Restructure solution layout by module

src/Signals/StellaOps.Signals/Authentication/AnonymousAuthenticationHandler.cs

@@ -0,0 +1,29 @@
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace StellaOps.Signals.Authentication;
+
+/// <summary>
+/// Authentication handler used during development fallback.
+/// </summary>
+internal sealed class AnonymousAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
+{
+    public AnonymousAuthenticationHandler(
+        IOptionsMonitor<AuthenticationSchemeOptions> options,
+        ILoggerFactory logger,
+        UrlEncoder encoder)
+        : base(options, logger, encoder)
+    {
+    }
+
+    protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+    {
+        var identity = new ClaimsIdentity();
+        var principal = new ClaimsPrincipal(identity);
+        var ticket = new AuthenticationTicket(principal, Scheme.Name);
+        return Task.FromResult(AuthenticateResult.Success(ticket));
+    }
+}

src/Signals/StellaOps.Signals/Authentication/HeaderScopeAuthorizer.cs

@@ -0,0 +1,61 @@
+using System.Security.Claims;
+using StellaOps.Auth.Abstractions;
+
+namespace StellaOps.Signals.Authentication;
+
+/// <summary>
+/// Header-based scope authorizer for development environments.
+/// </summary>
+internal static class HeaderScopeAuthorizer
+{
+    internal static bool HasScope(ClaimsPrincipal principal, string requiredScope)
+    {
+        if (principal is null || string.IsNullOrWhiteSpace(requiredScope))
+        {
+            return false;
+        }
+
+        foreach (var claim in principal.FindAll(StellaOpsClaimTypes.Scope))
+        {
+            if (string.IsNullOrWhiteSpace(claim.Value))
+            {
+                continue;
+            }
+
+            var scopes = claim.Value.Split(' ', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
+            foreach (var scope in scopes)
+            {
+                if (string.Equals(scope, requiredScope, StringComparison.OrdinalIgnoreCase))
+                {
+                    return true;
+                }
+            }
+        }
+
+        foreach (var claim in principal.FindAll(StellaOpsClaimTypes.ScopeItem))
+        {
+            if (string.Equals(claim.Value, requiredScope, StringComparison.OrdinalIgnoreCase))
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    internal static ClaimsPrincipal CreatePrincipal(string scopeBuffer)
+    {
+        var claims = new List<Claim>
+        {
+            new(StellaOpsClaimTypes.Scope, scopeBuffer)
+        };
+
+        foreach (var value in scopeBuffer.Split(' ', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries))
+        {
+            claims.Add(new Claim(StellaOpsClaimTypes.ScopeItem, value));
+        }
+
+        var identity = new ClaimsIdentity(claims, authenticationType: "Header");
+        return new ClaimsPrincipal(identity);
+    }
+}

src/Signals/StellaOps.Signals/Authentication/TokenScopeAuthorizer.cs

@@ -0,0 +1,41 @@
+using System.Security.Claims;
+using StellaOps.Auth.Abstractions;
+
+namespace StellaOps.Signals.Authentication;
+
+/// <summary>
+/// Helpers for evaluating token scopes.
+/// </summary>
+internal static class TokenScopeAuthorizer
+{
+    internal static bool HasScope(ClaimsPrincipal principal, string requiredScope)
+    {
+        foreach (var claim in principal.FindAll(StellaOpsClaimTypes.ScopeItem))
+        {
+            if (string.Equals(claim.Value, requiredScope, StringComparison.OrdinalIgnoreCase))
+            {
+                return true;
+            }
+        }
+
+        foreach (var claim in principal.FindAll(StellaOpsClaimTypes.Scope))
+        {
+            if (string.IsNullOrWhiteSpace(claim.Value))
+            {
+                continue;
+            }
+
+            var parts = claim.Value.Split(' ', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
+            foreach (var part in parts)
+            {
+                var normalized = StellaOpsScopes.Normalize(part);
+                if (normalized is not null && string.Equals(normalized, requiredScope, StringComparison.Ordinal))
+                {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+}