changes after code review

samples/Endpoint_SecuredUrl/Startup.cs

@@ -60,7 +60,8 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
                         var id = c.Request.RouteValues.GetValueOrDefault("id");
 
                         BewitToken<string> token =
-                            await generator.GenerateBewitTokenAsync($"/download/{id}", default);
+                            await generator.GenerateBewitTokenAsync($"/download/{id}",
+                                new Dictionary<string, object>(), default);
 
                         string html = @$"<html><a href=""/download/{id}?bewit={token}"">download</a>
                                         <br>{(string)token}</html>";

samples/HotChocolate_SecuredArgument/Types/Mutation.cs

@@ -1,3 +1,4 @@
+using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
 using Bewit.Generation;
@@ -29,14 +30,18 @@ public async Task<string> InvalidateBewitTokens(
         public async Task<string> CreateBewitToken(string value)
         {
             return (await _fooPayloadGenerator
-                    .GenerateBewitTokenAsync(new FooPayload {Value = value}, default))
+                    .GenerateBewitTokenAsync(
+                        new FooPayload {Value = value},
+                        new Dictionary<string, object>(),
+                        default))
                 .ToString();
         }
 
         public async Task<string> CreateIdentifiableBewitToken(string identifier)
         {
             return (await _barPayloadGenerator
-                    .GenerateIdentifiableBewitTokenAsync(new BarPayload(), identifier, default))
+                    .GenerateIdentifiableBewitTokenAsync(
+                        new BarPayload(), identifier, new Dictionary<string, object>(), default))
                 .ToString();
         }
     }

src/Core/Token.cs

@@ -27,7 +27,7 @@ protected Token(string nonce, DateTime expirationDate)
         public bool? IsDeleted { get; set; } = false;
 
         [JsonIgnore]
-        public Dictionary<string, string> ExtraProperties { get; set; }
+        public Dictionary<string, object> ExtraProperties { get; set; }
 
         public static Token Create(string nonce, DateTime expirationDate)
         {

src/Extensions.HotChocolate/Generation/BewitMiddleware.cs

@@ -24,7 +24,7 @@ public async Task InvokeAsync(
             {
                 BewitToken<TPayload> bewit
                     = await tokenGenerator.GenerateBewitTokenAsync(
-                        result, context.RequestAborted, context.GetBewitTokenExtraProperties());
+                        result, context.GetBewitTokenExtraProperties(), context.RequestAborted);
 
                 context.Result = (string)bewit;
             }

src/Extensions.HotChocolate/Generation/BewitTokenExtraPropertiesHelper.cs

@@ -10,7 +10,7 @@ public static class BewitTokenExtraPropertiesHelper
     private const string ExtraPropertyPrefix = "BewitTokenExtraProperty:";
 
     public static void AddBewitTokenExtraProperties(
-        this IResolverContext resolverContext, Dictionary<string, string> extraProperties)
+        this IResolverContext resolverContext, Dictionary<string, object> extraProperties)
     {
         if (extraProperties == null)
         {
@@ -21,12 +21,12 @@ public static void AddBewitTokenExtraProperties(
              resolverContext.ScopedContextData.SetItems(
                   extraProperties.ToDictionary(
                       ctx => $"{ExtraPropertyPrefix}{ctx.Key}",
-                      ctx => (object)ctx.Value));
+                      ctx => ctx.Value));
     }
 
-    public static Dictionary<string, string> GetBewitTokenExtraProperties(this IMiddlewareContext context)
+    public static Dictionary<string, object> GetBewitTokenExtraProperties(this IMiddlewareContext context)
     {
-        Dictionary<string, string> extraProperties = new Dictionary<string, string>();
+        Dictionary<string, object> extraProperties = new Dictionary<string, object>();
 
         foreach (var key in context.ScopedContextData.Keys)
         {
@@ -41,7 +41,7 @@ public static Dictionary<string, string> GetBewitTokenExtraProperties(this IMidd
             {
                 extraProperties.Add(
                     key.Substring(ExtraPropertyPrefix.Length),
-                    extraPropertyValue.ToString());
+                    extraPropertyValue);
             }
         }
 

src/Extensions.HotChocolate/Generation/BewitUrlMiddleware.cs

@@ -29,7 +29,7 @@ public async Task InvokeAsync(
 
                 BewitToken<string> bewit =
                     await tokenGenerator.GenerateBewitTokenAsync(
-                        uri.PathAndQuery, context.RequestAborted, context.GetBewitTokenExtraProperties());
+                        uri.PathAndQuery, context.GetBewitTokenExtraProperties(), context.RequestAborted);
 
                 var parametersToAdd = new Dictionary<string, string>
                 {

src/Generation/BewitTokenGenerator.cs

@@ -44,8 +44,9 @@ public BewitTokenGenerator(
 
         public Task<BewitToken<T>> GenerateBewitTokenAsync(
             T payload,
-            CancellationToken cancellationToken,
-            Dictionary<string, string> extraProperties = null)
+            Dictionary<string, object> extraProperties,
+            CancellationToken cancellationToken
+            )
         {
             var token = Token.Create(CreateNextToken(), CreateExpirationDate());
             token.ExtraProperties = extraProperties;
@@ -56,8 +57,8 @@ public Task<BewitToken<T>> GenerateBewitTokenAsync(
         public Task<BewitToken<T>> GenerateIdentifiableBewitTokenAsync(
             T payload,
             string identifier,
-            CancellationToken cancellationToken,
-            Dictionary<string, string> extraProperties = null)
+            Dictionary<string, object> extraProperties,
+            CancellationToken cancellationToken)
         {
             var token = new IdentifiableToken(identifier, CreateNextToken(), CreateExpirationDate());
             token.ExtraProperties = extraProperties;

src/Generation/IBewitTokenGenerator.cs

@@ -8,7 +8,7 @@ public interface IBewitTokenGenerator<T>
     {
         Task<BewitToken<T>> GenerateBewitTokenAsync(
             T payload,
-            CancellationToken cancellationToken,
-            Dictionary<string, string> extraProperties = null);
+            Dictionary<string, object> extraProperties,
+            CancellationToken cancellationToken);
     }
 }

src/Generation/IIdentifiableBewitTokenGenerator.cs

@@ -9,8 +9,8 @@ public interface IIdentifiableBewitTokenGenerator<T>
     Task<BewitToken<T>> GenerateIdentifiableBewitTokenAsync(
         T payload,
         string identifier,
-        CancellationToken cancellationToken,
-        Dictionary<string, string> extraProperties = null);
+        Dictionary<string, object> extraProperties,
+        CancellationToken cancellationToken);
 
     Task InvalidateIdentifier(
         string identifier,

src/Storage.MongoDB/MongoNonceRepository.cs

@@ -42,11 +42,6 @@ public MongoNonceRepository(IMongoDatabase database, MongoNonceOptions options)
             _collection.Indexes.CreateOne(new CreateIndexModel<Token>(
                 Builders<Token>.IndexKeys.Ascending(nameof(IdentifiableToken.Identifier))));
 
-            _collection.Indexes.CreateOne(new CreateIndexModel<Token>(
-                Builders<Token>.IndexKeys.Combine(
-                    Builders<Token>.IndexKeys.Ascending(nameof(Token.Nonce)),
-                    Builders<Token>.IndexKeys.Ascending(nameof(Token.IsDeleted)))));
-
             _collection.Indexes.CreateOne(new CreateIndexModel<Token>(
                 Builders<Token>.IndexKeys.Ascending(nameof(Token.ExpirationDate)),
                 new CreateIndexOptions
@@ -58,16 +53,17 @@ public MongoNonceRepository(IMongoDatabase database, MongoNonceOptions options)
         public async ValueTask InsertOneAsync(
             Token token, CancellationToken cancellationToken)
         {
+            await _collection.InsertOneAsync(token, cancellationToken: cancellationToken);
+
             if (token.ExtraProperties != null)
             {
-                foreach (KeyValuePair<string, string> searchAttribute in token.ExtraProperties)
+                foreach (KeyValuePair<string, object> extraProperty in token.ExtraProperties)
                 {
                     _collection.Indexes.CreateOne(new CreateIndexModel<Token>(
-                        Builders<Token>.IndexKeys.Ascending($"{nameof(token.ExtraProperties)}.{searchAttribute.Key}")));
+                        Builders<Token>.IndexKeys.Ascending(
+                            $"{nameof(token.ExtraProperties)}.{extraProperty.Key}")));
                 }
             }
-
-            await _collection.InsertOneAsync(token, cancellationToken: cancellationToken);
         }
 
         public async ValueTask<Token?> TakeOneAsync(

test/Extensions.HotChocolate.Tests/Integration/BewitUrlMiddlewareTests.cs

@@ -65,7 +65,7 @@ public async Task InvokeAsync_WithExtraProperties_ShouldNotImpactBewitToken()
         {
             //Arrange
             TestServer testServer = CreateTestServer(
-                new Dictionary<string, string> { ["foo"] = "bar" });
+                new Dictionary<string, object> { ["foo"] = "bar" });
             HttpClient client = testServer.CreateClient();
             GraphQLClient gqlClient = new GraphQLClient(client);
             QueryRequest query = new QueryRequest(
@@ -87,7 +87,7 @@ await gqlClient.QueryAsync<GiveMeAccessResult>(query,
         }
 
         private static TestServer CreateTestServer(
-            Dictionary<string, string>? extraProperties = null)
+            Dictionary<string, object>? extraProperties = null)
         {
             IWebHostBuilder hostBuilder = new WebHostBuilder()
                 .ConfigureServices(services =>

test/Extensions.HotChocolate.Tests/TestHelpers.cs

@@ -23,7 +23,8 @@ public static async Task<string> CreateToken<T>(
                 .GetRequiredService<IBewitTokenGenerator<T>>();
 
             return (await bewitGenerator
-                    .GenerateBewitTokenAsync(payload, default))
+                    .GenerateBewitTokenAsync(payload,
+                         new Dictionary<string, object>(), default))
                 .ToString();
         }
 
@@ -40,7 +41,8 @@ public static async Task<string> CreateBadToken()
                 .GetRequiredService<IBewitTokenGenerator<string>>();
 
             return (await bewitGenerator
-                    .GenerateBewitTokenAsync("badPayload", default))
+                    .GenerateBewitTokenAsync("badPayload",
+                        new Dictionary<string, object>(), default))
                 .ToString();
         }
 

test/Extensions.Mvc.Tests/Integration/BewitAttributeTests.cs

@@ -36,6 +36,7 @@ public async Task OnAuthorization_WithValidBewitForUrl_ShouldAuthorize()
             BewitToken<IDictionary<string, object>> bewitToken =
                 await tokenGenerator.GenerateBewitTokenAsync(
                     payload,
+                    new Dictionary<string, object>(),
                     CancellationToken.None);
             var url = $"/api/dummy/WithBewitParameters/{id}";
             var fullUrl = $"{url}?bewit={bewitToken}";

test/Extensions.Mvc.Tests/Integration/BewitUrlAuthorizationAttributeTests.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Collections.Generic;
 using System.Net;
 using System.Net.Http;
 using System.Text;
@@ -49,6 +50,7 @@ public async Task OnAuthorization_WithValidBewitForUrl_ShouldAuthorize()
             BewitToken<string> bewitToken =
                 await tokenGenerator.GenerateBewitTokenAsync(
                     url.ToLowerInvariant(),
+                    new Dictionary<string, object>(),
                     CancellationToken.None);
             var fullUrl = $"{url}?bewit={bewitToken}";
             HttpClient client = server.CreateClient();
@@ -82,6 +84,7 @@ public async Task OnAuthorization_WithDifferentUrl_ShouldNotAuthorize()
             var tokenGenerator = new BewitTokenGenerator<string>(Options, context);
             BewitToken<string> bewitToken =
                 await tokenGenerator.GenerateBewitTokenAsync(url.ToLowerInvariant(),
+                    new Dictionary<string, object>(),
                     CancellationToken.None);
             url = "/api/dummy/WithBewitProtection";
             var fullUrl = $"{url}?bewit={bewitToken}";
@@ -114,6 +117,7 @@ public async Task OnAuthorization_WithAlteredPayloadForUrl_ShouldNotAuthorize()
             var tokenGenerator = new BewitTokenGenerator<string>(Options, context);
             BewitToken<string> bewitToken =
                 await tokenGenerator.GenerateBewitTokenAsync(url.ToLowerInvariant(),
+                    new Dictionary<string, object>(),
                     CancellationToken.None);
 
             //try to hack the token by replacing the url but reusing the same hash

test/Generation.Tests/BewitTokenGeneratorTests.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Collections.Generic;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
@@ -118,6 +119,7 @@ public async Task GenerateBewitTokenAsync_WithPayload_ShouldGenerateBewit()
             //Act
             BewitToken<Foo> bewit =
                 await provider.GenerateBewitTokenAsync(payload,
+                    new Dictionary<string, object>(),
                     CancellationToken.None);
 
             //Assert
@@ -142,6 +144,7 @@ public async Task GenerateBewitTokenAsync_WithDifferentDateAndRandomToken_Should
             //Act
             BewitToken<Foo> bewit =
                 await provider.GenerateBewitTokenAsync(payload,
+                    new Dictionary<string, object>(),
                     CancellationToken.None);
 
             //Assert
@@ -166,6 +169,7 @@ public async Task GenerateBewitTokenAsync_WithDifferentPayload_ShouldGenerateBew
             //Act
             BewitToken<Foo> bewit =
                 await provider.GenerateBewitTokenAsync(payload,
+                    new Dictionary<string, object>(),
                     CancellationToken.None);
 
             //Assert
@@ -187,6 +191,7 @@ public void GenerateBewitTokenAsync_WithNullPayload_ShouldThrow()
             //Act
             Func<Task> generateBewit = async () =>
                 await provider.GenerateBewitTokenAsync(null,
+                    new Dictionary<string, object>(),
                     CancellationToken.None);
 
             //Assert
@@ -216,6 +221,7 @@ public async Task GenerateBewitAsync_WithPayload_ShouldGenerateBewit()
             //Act
             BewitToken<Foo> token =
                 await provider.GenerateBewitTokenAsync(payload,
+                    new Dictionary<string, object>(),
                     CancellationToken.None);
 
             //Assert
@@ -247,6 +253,7 @@ public async Task GenerateBewitAsync_WithDifferentDateAndRandomToken_ShouldGener
             //Act
             BewitToken<Foo> token =
                 await provider.GenerateBewitTokenAsync(payload,
+                    new Dictionary<string, object>(),
                     CancellationToken.None);
 
             //Assert
@@ -278,6 +285,7 @@ public async Task GenerateBewitAsync_WithDifferentPayload_ShouldGenerateDifferen
             //Act
             BewitToken<Foo> token =
                 await provider.GenerateBewitTokenAsync(payload,
+                    new Dictionary<string, object>(),
                     CancellationToken.None);
 
             //Assert
@@ -306,6 +314,7 @@ public void GenerateBewitAsync_WithNullPayload_ShouldThrow()
             //Act
             Func<Task> generateBewit = async () =>
                 await provider.GenerateBewitTokenAsync(null,
+                    new Dictionary<string, object>(),
                     CancellationToken.None);
 
             //Assert

test/IntegrationTests/HotChocolateServer/HCServerHelper.cs

@@ -68,7 +68,12 @@ internal static TestServer CreateHotChocolateServer(
                             d.Field("RequestAccessUrlWithQueryString")
                                 .Type<NonNullType<StringType>>()
                                 .Resolve(ctx =>
-                                    "http://foo.bar/api/dummy/WithBewitProtection?foo=bar&baz=qux")
+                                {
+                                    ctx.AddBewitTokenExtraProperties(
+                                        new Dictionary<string, object> { ["foo"] = "bar" });
+
+                                    return "http://foo.bar/api/dummy/WithBewitProtection?foo=bar&baz=qux";
+                                })
                                 .UseBewitUrlProtection();
                             d.Field("RequestAccessUrl")
                                 .Type<NonNullType<StringType>>()