AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add sender authentication check to EnvelopeSenderPage

Browse Source 
Added an authentication check in `EnvelopeSenderPage.razor` to verify sender access before loading envelopes. Redirects unauthorized users to the sender login page.

Introduced `CheckSenderAsync` in `AuthService` to validate sender tokens via the `/api/auth/check` endpoint. Updated `OnInitializedAsync` to use this method, enhancing security by ensuring only authorized users can access envelope-related functionality.
This commit is contained in:
tekh
2026-06-16 15:55:59 +02:00
parent bb81920d44
commit b3a70d7259
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
EnvelopeGenerator.ReceiverUI/Services/AuthService.cs
View File

@@ -58,6 +58,16 @@ public class AuthService(HttpClient http, IOptions<ApiOptions> apiOptions)
return response.IsSuccessStatusCode;
}
/// <summary>
/// Checks whether the current user holds a valid receiver token for the given envelope key.
/// Calls GET /api/auth/check/envelope/{envelopeKey}.
/// </summary>
public async Task<bool> CheckSenderAsync(CancellationToken cancel = default)
{
var response = await http.GetAsync($"{_api.BaseUrl}/api/auth/check", cancel);
return response.StatusCode == HttpStatusCode.OK;
}
/// <summary>
/// Authenticates a sender user with username and password.
/// Calls POST /api/auth?cookie=true with JSON body.