api: improve sync hub auth

Notesnook.API/Controllers/UsersController.cs

@@ -58,7 +58,7 @@ namespace Notesnook.API.Controllers
             try
             {
                 UserResponse response = await UserService.GetUserAsync(userId);
-                if (!response.Success) return BadRequest(response);
+                if (!response.Success) return BadRequest();
                 return Ok(response);
             }
             catch (Exception ex)

Notesnook.API/Extensions/AuthorizationResultTransformer.cs

@@ -17,8 +17,11 @@ You should have received a copy of the Affero GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+using System;
 using System.Linq;
 using System.Net;
+using System.Net.WebSockets;
+using System.Text;
 using System.Text.Json;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
@@ -42,12 +45,9 @@ namespace Notesnook.API.Extensions
             AuthorizationPolicy authorizationPolicy,
             PolicyAuthorizationResult policyAuthorizationResult)
         {
-            var isWebsocket = httpContext.Request.Headers.Upgrade == "websocket";
-
-            if (!isWebsocket && policyAuthorizationResult.Forbidden && policyAuthorizationResult.AuthorizationFailure != null)
+            if (policyAuthorizationResult.Forbidden && policyAuthorizationResult.AuthorizationFailure != null)
             {
                 var error = string.Join("\n", policyAuthorizationResult.AuthorizationFailure.FailureReasons.Select((r) => r.Message));
-
                 if (!string.IsNullOrEmpty(error))
                 {
                     httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
@@ -55,17 +55,8 @@ namespace Notesnook.API.Extensions
                     await httpContext.Response.WriteAsync(JsonSerializer.Serialize(new { error }));
                     return;
                 }
-
-                await _handler.HandleAsync(requestDelegate, httpContext, authorizationPolicy, policyAuthorizationResult);
-            }
-            else if (isWebsocket)
-            {
-                await _handler.HandleAsync(requestDelegate, httpContext, authorizationPolicy, PolicyAuthorizationResult.Success());
-            }
-            else
-            {
-                await _handler.HandleAsync(requestDelegate, httpContext, authorizationPolicy, policyAuthorizationResult);
             }
+            await _handler.HandleAsync(requestDelegate, httpContext, authorizationPolicy, policyAuthorizationResult);
         }
     }
 }

Notesnook.API/Hubs/SyncV2Hub.cs

@@ -44,7 +44,7 @@ namespace Notesnook.API.Hubs
         Task PushCompleted();
     }
 
-    [Authorize("Sync")]
+    [Authorize]
     public class SyncV2Hub : Hub<ISyncV2HubClient>
     {
         private ISyncItemsRepositoryAccessor Repositories { get; }

Notesnook.API/Startup.cs

@@ -137,9 +137,13 @@ namespace Notesnook.API
                 options.DiscoveryPolicy.RequireHttps = false;
                 options.TokenRetriever = new Func<HttpRequest, string>(req =>
                 {
+                    if (req.Path == "/hubs/sync/v2")
+                    {
+                        var fromQuery = TokenRetrieval.FromQueryString();   //needed for signalr and ws/wss conections to be authed via jwt
+                        return fromQuery(req);
+                    }
                     var fromHeader = TokenRetrieval.FromAuthorizationHeader();
-                    var fromQuery = TokenRetrieval.FromQueryString();   //needed for signalr and ws/wss conections to be authed via jwt
-                    return fromHeader(req) ?? fromQuery(req);
+                    return fromHeader(req);
                 });
 
                 options.Events.OnTokenValidated = (context) =>