svrnty/dotnet-cqrs
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity
ede9548cba
dotnet-cqrs/Svrnty.CQRS.Altcha.Abstractions/AltchaAttribute.cs
Mathias Beaulieu-Duncan 118d12a3db feat(altcha): add Svrnty.CQRS.Altcha.Abstractions package 
Abstractions for the Altcha-based proof-of-work module:
- AltchaAttribute (AllowMobileAttestationBypass param)
- IHasAltchaSolution — marker interface for request POCOs carrying
  the widget's solution payload over HTTP/gRPC transports
- IAltchaVerifier / IAltchaChallengeProvider — transport-agnostic
  interfaces; default gRPC implementations ship in Svrnty.CQRS.Altcha.Grpc
- IMobileAttestationProvider — Phase 3 placeholder; concrete impls
  stamp ctx.Items["mobile_attested"] for the Altcha check to read as
  a bypass when AllowMobileAttestationBypass is true
- AltchaChallenge / AltchaVerifyResult DTOs

Lean dependencies — only references Svrnty.CQRS.Abstractions for the
auth-check pipeline types.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 16:22:33 -04:00

28 lines
1.3 KiB
C#
Raw Blame History

namespace Svrnty.CQRS.Altcha.Abstractions;
/// <summary>
/// Marks a command or query as requiring proof-of-work (or equivalent
/// anti-abuse evidence) before the framework will dispatch it to the handler.
/// </summary>
/// <remarks>
/// The accompanying request type should implement <see cref="IHasAltchaSolution"/>
/// to carry the widget's solution payload. The framework's Altcha
/// authorization check (registered via <c>AddSvrntyAltcha()</c>) reads the
/// solution off the request and calls the configured <see cref="IAltchaVerifier"/>.
/// </remarks>
[AttributeUsage(AttributeTargets.Class, AllowMultiple = false, Inherited = false)]
public sealed class AltchaAttribute : Attribute
{
/// <summary>
/// When <c>true</c> (default), a valid mobile-attestation token on the
/// request satisfies the requirement without needing a proof-of-work
/// solution. The Altcha check reads
/// <see cref="Svrnty.CQRS.Abstractions.Security.AuthorizationCheckContext.Items"/>[<c>"mobile_attested"</c>]
/// — when stamped <c>true</c> by an earlier check (e.g. an Apple
/// App Attest / Play Integrity verifier), the PoW check is skipped.
/// Set to <c>false</c> on commands where PoW must always run regardless
/// of caller.
/// </summary>
public bool AllowMobileAttestationBypass { get; set; } = true;
}
Reference in New Issue View Git Blame Copy Permalink