caliverse_server/UGQApiServer/Auth/WebPortalTokenAuth.cs

using System.Text;
using System.IdentityModel.Tokens.Jwt;


using Microsoft.IdentityModel.Tokens;
using MySqlConnector;


using ServerCore; using ServerBase;
using ServerCommon;


namespace UGQApiServer.Auth;

public class WebPortalToken
{
    public string AccountId { get; set; } = "";
    public AccountType AccountType { get; set; }
    public ulong AccessToken { get; set; }
}

public class WebPortalTokenAuth
{
    readonly string _ssoAccountDb;
    readonly string _webPortalTokenSecret;

    public string WebPortalTokenSecret => _webPortalTokenSecret;

    public WebPortalTokenAuth(IConfiguration configuration)
    {
        _ssoAccountDb = configuration["SSOAccount:SsoAccountDb"] ?? "";
        _webPortalTokenSecret = configuration["SSOAccount:WebPortalTokenSecret"] ?? "";
    }

    public async Task<ServerErrorCode> mysqlAuth(WebPortalToken token)
    {
        // db 주소 설정이 없으면 항상 성공으로 처리
        if (string.IsNullOrEmpty(_ssoAccountDb) == true)
            return ServerErrorCode.Success;

        var result = new Result();
        var err_msg = string.Empty;

        var account_id = token.AccountId;
        var access_tocken = token.AccessToken;

        try
        {
            var is_found_account_id = false;
            string email = string.Empty;
            UInt64 read_access_token = 0;
            var read_func = delegate (MySqlDataReader dataReader)
            {
                is_found_account_id = true;

                email = dataReader.GetString("email");
                read_access_token = dataReader.GetUInt64("access_token");

                return ServerErrorCode.Success;
            };

            // 1. 계정 존재 여부와 AccessToken의 동일 여부를 통합인증DB의 정보 참조하여 체크 한다.
            result = await MySqlConnectorHelper.simpleQueryExecuteForReaderAsync(
                $"SELECT * FROM wallet_user WHERE id = {account_id}", read_func, _ssoAccountDb);
            if (result.isFail())
            {
                err_msg = $"Failed to simpleQueryExecuteForReaderAsync() for SsoAccountDb !!! : AccountId:{account_id}, {result.toBasicString()}";
                Log.getLogger().error(err_msg);
                return result.ErrorCode;
            }
            if (false == is_found_account_id)
            {
                err_msg = $"Not found Account ID in SsoAccountDb !!! : AccountId:{account_id}";
                result.setFail(ServerErrorCode.AccountIdNotFoundInSsoAccountDb, err_msg);
                Log.getLogger().error(err_msg);
                return result.ErrorCode;
            }
            if (read_access_token != access_tocken)
            {
                err_msg = $"Not match AccessToken in SsoAccountDb !!! : JWT:{access_tocken} == SsoAccountDb:{read_access_token} - AccountId:{account_id}, email:{email}";
                result.setFail(ServerErrorCode.AccessTokenNotMatchInSsoAccountDb, err_msg);
                Log.getLogger().error(err_msg);
                return result.ErrorCode;
            }
        }
        catch (Exception e)
        {
            err_msg = $"Failed to query SsoAccountDb !!! : Exception:{e} - AccountId:{account_id}";
            result.setFail(ServerErrorCode.MySqlDbQueryException, err_msg);
            Log.getLogger().error(result.toBasicString());

            return result.ErrorCode;
        }

        return ServerErrorCode.Success;
    }

    public async Task<ServerErrorCode> mysqlAuth_igm(WebPortalToken token)
    {
        // db 주소 설정이 없으면 항상 성공으로 처리
        if (string.IsNullOrEmpty(_ssoAccountDb) == true)
            return ServerErrorCode.Success;

        var result = new Result();
        var err_msg = string.Empty;

        var account_id = token.AccountId;
        var access_tocken = token.AccessToken;

        try
        {
            var is_found_account_id = false;
            string email = string.Empty;
            UInt64 read_access_token = 0;
            var read_func = delegate (MySqlDataReader dataReader)
            {
                is_found_account_id = true;

                email = dataReader.GetString("email");
                read_access_token = dataReader.GetUInt64("access_igm_token");

                return ServerErrorCode.Success;
            };

            // 1. 계정 존재 여부와 AccessToken의 동일 여부를 통합인증DB의 정보 참조하여 체크 한다.
            result = await MySqlConnectorHelper.simpleQueryExecuteForReaderAsync(
                $"SELECT * FROM wallet_user WHERE id = {account_id}", read_func, _ssoAccountDb);
            if (result.isFail())
            {
                err_msg = $"Failed to simpleQueryExecuteForReaderAsync() for SsoAccountDb !!! : AccountId:{account_id}, {result.toBasicString()}";
                Log.getLogger().error(err_msg);
                return result.ErrorCode;
            }
            if (false == is_found_account_id)
            {
                err_msg = $"Not found Account ID in SsoAccountDb !!! : AccountId:{account_id}";
                result.setFail(ServerErrorCode.AccountIdNotFoundInSsoAccountDb, err_msg);
                Log.getLogger().error(err_msg);
                return result.ErrorCode;
            }
            if (read_access_token != access_tocken)
            {
                err_msg = $"Not match AccessToken in SsoAccountDb !!! : JWT:{access_tocken} == SsoAccountDb:{read_access_token} - AccountId:{account_id}, email:{email}";
                result.setFail(ServerErrorCode.AccessTokenNotMatchInSsoAccountDb, err_msg);
                Log.getLogger().error(err_msg);
                return result.ErrorCode;
            }
        }
        catch (Exception e)
        {
            err_msg = $"Failed to query SsoAccountDb !!! : Exception:{e} - AccountId:{account_id}";
            result.setFail(ServerErrorCode.MySqlDbQueryException, err_msg);
            Log.getLogger().error(result.toBasicString());

            return result.ErrorCode;
        }

        return ServerErrorCode.Success;
    }
}