69e29d4f6d
The Altcha authorization check, plugged into the ICommandAuthorizationCheck / IQueryAuthorizationCheck seam. Behavior - Self-applies: returns Allowed for any request whose type isn't decorated with [Altcha]. No-op for the 99% of endpoints that don't need PoW. - Reads ctx.Items["mobile_attested"] for Phase 3 bypass when the attribute's AllowMobileAttestationBypass is true. - Pulls the solution off the request via IHasAltchaSolution and delegates verification to IAltchaVerifier (resolved per-call from the request scope, so any verifier lifetime works). - Stashes a diagnostic reason in ctx.Items["altcha_reason"] (missing / misconfigured / invalid / replayed / expired / etc.) for downstream middleware to surface in error responses. - Singleton itself — stateless; one instance shared via factory registrations under both check interfaces. AddSvrntyAltcha() registers the check. The verifier is provided by a transport-specific module (e.g. Svrnty.CQRS.Altcha.Grpc, next). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| AltchaAuthorizationCheck.cs | ||
| ServiceCollectionExtensions.cs | ||
| Svrnty.CQRS.Altcha.csproj | ||