public sealed class JwtClaims
+{
+    private readonly string _payload;
+    private readonly Lazy<JsonDocument> _parsed;
+    private readonly Lazy<List<string>> _audience;
+
+    public Identity Identity { get; }
+
+    /// <summary>
+    /// Create a JwtClaims from a raw JWT payload (JSON claims) and its associated Identity.
+    ///
+    /// This only takes an Identity because the Blake3 hash package on nuget wraps rust code.
+    /// We should not expose this constructor publicly, but it is needed for AuthCtx.
+    /// </summary>
+    internal JwtClaims(string jwt, Identity identity)
+    {
+        _payload = jwt ?? throw new ArgumentNullException(nameof(jwt));
+        _parsed = new Lazy<JsonDocument>(() => JsonDocument.Parse(_payload));
+        _audience = new Lazy<List<string>>(ExtractAudience);
+        Identity = identity;
+    }
+
+    private JsonDocument Parsed => _parsed.Value;
+
+    private JsonElement RootElement => Parsed.RootElement;
+
+    public string Subject
+    {
+        get
+        {
+            if (
+                RootElement.TryGetProperty("sub", out var sub)
+                && sub.ValueKind == JsonValueKind.String
+            )
+            {
+                return sub.GetString()!;
+            }
+
+            throw new InvalidOperationException("JWT missing or invalid 'sub' claim");
+        }
+    }
+
+    public string Issuer
+    {
+        get
+        {
+            if (
+                RootElement.TryGetProperty("iss", out var iss)
+                && iss.ValueKind == JsonValueKind.String
+            )
+            {
+                return iss.GetString()!;
+            }
+
+            throw new InvalidOperationException("JWT missing or invalid 'iss' claim");
+        }
+    }
+
+    private List<string> ExtractAudience()
+    {
+        if (!RootElement.TryGetProperty("aud", out var aud))
+        {
+            throw new InvalidOperationException("JWT missing 'aud' claim");
+        }
+
+        return aud.ValueKind switch
+        {
+            JsonValueKind.String => new List<string> { aud.GetString()! },
+            JsonValueKind.Array => aud.EnumerateArray()
+                .Where(e => e.ValueKind == JsonValueKind.String)
+                .Select(e => e.GetString()!)
+                .ToList(),
+            _ => throw new InvalidOperationException("Unexpected type for 'aud' claim in JWT"),
+        };
+    }
+
+    public IReadOnlyList<string> Audience => _audience.Value;
+
+    // TODO: Should this be exposed as a JsonDocument, since that it in the stdlib?
+    public string RawPayload => _payload;
+}

crates/bindings-csharp/Runtime/JwtClaims.cs

@@ -104,6 +104,10 @@ IMPORT(void, identity, (void* id_ptr), (id_ptr));
 IMPORT(int16_t, bytes_source_remaining_length, (BytesSource source, uint32_t* out), (source, out));
 #undef SPACETIME_MODULE_VERSION
 
+#define SPACETIME_MODULE_VERSION "spacetime_10.2"
+IMPORT(int16_t, get_jwt, (const uint8_t* connection_id_ptr, BytesSource* bytes_ptr), (connection_id_ptr, bytes_ptr));
+#undef SPACETIME_MODULE_VERSION
+
 #ifndef EXPERIMENTAL_WASM_AOT
 static MonoClass* ffi_class;