mesa-fab-approval/MesaFabApproval.Client/Utilities/ApiHttpClientHandler.cs

using System.Net;
using System.Text.Json;
using System.Text;

using MesaFabApproval.Shared.Models;

using Microsoft.Extensions.Caching.Memory;
using System.Net.Http.Headers;
using MesaFabApproval.Client.Services;
using Microsoft.AspNetCore.Components;

namespace MesaFabApproval.Client.Utilities;

public class ApiHttpClientHandler : DelegatingHandler {
    private readonly IMemoryCache _cache;
    private readonly IAuthenticationService _authService;
    private readonly MesaFabApprovalAuthStateProvider _authStateProvider;
    private readonly NavigationManager _navigationManager;

    private readonly string _apiBaseUrl;

    public ApiHttpClientHandler(IMemoryCache cache,
                                IConfiguration config,
                                IAuthenticationService authService,
                                MesaFabApprovalAuthStateProvider authStateProvider,
                                NavigationManager navigationManager) {
        _cache = cache ?? throw new ArgumentNullException("IMemoryCache not injected");
        _apiBaseUrl = config["FabApprovalApiBaseUrl"] ??
            throw new NullReferenceException("FabApprovalApiBaseUrl not found in config");
        _authService = authService ??
            throw new ArgumentNullException("IAuthenticationService not injected");
        _authStateProvider = authStateProvider ??
            throw new ArgumentNullException("MesaFabApprovalAuthStateProvider not injected");
        _navigationManager = navigationManager ??
            throw new ArgumentNullException("NavigationManager not injected");
    }

    protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage requestMessage,
                                                                 CancellationToken cancellationToken) {
        AuthTokens? authTokens = await _authService.GetAuthTokens();

        if (authTokens is not null) requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authTokens.JwtToken);

        HttpResponseMessage responseMessage = await base.SendAsync(requestMessage, cancellationToken);

        if (responseMessage.StatusCode.Equals(HttpStatusCode.Unauthorized)) {
            string? loginId = await _authService.GetLoginId();

            if (!string.IsNullOrWhiteSpace(loginId) && authTokens is not null) {
                AuthAttempt authAttempt = new() {
                    LoginID = loginId,
                    AuthTokens = authTokens
                };

                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, "auth/refresh");

                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authTokens.JwtToken);

                request.Content = new StringContent(JsonSerializer.Serialize(authAttempt),
                                                    Encoding.UTF8,
                                                    "application/json");

                HttpClient httpClient = new HttpClient() {
                    BaseAddress = new Uri(_apiBaseUrl)
                };

                httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("*/*"));
                
                HttpResponseMessage httpResponseMessage = await httpClient.SendAsync(request, cancellationToken);

                if (httpResponseMessage.IsSuccessStatusCode) {
                    string responseContent = await httpResponseMessage.Content.ReadAsStringAsync();

                    JsonSerializerOptions jsonSerializerOptions = new() {
                        PropertyNameCaseInsensitive = true
                    };

                    LoginResult loginResult = JsonSerializer.Deserialize<LoginResult>(responseContent, jsonSerializerOptions) ??
                        throw new Exception("Unable to parse login result from API response");

                    if (!loginResult.IsAuthenticated) throw new Exception($"User with Login ID {loginId} not authorized");

                    if (loginResult.AuthTokens is not null) {
                        requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", loginResult.AuthTokens.JwtToken);
                        await _authService.SetTokens(loginResult.AuthTokens.JwtToken, loginResult.AuthTokens.RefreshToken);
                    }

                    if (loginResult.User is not null)
                        await _authService.SetCurrentUser(loginResult.User);
                } else {
                    await _authStateProvider.Logout();

                    string? redirectUrl = _cache.Get<string>("redirectUrl");
                    if (!string.IsNullOrWhiteSpace(redirectUrl)) {
                        _navigationManager.NavigateTo($"login/{redirectUrl}");
                    } else {
                        _navigationManager.NavigateTo("login");
                    }
                }
            }

            return await base.SendAsync(requestMessage, cancellationToken);
        }

        return responseMessage;
    }
}