Add Contracts & Reference Projects For Users & Credentials

Author: mckaragoz

UltimateAuth.slnx

@@ -15,14 +15,18 @@
   <Project Path="src/CodeBeam.UltimateAuth.Client/CodeBeam.UltimateAuth.Client.csproj" Id="eb60a3b7-ba9d-48c9-98ad-b28e879b23bf" />
   <Project Path="src/CodeBeam.UltimateAuth.Core/CodeBeam.UltimateAuth.Core.csproj" />
   <Project Path="src/CodeBeam.UltimateAuth.Server/CodeBeam.UltimateAuth.Server.csproj" Id="0a8cdd12-a8c4-4530-87e8-ae778c46322b" />
-  <Project Path="src/users/CodeBeam.UltimateAuth.Users/CodeBeam.UltimateAuth.Users.csproj" Id="30d5db36-6dc8-46f6-9139-8b6b3d6053d5" />
+  <Project Path="src/credentials/CodeBeam.UltimateAuth.Credentials.Contracts/CodeBeam.UltimateAuth.Credentials.Contracts.csproj" Id="88b70848-fa74-40ea-bf34-3fa2f70f4f37" />
   <Project Path="src/credentials/CodeBeam.UltimateAuth.Credentials.EntityFrameworkCore/CodeBeam.UltimateAuth.Credentials.EntityFrameworkCore.csproj" Id="1fd362d5-864b-4bb3-97be-9095d94cfdba" />
   <Project Path="src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/CodeBeam.UltimateAuth.Credentials.InMemory.csproj" Id="62ee7b1d-46ce-4f2e-985d-1e794f891b8b" />
+  <Project Path="src/credentials/CodeBeam.UltimateAuth.Credentials.Reference/CodeBeam.UltimateAuth.Credentials.Reference.csproj" Id="ca03a140-f3dc-4a21-9b7d-895a3b10808b" />
   <Project Path="src/credentials/CodeBeam.UltimateAuth.Credentials/CodeBeam.UltimateAuth.Credentials.csproj" Id="2281c3b5-1d60-4542-a673-553f96eed25b" />
   <Project Path="src/security/CodeBeam.UltimateAuth.Security.Argon2/CodeBeam.UltimateAuth.Security.Argon2.csproj" Id="6abfb7a6-ea36-42db-a843-38054dd40fd8" />
   <Project Path="src/sessions/CodeBeam.UltimateAuth.Sessions.EntityFrameworkCore/CodeBeam.UltimateAuth.Sessions.EntityFrameworkCore.csproj" Id="5b9a090d-1689-4a81-9dfa-3ba69f0bda38" />
   <Project Path="src/sessions/CodeBeam.UltimateAuth.Sessions.InMemory/CodeBeam.UltimateAuth.Sessions.InMemory.csproj" Id="fc9bfef0-8a89-4639-81ee-3f84f6e33816" />
   <Project Path="src/tokens/CodeBeam.UltimateAuth.Tokens.EntityFrameworkCore/CodeBeam.UltimateAuth.Tokens.EntityFrameworkCore.csproj" Id="6eb14b32-0b56-460f-a2b2-f95d28bad625" />
   <Project Path="src/tokens/CodeBeam.UltimateAuth.Tokens.InMemory/CodeBeam.UltimateAuth.Tokens.InMemory.csproj" Id="8220884e-4958-4b49-8c69-56ce9d2b6c6f" />
+  <Project Path="src/users/CodeBeam.UltimateAuth.Users.Contracts/CodeBeam.UltimateAuth.Users.Contracts.csproj" Id="3a04f065-8f9d-46b3-9726-1febffe6d46f" />
   <Project Path="src/users/CodeBeam.UltimateAuth.Users.InMemory/CodeBeam.UltimateAuth.Users.InMemory.csproj" Id="7ce3df22-4773-4b9b-afd0-8ba506e0f9de" />
+  <Project Path="src/users/CodeBeam.UltimateAuth.Users.Reference/CodeBeam.UltimateAuth.Users.Reference.csproj" Id="601176dd-b760-4b6f-9cc7-c618134ae178" />
+  <Project Path="src/users/CodeBeam.UltimateAuth.Users/CodeBeam.UltimateAuth.Users.csproj" Id="30d5db36-6dc8-46f6-9139-8b6b3d6053d5" />
 </Solution>

src/CodeBeam.UltimateAuth.Client/CodeBeam.UltimateAuth.Client.csproj

@@ -30,6 +30,8 @@
 
 	<ItemGroup>
 	  <ProjectReference Include="..\CodeBeam.UltimateAuth.Core\CodeBeam.UltimateAuth.Core.csproj" />
+	  <ProjectReference Include="..\credentials\CodeBeam.UltimateAuth.Credentials.Contracts\CodeBeam.UltimateAuth.Credentials.Contracts.csproj" />
+	  <ProjectReference Include="..\users\CodeBeam.UltimateAuth.Users.Contracts\CodeBeam.UltimateAuth.Users.Contracts.csproj" />
 	</ItemGroup>
 
 </Project>

src/CodeBeam.UltimateAuth.Core/Abstractions/Auth/IAuthContextFactory.cs

@@ -0,0 +1,8 @@
+using CodeBeam.UltimateAuth.Core.Contracts;
+
+namespace CodeBeam.UltimateAuth.Core.Abstractions;
+
+public interface IAuthContextFactory
+{
+    AuthContext Create(DateTimeOffset? at = null);
+}

src/CodeBeam.UltimateAuth.Core/Abstractions/Authority/IAccessAuthority.cs

@@ -0,0 +1,9 @@
+using CodeBeam.UltimateAuth.Core.Contracts;
+
+namespace CodeBeam.UltimateAuth.Core.Abstractions
+{
+    public interface IAccessAuthority
+    {
+        AccessDecision Decide(AccessContext context);
+    }
+}

src/CodeBeam.UltimateAuth.Core/Abstractions/Authority/IAccessInvariant.cs

@@ -0,0 +1,9 @@
+using CodeBeam.UltimateAuth.Core.Contracts;
+
+namespace CodeBeam.UltimateAuth.Core.Abstractions
+{
+    public interface IAccessInvariant
+    {
+        AccessDecision Decide(AccessContext context);
+    }
+}

src/CodeBeam.UltimateAuth.Core/Abstractions/Authority/IAccessPolicy.cs

@@ -0,0 +1,10 @@
+using CodeBeam.UltimateAuth.Core.Contracts;
+
+namespace CodeBeam.UltimateAuth.Core.Abstractions
+{
+    public interface IAccessPolicy
+    {
+        bool AppliesTo(AccessContext context);
+        AccessDecision Decide(AccessContext context);
+    }
+}

src/CodeBeam.UltimateAuth.Core/Abstractions/Services/ISessionService.cs

@@ -0,0 +1,12 @@
+using CodeBeam.UltimateAuth.Core.Contracts;
+using CodeBeam.UltimateAuth.Core.Domain;
+
+namespace CodeBeam.UltimateAuth.Core.Abstractions
+{
+    public interface ISessionService
+    {
+        Task RevokeAllAsync(AuthContext authContext, UserKey userKey, CancellationToken ct = default);
+        Task RevokeAllExceptChainAsync(AuthContext authContext, UserKey userKey, SessionChainId exceptChainId, CancellationToken ct = default);
+        Task RevokeRootAsync(AuthContext authContext, UserKey userKey, CancellationToken ct = default);
+    }
+}

src/CodeBeam.UltimateAuth.Core/Contracts/Authority/AccessContext.cs

@@ -0,0 +1,13 @@
+using CodeBeam.UltimateAuth.Core.Domain;
+
+namespace CodeBeam.UltimateAuth.Core.Contracts
+{
+    public sealed class AccessContext
+    {
+        public UserKey UserKey { get; init; }
+        public string Action { get; init; } = default!;
+        public string? Resource { get; init; }
+        public string? ResourceId { get; init; }
+        public IReadOnlyDictionary<string, object>? Attributes { get; init; }
+    }
+}

src/CodeBeam.UltimateAuth.Core/Contracts/Authority/AccessDecision.cs

@@ -0,0 +1,40 @@
+namespace CodeBeam.UltimateAuth.Core.Contracts
+{
+    public sealed record AccessDecision
+    {
+        public bool IsAllowed { get; }
+        public bool RequiresReauthentication { get; }
+        public string? DenyReason { get; }
+
+        private AccessDecision(
+            bool isAllowed,
+            bool requiresReauthentication,
+            string? denyReason)
+        {
+            IsAllowed = isAllowed;
+            RequiresReauthentication = requiresReauthentication;
+            DenyReason = denyReason;
+        }
+
+        public static AccessDecision Allow()
+            => new(
+                isAllowed: true,
+                requiresReauthentication: false,
+                denyReason: null);
+
+        public static AccessDecision Deny(string reason)
+            => new(
+                isAllowed: false,
+                requiresReauthentication: false,
+                denyReason: reason);
+
+        public static AccessDecision ReauthenticationRequired(string? reason = null)
+            => new(
+                isAllowed: false,
+                requiresReauthentication: true,
+                denyReason: reason);
+
+        public bool IsDenied =>
+            !IsAllowed && !RequiresReauthentication;
+    }
+}