svrnty/dotnet-cqrs
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity

Add authorization checks to gRPC service implementations
All checks were successful
Publish NuGets / build (release) Successful in 44s
Details

Browse Source 
- Add ICommandAuthorizationService check to CommandServiceImpl
- Add IQueryAuthorizationService check to QueryServiceImpl
- Add IQueryAuthorizationService check to DynamicQueryServiceImpl
- Return Unauthenticated/PermissionDenied gRPC status codes
- Use global:: prefix for Grpc.Core namespace to avoid conflicts

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
David Nguyen 2026-01-21 14:18:07 -05:00
parent 201768e716
commit 18f81a28e8
Signed by: david.nguyen
GPG Key ID: D5FB5A5715829326
1 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
Svrnty.CQRS.Grpc.Generators/GrpcGenerator.cs
View File

@ -2291,6 +2291,7 @@ namespace Svrnty.CQRS.Grpc.Generators
sb.AppendLine("using Google.Protobuf.WellKnownTypes;");
sb.AppendLine($"using {rootNamespace}.Grpc;");
sb.AppendLine("using Svrnty.CQRS.Abstractions;");
sb.AppendLine("using Svrnty.CQRS.Abstractions.Security;");
sb.AppendLine();
sb.AppendLine($"namespace {rootNamespace}.Grpc.Services");
@ -2321,6 +2322,17 @@ namespace Svrnty.CQRS.Grpc.Generators
sb.AppendLine(" using var scope = _scopeFactory.CreateScope();");
sb.AppendLine(" var serviceProvider = scope.ServiceProvider;");
sb.AppendLine();
sb.AppendLine(" // Authorization check");
sb.AppendLine($" var authorizationService = serviceProvider.GetService<ICommandAuthorizationService>();");
sb.AppendLine(" if (authorizationService != null)");
sb.AppendLine(" {");
sb.AppendLine($" var authResult = await authorizationService.IsAllowedAsync(typeof({command.FullyQualifiedName}), context.CancellationToken);");
sb.AppendLine(" if (authResult == AuthorizationResult.Unauthorized)");
sb.AppendLine(" throw new RpcException(new global::Grpc.Core.Status(global::Grpc.Core.StatusCode.Unauthenticated, \"Unauthorized\"));");
sb.AppendLine(" if (authResult == AuthorizationResult.Forbidden)");
sb.AppendLine(" throw new RpcException(new global::Grpc.Core.Status(global::Grpc.Core.StatusCode.PermissionDenied, \"Forbidden\"));");
sb.AppendLine(" }");
sb.AppendLine();
sb.AppendLine($" var command = new {command.FullyQualifiedName}");
sb.AppendLine(" {");
foreach (var prop in command.Properties)
@ -2425,6 +2437,7 @@ namespace Svrnty.CQRS.Grpc.Generators
sb.AppendLine("using Microsoft.Extensions.DependencyInjection;");
sb.AppendLine($"using {rootNamespace}.Grpc;");
sb.AppendLine("using Svrnty.CQRS.Abstractions;");
sb.AppendLine("using Svrnty.CQRS.Abstractions.Security;");
sb.AppendLine();
sb.AppendLine($"namespace {rootNamespace}.Grpc.Services");
@ -2455,6 +2468,17 @@ namespace Svrnty.CQRS.Grpc.Generators
sb.AppendLine(" using var scope = _scopeFactory.CreateScope();");
sb.AppendLine(" var serviceProvider = scope.ServiceProvider;");
sb.AppendLine();
sb.AppendLine(" // Authorization check");
sb.AppendLine($" var authorizationService = serviceProvider.GetService<IQueryAuthorizationService>();");
sb.AppendLine(" if (authorizationService != null)");
sb.AppendLine(" {");
sb.AppendLine($" var authResult = await authorizationService.IsAllowedAsync(typeof({query.FullyQualifiedName}), context.CancellationToken);");
sb.AppendLine(" if (authResult == AuthorizationResult.Unauthorized)");
sb.AppendLine(" throw new RpcException(new global::Grpc.Core.Status(global::Grpc.Core.StatusCode.Unauthenticated, \"Unauthorized\"));");
sb.AppendLine(" if (authResult == AuthorizationResult.Forbidden)");
sb.AppendLine(" throw new RpcException(new global::Grpc.Core.Status(global::Grpc.Core.StatusCode.PermissionDenied, \"Forbidden\"));");
sb.AppendLine(" }");
sb.AppendLine();
sb.AppendLine($" var handler = serviceProvider.GetRequiredService<{query.HandlerInterfaceName}>();");
sb.AppendLine($" var query = new {query.FullyQualifiedName}");
sb.AppendLine(" {");
@ -2736,6 +2760,7 @@ namespace Svrnty.CQRS.Grpc.Generators
sb.AppendLine("using Microsoft.Extensions.DependencyInjection;");
sb.AppendLine($"using {rootNamespace}.Grpc;");
sb.AppendLine("using Svrnty.CQRS.Abstractions;");
sb.AppendLine("using Svrnty.CQRS.Abstractions.Security;");
sb.AppendLine("using Svrnty.CQRS.DynamicQuery.Abstractions;");
sb.AppendLine("using PoweredSoft.DynamicQuery.Core;");
sb.AppendLine();
@ -2768,6 +2793,17 @@ namespace Svrnty.CQRS.Grpc.Generators
sb.AppendLine(" using var scope = _scopeFactory.CreateScope();");
sb.AppendLine(" var serviceProvider = scope.ServiceProvider;");
sb.AppendLine();
sb.AppendLine(" // Authorization check");
sb.AppendLine($" var authorizationService = serviceProvider.GetService<IQueryAuthorizationService>();");
sb.AppendLine(" if (authorizationService != null)");
sb.AppendLine(" {");
sb.AppendLine($" var authResult = await authorizationService.IsAllowedAsync(typeof({dynamicQuery.QueryInterfaceName}), context.CancellationToken);");
sb.AppendLine(" if (authResult == AuthorizationResult.Unauthorized)");
sb.AppendLine(" throw new RpcException(new global::Grpc.Core.Status(global::Grpc.Core.StatusCode.Unauthenticated, \"Unauthorized\"));");
sb.AppendLine(" if (authResult == AuthorizationResult.Forbidden)");
sb.AppendLine(" throw new RpcException(new global::Grpc.Core.Status(global::Grpc.Core.StatusCode.PermissionDenied, \"Forbidden\"));");
sb.AppendLine(" }");
sb.AppendLine();
// Build the dynamic query object
if (dynamicQuery.HasParams)