move auth code from zenserver into zenhttp (#265)

this code should be usable outside of zenserver, so this moves it out into zenhttp where it can be used from lower level components

3 files changed, 157 insertions, 0 deletions

diff --git a/src/zenhttp/include/zenhttp/auth/authmgr.h b/src/zenhttp/include/zenhttp/auth/authmgr.h
new file mode 100644
index 000000000..054588ab9
--- /dev/null
+++ b/src/zenhttp/include/zenhttp/auth/authmgr.h
@@ -0,0 +1,56 @@
+// Copyright Epic Games, Inc. All Rights Reserved.
+
+#pragma once
+
+#include <zencore/crypto.h>
+#include <zencore/iobuffer.h>
+#include <zencore/string.h>
+
+#include <chrono>
+#include <filesystem>
+#include <memory>
+
+namespace zen {
+
+struct AuthConfig
+{
+	std::filesystem::path RootDirectory;
+	std::chrono::seconds  UpdateInterval{30};
+	AesKey256Bit		  EncryptionKey;
+	AesIV128Bit			  EncryptionIV;
+};
+
+class AuthMgr
+{
+public:
+	virtual ~AuthMgr() = default;
+
+	struct AddOpenIdProviderParams
+	{
+		std::string_view Name;
+		std::string_view Url;
+		std::string_view ClientId;
+	};
+
+	virtual void AddOpenIdProvider(const AddOpenIdProviderParams& Params) = 0;
+
+	struct AddOpenIdTokenParams
+	{
+		std::string_view ProviderName;
+		std::string_view RefreshToken;
+	};
+
+	virtual bool AddOpenIdToken(const AddOpenIdTokenParams& Params) = 0;
+
+	struct OpenIdAccessToken
+	{
+		std::string							  AccessToken;
+		std::chrono::system_clock::time_point ExpireTime{};
+	};
+
+	virtual OpenIdAccessToken GetOpenIdAccessToken(std::string_view ProviderName) = 0;
+
+	static std::unique_ptr<AuthMgr> Create(const AuthConfig& Config);
+};
+
+}  // namespace zen
diff --git a/src/zenhttp/include/zenhttp/auth/authservice.h b/src/zenhttp/include/zenhttp/auth/authservice.h
new file mode 100644
index 000000000..64b86e21f
--- /dev/null
+++ b/src/zenhttp/include/zenhttp/auth/authservice.h
@@ -0,0 +1,25 @@
+// Copyright Epic Games, Inc. All Rights Reserved.
+
+#pragma once
+
+#include <zenhttp/httpserver.h>
+
+namespace zen {
+
+class AuthMgr;
+
+class HttpAuthService final : public zen::HttpService
+{
+public:
+	HttpAuthService(AuthMgr& AuthMgr);
+	virtual ~HttpAuthService();
+
+	virtual const char* BaseUri() const override;
+	virtual void		HandleRequest(zen::HttpServerRequest& Request) override;
+
+private:
+	AuthMgr&		  m_AuthMgr;
+	HttpRequestRouter m_Router;
+};
+
+}  // namespace zen
diff --git a/src/zenhttp/include/zenhttp/auth/oidc.h b/src/zenhttp/include/zenhttp/auth/oidc.h
new file mode 100644
index 000000000..f43ae3cd7
--- /dev/null
+++ b/src/zenhttp/include/zenhttp/auth/oidc.h
@@ -0,0 +1,76 @@
+// Copyright Epic Games, Inc. All Rights Reserved.
+
+#pragma once
+
+#include <zencore/string.h>
+
+#include <vector>
+
+namespace zen {
+
+class OidcClient
+{
+public:
+	struct Options
+	{
+		std::string_view BaseUrl;
+		std::string_view ClientId;
+	};
+
+	OidcClient(const Options& Options);
+	~OidcClient() = default;
+
+	OidcClient(const OidcClient&) = delete;
+	OidcClient& operator=(const OidcClient&) = delete;
+
+	struct Result
+	{
+		std::string Reason;
+		bool		Ok = false;
+	};
+
+	using InitResult = Result;
+
+	InitResult Initialize();
+
+	struct RefreshTokenResult
+	{
+		std::string TokenType;
+		std::string AccessToken;
+		std::string RefreshToken;
+		std::string IdentityToken;
+		std::string Scope;
+		std::string Reason;
+		int64_t		ExpiresInSeconds{};
+		bool		Ok = false;
+	};
+
+	RefreshTokenResult RefreshToken(std::string_view RefreshToken);
+
+private:
+	using StringArray = std::vector<std::string>;
+
+	struct OpenIdConfiguration
+	{
+		std::string Issuer;
+		std::string AuthorizationEndpoint;
+		std::string TokenEndpoint;
+		std::string UserInfoEndpoint;
+		std::string RegistrationEndpoint;
+		std::string EndSessionEndpoint;
+		std::string DeviceAuthorizationEndpoint;
+		std::string JwksUri;
+		StringArray SupportedResponseTypes;
+		StringArray SupportedResponseModes;
+		StringArray SupportedGrantTypes;
+		StringArray SupportedScopes;
+		StringArray SupportedTokenEndpointAuthMethods;
+		StringArray SupportedClaims;
+	};
+
+	std::string			m_BaseUrl;
+	std::string			m_ClientId;
+	OpenIdConfiguration m_Config;
+};
+
+}  // namespace zen