Adição de Politicas customizadas para OneBus

Adição de Politicas customizadas para Endpoints serem autorizados corretamente com a regra de negócio

Author: IseduardoRezende

OneBus.API/Auths/FeatureHandler.cs

@@ -0,0 +1,28 @@
+using Microsoft.AspNetCore.Authorization;
+using OneBus.Application.Interfaces.Services;
+using System.Security.Claims;
+
+namespace OneBus.API.Auths
+{
+    public class FeatureHandler : AuthorizationHandler<FeatureRequirement>
+    {
+        private readonly IUserTypeFeatureService _userTypeFeatureService;
+
+        public FeatureHandler(IUserTypeFeatureService userTypeFeatureService)
+        {
+            _userTypeFeatureService = userTypeFeatureService;
+        }
+
+        protected override async Task HandleRequirementAsync(
+            AuthorizationHandlerContext context, 
+            FeatureRequirement requirement)
+        {
+            var success = ulong.TryParse(context.User.FindFirst(ClaimTypes.NameIdentifier)?.Value, out ulong userId);
+
+            if (success && await _userTypeFeatureService.HasPermissionAsync(userId, requirement.FeatureCode))
+            {
+                context.Succeed(requirement);
+            }
+        }
+    }
+}

OneBus.API/Auths/FeatureRequirement.cs

@@ -0,0 +1,14 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace OneBus.API.Auths
+{
+    public class FeatureRequirement : IAuthorizationRequirement
+    {
+        public FeatureRequirement(string featureCode)
+        {
+            FeatureCode = featureCode;
+        }
+        
+        public string FeatureCode { get; }
+    }
+}

OneBus.API/Program.cs

@@ -1,18 +1,21 @@
 using System.Text;
 using OneBus.Infra.Ioc;
+using OneBus.API.Auths;
 using OneBus.API.Handlers;
 using OneBus.Domain.Settings;
+using OneBus.Domain.Constants;
 using Microsoft.OpenApi.Models;
 using OneBus.Infra.Data.DbContexts;
 using Microsoft.EntityFrameworkCore;
 using System.Text.Json.Serialization;
 using Microsoft.AspNetCore.Http.Json;
 using Microsoft.IdentityModel.Tokens;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 
 var builder = WebApplication.CreateBuilder(args);
 
-// Add services to the container.
+// Add services to the container:
 
 builder.Services
     .AddControllers()
@@ -47,7 +50,6 @@
 });
 
 // Add Options Pattern
-
 builder.Services
     .AddOptions<TokenSettings>()
     .BindConfiguration("TokenSettings");
@@ -143,6 +145,13 @@
 builder.Services.AddExceptionHandler<GlobalExceptionHandler>();
 builder.Services.AddProblemDetails();
 
+// Authorization settings
+builder.Services.AddAuthorizationBuilder()
+    .AddPolicy(PolicyConstants.UpdateUser, policy =>
+        policy.Requirements.Add(new FeatureRequirement(FeaturesCode.UpdateUserCode)));
+
+builder.Services.AddSingleton<IAuthorizationHandler, FeatureHandler>();
+
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 
@@ -162,7 +171,6 @@
 });
 
 // Add Rate Limiter configurations
-
 builder.Services.AddRateLimiter();
 
 builder.Services.AddCors(options => options.AddPolicy("*", builder =>