feat(web): add Discord OAuth service and authorization endpoints

- DiscordOAuthOptions for client_id, secret, redirect_uri - DiscordAuthService exchanges code for token and fetches user profile - /auth/discord and /auth/discord/callback endpoints - CreateDiscordPrincipal for cookie auth claims - Telegram principal now includes Platform claim for forward compatibility Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-25 11:02:13 +03:00
parent d0ddf3fb58
commit bfed400b4d
3 changed files with 160 additions and 1 deletions
@@ -0,0 +1,82 @@
+using System.Net.Http.Headers;
+using System.Security.Claims;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+namespace GmRelay.Web.Services;
+
+public sealed class DiscordAuthService(IHttpClientFactory httpClientFactory, IConfiguration configuration)
+{
+    private readonly DiscordOAuthOptions _options = configuration.GetSection("Discord").Get<DiscordOAuthOptions>() ?? new DiscordOAuthOptions();
+
+    public string BuildAuthorizeUrl(string state)
+    {
+        _options.Validate();
+        var scopes = string.Join(" ", _options.Scopes);
+        return $"https://discord.com/oauth2/authorize?client_id={_options.ClientId}&redirect_uri={Uri.EscapeDataString(_options.RedirectUri)}&response_type=code&scope={Uri.EscapeDataString(scopes)}&state={Uri.EscapeDataString(state)}";
+    }
+
+    public async Task<DiscordUser?> ExchangeCodeAsync(string code)
+    {
+        _options.Validate();
+        var client = httpClientFactory.CreateClient();
+
+        var tokenResponse = await ExchangeCodeForTokenAsync(client, code);
+        if (tokenResponse is null)
+            return null;
+
+        return await FetchUserProfileAsync(client, tokenResponse.AccessToken);
+    }
+
+    private async Task<DiscordTokenResponse?> ExchangeCodeForTokenAsync(HttpClient client, string code)
+    {
+        var content = new FormUrlEncodedContent(new Dictionary<string, string>
+        {
+            ["grant_type"] = "authorization_code",
+            ["code"] = code,
+            ["redirect_uri"] = _options.RedirectUri,
+            ["client_id"] = _options.ClientId,
+            ["client_secret"] = _options.ClientSecret
+        });
+
+        var response = await client.PostAsync("https://discord.com/api/oauth2/token", content);
+        if (!response.IsSuccessStatusCode)
+            return null;
+
+        var json = await response.Content.ReadAsStringAsync();
+        return JsonSerializer.Deserialize<DiscordTokenResponse>(json);
+    }
+
+    private static async Task<DiscordUser?> FetchUserProfileAsync(HttpClient client, string accessToken)
+    {
+        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
+        var response = await client.GetAsync("https://discord.com/api/users/@me");
+        if (!response.IsSuccessStatusCode)
+            return null;
+
+        var json = await response.Content.ReadAsStringAsync();
+        return JsonSerializer.Deserialize<DiscordUser>(json);
+    }
+}
+
+public sealed record DiscordTokenResponse(
+    [property: JsonPropertyName("access_token")] string AccessToken,
+    [property: JsonPropertyName("token_type")] string TokenType,
+    [property: JsonPropertyName("expires_in")] int ExpiresIn,
+    [property: JsonPropertyName("scope")] string Scope);
+
+public sealed record DiscordUser(
+    [property: JsonPropertyName("id")] string Id,
+    [property: JsonPropertyName("username")] string Username,
+    [property: JsonPropertyName("discriminator")] string Discriminator,
+    [property: JsonPropertyName("avatar")] string? Avatar,
+    [property: JsonPropertyName("email")] string? Email)
+{
+    public string DisplayName =>
+        Discriminator == "0" ? Username : $"{Username}#{Discriminator}";
+
+    public string? AvatarUrl =>
+        !string.IsNullOrWhiteSpace(Avatar)
+            ? $"https://cdn.discordapp.com/avatars/{Id}/{Avatar}.png"
+            : null;
+}