CGNICO/UnrealEngine
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c11d382a6f0acddb0bc1e95ab9bc5f8fc3570b55
UnrealEngine/Engine/Source/Programs/Horde/HordeServer.Shared/Acls/IAclService.cs
Jeffreytsai1004 c11d382a6f ue5-main
2025-05-18 13:04:45 +08:00

58 lines
2.5 KiB
C#
Raw Blame History

// Copyright Epic Games, Inc. All Rights Reserved.
using System.Diagnostics.CodeAnalysis;
using System.Security.Claims;
using EpicGames.Horde.Acls;
namespace HordeServer.Acls
{
/// <summary>
/// Functionality for manipulating ACLs
/// </summary>
public interface IAclService
{
/// <summary>
/// Issues a bearer token with the given roles
/// </summary>
/// <param name="claims">List of claims to include</param>
/// <param name="expiry">Time that the token expires</param>
/// <param name="cancellationToken">Cancellation token for the operation</param>
/// <returns>JWT security token with a claim for creating new agents</returns>
ValueTask<string> IssueBearerTokenAsync(IEnumerable<Claim> claims, TimeSpan? expiry, CancellationToken cancellationToken = default);
/// <summary>
/// Finds an ACL scope by name
/// </summary>
/// <param name="scopeName">Name of the scope to auth against</param>
/// <param name="scopeConfig">Configuration for the scope</param>
bool TryGetAclScope(AclScopeName scopeName, [NotNullWhen(true)] out AclConfig? scopeConfig);
}
/// <summary>
/// Extension methods for <see cref="IAclService"/>
/// </summary>
public static class AclServiceExtensions
{
/// <summary>
/// Authorizes a user to perform a given action
/// </summary>
/// <param name="aclService">Instance of the ACL service</param>
/// <param name="scopeName">Name of the scope to auth against</param>
/// <param name="action">The action being performed</param>
/// <param name="user">The principal to validate</param>
public static bool Authorize(this IAclService aclService, AclScopeName scopeName, AclAction action, ClaimsPrincipal user)
=> aclService.TryGetAclScope(scopeName, out AclConfig? scopeConfig) && scopeConfig.Authorize(action, user);
/// <summary>
/// Issues a bearer token with the given roles
/// </summary>
/// <param name="aclService">Instance of the ACL service</param>
/// <param name="claims">List of claims to include</param>
/// <param name="expiry">Time that the token expires</param>
/// <param name="cancellationToken">Cancellation token for the operation</param>
/// <returns>JWT security token with a claim for creating new agents</returns>
public static async ValueTask<string> IssueBearerTokenAsync(this IAclService aclService, IEnumerable<AclClaimConfig> claims, TimeSpan? expiry, CancellationToken cancellationToken = default)
=> await aclService.IssueBearerTokenAsync(claims.Select(x => new Claim(x.Type, x.Value)), expiry, cancellationToken);
}
}
Reference in New Issue View Git Blame Copy Permalink