Initial import into Gitea
This commit is contained in:
Grae Jones
@@ -1,60 +1,37 @@
|
||||
namespace Gateway.Security;
|
||||
|
||||
/// <summary>
|
||||
/// Holds authenticated client information for the current request.
|
||||
/// Populated by ClientAuthMiddleware.
|
||||
/// Holds authenticated identity information for the current request.
|
||||
/// Populated by MultiProviderAuthMiddleware.
|
||||
/// </summary>
|
||||
public sealed class ClientContext
|
||||
{
|
||||
/// <summary>
|
||||
/// Session ID from session-based auth.
|
||||
/// </summary>
|
||||
public string? SessionId { get; set; }
|
||||
public string? SessionId { get; set; }
|
||||
public string? ClientId { get; set; } // OID (JWT) or platform client ID (session)
|
||||
public string? TenantId { get; set; }
|
||||
public string? ClientName { get; set; }
|
||||
public string? ClientCategory { get; set; }
|
||||
public string? UserId { get; set; }
|
||||
public string? Email { get; set; }
|
||||
public string? Role { get; set; }
|
||||
public bool IsDevBypass { get; set; }
|
||||
public string? AuthProvider { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// The authenticated client ID (from session, JWT sub claim, or dev header).
|
||||
/// This identifies the client/organization in our platform.
|
||||
/// Raw Entra Object ID (oid claim) — always set for Microsoft tokens.
|
||||
/// Used for identity and activity logging. Distinct from ClientId which may fall
|
||||
/// back to sub for tokens where oid isn't surfaced as a named claim.
|
||||
/// </summary>
|
||||
public string? ClientId { get; set; }
|
||||
public string? EntraOid { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Optional tenant ID for the ad platform (e.g., Google Ads customer ID).
|
||||
/// May be derived from ClientId mapping or passed in request.
|
||||
/// True when the token was issued by the standard Entra (staff) tenant.
|
||||
/// </summary>
|
||||
public string? TenantId { get; set; }
|
||||
public bool IsStaff { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Display name from token or session (if available).
|
||||
/// </summary>
|
||||
public string? ClientName { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// User ID from session (if using session auth).
|
||||
/// </summary>
|
||||
public string? UserId { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Email from token or session (if available).
|
||||
/// </summary>
|
||||
public string? Email { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// User role from session (admin, user, readonly).
|
||||
/// </summary>
|
||||
public string? Role { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Whether this request was authenticated via dev bypass (vs real auth).
|
||||
/// </summary>
|
||||
public bool IsDevBypass { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// The authentication provider used (microsoft, google, etc.)
|
||||
/// </summary>
|
||||
public string? AuthProvider { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// True if we have a valid ClientId.
|
||||
/// </summary>
|
||||
/// <summary>True if we have a valid ClientId.</summary>
|
||||
public bool IsAuthenticated => !string.IsNullOrWhiteSpace(ClientId);
|
||||
|
||||
/// <summary>True if this is an admin session (IsStaff + Role set).</summary>
|
||||
public bool IsAdmin => IsStaff && !string.IsNullOrWhiteSpace(Role);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user