From b3a70d7259e29f0efecaa9ebe4ca9aeafe5aedec Mon Sep 17 00:00:00 2001 From: TekH Date: Tue, 16 Jun 2026 15:55:59 +0200 Subject: [PATCH] Add sender authentication check to EnvelopeSenderPage Added an authentication check in `EnvelopeSenderPage.razor` to verify sender access before loading envelopes. Redirects unauthorized users to the sender login page. Introduced `CheckSenderAsync` in `AuthService` to validate sender tokens via the `/api/auth/check` endpoint. Updated `OnInitializedAsync` to use this method, enhancing security by ensuring only authorized users can access envelope-related functionality. --- .../Pages/EnvelopeSenderPage.razor | 7 +++++++ EnvelopeGenerator.ReceiverUI/Services/AuthService.cs | 10 ++++++++++ 2 files changed, 17 insertions(+) diff --git a/EnvelopeGenerator.ReceiverUI/Pages/EnvelopeSenderPage.razor b/EnvelopeGenerator.ReceiverUI/Pages/EnvelopeSenderPage.razor index b9b8818b..bbe36e27 100644 --- a/EnvelopeGenerator.ReceiverUI/Pages/EnvelopeSenderPage.razor +++ b/EnvelopeGenerator.ReceiverUI/Pages/EnvelopeSenderPage.razor @@ -322,6 +322,13 @@ protected override async Task OnInitializedAsync() { + var hasAccess = await AuthService.CheckSenderAsync(); + if (!hasAccess) + { + Navigation.NavigateTo($"/sender/login"); + return; + } + await LoadEnvelopesAsync(); } diff --git a/EnvelopeGenerator.ReceiverUI/Services/AuthService.cs b/EnvelopeGenerator.ReceiverUI/Services/AuthService.cs index 4fa759ee..9bff4bd1 100644 --- a/EnvelopeGenerator.ReceiverUI/Services/AuthService.cs +++ b/EnvelopeGenerator.ReceiverUI/Services/AuthService.cs @@ -58,6 +58,16 @@ public class AuthService(HttpClient http, IOptions apiOptions) return response.IsSuccessStatusCode; } + /// + /// Checks whether the current user holds a valid receiver token for the given envelope key. + /// Calls GET /api/auth/check/envelope/{envelopeKey}. + /// + public async Task CheckSenderAsync(CancellationToken cancel = default) + { + var response = await http.GetAsync($"{_api.BaseUrl}/api/auth/check", cancel); + return response.StatusCode == HttpStatusCode.OK; + } + /// /// Authenticates a sender user with username and password. /// Calls POST /api/auth?cookie=true with JSON body.