git.stella-ops.org/src/Signals/StellaOps.Signals/Authentication/HeaderScopeAuthorizer.cs

using System.Security.Claims;
using StellaOps.Auth.Abstractions;

namespace StellaOps.Signals.Authentication;

/// <summary>
/// Header-based scope authorizer for development environments.
/// </summary>
internal static class HeaderScopeAuthorizer
{
    internal static bool HasScope(ClaimsPrincipal principal, string requiredScope)
    {
        if (principal is null || string.IsNullOrWhiteSpace(requiredScope))
        {
            return false;
        }

        foreach (var claim in principal.FindAll(StellaOpsClaimTypes.Scope))
        {
            if (string.IsNullOrWhiteSpace(claim.Value))
            {
                continue;
            }

            var scopes = claim.Value.Split(' ', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
            foreach (var scope in scopes)
            {
                if (string.Equals(scope, requiredScope, StringComparison.OrdinalIgnoreCase))
                {
                    return true;
                }
            }
        }

        foreach (var claim in principal.FindAll(StellaOpsClaimTypes.ScopeItem))
        {
            if (string.Equals(claim.Value, requiredScope, StringComparison.OrdinalIgnoreCase))
            {
                return true;
            }
        }

        return false;
    }

    internal static ClaimsPrincipal CreatePrincipal(string scopeBuffer)
    {
        var claims = new List<Claim>
        {
            new(StellaOpsClaimTypes.Scope, scopeBuffer)
        };

        foreach (var value in scopeBuffer.Split(' ', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries))
        {
            claims.Add(new Claim(StellaOpsClaimTypes.ScopeItem, value));
        }

        var identity = new ClaimsIdentity(claims, authenticationType: "Header");
        return new ClaimsPrincipal(identity);
    }
}