svrnty/dotnet-cqrs
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity
ede9548cba
dotnet-cqrs/Svrnty.CQRS.Altcha/ServiceCollectionExtensions.cs
Mathias Beaulieu-Duncan 69e29d4f6d feat(altcha): add Svrnty.CQRS.Altcha core check + DI 
The Altcha authorization check, plugged into the
ICommandAuthorizationCheck / IQueryAuthorizationCheck seam.

Behavior
- Self-applies: returns Allowed for any request whose type isn't
  decorated with [Altcha]. No-op for the 99% of endpoints that don't
  need PoW.
- Reads ctx.Items["mobile_attested"] for Phase 3 bypass when the
  attribute's AllowMobileAttestationBypass is true.
- Pulls the solution off the request via IHasAltchaSolution and
  delegates verification to IAltchaVerifier (resolved per-call from
  the request scope, so any verifier lifetime works).
- Stashes a diagnostic reason in ctx.Items["altcha_reason"]
  (missing / misconfigured / invalid / replayed / expired / etc.)
  for downstream middleware to surface in error responses.
- Singleton itself — stateless; one instance shared via factory
  registrations under both check interfaces.

AddSvrntyAltcha() registers the check. The verifier is provided by
a transport-specific module (e.g. Svrnty.CQRS.Altcha.Grpc, next).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 16:24:02 -04:00

31 lines
1.3 KiB
C#
Raw Blame History

using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Svrnty.CQRS.Abstractions.Security;
namespace Svrnty.CQRS.Altcha;
public static class ServiceCollectionExtensions
{
/// <summary>
/// Registers <see cref="AltchaAuthorizationCheck"/> as both an
/// <see cref="ICommandAuthorizationCheck"/> and an
/// <see cref="IQueryAuthorizationCheck"/>. The check is a no-op until
/// an <see cref="Svrnty.CQRS.Altcha.Abstractions.IAltchaVerifier"/>
/// implementation is also registered (typically via
/// <c>AddSvrntyAltchaGrpcVerifier(...)</c> from
/// <c>Svrnty.CQRS.Altcha.Grpc</c>).
/// </summary>
/// <remarks>
/// Idempotent for the concrete check; the multi-instance interface
/// registrations are added unconditionally, so callers should invoke
/// this exactly once per application startup.
/// </remarks>
public static IServiceCollection AddSvrntyAltcha(this IServiceCollection services)
{
services.TryAddSingleton<AltchaAuthorizationCheck>();
services.AddSingleton<ICommandAuthorizationCheck>(sp => sp.GetRequiredService<AltchaAuthorizationCheck>());
services.AddSingleton<IQueryAuthorizationCheck>(sp => sp.GetRequiredService<AltchaAuthorizationCheck>());
return services;
}
}
Reference in New Issue View Git Blame Copy Permalink