Common/Phantom.Common.Data.Web/Users/LogInSuccess.cs

@@ -6,5 +6,5 @@ namespace Phantom.Common.Data.Web.Users;
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record LogInSuccess(
 	[property: MemoryPackOrder(0)] AuthenticatedUserInfo UserInfo,
-	[property: MemoryPackOrder(1)] ImmutableArray<byte> AuthToken
+	[property: MemoryPackOrder(1)] ImmutableArray<byte> Token
 );

Common/Phantom.Common.Data.Web/Users/UserActionFailure.cs

@@ -1,5 +0,0 @@
-namespace Phantom.Common.Data.Web.Users;
-
-public enum UserActionFailure {
-	NotAuthorized
-}

Common/Phantom.Common.Data.Web/Users/UserInstanceActionFailure.cs

@@ -1,25 +0,0 @@
-using MemoryPack;
-using Phantom.Common.Data.Replies;
-
-namespace Phantom.Common.Data.Web.Users;
-
-[MemoryPackable]
-[MemoryPackUnion(0, typeof(OfUserActionFailure))]
-[MemoryPackUnion(1, typeof(OfInstanceActionFailure))]
-public abstract partial record UserInstanceActionFailure {
-	internal UserInstanceActionFailure() {}
-	
-	public static implicit operator UserInstanceActionFailure(UserActionFailure failure) {
-		return new OfUserActionFailure(failure);
-	}
-	
-	public static implicit operator UserInstanceActionFailure(InstanceActionFailure failure) {
-		return new OfInstanceActionFailure(failure);
-	}
-}
-
-[MemoryPackable(GenerateType.VersionTolerant)]
-public sealed partial record OfUserActionFailure([property: MemoryPackOrder(0)] UserActionFailure Failure) : UserInstanceActionFailure;
-
-[MemoryPackable(GenerateType.VersionTolerant)]
-public sealed partial record OfInstanceActionFailure([property: MemoryPackOrder(0)] InstanceActionFailure Failure) : UserInstanceActionFailure;

Common/Phantom.Common.Data/Result.cs

@@ -1,6 +1,5 @@
 using System.Diagnostics.CodeAnalysis;
 using MemoryPack;
-using Phantom.Utils.Result;
 
 namespace Phantom.Common.Data;
 
@@ -34,18 +33,10 @@ public sealed partial class Result<TValue, TError> {
 		return hasValue && EqualityComparer<TValue>.Default.Equals(value, expectedValue);
 	}
 
-	public TOutput Into<TOutput>(Func<TValue, TOutput> valueConverter, Func<TError, TOutput> errorConverter) {
+	public TOutput Map<TOutput>(Func<TValue, TOutput> valueConverter, Func<TError, TOutput> errorConverter) {
 		return hasValue ? valueConverter(value!) : errorConverter(error!);
 	}
 
-	public Result<TValue, TNewError> MapError<TNewError>(Func<TError, TNewError> errorConverter) {
-		return hasValue ? value! : errorConverter(error!);
-	}
-
-	public Utils.Result.Result Variant() {
-		return hasValue ? new Ok<TValue>(Value) : new Err<TError>(Error);
-	}
-
 	public static implicit operator Result<TValue, TError>(TValue value) {
 		return new Result<TValue, TError>(hasValue: true, value, default);
 	}

Common/Phantom.Common.Messages.Web/ToController/ChangeUserRolesMessage.cs

@@ -1,6 +1,5 @@
 using System.Collections.Immutable;
 using MemoryPack;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.Users;
 using Phantom.Utils.Actor;
 
@@ -8,8 +7,8 @@ namespace Phantom.Common.Messages.Web.ToController;
 
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record ChangeUserRolesMessage(
-	[property: MemoryPackOrder(0)] ImmutableArray<byte> AuthToken,
+	[property: MemoryPackOrder(0)] Guid LoggedInUserGuid,
 	[property: MemoryPackOrder(1)] Guid SubjectUserGuid,
 	[property: MemoryPackOrder(2)] ImmutableHashSet<Guid> AddToRoleGuids,
 	[property: MemoryPackOrder(3)] ImmutableHashSet<Guid> RemoveFromRoleGuids
-) : IMessageToController, ICanReply<Result<ChangeUserRolesResult, UserActionFailure>>;
+) : IMessageToController, ICanReply<ChangeUserRolesResult>;

Common/Phantom.Common.Messages.Web/ToController/CreateOrUpdateInstanceMessage.cs

@@ -1,16 +1,15 @@
-using System.Collections.Immutable;
+using MemoryPack;
-using MemoryPack;
 using Phantom.Common.Data;
 using Phantom.Common.Data.Instance;
+using Phantom.Common.Data.Replies;
 using Phantom.Common.Data.Web.Instance;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Utils.Actor;
 
 namespace Phantom.Common.Messages.Web.ToController; 
 
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record CreateOrUpdateInstanceMessage(
-	[property: MemoryPackOrder(0)] ImmutableArray<byte> AuthToken,
+	[property: MemoryPackOrder(0)] Guid LoggedInUserGuid,
 	[property: MemoryPackOrder(1)] Guid InstanceGuid,
 	[property: MemoryPackOrder(2)] InstanceConfiguration Configuration
-) : IMessageToController, ICanReply<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>;
+) : IMessageToController, ICanReply<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>;

Common/Phantom.Common.Messages.Web/ToController/CreateUserMessage.cs

@@ -1,6 +1,4 @@
-using System.Collections.Immutable;
+using MemoryPack;
-using MemoryPack;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.Users;
 using Phantom.Utils.Actor;
 
@@ -8,7 +6,7 @@ namespace Phantom.Common.Messages.Web.ToController;
 
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record CreateUserMessage(
-	[property: MemoryPackOrder(0)] ImmutableArray<byte> AuthToken,
+	[property: MemoryPackOrder(0)] Guid LoggedInUserGuid,
 	[property: MemoryPackOrder(1)] string Username,
 	[property: MemoryPackOrder(2)] string Password
-) : IMessageToController, ICanReply<Result<CreateUserResult, UserActionFailure>>;
+) : IMessageToController, ICanReply<CreateUserResult>;

Common/Phantom.Common.Messages.Web/ToController/DeleteUserMessage.cs

@@ -1,6 +1,4 @@
-using System.Collections.Immutable;
+using MemoryPack;
-using MemoryPack;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.Users;
 using Phantom.Utils.Actor;
 
@@ -8,6 +6,6 @@ namespace Phantom.Common.Messages.Web.ToController;
 
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record DeleteUserMessage(
-	[property: MemoryPackOrder(0)] ImmutableArray<byte> AuthToken,
+	[property: MemoryPackOrder(0)] Guid LoggedInUserGuid,
 	[property: MemoryPackOrder(1)] Guid SubjectUserGuid
-) : IMessageToController, ICanReply<Result<DeleteUserResult, UserActionFailure>>;
+) : IMessageToController, ICanReply<DeleteUserResult>;

Common/Phantom.Common.Messages.Web/ToController/GetAuditLogMessage.cs

@@ -1,14 +1,11 @@
 using System.Collections.Immutable;
 using MemoryPack;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.AuditLog;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Utils.Actor;
 
 namespace Phantom.Common.Messages.Web.ToController;
 
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record GetAuditLogMessage(
-	[property: MemoryPackOrder(0)] ImmutableArray<byte> AuthToken,
+	[property: MemoryPackOrder(0)] int Count
-	[property: MemoryPackOrder(1)] int Count
+) : IMessageToController, ICanReply<ImmutableArray<AuditLogItem>>;
-) : IMessageToController, ICanReply<Result<ImmutableArray<AuditLogItem>, UserActionFailure>>;

Common/Phantom.Common.Messages.Web/ToController/GetAuthenticatedUser.cs

@@ -9,5 +9,5 @@ namespace Phantom.Common.Messages.Web.ToController;
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record GetAuthenticatedUser(
 	[property: MemoryPackOrder(0)] Guid UserGuid,
-	[property: MemoryPackOrder(1)] ImmutableArray<byte> AuthToken
+	[property: MemoryPackOrder(1)] ImmutableArray<byte> SessionToken
 ) : IMessageToController, ICanReply<Optional<AuthenticatedUserInfo>>;

Common/Phantom.Common.Messages.Web/ToController/GetEventLogMessage.cs

@@ -1,14 +1,11 @@
 using System.Collections.Immutable;
 using MemoryPack;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.EventLog;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Utils.Actor;
 
 namespace Phantom.Common.Messages.Web.ToController;
 
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record GetEventLogMessage(
-	[property: MemoryPackOrder(0)] ImmutableArray<byte> AuthToken,
+	[property: MemoryPackOrder(0)] int Count
-	[property: MemoryPackOrder(1)] int Count
+) : IMessageToController, ICanReply<ImmutableArray<EventLogItem>>;
-) : IMessageToController, ICanReply<Result<ImmutableArray<EventLogItem>, UserActionFailure>>;

Common/Phantom.Common.Messages.Web/ToController/LaunchInstanceMessage.cs

@@ -1,15 +1,13 @@
-using System.Collections.Immutable;
+using MemoryPack;
-using MemoryPack;
 using Phantom.Common.Data;
 using Phantom.Common.Data.Replies;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Utils.Actor;
 
 namespace Phantom.Common.Messages.Web.ToController; 
 
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record LaunchInstanceMessage(
-	[property: MemoryPackOrder(0)] ImmutableArray<byte> AuthToken,
+	[property: MemoryPackOrder(0)] Guid LoggedInUserGuid,
 	[property: MemoryPackOrder(1)] Guid AgentGuid,
 	[property: MemoryPackOrder(2)] Guid InstanceGuid
-) : IMessageToController, ICanReply<Result<LaunchInstanceResult, UserInstanceActionFailure>>;
+) : IMessageToController, ICanReply<Result<LaunchInstanceResult, InstanceActionFailure>>;

Common/Phantom.Common.Messages.Web/ToController/SendCommandToInstanceMessage.cs

@@ -1,16 +1,14 @@
-using System.Collections.Immutable;
+using MemoryPack;
-using MemoryPack;
 using Phantom.Common.Data;
 using Phantom.Common.Data.Replies;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Utils.Actor;
 
 namespace Phantom.Common.Messages.Web.ToController; 
 
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record SendCommandToInstanceMessage(
-	[property: MemoryPackOrder(0)] ImmutableArray<byte> AuthToken,
+	[property: MemoryPackOrder(0)] Guid LoggedInUserGuid,
 	[property: MemoryPackOrder(1)] Guid AgentGuid,
 	[property: MemoryPackOrder(2)] Guid InstanceGuid,
 	[property: MemoryPackOrder(3)] string Command
-) : IMessageToController, ICanReply<Result<SendCommandToInstanceResult, UserInstanceActionFailure>>;
+) : IMessageToController, ICanReply<Result<SendCommandToInstanceResult, InstanceActionFailure>>;

Common/Phantom.Common.Messages.Web/ToController/StopInstanceMessage.cs

@@ -1,17 +1,15 @@
-using System.Collections.Immutable;
+using MemoryPack;
-using MemoryPack;
 using Phantom.Common.Data;
 using Phantom.Common.Data.Minecraft;
 using Phantom.Common.Data.Replies;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Utils.Actor;
 
 namespace Phantom.Common.Messages.Web.ToController; 
 
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record StopInstanceMessage(
-	[property: MemoryPackOrder(0)] ImmutableArray<byte> AuthToken,
+	[property: MemoryPackOrder(0)] Guid LoggedInUserGuid,
 	[property: MemoryPackOrder(1)] Guid AgentGuid,
 	[property: MemoryPackOrder(2)] Guid InstanceGuid,
 	[property: MemoryPackOrder(3)] MinecraftStopStrategy StopStrategy
-) : IMessageToController, ICanReply<Result<StopInstanceResult, UserInstanceActionFailure>>;
+) : IMessageToController, ICanReply<Result<StopInstanceResult, InstanceActionFailure>>;

Common/Phantom.Common.Messages.Web/ToWeb/RefreshUserSessionMessage.cs

@@ -1,8 +0,0 @@
-using MemoryPack;
-
-namespace Phantom.Common.Messages.Web.ToWeb; 
-
-[MemoryPackable(GenerateType.VersionTolerant)]
-public sealed partial record RefreshUserSessionMessage(
-	[property: MemoryPackOrder(0)] Guid UserGuid
-) : IMessageToWeb;

Common/Phantom.Common.Messages.Web/WebMessageRegistries.cs

@@ -28,27 +28,26 @@ public static class WebMessageRegistries {
 		ToController.Add<LogOutMessage>(3);
 		ToController.Add<GetAuthenticatedUser, Optional<AuthenticatedUserInfo>>(4);
 		ToController.Add<CreateOrUpdateAdministratorUserMessage, CreateOrUpdateAdministratorUserResult>(5);
-		ToController.Add<CreateUserMessage, Result<CreateUserResult, UserActionFailure>>(6);
+		ToController.Add<CreateUserMessage, CreateUserResult>(6);
-		ToController.Add<DeleteUserMessage, Result<DeleteUserResult, UserActionFailure>>(7);
+		ToController.Add<DeleteUserMessage, DeleteUserResult>(7);
 		ToController.Add<GetUsersMessage, ImmutableArray<UserInfo>>(8);
 		ToController.Add<GetRolesMessage, ImmutableArray<RoleInfo>>(9);
 		ToController.Add<GetUserRolesMessage, ImmutableDictionary<Guid, ImmutableArray<Guid>>>(10);
-		ToController.Add<ChangeUserRolesMessage, Result<ChangeUserRolesResult, UserActionFailure>>(11);
+		ToController.Add<ChangeUserRolesMessage, ChangeUserRolesResult>(11);
-		ToController.Add<CreateOrUpdateInstanceMessage, Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(12);
+		ToController.Add<CreateOrUpdateInstanceMessage, Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>(12);
-		ToController.Add<LaunchInstanceMessage, Result<LaunchInstanceResult, UserInstanceActionFailure>>(13);
+		ToController.Add<LaunchInstanceMessage, Result<LaunchInstanceResult, InstanceActionFailure>>(13);
-		ToController.Add<StopInstanceMessage, Result<StopInstanceResult, UserInstanceActionFailure>>(14);
+		ToController.Add<StopInstanceMessage, Result<StopInstanceResult, InstanceActionFailure>>(14);
-		ToController.Add<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, UserInstanceActionFailure>>(15);
+		ToController.Add<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, InstanceActionFailure>>(15);
 		ToController.Add<GetMinecraftVersionsMessage, ImmutableArray<MinecraftVersion>>(16);
 		ToController.Add<GetAgentJavaRuntimesMessage, ImmutableDictionary<Guid, ImmutableArray<TaggedJavaRuntime>>>(17);
-		ToController.Add<GetAuditLogMessage, Result<ImmutableArray<AuditLogItem>, UserActionFailure>>(18);
+		ToController.Add<GetAuditLogMessage, ImmutableArray<AuditLogItem>>(18);
-		ToController.Add<GetEventLogMessage, Result<ImmutableArray<EventLogItem>, UserActionFailure>>(19);
+		ToController.Add<GetEventLogMessage, ImmutableArray<EventLogItem>>(19);
 		ToController.Add<ReplyMessage>(127);
 		
 		ToWeb.Add<RegisterWebResultMessage>(0);
 		ToWeb.Add<RefreshAgentsMessage>(1);
 		ToWeb.Add<RefreshInstancesMessage>(2);
 		ToWeb.Add<InstanceOutputMessage>(3);
-		ToWeb.Add<RefreshUserSessionMessage>(4);
 		ToWeb.Add<ReplyMessage>(127);
 	}
 

Controller/Phantom.Controller.Database/Repositories/PermissionRepository.cs

@@ -1,26 +0,0 @@
-using Microsoft.EntityFrameworkCore;
-using Phantom.Common.Data.Web.Users;
-using Phantom.Controller.Database.Entities;
-using Phantom.Utils.Collections;
-
-namespace Phantom.Controller.Database.Repositories;
-
-public sealed class PermissionRepository {
-	private readonly ILazyDbContext db;
-
-	public PermissionRepository(ILazyDbContext db) {
-		this.db = db;
-	}
-
-	public async Task<PermissionSet> GetAllUserPermissions(UserEntity user) {
-		var userPermissions = db.Ctx.UserPermissions
-		                        .Where(up => up.UserGuid == user.UserGuid)
-		                        .Select(static up => up.PermissionId);
-
-		var rolePermissions = db.Ctx.UserRoles
-		                        .Where(ur => ur.UserGuid == user.UserGuid)
-		                        .Join(db.Ctx.RolePermissions, static ur => ur.RoleGuid, static rp => rp.RoleGuid, static (ur, rp) => rp.PermissionId);
-
-		return new PermissionSet(await userPermissions.Union(rolePermissions).AsAsyncEnumerable().ToImmutableSetAsync());
-	}
-}

Controller/Phantom.Controller.Services/Agents/AgentActor.cs

@@ -10,14 +10,12 @@ using Phantom.Common.Data.Replies;
 using Phantom.Common.Data.Web.Agent;
 using Phantom.Common.Data.Web.Instance;
 using Phantom.Common.Data.Web.Minecraft;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Common.Messages.Agent;
 using Phantom.Common.Messages.Agent.ToAgent;
 using Phantom.Controller.Database;
 using Phantom.Controller.Database.Entities;
 using Phantom.Controller.Minecraft;
 using Phantom.Controller.Services.Instances;
-using Phantom.Controller.Services.Users.Sessions;
 using Phantom.Utils.Actor;
 using Phantom.Utils.Actor.Mailbox;
 using Phantom.Utils.Actor.Tasks;
@@ -34,7 +32,7 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 	private static readonly TimeSpan DisconnectionRecheckInterval = TimeSpan.FromSeconds(5);
 	private static readonly TimeSpan DisconnectionThreshold = TimeSpan.FromSeconds(12);
 
-	public readonly record struct Init(Guid AgentGuid, AgentConfiguration AgentConfiguration, ControllerState ControllerState, MinecraftVersions MinecraftVersions, UserLoginManager UserLoginManager, IDbContextProvider DbProvider, CancellationToken CancellationToken);
+	public readonly record struct Init(Guid AgentGuid, AgentConfiguration AgentConfiguration, ControllerState ControllerState, MinecraftVersions MinecraftVersions, IDbContextProvider DbProvider, CancellationToken CancellationToken);
 	
 	public static Props<ICommand> Factory(Init init) {
 		return Props<ICommand>.Create(() => new AgentActor(init), new ActorConfiguration { SupervisorStrategy = SupervisorStrategies.Resume, MailboxType = UnboundedJumpAheadMailbox.Name });
@@ -42,7 +40,6 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 
 	private readonly ControllerState controllerState;
 	private readonly MinecraftVersions minecraftVersions;
-	private readonly UserLoginManager userLoginManager;
 	private readonly IDbContextProvider dbProvider;
 	private readonly CancellationToken cancellationToken;
 	
@@ -79,7 +76,6 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 	private AgentActor(Init init) {
 		this.controllerState = init.ControllerState;
 		this.minecraftVersions = init.MinecraftVersions;
-		this.userLoginManager = init.UserLoginManager;
 		this.dbProvider = init.DbProvider;
 		this.cancellationToken = init.CancellationToken;
 		
@@ -98,11 +94,11 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 		Receive<NotifyIsAliveCommand>(NotifyIsAlive);
 		Receive<UpdateStatsCommand>(UpdateStats);
 		Receive<UpdateJavaRuntimesCommand>(UpdateJavaRuntimes);
-		ReceiveAndReplyLater<CreateOrUpdateInstanceCommand, Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(CreateOrUpdateInstance);
+		ReceiveAndReplyLater<CreateOrUpdateInstanceCommand, Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>(CreateOrUpdateInstance);
 		Receive<UpdateInstanceStatusCommand>(UpdateInstanceStatus);
-		ReceiveAndReplyLater<LaunchInstanceCommand, Result<LaunchInstanceResult, UserInstanceActionFailure>>(LaunchInstance);
+		ReceiveAndReplyLater<LaunchInstanceCommand, Result<LaunchInstanceResult, InstanceActionFailure>>(LaunchInstance);
-		ReceiveAndReplyLater<StopInstanceCommand, Result<StopInstanceResult, UserInstanceActionFailure>>(StopInstance);
+		ReceiveAndReplyLater<StopInstanceCommand, Result<StopInstanceResult, InstanceActionFailure>>(StopInstance);
-		ReceiveAndReplyLater<SendCommandToInstanceCommand, Result<SendCommandToInstanceResult, UserInstanceActionFailure>>(SendMinecraftCommand);
+		ReceiveAndReplyLater<SendCommandToInstanceCommand, Result<SendCommandToInstanceResult, InstanceActionFailure>>(SendMinecraftCommand);
 		Receive<ReceiveInstanceDataCommand>(ReceiveInstanceData);
 	}
 
@@ -150,21 +146,13 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 		}
 	}
 
-	private async Task<Result<TReply, UserInstanceActionFailure>> RequestInstance<TCommand, TReply>(ImmutableArray<byte> authToken, Guid instanceGuid, Func<Guid, TCommand> commandFactoryFromLoggedInUserGuid) where TCommand : InstanceActor.ICommand, ICanReply<Result<TReply, InstanceActionFailure>> {
+	private Task<Result<TReply, InstanceActionFailure>> RequestInstance<TCommand, TReply>(Guid instanceGuid, TCommand command) where TCommand : InstanceActor.ICommand, ICanReply<Result<TReply, InstanceActionFailure>> {
-		var loggedInUser = userLoginManager.GetLoggedInUser(authToken);
-		if (!loggedInUser.CheckPermission(Permission.ControlInstances)) {
-			return (UserInstanceActionFailure) UserActionFailure.NotAuthorized;
-		}
-		
-		var command = commandFactoryFromLoggedInUserGuid(loggedInUser.Guid!.Value);
-		
 		if (instanceActorByGuid.TryGetValue(instanceGuid, out var instance)) {
-			var result = await instance.Request(command, cancellationToken);
+			return instance.Request(command, cancellationToken);
-			return result.MapError(static error => (UserInstanceActionFailure) error);
 		}
 		else {
 			Logger.Warning("Could not deliver command {CommandType} to instance {InstanceGuid}, instance not found.", command.GetType().Name, instanceGuid);
-			return (UserInstanceActionFailure) InstanceActionFailure.InstanceDoesNotExist;
+			return Task.FromResult<Result<TReply, InstanceActionFailure>>(InstanceActionFailure.InstanceDoesNotExist);
 		}
 	}
 
@@ -195,15 +183,15 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 	
 	public sealed record UpdateJavaRuntimesCommand(ImmutableArray<TaggedJavaRuntime> JavaRuntimes) : ICommand;
 	
-	public sealed record CreateOrUpdateInstanceCommand(ImmutableArray<byte> AuthToken, Guid InstanceGuid, InstanceConfiguration Configuration) : ICommand, ICanReply<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>;
+	public sealed record CreateOrUpdateInstanceCommand(Guid AuditLogUserGuid, Guid InstanceGuid, InstanceConfiguration Configuration) : ICommand, ICanReply<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>;
 	
 	public sealed record UpdateInstanceStatusCommand(Guid InstanceGuid, IInstanceStatus Status) : ICommand;
 
-	public sealed record LaunchInstanceCommand(ImmutableArray<byte> AuthToken, Guid InstanceGuid) : ICommand, ICanReply<Result<LaunchInstanceResult, UserInstanceActionFailure>>;
+	public sealed record LaunchInstanceCommand(Guid InstanceGuid, Guid AuditLogUserGuid) : ICommand, ICanReply<Result<LaunchInstanceResult, InstanceActionFailure>>;
 	
-	public sealed record StopInstanceCommand(ImmutableArray<byte> AuthToken, Guid InstanceGuid, MinecraftStopStrategy StopStrategy) : ICommand, ICanReply<Result<StopInstanceResult, UserInstanceActionFailure>>;
+	public sealed record StopInstanceCommand(Guid InstanceGuid, Guid AuditLogUserGuid, MinecraftStopStrategy StopStrategy) : ICommand, ICanReply<Result<StopInstanceResult, InstanceActionFailure>>;
 	
-	public sealed record SendCommandToInstanceCommand(ImmutableArray<byte> AuthToken, Guid InstanceGuid, string Command) : ICommand, ICanReply<Result<SendCommandToInstanceResult, UserInstanceActionFailure>>;
+	public sealed record SendCommandToInstanceCommand(Guid InstanceGuid, Guid AuditLogUserGuid, string Command) : ICommand, ICanReply<Result<SendCommandToInstanceResult, InstanceActionFailure>>;
 	
 	public sealed record ReceiveInstanceDataCommand(Instance Instance) : ICommand, IJumpAhead;
 
@@ -292,30 +280,25 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 		controllerState.UpdateAgentJavaRuntimes(agentGuid, javaRuntimes);
 	}
 	
-	private Task<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>> CreateOrUpdateInstance(CreateOrUpdateInstanceCommand command) {
+	private Task<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>> CreateOrUpdateInstance(CreateOrUpdateInstanceCommand command) {
-		var loggedInUser = userLoginManager.GetLoggedInUser(command.AuthToken);
-		if (!loggedInUser.CheckPermission(Permission.CreateInstances)) {
-			return Task.FromResult<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>((UserInstanceActionFailure) UserActionFailure.NotAuthorized);
-		}
-		
 		var instanceConfiguration = command.Configuration;
 
 		if (string.IsNullOrWhiteSpace(instanceConfiguration.InstanceName)) {
-			return Task.FromResult<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(CreateOrUpdateInstanceResult.InstanceNameMustNotBeEmpty);
+			return Task.FromResult<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>(CreateOrUpdateInstanceResult.InstanceNameMustNotBeEmpty);
 		}
 		
 		if (instanceConfiguration.MemoryAllocation <= RamAllocationUnits.Zero) {
-			return Task.FromResult<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(CreateOrUpdateInstanceResult.InstanceMemoryMustNotBeZero);
+			return Task.FromResult<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>(CreateOrUpdateInstanceResult.InstanceMemoryMustNotBeZero);
 		}
 		
 		return minecraftVersions.GetServerExecutableInfo(instanceConfiguration.MinecraftVersion, cancellationToken)
-		                        .ContinueOnActor(CreateOrUpdateInstance1, loggedInUser.Guid!.Value, command)
+		                        .ContinueOnActor(CreateOrUpdateInstance1, command)
 		                        .Unwrap();
 	}
 
-	private Task<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>> CreateOrUpdateInstance1(FileDownloadInfo? serverExecutableInfo, Guid loggedInUserGuid, CreateOrUpdateInstanceCommand command) {
+	private Task<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>> CreateOrUpdateInstance1(FileDownloadInfo? serverExecutableInfo, CreateOrUpdateInstanceCommand command) {
 		if (serverExecutableInfo == null) {
-			return Task.FromResult<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(CreateOrUpdateInstanceResult.MinecraftVersionDownloadInfoNotFound);
+			return Task.FromResult<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>(CreateOrUpdateInstanceResult.MinecraftVersionDownloadInfoNotFound);
 		}
 		
 		var instanceConfiguration = command.Configuration;
@@ -325,13 +308,13 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 			instanceActorRef = CreateNewInstance(Instance.Offline(command.InstanceGuid, instanceConfiguration));
 		}
 		
-		var configureInstanceCommand = new InstanceActor.ConfigureInstanceCommand(loggedInUserGuid, command.InstanceGuid, instanceConfiguration, new InstanceLaunchProperties(serverExecutableInfo), isCreatingInstance);
+		var configureInstanceCommand = new InstanceActor.ConfigureInstanceCommand(command.AuditLogUserGuid, command.InstanceGuid, instanceConfiguration, new InstanceLaunchProperties(serverExecutableInfo), isCreatingInstance);
 		
 		return instanceActorRef.Request(configureInstanceCommand, cancellationToken)
 		                       .ContinueOnActor(CreateOrUpdateInstance2, configureInstanceCommand);
 	}
 	
-	private Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure> CreateOrUpdateInstance2(Result<ConfigureInstanceResult, InstanceActionFailure> result, InstanceActor.ConfigureInstanceCommand command) {
+	private Result<CreateOrUpdateInstanceResult, InstanceActionFailure> CreateOrUpdateInstance2(Result<ConfigureInstanceResult, InstanceActionFailure> result, InstanceActor.ConfigureInstanceCommand command) {
 		var instanceGuid = command.InstanceGuid;
 		var instanceName = command.Configuration.InstanceName;
 		var isCreating = command.IsCreatingInstance;
@@ -347,7 +330,7 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 		else {
 			string action = isCreating ? "adding" : "editing";
 			string relation = isCreating ? "to agent" : "in agent";
-			string reason = result.Into(ConfigureInstanceResultExtensions.ToSentence, InstanceActionFailureExtensions.ToSentence);
+			string reason = result.Map(ConfigureInstanceResultExtensions.ToSentence, InstanceActionFailureExtensions.ToSentence);
 			
 			Logger.Information("Failed " + action + " instance \"{InstanceName}\" (GUID {InstanceGuid}) " + relation + " \"{AgentName}\". {ErrorMessage}", instanceName, instanceGuid, configuration.AgentName, reason);
 			
@@ -359,16 +342,16 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 		TellInstance(command.InstanceGuid, new InstanceActor.SetStatusCommand(command.Status));
 	}
 
-	private Task<Result<LaunchInstanceResult, UserInstanceActionFailure>> LaunchInstance(LaunchInstanceCommand command) {
+	private Task<Result<LaunchInstanceResult, InstanceActionFailure>> LaunchInstance(LaunchInstanceCommand command) {
-		return RequestInstance<InstanceActor.LaunchInstanceCommand, LaunchInstanceResult>(command.AuthToken, command.InstanceGuid, static loggedInUserGuid => new InstanceActor.LaunchInstanceCommand(loggedInUserGuid));
+		return RequestInstance<InstanceActor.LaunchInstanceCommand, LaunchInstanceResult>(command.InstanceGuid, new InstanceActor.LaunchInstanceCommand(command.AuditLogUserGuid));
 	}
 
-	private Task<Result<StopInstanceResult, UserInstanceActionFailure>> StopInstance(StopInstanceCommand command) {
+	private Task<Result<StopInstanceResult, InstanceActionFailure>> StopInstance(StopInstanceCommand command) {
-		return RequestInstance<InstanceActor.StopInstanceCommand, StopInstanceResult>(command.AuthToken, command.InstanceGuid, loggedInUserGuid => new InstanceActor.StopInstanceCommand(loggedInUserGuid, command.StopStrategy));
+		return RequestInstance<InstanceActor.StopInstanceCommand, StopInstanceResult>(command.InstanceGuid, new InstanceActor.StopInstanceCommand(command.AuditLogUserGuid, command.StopStrategy));
 	}
 
-	private Task<Result<SendCommandToInstanceResult, UserInstanceActionFailure>> SendMinecraftCommand(SendCommandToInstanceCommand command) {
+	private Task<Result<SendCommandToInstanceResult, InstanceActionFailure>> SendMinecraftCommand(SendCommandToInstanceCommand command) {
-		return RequestInstance<InstanceActor.SendCommandToInstanceCommand, SendCommandToInstanceResult>(command.AuthToken, command.InstanceGuid, loggedInUserGuid => new InstanceActor.SendCommandToInstanceCommand(loggedInUserGuid, command.Command));
+		return RequestInstance<InstanceActor.SendCommandToInstanceCommand, SendCommandToInstanceResult>(command.InstanceGuid, new InstanceActor.SendCommandToInstanceCommand(command.AuditLogUserGuid, command.Command));
 	}
 
 	private void ReceiveInstanceData(ReceiveInstanceDataCommand command) {

Controller/Phantom.Controller.Services/Agents/AgentManager.cs

@@ -4,12 +4,10 @@ using Phantom.Common.Data;
 using Phantom.Common.Data.Agent;
 using Phantom.Common.Data.Replies;
 using Phantom.Common.Data.Web.Agent;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Common.Messages.Agent;
 using Phantom.Common.Messages.Agent.ToAgent;
 using Phantom.Controller.Database;
 using Phantom.Controller.Minecraft;
-using Phantom.Controller.Services.Users.Sessions;
 using Phantom.Utils.Actor;
 using Phantom.Utils.Logging;
 using Phantom.Utils.Rpc.Runtime;
@@ -24,19 +22,17 @@ sealed class AgentManager {
 	private readonly AuthToken authToken;
 	private readonly ControllerState controllerState;
 	private readonly MinecraftVersions minecraftVersions;
-	private readonly UserLoginManager userLoginManager;
 	private readonly IDbContextProvider dbProvider;
 	private readonly CancellationToken cancellationToken;
 	
 	private readonly ConcurrentDictionary<Guid, ActorRef<AgentActor.ICommand>> agentsByGuid = new ();
 	private readonly Func<Guid, AgentConfiguration, ActorRef<AgentActor.ICommand>> addAgentActorFactory;
 	
-	public AgentManager(IActorRefFactory actorSystem, AuthToken authToken, ControllerState controllerState, MinecraftVersions minecraftVersions, UserLoginManager userLoginManager, IDbContextProvider dbProvider, CancellationToken cancellationToken) {
+	public AgentManager(IActorRefFactory actorSystem, AuthToken authToken, ControllerState controllerState, MinecraftVersions minecraftVersions, IDbContextProvider dbProvider, CancellationToken cancellationToken) {
 		this.actorSystem = actorSystem;
 		this.authToken = authToken;
 		this.controllerState = controllerState;
 		this.minecraftVersions = minecraftVersions;
-		this.userLoginManager = userLoginManager;
 		this.dbProvider = dbProvider;
 		this.cancellationToken = cancellationToken;
 		
@@ -44,7 +40,7 @@ sealed class AgentManager {
 	}
 
 	private ActorRef<AgentActor.ICommand> CreateAgentActor(Guid agentGuid, AgentConfiguration agentConfiguration) {
-		var init = new AgentActor.Init(agentGuid, agentConfiguration, controllerState, minecraftVersions, userLoginManager, dbProvider, cancellationToken);
+		var init = new AgentActor.Init(agentGuid, agentConfiguration, controllerState, minecraftVersions, dbProvider, cancellationToken);
 		var name = "Agent:" + agentGuid;
 		return actorSystem.ActorOf(AgentActor.Factory(init), name);
 	}
@@ -87,7 +83,7 @@ sealed class AgentManager {
 		}
 	}
 
-	public async Task<Result<TReply, UserInstanceActionFailure>> DoInstanceAction<TCommand, TReply>(Guid agentGuid, TCommand command) where TCommand : class, AgentActor.ICommand, ICanReply<Result<TReply, UserInstanceActionFailure>> {
+	public async Task<Result<TReply, InstanceActionFailure>> DoInstanceAction<TCommand, TReply>(Guid agentGuid, TCommand command) where TCommand : class, AgentActor.ICommand, ICanReply<Result<TReply, InstanceActionFailure>> {
-		return agentsByGuid.TryGetValue(agentGuid, out var agent) ? await agent.Request(command, cancellationToken) : (UserInstanceActionFailure) InstanceActionFailure.AgentDoesNotExist;
+		return agentsByGuid.TryGetValue(agentGuid, out var agent) ? await agent.Request(command, cancellationToken) : InstanceActionFailure.AgentDoesNotExist;
 	}
 }

Controller/Phantom.Controller.Services/ControllerServices.cs

@@ -11,7 +11,6 @@ using Phantom.Controller.Services.Events;
 using Phantom.Controller.Services.Instances;
 using Phantom.Controller.Services.Rpc;
 using Phantom.Controller.Services.Users;
-using Phantom.Controller.Services.Users.Sessions;
 using Phantom.Utils.Actor;
 using Phantom.Utils.Rpc.Runtime;
 using IMessageFromAgentToController = Phantom.Common.Messages.Agent.IMessageToController;
@@ -25,19 +24,18 @@ public sealed class ControllerServices : IDisposable {
 	private ControllerState ControllerState { get; }
 	private MinecraftVersions MinecraftVersions { get; }
 
-	private AuthenticatedUserCache AuthenticatedUserCache { get; }
-	private UserManager UserManager { get; }
-	private RoleManager RoleManager { get; }
-	private UserRoleManager UserRoleManager { get; }
-	private UserLoginManager UserLoginManager { get; }
-	private PermissionManager PermissionManager { get; }
-
 	private AgentManager AgentManager { get; }
 	private InstanceLogManager InstanceLogManager { get; }
-	
-	private AuditLogManager AuditLogManager { get; }
 	private EventLogManager EventLogManager { get; }
 
+	private UserManager UserManager { get; }
+	private RoleManager RoleManager { get; }
+	private PermissionManager PermissionManager { get; }
+
+	private UserRoleManager UserRoleManager { get; }
+	private UserLoginManager UserLoginManager { get; }
+	private AuditLogManager AuditLogManager { get; }
+
 	public IRegistrationHandler<IMessageToAgent, IMessageFromAgentToController, RegisterAgentMessage> AgentRegistrationHandler { get; }
 	public IRegistrationHandler<IMessageToWeb, IMessageFromWebToController, RegisterWebMessage> WebRegistrationHandler { get; }
 
@@ -53,16 +51,15 @@ public sealed class ControllerServices : IDisposable {
 		this.ControllerState = new ControllerState();
 		this.MinecraftVersions = new MinecraftVersions();
 		
-		this.AuthenticatedUserCache = new AuthenticatedUserCache();
+		this.AgentManager = new AgentManager(ActorSystem, agentAuthToken, ControllerState, MinecraftVersions, dbProvider, cancellationToken);
-		this.UserManager = new UserManager(AuthenticatedUserCache, ControllerState, dbProvider);
-		this.RoleManager = new RoleManager(dbProvider);
-		this.UserRoleManager = new UserRoleManager(AuthenticatedUserCache, ControllerState, dbProvider);
-		this.UserLoginManager = new UserLoginManager(AuthenticatedUserCache, UserManager, dbProvider);
-		this.PermissionManager = new PermissionManager(dbProvider);
-		
-		this.AgentManager = new AgentManager(ActorSystem, agentAuthToken, ControllerState, MinecraftVersions, UserLoginManager, dbProvider, cancellationToken);
 		this.InstanceLogManager = new InstanceLogManager();
 		
+		this.UserManager = new UserManager(dbProvider);
+		this.RoleManager = new RoleManager(dbProvider);
+		this.PermissionManager = new PermissionManager(dbProvider);
+
+		this.UserRoleManager = new UserRoleManager(dbProvider);
+		this.UserLoginManager = new UserLoginManager(UserManager, PermissionManager, dbProvider);
 		this.AuditLogManager = new AuditLogManager(dbProvider);
 		this.EventLogManager = new EventLogManager(ActorSystem, dbProvider, shutdownCancellationToken);
 		

Controller/Phantom.Controller.Services/ControllerState.cs

@@ -19,8 +19,6 @@ sealed class ControllerState {
 	public ObservableState<ImmutableDictionary<Guid, ImmutableArray<TaggedJavaRuntime>>>.Receiver AgentJavaRuntimesByGuidReceiver => agentJavaRuntimesByGuid.ReceiverSide;
 	public ObservableState<ImmutableDictionary<Guid, Instance>>.Receiver InstancesByGuidReceiver => instancesByGuid.ReceiverSide;
 	
-	public event EventHandler<Guid>? UserUpdatedOrDeleted;
-
 	public void UpdateAgent(Agent agent) {
 		agentsByGuid.PublisherSide.Publish(static (agentsByGuid, agent) => agentsByGuid.SetItem(agent.AgentGuid, agent), agent);
 	}
@@ -32,8 +30,4 @@ sealed class ControllerState {
 	public void UpdateInstance(Instance instance) {
 		instancesByGuid.PublisherSide.Publish(static (instancesByGuid, instance) => instancesByGuid.SetItem(instance.InstanceGuid, instance), instance);
 	}
-
-	public void UpdateOrDeleteUser(Guid userGuid) {
-		UserUpdatedOrDeleted?.Invoke(null, userGuid);
-	}
 }

Controller/Phantom.Controller.Services/Events/EventLogManager.cs

@@ -1,11 +1,8 @@
 using System.Collections.Immutable;
 using Akka.Actor;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.EventLog;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Controller.Database;
 using Phantom.Controller.Database.Repositories;
-using Phantom.Controller.Services.Users.Sessions;
 using Phantom.Utils.Actor;
 
 namespace Phantom.Controller.Services.Events; 
@@ -25,11 +22,7 @@ sealed partial class EventLogManager {
 		databaseStorageActor.Tell(new EventLogDatabaseStorageActor.StoreEventCommand(eventGuid, utcTime, agentGuid, eventType, subjectId, extra));
 	}
 	
-	public async Task<Result<ImmutableArray<EventLogItem>, UserActionFailure>> GetMostRecentItems(LoggedInUser loggedInUser, int count) {
+	public async Task<ImmutableArray<EventLogItem>> GetMostRecentItems(int count) {
-		if (!loggedInUser.CheckPermission(Permission.ViewEvents)) {
-			return UserActionFailure.NotAuthorized;
-		}
-		
 		await using var db = dbProvider.Lazy();
 		return await new EventLogRepository(db).GetMostRecentItems(count, cancellationToken);
 	}

Controller/Phantom.Controller.Services/Rpc/WebMessageDataUpdateSenderActor.cs

@@ -30,31 +30,22 @@ sealed class WebMessageDataUpdateSenderActor : ReceiveActor<WebMessageDataUpdate
 		ReceiveAsync<RefreshAgentsCommand>(RefreshAgents);
 		ReceiveAsync<RefreshInstancesCommand>(RefreshInstances);
 		ReceiveAsync<ReceiveInstanceLogsCommand>(ReceiveInstanceLogs);
-		ReceiveAsync<RefreshUserSessionCommand>(RefreshUserSession);
 	}
 
 	protected override void PreStart() {
 		controllerState.AgentsByGuidReceiver.Register(SelfTyped, static state => new RefreshAgentsCommand(state));
 		controllerState.InstancesByGuidReceiver.Register(SelfTyped, static state => new RefreshInstancesCommand(state));
 
-		controllerState.UserUpdatedOrDeleted += OnUserUpdatedOrDeleted;
-		
 		instanceLogManager.LogsReceived += OnInstanceLogsReceived;
 	}
 
 	protected override void PostStop() {
 		instanceLogManager.LogsReceived -= OnInstanceLogsReceived;
 
-		controllerState.UserUpdatedOrDeleted -= OnUserUpdatedOrDeleted;
-
 		controllerState.AgentsByGuidReceiver.Unregister(SelfTyped);
 		controllerState.InstancesByGuidReceiver.Unregister(SelfTyped);
 	}
 
-	private void OnUserUpdatedOrDeleted(object? sender, Guid userGuid) {
-		selfCached.Tell(new RefreshUserSessionCommand(userGuid));
-	}
-	
 	private void OnInstanceLogsReceived(object? sender, InstanceLogManager.Event e) {
 		selfCached.Tell(new ReceiveInstanceLogsCommand(e.InstanceGuid, e.Lines));
 	}
@@ -67,8 +58,6 @@ sealed class WebMessageDataUpdateSenderActor : ReceiveActor<WebMessageDataUpdate
 	
 	private sealed record ReceiveInstanceLogsCommand(Guid InstanceGuid, ImmutableArray<string> Lines) : ICommand;
 
-	private sealed record RefreshUserSessionCommand(Guid UserGuid) : ICommand;
-
 	private Task RefreshAgents(RefreshAgentsCommand command) {
 		return connection.Send(new RefreshAgentsMessage(command.Agents.Values.ToImmutableArray()));
 	}
@@ -80,8 +69,4 @@ sealed class WebMessageDataUpdateSenderActor : ReceiveActor<WebMessageDataUpdate
 	private Task ReceiveInstanceLogs(ReceiveInstanceLogsCommand command) {
 		return connection.Send(new InstanceOutputMessage(command.InstanceGuid, command.Lines));
 	}
-	
-	private Task RefreshUserSession(RefreshUserSessionCommand command) {
-		return connection.Send(new RefreshUserSessionMessage(command.UserGuid));
-	}
 }

Controller/Phantom.Controller.Services/Rpc/WebMessageHandlerActor.cs

@@ -15,7 +15,6 @@ using Phantom.Controller.Services.Agents;
 using Phantom.Controller.Services.Events;
 using Phantom.Controller.Services.Instances;
 using Phantom.Controller.Services.Users;
-using Phantom.Controller.Services.Users.Sessions;
 using Phantom.Utils.Actor;
 using Phantom.Utils.Rpc.Runtime;
 
@@ -75,20 +74,20 @@ sealed class WebMessageHandlerActor : ReceiveActor<IMessageToController> {
 		Receive<LogOutMessage>(HandleLogOut);
 		ReceiveAndReply<GetAuthenticatedUser, Optional<AuthenticatedUserInfo>>(GetAuthenticatedUser);
 		ReceiveAndReplyLater<CreateOrUpdateAdministratorUserMessage, CreateOrUpdateAdministratorUserResult>(HandleCreateOrUpdateAdministratorUser);
-		ReceiveAndReplyLater<CreateUserMessage, Result<CreateUserResult, UserActionFailure>>(HandleCreateUser);
+		ReceiveAndReplyLater<CreateUserMessage, CreateUserResult>(HandleCreateUser);
 		ReceiveAndReplyLater<GetUsersMessage, ImmutableArray<UserInfo>>(HandleGetUsers);
 		ReceiveAndReplyLater<GetRolesMessage, ImmutableArray<RoleInfo>>(HandleGetRoles);
 		ReceiveAndReplyLater<GetUserRolesMessage, ImmutableDictionary<Guid, ImmutableArray<Guid>>>(HandleGetUserRoles);
-		ReceiveAndReplyLater<ChangeUserRolesMessage, Result<ChangeUserRolesResult, UserActionFailure>>(HandleChangeUserRoles);
+		ReceiveAndReplyLater<ChangeUserRolesMessage, ChangeUserRolesResult>(HandleChangeUserRoles);
-		ReceiveAndReplyLater<DeleteUserMessage, Result<DeleteUserResult, UserActionFailure>>(HandleDeleteUser);
+		ReceiveAndReplyLater<DeleteUserMessage, DeleteUserResult>(HandleDeleteUser);
-		ReceiveAndReplyLater<CreateOrUpdateInstanceMessage, Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(HandleCreateOrUpdateInstance);
+		ReceiveAndReplyLater<CreateOrUpdateInstanceMessage, Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>(HandleCreateOrUpdateInstance);
-		ReceiveAndReplyLater<LaunchInstanceMessage, Result<LaunchInstanceResult, UserInstanceActionFailure>>(HandleLaunchInstance);
+		ReceiveAndReplyLater<LaunchInstanceMessage, Result<LaunchInstanceResult, InstanceActionFailure>>(HandleLaunchInstance);
-		ReceiveAndReplyLater<StopInstanceMessage, Result<StopInstanceResult, UserInstanceActionFailure>>(HandleStopInstance);
+		ReceiveAndReplyLater<StopInstanceMessage, Result<StopInstanceResult, InstanceActionFailure>>(HandleStopInstance);
-		ReceiveAndReplyLater<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, UserInstanceActionFailure>>(HandleSendCommandToInstance);
+		ReceiveAndReplyLater<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, InstanceActionFailure>>(HandleSendCommandToInstance);
 		ReceiveAndReplyLater<GetMinecraftVersionsMessage, ImmutableArray<MinecraftVersion>>(HandleGetMinecraftVersions); 
 		ReceiveAndReply<GetAgentJavaRuntimesMessage, ImmutableDictionary<Guid, ImmutableArray<TaggedJavaRuntime>>>(HandleGetAgentJavaRuntimes);
-		ReceiveAndReplyLater<GetAuditLogMessage, Result<ImmutableArray<AuditLogItem>, UserActionFailure>>(HandleGetAuditLog);
+		ReceiveAndReplyLater<GetAuditLogMessage, ImmutableArray<AuditLogItem>>(HandleGetAuditLog);
-		ReceiveAndReplyLater<GetEventLogMessage, Result<ImmutableArray<EventLogItem>, UserActionFailure>>(HandleGetEventLog);
+		ReceiveAndReplyLater<GetEventLogMessage, ImmutableArray<EventLogItem>>(HandleGetEventLog);
 		Receive<ReplyMessage>(HandleReply);
 	}
 
@@ -109,15 +108,15 @@ sealed class WebMessageHandlerActor : ReceiveActor<IMessageToController> {
 	}
 
 	private Optional<AuthenticatedUserInfo> GetAuthenticatedUser(GetAuthenticatedUser message) {
-		return userLoginManager.GetAuthenticatedUser(message.UserGuid, message.AuthToken);
+		return userLoginManager.GetAuthenticatedUser(message.UserGuid, message.SessionToken);
 	}
     
 	private Task<CreateOrUpdateAdministratorUserResult> HandleCreateOrUpdateAdministratorUser(CreateOrUpdateAdministratorUserMessage message) {
 		return userManager.CreateOrUpdateAdministrator(message.Username, message.Password);
 	}
 
-	private Task<Result<CreateUserResult, UserActionFailure>> HandleCreateUser(CreateUserMessage message) {
+	private Task<CreateUserResult> HandleCreateUser(CreateUserMessage message) {
-		return userManager.Create(userLoginManager.GetLoggedInUser(message.AuthToken), message.Username, message.Password);
+		return userManager.Create(message.LoggedInUserGuid, message.Username, message.Password);
 	}
 
 	private Task<ImmutableArray<UserInfo>> HandleGetUsers(GetUsersMessage message) {
@@ -132,28 +131,28 @@ sealed class WebMessageHandlerActor : ReceiveActor<IMessageToController> {
 		return userRoleManager.GetUserRoles(message.UserGuids);
 	}
 
-	private Task<Result<ChangeUserRolesResult, UserActionFailure>> HandleChangeUserRoles(ChangeUserRolesMessage message) {
+	private Task<ChangeUserRolesResult> HandleChangeUserRoles(ChangeUserRolesMessage message) {
-		return userRoleManager.ChangeUserRoles(userLoginManager.GetLoggedInUser(message.AuthToken), message.SubjectUserGuid, message.AddToRoleGuids, message.RemoveFromRoleGuids);
+		return userRoleManager.ChangeUserRoles(message.LoggedInUserGuid, message.SubjectUserGuid, message.AddToRoleGuids, message.RemoveFromRoleGuids);
 	}
 
-	private Task<Result<DeleteUserResult, UserActionFailure>> HandleDeleteUser(DeleteUserMessage message) {
+	private Task<DeleteUserResult> HandleDeleteUser(DeleteUserMessage message) {
-		return userManager.DeleteByGuid(userLoginManager.GetLoggedInUser(message.AuthToken), message.SubjectUserGuid);
+		return userManager.DeleteByGuid(message.LoggedInUserGuid, message.SubjectUserGuid);
 	}
 
-	private Task<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>> HandleCreateOrUpdateInstance(CreateOrUpdateInstanceMessage message) {
+	private Task<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>> HandleCreateOrUpdateInstance(CreateOrUpdateInstanceMessage message) {
-		return agentManager.DoInstanceAction<AgentActor.CreateOrUpdateInstanceCommand, CreateOrUpdateInstanceResult>(message.Configuration.AgentGuid, new AgentActor.CreateOrUpdateInstanceCommand(message.AuthToken, message.InstanceGuid, message.Configuration));
+		return agentManager.DoInstanceAction<AgentActor.CreateOrUpdateInstanceCommand, CreateOrUpdateInstanceResult>(message.Configuration.AgentGuid, new AgentActor.CreateOrUpdateInstanceCommand(message.LoggedInUserGuid, message.InstanceGuid, message.Configuration));
 	}
 
-	private Task<Result<LaunchInstanceResult, UserInstanceActionFailure>> HandleLaunchInstance(LaunchInstanceMessage message) {
+	private Task<Result<LaunchInstanceResult, InstanceActionFailure>> HandleLaunchInstance(LaunchInstanceMessage message) {
-		return agentManager.DoInstanceAction<AgentActor.LaunchInstanceCommand, LaunchInstanceResult>(message.AgentGuid, new AgentActor.LaunchInstanceCommand(message.AuthToken, message.InstanceGuid));
+		return agentManager.DoInstanceAction<AgentActor.LaunchInstanceCommand, LaunchInstanceResult>(message.AgentGuid, new AgentActor.LaunchInstanceCommand(message.InstanceGuid, message.LoggedInUserGuid));
 	}
 
-	private Task<Result<StopInstanceResult, UserInstanceActionFailure>> HandleStopInstance(StopInstanceMessage message) {
+	private Task<Result<StopInstanceResult, InstanceActionFailure>> HandleStopInstance(StopInstanceMessage message) {
-		return agentManager.DoInstanceAction<AgentActor.StopInstanceCommand, StopInstanceResult>(message.AgentGuid, new AgentActor.StopInstanceCommand(message.AuthToken, message.InstanceGuid, message.StopStrategy));
+		return agentManager.DoInstanceAction<AgentActor.StopInstanceCommand, StopInstanceResult>(message.AgentGuid, new AgentActor.StopInstanceCommand(message.InstanceGuid, message.LoggedInUserGuid, message.StopStrategy));
 	}
 
-	private Task<Result<SendCommandToInstanceResult, UserInstanceActionFailure>> HandleSendCommandToInstance(SendCommandToInstanceMessage message) {
+	private Task<Result<SendCommandToInstanceResult, InstanceActionFailure>> HandleSendCommandToInstance(SendCommandToInstanceMessage message) {
-		return agentManager.DoInstanceAction<AgentActor.SendCommandToInstanceCommand, SendCommandToInstanceResult>(message.AgentGuid, new AgentActor.SendCommandToInstanceCommand(message.AuthToken, message.InstanceGuid, message.Command));
+		return agentManager.DoInstanceAction<AgentActor.SendCommandToInstanceCommand, SendCommandToInstanceResult>(message.AgentGuid, new AgentActor.SendCommandToInstanceCommand(message.InstanceGuid, message.LoggedInUserGuid, message.Command));
 	}
 
 	private Task<ImmutableArray<MinecraftVersion>> HandleGetMinecraftVersions(GetMinecraftVersionsMessage message) {
@@ -164,12 +163,12 @@ sealed class WebMessageHandlerActor : ReceiveActor<IMessageToController> {
 		return controllerState.AgentJavaRuntimesByGuid;
 	}
 
-	private Task<Result<ImmutableArray<AuditLogItem>, UserActionFailure>> HandleGetAuditLog(GetAuditLogMessage message) {
+	private Task<ImmutableArray<AuditLogItem>> HandleGetAuditLog(GetAuditLogMessage message) {
-		return auditLogManager.GetMostRecentItems(userLoginManager.GetLoggedInUser(message.AuthToken), message.Count);
+		return auditLogManager.GetMostRecentItems(message.Count);
 	}
 
-	private Task<Result<ImmutableArray<EventLogItem>, UserActionFailure>> HandleGetEventLog(GetEventLogMessage message) {
+	private Task<ImmutableArray<EventLogItem>> HandleGetEventLog(GetEventLogMessage message) {
-		return eventLogManager.GetMostRecentItems(userLoginManager.GetLoggedInUser(message.AuthToken), message.Count);
+		return eventLogManager.GetMostRecentItems(message.Count);
 	}
 
 	private void HandleReply(ReplyMessage message) {

Controller/Phantom.Controller.Services/Rpc/WebRegistrationHandler.cs

@@ -7,7 +7,6 @@ using Phantom.Controller.Services.Agents;
 using Phantom.Controller.Services.Events;
 using Phantom.Controller.Services.Instances;
 using Phantom.Controller.Services.Users;
-using Phantom.Controller.Services.Users.Sessions;
 using Phantom.Utils.Actor;
 using Phantom.Utils.Logging;
 using Phantom.Utils.Rpc.Runtime;

Controller/Phantom.Controller.Services/Users/AuditLogManager.cs

@@ -1,10 +1,7 @@
 using System.Collections.Immutable;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.AuditLog;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Controller.Database;
 using Phantom.Controller.Database.Repositories;
-using Phantom.Controller.Services.Users.Sessions;
 
 namespace Phantom.Controller.Services.Users; 
 
@@ -15,11 +12,7 @@ sealed class AuditLogManager {
 		this.dbProvider = dbProvider;
 	}
 
-	public async Task<Result<ImmutableArray<AuditLogItem>, UserActionFailure>> GetMostRecentItems(LoggedInUser loggedInUser, int count) {
+	public async Task<ImmutableArray<AuditLogItem>> GetMostRecentItems(int count) {
-		if (!loggedInUser.CheckPermission(Permission.ViewAudit)) {
-			return UserActionFailure.NotAuthorized;
-		}
-		
 		await using var db = dbProvider.Lazy();
 		return await new AuditLogRepository(db).GetMostRecentItems(count, CancellationToken.None);
 	}

Controller/Phantom.Controller.Services/Users/PermissionManager.cs

@@ -36,6 +36,34 @@ sealed class PermissionManager {
 		}
 	}
 
+	public async Task<PermissionSet> FetchPermissionsForAllUsers(Guid userId) {
+		await using var ctx = dbProvider.Eager();
+		
+		var userPermissions = ctx.UserPermissions
+		                         .Where(up => up.UserGuid == userId)
+		                         .Select(static up => up.PermissionId);
+		
+		var rolePermissions = ctx.UserRoles
+		                         .Where(ur => ur.UserGuid == userId)
+		                         .Join(ctx.RolePermissions, static ur => ur.RoleGuid, static rp => rp.RoleGuid, static (ur, rp) => rp.PermissionId);
+		
+		return new PermissionSet(await userPermissions.Union(rolePermissions).AsAsyncEnumerable().ToImmutableSetAsync());
+	}
+	
+	public async Task<PermissionSet> FetchPermissionsForUserId(Guid userId) {
+		await using var ctx = dbProvider.Eager();
+		
+		var userPermissions = ctx.UserPermissions
+		                         .Where(up => up.UserGuid == userId)
+		                         .Select(static up => up.PermissionId);
+		
+		var rolePermissions = ctx.UserRoles
+		                         .Where(ur => ur.UserGuid == userId)
+		                         .Join(ctx.RolePermissions, static ur => ur.RoleGuid, static rp => rp.RoleGuid, static (ur, rp) => rp.PermissionId);
+		
+		return new PermissionSet(await userPermissions.Union(rolePermissions).AsAsyncEnumerable().ToImmutableSetAsync());
+	}
+
 	public static ImmutableArray<string> GetMissingPermissionsOrdered(IEnumerable<Permission> allPermissions, ImmutableHashSet<string> existingPermissionIds) {
 		return allPermissions.Select(static permission => permission.Id).Except(existingPermissionIds).Order().ToImmutableArray();
 	}

Controller/Phantom.Controller.Services/Users/Sessions/AuthenticatedUserCache.cs

@@ -1,26 +0,0 @@
-using System.Collections.Concurrent;
-using Phantom.Common.Data.Web.Users;
-using Phantom.Controller.Database;
-using Phantom.Controller.Database.Entities;
-using Phantom.Controller.Database.Repositories;
-
-namespace Phantom.Controller.Services.Users.Sessions;
-
-sealed class AuthenticatedUserCache {
-	private readonly ConcurrentDictionary<Guid, AuthenticatedUserInfo> authenticatedUsersByGuid = new ();
-
-	public bool TryGet(Guid userGuid, out AuthenticatedUserInfo? userInfo) {
-		return authenticatedUsersByGuid.TryGetValue(userGuid, out userInfo);
-	}
-
-	public async Task<AuthenticatedUserInfo?> Update(UserEntity user, ILazyDbContext db) {
-		var userGuid = user.UserGuid;
-		var userPermissions = await new PermissionRepository(db).GetAllUserPermissions(user);
-		var userInfo = new AuthenticatedUserInfo(userGuid, user.Name, userPermissions);
-		return authenticatedUsersByGuid[userGuid] = userInfo;
-	}
-	
-	public void Remove(Guid userGuid) {
-		authenticatedUsersByGuid.Remove(userGuid, out _);
-	}
-}

Controller/Phantom.Controller.Services/Users/Sessions/LoggedInUser.cs

@@ -1,11 +0,0 @@
-using Phantom.Common.Data.Web.Users;
-
-namespace Phantom.Controller.Services.Users.Sessions;
-
-readonly record struct LoggedInUser(AuthenticatedUserInfo? AuthenticatedUserInfo) {
-	public Guid? Guid => AuthenticatedUserInfo?.Guid;
-	
-	public bool CheckPermission(Permission permission) {
-		return AuthenticatedUserInfo != null && AuthenticatedUserInfo.Permissions.Check(permission);
-	}
-}

Controller/Phantom.Controller.Services/Users/Sessions/UserLoginManager.cs

@@ -1,139 +0,0 @@
-using System.Collections.Immutable;
-using System.Security.Cryptography;
-using Phantom.Common.Data.Web.Users;
-using Phantom.Controller.Database;
-using Phantom.Controller.Database.Repositories;
-
-namespace Phantom.Controller.Services.Users.Sessions;
-
-sealed class UserLoginManager {
-	private const int SessionIdBytes = 20;
-
-	private readonly AuthenticatedUserCache authenticatedUserCache;
-	private readonly UserManager userManager;
-	private readonly IDbContextProvider dbProvider;
-	
-	private readonly UserSessionBucket[] sessionBuckets = new UserSessionBucket[256];
-
-	public UserLoginManager(AuthenticatedUserCache authenticatedUserCache, UserManager userManager, IDbContextProvider dbProvider) {
-		this.authenticatedUserCache = authenticatedUserCache;
-		this.userManager = userManager;
-		this.dbProvider = dbProvider;
-
-		for (int i = 0; i < sessionBuckets.GetLength(0); i++) {
-			sessionBuckets[i] = new UserSessionBucket();
-		}
-	}
-
-	private UserSessionBucket GetSessionBucket(ImmutableArray<byte> token) {
-		return sessionBuckets[token[0]];
-	}
-
-	public async Task<LogInSuccess?> LogIn(string username, string password) {
-		Guid userGuid;
-		AuthenticatedUserInfo? authenticatedUserInfo;
-		
-		await using (var db = dbProvider.Lazy()) {
-			var userRepository = new UserRepository(db);
-
-			var user = await userRepository.GetByName(username);
-			if (user == null || !UserPasswords.Verify(password, user.PasswordHash)) {
-				return null;
-			}
-
-			authenticatedUserInfo = await authenticatedUserCache.Update(user, db);
-			if (authenticatedUserInfo == null) {
-				return null;
-			}
-
-			userGuid = user.UserGuid;
-
-			var auditLogWriter = new AuditLogRepository(db).Writer(userGuid);
-			auditLogWriter.UserLoggedIn(user);
-
-			await db.Ctx.SaveChangesAsync();
-		}
-
-		var authToken = ImmutableArray.Create(RandomNumberGenerator.GetBytes(SessionIdBytes));
-		GetSessionBucket(authToken).Add(userGuid, authToken);
-		
-		return new LogInSuccess(authenticatedUserInfo, authToken);
-	}
-
-	public async Task LogOut(Guid userGuid, ImmutableArray<byte> authToken) {
-		if (!GetSessionBucket(authToken).Remove(userGuid, authToken)) {
-			return;
-		}
-
-		await using var db = dbProvider.Lazy();
-
-		var auditLogWriter = new AuditLogRepository(db).Writer(userGuid);
-		auditLogWriter.UserLoggedOut(userGuid);
-
-		await db.Ctx.SaveChangesAsync();
-	}
-
-	public LoggedInUser GetLoggedInUser(ImmutableArray<byte> authToken) {
-		var userGuid = GetSessionBucket(authToken).FindUserGuid(authToken);
-		return userGuid != null && authenticatedUserCache.TryGet(userGuid.Value, out var userInfo) ? new LoggedInUser(userInfo) : default;
-	}
-	
-	public AuthenticatedUserInfo? GetAuthenticatedUser(Guid userGuid, ImmutableArray<byte> authToken) {
-		return authenticatedUserCache.TryGet(userGuid, out var userInfo) && GetSessionBucket(authToken).Contains(userGuid, authToken) ? userInfo : null;
-	}
-
-	private sealed class UserSessionBucket {
-		private ImmutableList<UserSession> sessions = ImmutableList<UserSession>.Empty;
-
-		public void Add(Guid userGuid, ImmutableArray<byte> authToken) {
-			lock (this) {
-				var session = new UserSession(userGuid, authToken);
-				if (!sessions.Contains(session)) {
-					sessions = sessions.Add(session);
-				}
-			}
-		}
-
-		public bool Contains(Guid userGuid, ImmutableArray<byte> authToken) {
-			lock (this) {
-				return sessions.Contains(new UserSession(userGuid, authToken));
-			}
-		}
-
-		public Guid? FindUserGuid(ImmutableArray<byte> authToken) {
-			lock (this) {
-				return sessions.Find(session => session.AuthTokenEquals(authToken))?.UserGuid;
-			}
-		}
-
-		public bool Remove(Guid userGuid, ImmutableArray<byte> authToken) {
-			lock (this) {
-				int index = sessions.IndexOf(new UserSession(userGuid, authToken));
-				if (index == -1) {
-					return false;
-				}
-
-				sessions = sessions.RemoveAt(index);
-				return true;
-			}
-		}
-	}
-
-	private sealed record UserSession(Guid UserGuid, ImmutableArray<byte> AuthToken) {
-		public bool AuthTokenEquals(ImmutableArray<byte> other) {
-			return CryptographicOperations.FixedTimeEquals(AuthToken.AsSpan(), other.AsSpan());
-		}
-
-		public bool Equals(UserSession? other) {
-			if (ReferenceEquals(null, other)) {
-				return false;
-			}
-			
-			return UserGuid.Equals(other.UserGuid) && AuthTokenEquals(other.AuthToken);
-		}
-
-		public override int GetHashCode() {
-			throw new NotImplementedException();
-		}
-	}
-}

Controller/Phantom.Controller.Services/Users/UserLoginManager.cs

@@ -0,0 +1,107 @@
+using System.Collections.Concurrent;
+using System.Collections.Immutable;
+using System.Runtime.CompilerServices;
+using System.Security.Cryptography;
+using Phantom.Common.Data.Web.Users;
+using Phantom.Controller.Database;
+using Phantom.Controller.Database.Repositories;
+
+namespace Phantom.Controller.Services.Users; 
+
+sealed class UserLoginManager {
+	private const int SessionIdBytes = 20;
+	private readonly ConcurrentDictionary<Guid, UserSession> sessionsByUserGuid = new ();
+	
+	private readonly UserManager userManager;
+	private readonly PermissionManager permissionManager;
+	private readonly IDbContextProvider dbProvider;
+	
+	public UserLoginManager(UserManager userManager, PermissionManager permissionManager, IDbContextProvider dbProvider) {
+		this.userManager = userManager;
+		this.permissionManager = permissionManager;
+		this.dbProvider = dbProvider;
+	}
+
+	public async Task<LogInSuccess?> LogIn(string username, string password) {
+		var user = await userManager.GetAuthenticated(username, password);
+		if (user == null) {
+			return null;
+		}
+
+		var permissions = await permissionManager.FetchPermissionsForUserId(user.UserGuid);
+		var userInfo = new AuthenticatedUserInfo(user.UserGuid, user.Name, permissions);
+		var token = ImmutableArray.Create(RandomNumberGenerator.GetBytes(SessionIdBytes));
+		
+		sessionsByUserGuid.AddOrUpdate(user.UserGuid, UserSession.Create, UserSession.Add, new NewUserSession(userInfo, token));
+
+		await using (var db = dbProvider.Lazy()) {
+			var auditLogWriter = new AuditLogRepository(db).Writer(user.UserGuid);
+			auditLogWriter.UserLoggedIn(user);
+			
+			await db.Ctx.SaveChangesAsync();
+		}
+
+		return new LogInSuccess(userInfo, token);
+	}
+
+	public async Task LogOut(Guid userGuid, ImmutableArray<byte> token) {
+		while (true) {
+			if (!sessionsByUserGuid.TryGetValue(userGuid, out var oldSession)) {
+				return;
+			}
+
+			if (sessionsByUserGuid.TryUpdate(userGuid, oldSession.RemoveToken(token), oldSession)) {
+				break;
+			}
+		}
+
+		await using var db = dbProvider.Lazy();
+		
+		var auditLogWriter = new AuditLogRepository(db).Writer(userGuid);
+		auditLogWriter.UserLoggedOut(userGuid);
+			
+		await db.Ctx.SaveChangesAsync();
+	}
+
+	public AuthenticatedUserInfo? GetAuthenticatedUser(Guid userGuid, ImmutableArray<byte> token) {
+		return sessionsByUserGuid.TryGetValue(userGuid, out var session) && session.Tokens.Contains(token, TokenEqualityComparer.Instance) ? session.UserInfo : null;
+	}
+
+	private readonly record struct NewUserSession(AuthenticatedUserInfo UserInfo, ImmutableArray<byte> Token);
+	
+	private sealed record UserSession(AuthenticatedUserInfo UserInfo, ImmutableList<ImmutableArray<byte>> Tokens) {
+		public static UserSession Create(Guid userGuid, NewUserSession newSession) {
+			return new UserSession(newSession.UserInfo, ImmutableList.Create(newSession.Token));
+		}
+		
+		public static UserSession Add(Guid userGuid, UserSession oldSession, NewUserSession newSession) {
+			return new UserSession(newSession.UserInfo, oldSession.Tokens.Add(newSession.Token));
+		}
+
+		public UserSession RemoveToken(ImmutableArray<byte> token) {
+			return this with { Tokens = Tokens.Remove(token, TokenEqualityComparer.Instance) };
+		}
+
+		public bool Equals(UserSession? other) {
+			return ReferenceEquals(this, other);
+		}
+
+		public override int GetHashCode() {
+			return RuntimeHelpers.GetHashCode(this);
+		}
+	}
+
+	private sealed class TokenEqualityComparer : IEqualityComparer<ImmutableArray<byte>> {
+		public static TokenEqualityComparer Instance { get; } = new ();
+		
+		private TokenEqualityComparer() {}
+
+		public bool Equals(ImmutableArray<byte> x, ImmutableArray<byte> y) {
+			return x.SequenceEqual(y);
+		}
+
+		public int GetHashCode(ImmutableArray<byte> obj) {
+			throw new NotImplementedException();
+		}
+	}
+}

Controller/Phantom.Controller.Services/Users/UserManager.cs

@@ -1,10 +1,8 @@
 using System.Collections.Immutable;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.Users;
 using Phantom.Controller.Database;
 using Phantom.Controller.Database.Entities;
 using Phantom.Controller.Database.Repositories;
-using Phantom.Controller.Services.Users.Sessions;
 using Phantom.Utils.Logging;
 using Serilog;
 
@@ -13,13 +11,9 @@ namespace Phantom.Controller.Services.Users;
 sealed class UserManager {
 	private static readonly ILogger Logger = PhantomLogger.Create<UserManager>();
 
-	private readonly AuthenticatedUserCache authenticatedUserCache;
-	private readonly ControllerState controllerState;
 	private readonly IDbContextProvider dbProvider;
 
-	public UserManager(AuthenticatedUserCache authenticatedUserCache, ControllerState controllerState, IDbContextProvider dbProvider) {
+	public UserManager(IDbContextProvider dbProvider) {
-		this.authenticatedUserCache = authenticatedUserCache;
-		this.controllerState = controllerState;
 		this.dbProvider = dbProvider;
 	}
 
@@ -91,14 +85,10 @@ sealed class UserManager {
 		}
 	}
 
-	public async Task<Result<CreateUserResult, UserActionFailure>> Create(LoggedInUser loggedInUser, string username, string password) {
+	public async Task<CreateUserResult> Create(Guid loggedInUserGuid, string username, string password) {
-		if (!loggedInUser.CheckPermission(Permission.EditUsers)) {
-			return UserActionFailure.NotAuthorized;
-		}
-		
 		await using var db = dbProvider.Lazy();
 		var userRepository = new UserRepository(db);
-		var auditLogWriter = new AuditLogRepository(db).Writer(loggedInUser.Guid);
+		var auditLogWriter = new AuditLogRepository(db).Writer(loggedInUserGuid);
 
 		try {
 			var result = await userRepository.CreateUser(username, password);
@@ -119,11 +109,7 @@ sealed class UserManager {
 		}
 	}
 	
-	public async Task<Result<DeleteUserResult, UserActionFailure>> DeleteByGuid(LoggedInUser loggedInUser, Guid userGuid) {
+	public async Task<DeleteUserResult> DeleteByGuid(Guid loggedInUserGuid, Guid userGuid) {
-		if (!loggedInUser.CheckPermission(Permission.EditUsers)) {
-			return UserActionFailure.NotAuthorized;
-		}
-		
 		await using var db = dbProvider.Lazy();
 		var userRepository = new UserRepository(db);
 
@@ -132,18 +118,12 @@ sealed class UserManager {
 			return DeleteUserResult.NotFound;
 		}
 
-		authenticatedUserCache.Remove(userGuid);
+		var auditLogWriter = new AuditLogRepository(db).Writer(loggedInUserGuid);
-		
-		var auditLogWriter = new AuditLogRepository(db).Writer(loggedInUser.Guid);
 		try {
 			userRepository.DeleteUser(user);
 			auditLogWriter.UserDeleted(user);
 			await db.Ctx.SaveChangesAsync();
 
-			// In case the user logged in during deletion.
-			authenticatedUserCache.Remove(userGuid);
-			controllerState.UpdateOrDeleteUser(userGuid);
-
 			Logger.Information("Deleted user \"{Username}\" (GUID {Guid}).", user.Name, user.UserGuid);
 			return DeleteUserResult.Deleted;
 		} catch (Exception e) {

Controller/Phantom.Controller.Services/Users/UserRoleManager.cs

@@ -1,9 +1,7 @@
 using System.Collections.Immutable;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.Users;
 using Phantom.Controller.Database;
 using Phantom.Controller.Database.Repositories;
-using Phantom.Controller.Services.Users.Sessions;
 using Phantom.Utils.Logging;
 using Serilog;
 
@@ -12,13 +10,9 @@ namespace Phantom.Controller.Services.Users;
 sealed class UserRoleManager {
 	private static readonly ILogger Logger = PhantomLogger.Create<UserRoleManager>();
 	
-	private readonly AuthenticatedUserCache authenticatedUserCache;
-	private readonly ControllerState controllerState;
 	private readonly IDbContextProvider dbProvider;
 	
-	public UserRoleManager(AuthenticatedUserCache authenticatedUserCache, ControllerState controllerState, IDbContextProvider dbProvider) {
+	public UserRoleManager(IDbContextProvider dbProvider) {
-		this.authenticatedUserCache = authenticatedUserCache;
-		this.controllerState = controllerState;
 		this.dbProvider = dbProvider;
 	}
 
@@ -27,11 +21,7 @@ sealed class UserRoleManager {
 		return await new UserRoleRepository(db).GetRoleGuidsByUserGuid(userGuids);
 	}
 
-	public async Task<Result<ChangeUserRolesResult, UserActionFailure>> ChangeUserRoles(LoggedInUser loggedInUser, Guid subjectUserGuid, ImmutableHashSet<Guid> addToRoleGuids, ImmutableHashSet<Guid> removeFromRoleGuids) {
+	public async Task<ChangeUserRolesResult> ChangeUserRoles(Guid loggedInUserGuid, Guid subjectUserGuid, ImmutableHashSet<Guid> addToRoleGuids, ImmutableHashSet<Guid> removeFromRoleGuids) {
-		if (!loggedInUser.CheckPermission(Permission.EditUsers)) {
-			return UserActionFailure.NotAuthorized;
-		}
-		
 		await using var db = dbProvider.Lazy();
 		var userRepository = new UserRepository(db);
 		
@@ -42,7 +32,7 @@ sealed class UserRoleManager {
 
 		var roleRepository = new RoleRepository(db);
 		var userRoleRepository = new UserRoleRepository(db);
-		var auditLogWriter = new AuditLogRepository(db).Writer(loggedInUser.Guid);
+		var auditLogWriter = new AuditLogRepository(db).Writer(loggedInUserGuid);
 		
 		var rolesByGuid = await roleRepository.GetByGuids(addToRoleGuids.Union(removeFromRoleGuids));
 		
@@ -72,9 +62,6 @@ sealed class UserRoleManager {
 			auditLogWriter.UserRolesChanged(user, addedToRoleNames, removedFromRoleNames);
 			await db.Ctx.SaveChangesAsync();
 			
-			await authenticatedUserCache.Update(user, db);
-			controllerState.UpdateOrDeleteUser(user.UserGuid);
-			
 			Logger.Information("Changed roles for user \"{Username}\" (GUID {Guid}).", user.Name, user.UserGuid);
 			return new ChangeUserRolesResult(addedToRoleGuids.ToImmutable(), removedFromRoleGuids.ToImmutable());
 		} catch (Exception e) {

Utils/Phantom.Utils.Actor/Tasks/TaskExtensions.cs

@@ -17,10 +17,6 @@ public static class TaskExtensions {
 		return task.ContinueOnActor(result => mapper(result, arg));
 	}
 	
-	public static Task<TResult> ContinueOnActor<TSource, TArg1, TArg2, TResult>(this Task<TSource> task, Func<TSource, TArg1, TArg2, TResult> mapper, TArg1 arg1, TArg2 arg2) {
-		return task.ContinueOnActor(result => mapper(result, arg1, arg2));
-	}
-	
 	private static Task<TResult> MapResult<TSource, TResult>(Task<TSource> task, Func<TSource, TResult> mapper, TaskCompletionSource<TResult> completionSource) {
 		if (task.IsFaulted) {
 			completionSource.SetException(task.Exception.InnerExceptions);

Utils/Phantom.Utils/Result/Err.cs

@@ -1,3 +0,0 @@
-namespace Phantom.Utils.Result;
-
-public sealed record Err<T>(T Error) : Result;

Utils/Phantom.Utils/Result/Ok.cs

@@ -1,3 +0,0 @@
-namespace Phantom.Utils.Result;
-
-public sealed record Ok<T>(T Value) : Result;

Utils/Phantom.Utils/Result/Result.cs

@@ -1,5 +0,0 @@
-namespace Phantom.Utils.Result;
-
-public abstract record Result {
-	private protected Result() {}
-}

Web/Phantom.Web.Components/Forms/FormSubmitError.razor

@@ -1,6 +1,6 @@
 @using Phantom.Web.Components.Utils
 @if (messageLines.Length > 0) {
-  <div class="form-submit-errors text-danger" role="alert">
+  <div class="form-submit-errors text-danger">
     @for (int i = 0; i < messageLines.Length; i++) {
       @messageLines[i]
       if (i < messageLines.Length - 1) {

Web/Phantom.Web.Components/PhantomComponent.cs

@@ -17,9 +17,9 @@ public abstract class PhantomComponent : ComponentBase, IDisposable {
 
 	protected CancellationToken CancellationToken => cancellationTokenSource.Token;
 
-	protected async Task<AuthenticatedUser?> GetAuthenticatedUser() {
+	protected async Task<Guid?> GetUserGuid() {
 		var authenticationState = await AuthenticationStateTask;
-		return authenticationState.GetAuthenticatedUser();
+		return authenticationState.TryGetGuid();
 	}
 
 	protected async Task<bool> CheckPermission(Permission permission) {

Web/Phantom.Web.Services/Authentication/AuthenticatedUser.cs

@@ -1,10 +0,0 @@
-using System.Collections.Immutable;
-using Phantom.Common.Data.Web.Users;
-
-namespace Phantom.Web.Services.Authentication;
-
-public sealed record AuthenticatedUser(AuthenticatedUserInfo Info, ImmutableArray<byte> Token) {
-	public bool CheckPermission(Permission permission) {
-		return Info.Permissions.Check(permission);
-	}
-}

Web/Phantom.Web.Services/Authentication/AuthenticationStateExtensions.cs

@@ -5,27 +5,23 @@ using Phantom.Common.Data.Web.Users;
 namespace Phantom.Web.Services.Authentication;
 
 public static class AuthenticationStateExtensions {
-	public static AuthenticatedUser? GetAuthenticatedUser(this AuthenticationState authenticationState) {
+	public static Guid? TryGetGuid(this AuthenticationState authenticationState) {
-		return authenticationState.User.GetAuthenticatedUser();
+		return authenticationState.User is CustomClaimsPrincipal customUser ? customUser.UserInfo.Guid : null;
 	}
 
-	public static AuthenticatedUser? GetAuthenticatedUser(this ClaimsPrincipal claimsPrincipal) {
+	public static PermissionSet GetPermissions(this ClaimsPrincipal user) {
-		return claimsPrincipal is CustomClaimsPrincipal principal ? principal.User : null;
+		return user is CustomClaimsPrincipal customUser ? customUser.UserInfo.Permissions : PermissionSet.None;
+	}
+
+	public static bool CheckPermission(this ClaimsPrincipal user, Permission permission) {
+		return user.GetPermissions().Check(permission);
 	}
 
 	public static PermissionSet GetPermissions(this AuthenticationState authenticationState) {
 		return authenticationState.User.GetPermissions();
 	}
 
-	public static PermissionSet GetPermissions(this ClaimsPrincipal claimsPrincipal) {
-		return claimsPrincipal.GetAuthenticatedUser() is {} user ? user.Info.Permissions : PermissionSet.None;
-	}
-
 	public static bool CheckPermission(this AuthenticationState authenticationState, Permission permission) {
 		return authenticationState.User.CheckPermission(permission);
 	}
-	
-	public static bool CheckPermission(this ClaimsPrincipal claimsPrincipal, Permission permission) {
-		return claimsPrincipal.GetPermissions().Check(permission);
-	}
 }

Web/Phantom.Web.Services/Authentication/CustomAuthenticationStateProvider.cs

@@ -4,118 +4,41 @@ using Microsoft.AspNetCore.Components.Server;
 using Phantom.Common.Data;
 using Phantom.Common.Data.Web.Users;
 using Phantom.Common.Messages.Web.ToController;
-using Phantom.Utils.Logging;
 using Phantom.Web.Services.Rpc;
-using ILogger = Serilog.ILogger;
 
 namespace Phantom.Web.Services.Authentication;
 
-public sealed class CustomAuthenticationStateProvider : ServerAuthenticationStateProvider, IAsyncDisposable {
+public sealed class CustomAuthenticationStateProvider : ServerAuthenticationStateProvider {
-	private static readonly ILogger Logger = PhantomLogger.Create<CustomAuthenticationStateProvider>();
-
-	private readonly UserSessionRefreshManager sessionRefreshManager;
 	private readonly UserSessionBrowserStorage sessionBrowserStorage;
 	private readonly ControllerConnection controllerConnection;
+	private bool isLoaded;
 
-	private readonly SemaphoreSlim loadSemaphore = new (1);
+	public CustomAuthenticationStateProvider(UserSessionBrowserStorage sessionBrowserStorage, ControllerConnection controllerConnection) {
-	private bool isLoaded = false;
-	private CancellationTokenSource? loadCancellationTokenSource;
-	private UserSessionRefreshManager.EventHolder? userRefreshEventHolder;
-
-	public CustomAuthenticationStateProvider(UserSessionRefreshManager sessionRefreshManager, UserSessionBrowserStorage sessionBrowserStorage, ControllerConnection controllerConnection) {
-		this.sessionRefreshManager = sessionRefreshManager;
 		this.sessionBrowserStorage = sessionBrowserStorage;
 		this.controllerConnection = controllerConnection;
 	}
 
 	public override async Task<AuthenticationState> GetAuthenticationStateAsync() {
 		if (!isLoaded) {
-			await LoadSession();
+			var stored = await sessionBrowserStorage.Get();
+			if (stored != null) {
+				var session = await controllerConnection.Send<GetAuthenticatedUser, Optional<AuthenticatedUserInfo>>(new GetAuthenticatedUser(stored.UserGuid, stored.Token), TimeSpan.FromSeconds(30));
+				if (session.Value is {} userInfo) {
+					SetLoadedSession(userInfo);
+				}
+			}
 		}
 
 		return await base.GetAuthenticationStateAsync();
 	}
 
-	private async Task LoadSession() {
+	internal void SetLoadedSession(AuthenticatedUserInfo user) {
-		await CancelCurrentLoad();
-		await loadSemaphore.WaitAsync(CancellationToken.None);
-
-		loadCancellationTokenSource = new CancellationTokenSource();
-		CancellationToken cancellationToken = loadCancellationTokenSource.Token;
-
-		try {
-			var authenticatedUser = await TryGetSession(cancellationToken);
-			if (authenticatedUser != null) {
-				SetLoadedSession(authenticatedUser);
-			}
-			else {
-				SetUnloadedSession();
-			}
-		} catch (OperationCanceledException) {
-			SetUnloadedSession();
-		} catch (Exception e) {
-			SetUnloadedSession();
-			Logger.Error(e, "Could not load user session.");
-		} finally {
-			loadCancellationTokenSource.Dispose();
-			loadCancellationTokenSource = null;
-			loadSemaphore.Release();
-		}
-	}
-
-	private async Task CancelCurrentLoad() {
-		var cancellationTokenSource = loadCancellationTokenSource;
-		if (cancellationTokenSource != null) {
-			await cancellationTokenSource.CancelAsync();
-		}
-	}
-
-	private async Task<AuthenticatedUser?> TryGetSession(CancellationToken cancellationToken) {
-		var stored = await sessionBrowserStorage.Get();
-		if (stored == null) {
-			return null;
-		}
-
-		cancellationToken.ThrowIfCancellationRequested();
-
-		var userGuid = stored.UserGuid;
-		var authToken = stored.Token;
-
-		if (userRefreshEventHolder == null) {
-			userRefreshEventHolder = sessionRefreshManager.GetEventHolder(userGuid);
-			userRefreshEventHolder.UserNeedsRefresh += OnUserNeedsRefresh;
-		}
-
-		var session = await controllerConnection.Send<GetAuthenticatedUser, Optional<AuthenticatedUserInfo>>(new GetAuthenticatedUser(userGuid, authToken), TimeSpan.FromSeconds(30), cancellationToken);
-		if (session.Value is {} userInfo) {
-			return new AuthenticatedUser(userInfo, authToken);
-		}
-		else {
-			return null;
-		}
-	}
-
-	private void SetLoadedSession(AuthenticatedUser authenticatedUser) {
-		SetAuthenticationState(Task.FromResult(new AuthenticationState(new CustomClaimsPrincipal(authenticatedUser))));
 		isLoaded = true;
+		SetAuthenticationState(Task.FromResult(new AuthenticationState(new CustomClaimsPrincipal(user))));
 	}
 
 	internal void SetUnloadedSession() {
-		SetAuthenticationState(Task.FromResult(new AuthenticationState(new ClaimsPrincipal())));
 		isLoaded = false;
-	}
+		SetAuthenticationState(Task.FromResult(new AuthenticationState(new ClaimsPrincipal())));
-
-	private void OnUserNeedsRefresh(object? sender, EventArgs args) {
-		_ = LoadSession();
-	}
-
-	public async ValueTask DisposeAsync() {
-		if (userRefreshEventHolder != null) {
-			userRefreshEventHolder.UserNeedsRefresh -= OnUserNeedsRefresh;
-			userRefreshEventHolder = null;
-		}
-
-		await CancelCurrentLoad();
-		loadSemaphore.Dispose();
 	}
 }

Web/Phantom.Web.Services/Authentication/CustomClaimsPrincipal.cs

@@ -4,10 +4,10 @@ using Phantom.Common.Data.Web.Users;
 namespace Phantom.Web.Services.Authentication;
 
 sealed class CustomClaimsPrincipal : ClaimsPrincipal {
-	internal AuthenticatedUser User { get; }
+	internal AuthenticatedUserInfo UserInfo { get; }
 
-	internal CustomClaimsPrincipal(AuthenticatedUser user) : base(GetIdentity(user.Info)) {
+	internal CustomClaimsPrincipal(AuthenticatedUserInfo userInfo) : base(GetIdentity(userInfo)) {
-		User = user;
+		UserInfo = userInfo;
 	}
 
 	private static ClaimsIdentity GetIdentity(AuthenticatedUserInfo userInfo) {

Web/Phantom.Web.Services/Authentication/UserLoginManager.cs

@@ -37,11 +37,9 @@ public sealed class UserLoginManager {
 		Logger.Information("Successfully logged in {Username}.", username);
 
 		var userInfo = success.UserInfo;
-		var authToken = success.AuthToken;
 
-		authenticationStateProvider.SetUnloadedSession();
+		await sessionBrowserStorage.Store(userInfo.Guid, success.Token);
-		await sessionBrowserStorage.Store(userInfo.Guid, authToken);
+		authenticationStateProvider.SetLoadedSession(userInfo);
-		await authenticationStateProvider.GetAuthenticationStateAsync();
 		await navigation.NavigateTo(returnUrl ?? string.Empty);
 		
 		return true;

Web/Phantom.Web.Services/Authentication/UserSessionRefreshManager.cs

@@ -1,25 +0,0 @@
-using System.Collections.Concurrent;
-
-namespace Phantom.Web.Services.Authentication;
-
-public sealed class UserSessionRefreshManager {
-	private readonly ConcurrentDictionary<Guid, EventHolder> userUpdateEventHoldersByUserGuid = new ();
-
-	internal EventHolder GetEventHolder(Guid userGuid) {
-		return userUpdateEventHoldersByUserGuid.GetOrAdd(userGuid, static _ => new EventHolder());
-	}
-	
-	internal void RefreshUser(Guid userGuid) {
-		if (userUpdateEventHoldersByUserGuid.TryGetValue(userGuid, out var eventHolder)) {
-			eventHolder.Notify();
-		}
-	}
-	
-	internal sealed class EventHolder {
-		public event EventHandler? UserNeedsRefresh;
-
-		internal void Notify() {
-			UserNeedsRefresh?.Invoke(null, EventArgs.Empty);
-		}
-	}
-}

Web/Phantom.Web.Services/Events/EventLogManager.cs

@@ -1,9 +1,6 @@
 using System.Collections.Immutable;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.EventLog;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Common.Messages.Web.ToController;
-using Phantom.Web.Services.Authentication;
 using Phantom.Web.Services.Rpc;
 
 namespace Phantom.Web.Services.Events; 
@@ -15,13 +12,8 @@ public sealed class EventLogManager {
 		this.controllerConnection = controllerConnection;
 	}
 
-	public async Task<Result<ImmutableArray<EventLogItem>, UserActionFailure>> GetMostRecentItems(AuthenticatedUser? authenticatedUser, int count, CancellationToken cancellationToken) {
+	public Task<ImmutableArray<EventLogItem>> GetMostRecentItems(int count, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.ViewEvents)) {
+		var message = new GetEventLogMessage(count);
-			var message = new GetEventLogMessage(authenticatedUser.Token, count);
+		return controllerConnection.Send<GetEventLogMessage, ImmutableArray<EventLogItem>>(message, cancellationToken);
-			return await controllerConnection.Send<GetEventLogMessage, Result<ImmutableArray<EventLogItem>, UserActionFailure>>(message, cancellationToken);
-		}
-		else {
-			return UserActionFailure.NotAuthorized;
-		}
 	}
 }

Web/Phantom.Web.Services/Instances/InstanceManager.cs

@@ -4,11 +4,9 @@ using Phantom.Common.Data.Instance;
 using Phantom.Common.Data.Minecraft;
 using Phantom.Common.Data.Replies;
 using Phantom.Common.Data.Web.Instance;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Common.Messages.Web.ToController;
 using Phantom.Utils.Events;
 using Phantom.Utils.Logging;
-using Phantom.Web.Services.Authentication;
 using Phantom.Web.Services.Rpc;
 
 namespace Phantom.Web.Services.Instances;
@@ -37,43 +35,23 @@ public sealed class InstanceManager {
 		return instances.Value.GetValueOrDefault(instanceGuid);
 	}
 
-	public async Task<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>> CreateOrUpdateInstance(AuthenticatedUser? authenticatedUser, Guid instanceGuid, InstanceConfiguration configuration, CancellationToken cancellationToken) {
+	public Task<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>> CreateOrUpdateInstance(Guid loggedInUserGuid, Guid instanceGuid, InstanceConfiguration configuration, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.CreateInstances)) {
+		var message = new CreateOrUpdateInstanceMessage(loggedInUserGuid, instanceGuid, configuration);
-			var message = new CreateOrUpdateInstanceMessage(authenticatedUser.Token, instanceGuid, configuration);
+		return controllerConnection.Send<CreateOrUpdateInstanceMessage, Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>(message, cancellationToken);
-			return await controllerConnection.Send<CreateOrUpdateInstanceMessage, Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(message, cancellationToken);
-		}
-		else {
-			return (UserInstanceActionFailure) UserActionFailure.NotAuthorized;
-		}
 	}
 
-	public async Task<Result<LaunchInstanceResult, UserInstanceActionFailure>> LaunchInstance(AuthenticatedUser? authenticatedUser, Guid agentGuid, Guid instanceGuid, CancellationToken cancellationToken) {
+	public Task<Result<LaunchInstanceResult, InstanceActionFailure>> LaunchInstance(Guid loggedInUserGuid, Guid agentGuid, Guid instanceGuid, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.ControlInstances)) {
+		var message = new LaunchInstanceMessage(loggedInUserGuid, agentGuid, instanceGuid);
-			var message = new LaunchInstanceMessage(authenticatedUser.Token, agentGuid, instanceGuid);
+		return controllerConnection.Send<LaunchInstanceMessage, Result<LaunchInstanceResult, InstanceActionFailure>>(message, cancellationToken);
-			return await controllerConnection.Send<LaunchInstanceMessage, Result<LaunchInstanceResult, UserInstanceActionFailure>>(message, cancellationToken);
-		}
-		else {
-			return (UserInstanceActionFailure) UserActionFailure.NotAuthorized;
-		}
 	}
 
-	public async Task<Result<StopInstanceResult, UserInstanceActionFailure>> StopInstance(AuthenticatedUser? authenticatedUser, Guid agentGuid, Guid instanceGuid, MinecraftStopStrategy stopStrategy, CancellationToken cancellationToken) {
+	public Task<Result<StopInstanceResult, InstanceActionFailure>> StopInstance(Guid loggedInUserGuid, Guid agentGuid, Guid instanceGuid, MinecraftStopStrategy stopStrategy, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.ControlInstances)) {
+		var message = new StopInstanceMessage(loggedInUserGuid, agentGuid, instanceGuid, stopStrategy);
-			var message = new StopInstanceMessage(authenticatedUser.Token, agentGuid, instanceGuid, stopStrategy);
+		return controllerConnection.Send<StopInstanceMessage, Result<StopInstanceResult, InstanceActionFailure>>(message, cancellationToken);
-			return await controllerConnection.Send<StopInstanceMessage, Result<StopInstanceResult, UserInstanceActionFailure>>(message, cancellationToken);
-		}
-		else {
-			return (UserInstanceActionFailure) UserActionFailure.NotAuthorized;
-		}
 	}
 
-	public async Task<Result<SendCommandToInstanceResult, UserInstanceActionFailure>> SendCommandToInstance(AuthenticatedUser? authenticatedUser, Guid agentGuid, Guid instanceGuid, string command, CancellationToken cancellationToken) {
+	public Task<Result<SendCommandToInstanceResult, InstanceActionFailure>> SendCommandToInstance(Guid loggedInUserGuid, Guid agentGuid, Guid instanceGuid, string command, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.ControlInstances)) {
+		var message = new SendCommandToInstanceMessage(loggedInUserGuid, agentGuid, instanceGuid, command);
-			var message = new SendCommandToInstanceMessage(authenticatedUser.Token, agentGuid, instanceGuid, command);
+		return controllerConnection.Send<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, InstanceActionFailure>>(message, cancellationToken);
-			return await controllerConnection.Send<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, UserInstanceActionFailure>>(message, cancellationToken);
-		}
-		else {
-			return (UserInstanceActionFailure) UserActionFailure.NotAuthorized;
-		}
 	}
 }

Web/Phantom.Web.Services/PhantomWebServices.cs

@@ -23,7 +23,6 @@ public static class PhantomWebServices {
 		
 		services.AddSingleton<UserManager>();
 		services.AddSingleton<AuditLogManager>();
-		services.AddSingleton<UserSessionRefreshManager>();
 		services.AddScoped<UserLoginManager>();
 		services.AddScoped<UserSessionBrowserStorage>();
 		

Web/Phantom.Web.Services/Rpc/ControllerMessageHandlerActor.cs

@@ -4,20 +4,12 @@ using Phantom.Common.Messages.Web.ToWeb;
 using Phantom.Utils.Actor;
 using Phantom.Utils.Rpc.Runtime;
 using Phantom.Web.Services.Agents;
-using Phantom.Web.Services.Authentication;
 using Phantom.Web.Services.Instances;
 
 namespace Phantom.Web.Services.Rpc; 
 
 sealed class ControllerMessageHandlerActor : ReceiveActor<IMessageToWeb> {
-	public readonly record struct Init(
+	public readonly record struct Init(RpcConnectionToServer<IMessageToController> Connection, AgentManager AgentManager, InstanceManager InstanceManager, InstanceLogManager InstanceLogManager, TaskCompletionSource<bool> RegisterSuccessWaiter);
-		RpcConnectionToServer<IMessageToController> Connection,
-		AgentManager AgentManager,
-		InstanceManager InstanceManager,
-		InstanceLogManager InstanceLogManager,
-		UserSessionRefreshManager UserSessionRefreshManager,
-		TaskCompletionSource<bool> RegisterSuccessWaiter
-	);
 	
 	public static Props<IMessageToWeb> Factory(Init init) {
 		return Props<IMessageToWeb>.Create(() => new ControllerMessageHandlerActor(init), new ActorConfiguration { SupervisorStrategy = SupervisorStrategies.Resume });
@@ -27,7 +19,6 @@ sealed class ControllerMessageHandlerActor : ReceiveActor<IMessageToWeb> {
 	private readonly AgentManager agentManager;
 	private readonly InstanceManager instanceManager;
 	private readonly InstanceLogManager instanceLogManager;
-	private readonly UserSessionRefreshManager userSessionRefreshManager;
 	private readonly TaskCompletionSource<bool> registerSuccessWaiter;
 	
 	private ControllerMessageHandlerActor(Init init) {
@@ -35,14 +26,12 @@ sealed class ControllerMessageHandlerActor : ReceiveActor<IMessageToWeb> {
 		this.agentManager = init.AgentManager;
 		this.instanceManager = init.InstanceManager;
 		this.instanceLogManager = init.InstanceLogManager;
-		this.userSessionRefreshManager = init.UserSessionRefreshManager;
 		this.registerSuccessWaiter = init.RegisterSuccessWaiter;
 		
 		Receive<RegisterWebResultMessage>(HandleRegisterWebResult);
 		Receive<RefreshAgentsMessage>(HandleRefreshAgents);
 		Receive<RefreshInstancesMessage>(HandleRefreshInstances);
 		Receive<InstanceOutputMessage>(HandleInstanceOutput);
-		Receive<RefreshUserSessionMessage>(HandleRefreshUserSession);
 		Receive<ReplyMessage>(HandleReply);
 	}
 
@@ -62,10 +51,6 @@ sealed class ControllerMessageHandlerActor : ReceiveActor<IMessageToWeb> {
 		instanceLogManager.AddLines(message.InstanceGuid, message.Lines);
 	}
 
-	private void HandleRefreshUserSession(RefreshUserSessionMessage message) {
-		userSessionRefreshManager.RefreshUser(message.UserGuid);
-	}
-
 	private void HandleReply(ReplyMessage message) {
 		connection.Receive(message);
 	}

Web/Phantom.Web.Services/Rpc/ControllerMessageHandlerFactory.cs

@@ -4,7 +4,6 @@ using Phantom.Utils.Actor;
 using Phantom.Utils.Rpc.Runtime;
 using Phantom.Utils.Tasks;
 using Phantom.Web.Services.Agents;
-using Phantom.Web.Services.Authentication;
 using Phantom.Web.Services.Instances;
 
 namespace Phantom.Web.Services.Rpc;
@@ -14,7 +13,6 @@ public sealed class ControllerMessageHandlerFactory {
 	private readonly AgentManager agentManager;
 	private readonly InstanceManager instanceManager;
 	private readonly InstanceLogManager instanceLogManager;
-	private readonly UserSessionRefreshManager userSessionRefreshManager;
 	
 	private readonly TaskCompletionSource<bool> registerSuccessWaiter = AsyncTasks.CreateCompletionSource<bool>();
 	
@@ -22,17 +20,15 @@ public sealed class ControllerMessageHandlerFactory {
 	
 	private int messageHandlerId = 0;
 	
-	public ControllerMessageHandlerFactory(RpcConnectionToServer<IMessageToController> connection, AgentManager agentManager, InstanceManager instanceManager, InstanceLogManager instanceLogManager, UserSessionRefreshManager userSessionRefreshManager) {
+	public ControllerMessageHandlerFactory(RpcConnectionToServer<IMessageToController> connection, AgentManager agentManager, InstanceManager instanceManager, InstanceLogManager instanceLogManager) {
 		this.connection = connection;
 		this.agentManager = agentManager;
 		this.instanceManager = instanceManager;
 		this.instanceLogManager = instanceLogManager;
-		this.userSessionRefreshManager = userSessionRefreshManager;
 	}
 	
 	public ActorRef<IMessageToWeb> Create(IActorRefFactory actorSystem) {
-		var init = new ControllerMessageHandlerActor.Init(connection, agentManager, instanceManager, instanceLogManager, userSessionRefreshManager, registerSuccessWaiter);
+		int id = Interlocked.Increment(ref messageHandlerId);
-		var name = "ControllerMessageHandler-" + Interlocked.Increment(ref messageHandlerId);
+		return actorSystem.ActorOf(ControllerMessageHandlerActor.Factory(new ControllerMessageHandlerActor.Init(connection, agentManager, instanceManager, instanceLogManager, registerSuccessWaiter)), "ControllerMessageHandler-" + id);
-		return actorSystem.ActorOf(ControllerMessageHandlerActor.Factory(init), name);
 	}
 }

Web/Phantom.Web.Services/Users/AuditLogManager.cs

@@ -1,9 +1,6 @@
 using System.Collections.Immutable;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.AuditLog;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Common.Messages.Web.ToController;
-using Phantom.Web.Services.Authentication;
 using Phantom.Web.Services.Rpc;
 
 namespace Phantom.Web.Services.Users; 
@@ -15,13 +12,8 @@ public sealed class AuditLogManager {
 		this.controllerConnection = controllerConnection;
 	}
 
-	public async Task<Result<ImmutableArray<AuditLogItem>, UserActionFailure>> GetMostRecentItems(AuthenticatedUser? authenticatedUser, int count, CancellationToken cancellationToken) {
+	public Task<ImmutableArray<AuditLogItem>> GetMostRecentItems(int count, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.ViewAudit)) {
+		var message = new GetAuditLogMessage(count);
-			var message = new GetAuditLogMessage(authenticatedUser.Token, count);
+		return controllerConnection.Send<GetAuditLogMessage, ImmutableArray<AuditLogItem>>(message, cancellationToken);
-			return await controllerConnection.Send<GetAuditLogMessage, Result<ImmutableArray<AuditLogItem>, UserActionFailure>>(message, cancellationToken);
-		}
-		else {
-			return UserActionFailure.NotAuthorized;
-		}
 	}
 }

Web/Phantom.Web.Services/Users/UserManager.cs

@@ -1,8 +1,6 @@
 using System.Collections.Immutable;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.Users;
 using Phantom.Common.Messages.Web.ToController;
-using Phantom.Web.Services.Authentication;
 using Phantom.Web.Services.Rpc;
 
 namespace Phantom.Web.Services.Users;
@@ -18,21 +16,11 @@ public sealed class UserManager {
 		return controllerConnection.Send<GetUsersMessage, ImmutableArray<UserInfo>>(new GetUsersMessage(), cancellationToken);
 	}
 
-	public async Task<Result<CreateUserResult, UserActionFailure>> Create(AuthenticatedUser? authenticatedUser, string username, string password, CancellationToken cancellationToken) {
+	public Task<CreateUserResult> Create(Guid loggedInUserGuid, string username, string password, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.EditUsers)) {
+		return controllerConnection.Send<CreateUserMessage, CreateUserResult>(new CreateUserMessage(loggedInUserGuid, username, password), cancellationToken);
-			return await controllerConnection.Send<CreateUserMessage, Result<CreateUserResult, UserActionFailure>>(new CreateUserMessage(authenticatedUser.Token, username, password), cancellationToken);
-		}
-		else {
-			return UserActionFailure.NotAuthorized;
-		}
 	}
 	
-	public async Task<Result<DeleteUserResult, UserActionFailure>> DeleteByGuid(AuthenticatedUser? authenticatedUser, Guid userGuid, CancellationToken cancellationToken) {
+	public Task<DeleteUserResult> DeleteByGuid(Guid loggedInUserGuid, Guid userGuid, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.EditUsers)) {
+		return controllerConnection.Send<DeleteUserMessage, DeleteUserResult>(new DeleteUserMessage(loggedInUserGuid, userGuid), cancellationToken);
-			return await controllerConnection.Send<DeleteUserMessage, Result<DeleteUserResult, UserActionFailure>>(new DeleteUserMessage(authenticatedUser.Token, userGuid), cancellationToken);
-		}
-		else {
-			return UserActionFailure.NotAuthorized;
-		}
 	}
 }

Web/Phantom.Web.Services/Users/UserRoleManager.cs

@@ -1,8 +1,6 @@
 using System.Collections.Immutable;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.Users;
 using Phantom.Common.Messages.Web.ToController;
-using Phantom.Web.Services.Authentication;
 using Phantom.Web.Services.Rpc;
 
 namespace Phantom.Web.Services.Users;
@@ -22,12 +20,7 @@ public sealed class UserRoleManager {
 		return (await GetUserRoles(ImmutableHashSet.Create(userGuid), cancellationToken)).GetValueOrDefault(userGuid, ImmutableArray<Guid>.Empty);
 	}
 
-	public async Task<Result<ChangeUserRolesResult, UserActionFailure>> ChangeUserRoles(AuthenticatedUser? authenticatedUser, Guid subjectUserGuid, ImmutableHashSet<Guid> addToRoleGuids, ImmutableHashSet<Guid> removeFromRoleGuids, CancellationToken cancellationToken) {
+	public Task<ChangeUserRolesResult> ChangeUserRoles(Guid loggedInUserGuid, Guid subjectUserGuid, ImmutableHashSet<Guid> addToRoleGuids, ImmutableHashSet<Guid> removeFromRoleGuids, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.EditUsers)) {
+		return controllerConnection.Send<ChangeUserRolesMessage, ChangeUserRolesResult>(new ChangeUserRolesMessage(loggedInUserGuid, subjectUserGuid, addToRoleGuids, removeFromRoleGuids), cancellationToken);
-			return await controllerConnection.Send<ChangeUserRolesMessage, Result<ChangeUserRolesResult, UserActionFailure>>(new ChangeUserRolesMessage(authenticatedUser.Token, subjectUserGuid, addToRoleGuids, removeFromRoleGuids), cancellationToken);
-		}
-		else {
-			return UserActionFailure.NotAuthorized;
-		}
 	}
 }

Web/Phantom.Web/App.razor

@@ -11,7 +11,7 @@
             <p role="alert">You do not have permission to visit this page.</p>
           }
           else {
-            _ = Navigation.NavigateTo("login" + QueryString.Create("return", Navigation.CreateReturnUrl()), forceLoad: true);
+            Navigation.NavigateTo("login" + QueryString.Create("return", Navigation.CreateReturnUrl()), forceLoad: true);
           }
         </NotAuthorized>
       </AuthorizeRouteView>

Web/Phantom.Web/Layout/NavMenu.razor

@@ -17,6 +17,7 @@
 
 <div class="navbar-menu @NavMenuCssClass" @onclick="ToggleNavMenu">
   <nav>
+    <NavMenuItem Label="Home" Icon="home" Match="NavLinkMatch.All" />
     <AuthorizeView>
       <NotAuthorized>
         <NavMenuItem Label="Login" Icon="account-login" Href="login" />
@@ -24,8 +25,6 @@
       <Authorized>
         @{ var permissions = context.GetPermissions(); }
         
-        <NavMenuItem Label="Home" Icon="home" Match="NavLinkMatch.All" />
-        
         @if (permissions.Check(Permission.ViewInstances)) {
           <NavMenuItem Label="Instances" Icon="folder" Href="instances" />
         }

Web/Phantom.Web/Pages/Audit.razor

@@ -5,18 +5,13 @@
 @using Phantom.Common.Data.Web.Users
 @using Phantom.Web.Services.Users
 @using Phantom.Web.Services.Instances
-@inherits PhantomComponent
+@inherits Phantom.Web.Components.PhantomComponent
 @inject AuditLogManager AuditLogManager
 @inject InstanceManager InstanceManager
 @inject UserManager UserManager
 
 <h1>Audit Log</h1>
 
-@if (loadError is {} error) {
-  <p role="alert">@error</p>
-  return;
-}
-
 <Table TItem="AuditLogItem" Items="logItems">
   <HeaderRow>
     <Column Class="text-end" MinWidth="200px">Time</Column>
@@ -51,25 +46,21 @@
 
 @code {
 
+  private CancellationTokenSource? initializationCancellationTokenSource;
   private ImmutableArray<AuditLogItem>? logItems;
-  private string? loadError;
-  
   private ImmutableDictionary<Guid, string>? userNamesByGuid;
   private ImmutableDictionary<Guid, string> instanceNamesByGuid = ImmutableDictionary<Guid, string>.Empty;
 
   protected override async Task OnInitializedAsync() {
-    var result = await AuditLogManager.GetMostRecentItems(await GetAuthenticatedUser(), 50, CancellationToken);
+    initializationCancellationTokenSource = new CancellationTokenSource();
-    if (result) {
+    var cancellationToken = initializationCancellationTokenSource.Token;
-      logItems = result.Value;
+
-      userNamesByGuid = (await UserManager.GetAll(CancellationToken)).ToImmutableDictionary(static user => user.Guid, static user => user.Name);
+    try {
+      logItems = await AuditLogManager.GetMostRecentItems(50, cancellationToken);
+      userNamesByGuid = (await UserManager.GetAll(cancellationToken)).ToImmutableDictionary(static user => user.Guid, static user => user.Name);
       instanceNamesByGuid = InstanceManager.GetAll().Values.ToImmutableDictionary(static instance => instance.InstanceGuid, static instance => instance.Configuration.InstanceName);
-    }
+    } finally {
-    else {
+      initializationCancellationTokenSource.Dispose();
-      logItems = ImmutableArray<AuditLogItem>.Empty;
-      loadError = result.Error switch {
-        UserActionFailure.NotAuthorized => "You do not have permission to view the audit log.",
-        _                               => "Unknown error."
-      };
     }
   }
 
@@ -81,4 +72,10 @@
     };
   }
 
+  protected override void OnDisposed() {
+    try {
+      initializationCancellationTokenSource?.Cancel();
+    } catch (ObjectDisposedException) {}
+  }
+
 }

Web/Phantom.Web/Pages/Events.razor

@@ -13,11 +13,6 @@
 
 <h1>Event Log</h1>
 
-@if (loadError is {} error) {
-  <p role="alert">@error</p>
-  return;
-}
-
 <Table TItem="EventLogItem" Items="logItems">
   <HeaderRow>
     <Column Class="text-end" MinWidth="200px">Time</Column>
@@ -55,25 +50,21 @@
 
 @code {
 
+  private CancellationTokenSource? initializationCancellationTokenSource;
   private ImmutableArray<EventLogItem>? logItems;
-  private string? loadError;
-  
   private ImmutableDictionary<Guid, string> agentNamesByGuid = ImmutableDictionary<Guid, string>.Empty;
   private ImmutableDictionary<Guid, string> instanceNamesByGuid = ImmutableDictionary<Guid, string>.Empty;
 
   protected override async Task OnInitializedAsync() {
-    var result = await EventLogManager.GetMostRecentItems(await GetAuthenticatedUser(), 50, CancellationToken);
+    initializationCancellationTokenSource = new CancellationTokenSource();
-    if (result) {
+    var cancellationToken = initializationCancellationTokenSource.Token;
-      logItems = result.Value;
+
+    try {
+      logItems = await EventLogManager.GetMostRecentItems(50, cancellationToken);
       agentNamesByGuid = AgentManager.GetAll().ToImmutableDictionary(static kvp => kvp.AgentGuid, static kvp => kvp.Configuration.AgentName);
       instanceNamesByGuid = InstanceManager.GetAll().Values.ToImmutableDictionary(static instance => instance.InstanceGuid, static instance => instance.Configuration.InstanceName);
-    }
+    } finally {
-    else {
+      initializationCancellationTokenSource.Dispose();
-      logItems = ImmutableArray<EventLogItem>.Empty;
-      loadError = result.Error switch {
-        UserActionFailure.NotAuthorized => "You do not have permission to view the event log.",
-        _                               => "Unknown error."
-      };
     }
   }
 
@@ -88,4 +79,10 @@
     };
   }
 
+  protected override void OnDisposed() {
+    try {
+      initializationCancellationTokenSource?.Cancel();
+    } catch (ObjectDisposedException) {}
+  }
+
 }

Web/Phantom.Web/Pages/Index.razor

@@ -1,18 +1,12 @@
 @page "/"
-@inherits Phantom.Web.Components.PhantomComponent
+@attribute [AllowAnonymous]
 
-<h1>Home</h1>
+<h1>Hello, world!</h1>
 
-@if (username != null) {
+Welcome to your new app.
-   <p>Welcome back, @username!</p>
-}
 
-@code {
+<AuthorizeView>
-
+  <Authorized>
-  private string? username = null;
+    You are logged in as @context.User.Identity!.Name.
-  
+  </Authorized>
-  protected override async Task OnInitializedAsync() {
+</AuthorizeView>
-    username = (await GetAuthenticatedUser())?.Info.Name;
-  }
-
-}

Web/Phantom.Web/Pages/InstanceDetail.razor

@@ -1,10 +1,9 @@
 @page "/instances/{InstanceGuid:guid}"
 @attribute [Authorize(Permission.ViewInstancesPolicy)]
+@using Phantom.Common.Data.Instance
 @using Phantom.Common.Data.Replies
 @using Phantom.Common.Data.Web.Instance
 @using Phantom.Common.Data.Web.Users
-@using Phantom.Utils.Result
-@using Phantom.Common.Data.Instance
 @using Phantom.Web.Services.Instances
 @using Phantom.Web.Services.Authorization
 @inherits Phantom.Web.Components.PhantomComponent
@@ -13,9 +12,8 @@
 @if (Instance == null) {
   <h1>Instance Not Found</h1>
   <p>Return to <a href="instances">all instances</a>.</p>
-  return;
 }
-
+else {
   <div class="d-flex flex-row align-items-center gap-3 mb-3">
     <h1 class="mb-0">Instance: @Instance.Configuration.InstanceName</h1>
     <span class="fs-4 text-muted">//</span>
@@ -34,7 +32,7 @@
     </PermissionView>
   </div>
   @if (lastError != null) {
-  <p class="text-danger mt-2" role="alert">@lastError</p>
+    <p class="text-danger mt-2">@lastError</p>
   }
 
   <PermissionView Permission="Permission.ViewInstanceLogs">
@@ -42,12 +40,13 @@
   </PermissionView>
 
   <PermissionView Permission="Permission.ControlInstances">
-  <div class="my-3">
+    <div class="mb-3">
       <InstanceCommandInput AgentGuid="Instance.Configuration.AgentGuid" InstanceGuid="InstanceGuid" Disabled="@(!Instance.Status.CanSendCommand())" />
     </div>
 
     <InstanceStopDialog AgentGuid="Instance.Configuration.AgentGuid" InstanceGuid="InstanceGuid" ModalId="stop-instance" Disabled="@(!Instance.Status.CanStop())" />
   </PermissionView>
+}
 
 @code {
 
@@ -74,32 +73,20 @@
     lastError = null;
 
     try {
+      var loggedInUserGuid = await GetUserGuid();
+      if (loggedInUserGuid == null || !await CheckPermission(Permission.ControlInstances)) {
+        lastError = "You do not have permission to launch instances.";
+        return;
+      }
+
       if (Instance == null) {
         lastError = "Instance not found.";
         return;
       }
 
-      var result = await InstanceManager.LaunchInstance(await GetAuthenticatedUser(), Instance.Configuration.AgentGuid, InstanceGuid, CancellationToken);
+      var result = await InstanceManager.LaunchInstance(loggedInUserGuid.Value, Instance.Configuration.AgentGuid, InstanceGuid, CancellationToken);
-
+      if (!result.Is(LaunchInstanceResult.LaunchInitiated)) {
-      switch (result.Variant()) {
+        lastError = result.Map(Messages.ToSentence, InstanceActionFailureExtensions.ToSentence);
-        case Ok<LaunchInstanceResult>(LaunchInstanceResult.LaunchInitiated):
-          break;
-
-        case Ok<LaunchInstanceResult>(var launchInstanceResult):
-          lastError = launchInstanceResult.ToSentence();
-          break;
-
-        case Err<UserInstanceActionFailure>(OfInstanceActionFailure(var failure)):
-          lastError = failure.ToSentence();
-          break;
-
-        case Err<UserInstanceActionFailure>(OfUserActionFailure(UserActionFailure.NotAuthorized)):
-          lastError = "You do not have permission to launch this instance.";
-          break;
-
-        default:
-          lastError = "Unknown error.";
-          break;
       }
     } finally {
       isLaunchingInstance = false;

Web/Phantom.Web/Pages/Users.razor

@@ -60,7 +60,7 @@
 
 @code {
 
-  private Guid? me = null;
+  private Guid? me = Guid.Empty;
   private ImmutableArray<UserInfo>? allUsers;
   private ImmutableDictionary<Guid, RoleInfo> allRolesByGuid = ImmutableDictionary<Guid, RoleInfo>.Empty;
   private readonly Dictionary<Guid, string> userGuidToRoleDescription = new ();
@@ -71,7 +71,7 @@
   private UserDeleteDialog userDeleteDialog = null!;
 
   protected override async Task OnInitializedAsync() {
-    me = (await GetAuthenticatedUser())?.Info.Guid;
+    me = await GetUserGuid();
 
     allUsers = (await UserManager.GetAll(CancellationToken)).Sort(static (a, b) => a.Name.CompareTo(b.Name));
     allRolesByGuid = (await RoleManager.GetAll(CancellationToken)).ToImmutableDictionary(static role => role.Guid, static role => role);

Web/Phantom.Web/Shared/InstanceAddOrEditForm.razor

@@ -2,14 +2,13 @@
 @using System.Collections.Immutable
 @using System.ComponentModel.DataAnnotations
 @using System.Diagnostics.CodeAnalysis
+@using Phantom.Common.Data.Minecraft
+@using Phantom.Common.Data.Replies
+@using Phantom.Common.Data.Web.Agent
 @using Phantom.Common.Data.Web.Instance
 @using Phantom.Common.Data.Web.Minecraft
 @using Phantom.Common.Data.Web.Users
 @using Phantom.Common.Messages.Web.ToController
-@using Phantom.Utils.Result
-@using Phantom.Common.Data.Replies
-@using Phantom.Common.Data.Web.Agent
-@using Phantom.Common.Data.Minecraft
 @using Phantom.Common.Data.Java
 @using Phantom.Common.Data
 @using Phantom.Common.Data.Instance
@@ -30,8 +29,7 @@
       @{
         static RenderFragment GetAgentOption(Agent agent) {
           var configuration = agent.Configuration;
-          return
+          return @<option value="@agent.AgentGuid">
-            @<option value="@agent.AgentGuid">
                    @configuration.AgentName
                    &bullet;
                    @(agent.Stats?.RunningInstanceCount.ToString() ?? "?")/@(configuration.MaxInstances) @(configuration.MaxInstances == 1 ? "Instance" : "Instances")
@@ -326,6 +324,12 @@
 
     await form.SubmitModel.StartSubmitting();
 
+    var loggedInUserGuid = await GetUserGuid();
+    if (loggedInUserGuid == null || !await CheckPermission(Permission.CreateInstances)) {
+      form.SubmitModel.StopSubmitting("You do not have permission to edit instances.");
+      return;
+    }
+    
     var instanceGuid = EditedInstance?.InstanceGuid ?? Guid.NewGuid();
     var instanceConfiguration = new InstanceConfiguration(
       EditedInstance?.Configuration.AgentGuid ?? selectedAgent.AgentGuid,
@@ -339,28 +343,12 @@
       JvmArgumentsHelper.Split(form.JvmArguments)
     );
 
-    var result = await InstanceManager.CreateOrUpdateInstance(await GetAuthenticatedUser(), instanceGuid, instanceConfiguration, CancellationToken);
+    var result = await InstanceManager.CreateOrUpdateInstance(loggedInUserGuid.Value, instanceGuid, instanceConfiguration, CancellationToken);
-
+    if (result.Is(CreateOrUpdateInstanceResult.Success)) {
-    switch (result.Variant()) {
-      case Ok<CreateOrUpdateInstanceResult>(CreateOrUpdateInstanceResult.Success):
       await Navigation.NavigateTo("instances/" + instanceGuid);
-        break;
+    }
-
+    else {
-      case Ok<CreateOrUpdateInstanceResult>(var createOrUpdateInstanceResult):
+      form.SubmitModel.StopSubmitting(result.Map(CreateOrUpdateInstanceResultExtensions.ToSentence, InstanceActionFailureExtensions.ToSentence));
-        form.SubmitModel.StopSubmitting(createOrUpdateInstanceResult.ToSentence());
-        break;
-
-      case Err<UserInstanceActionFailure>(OfInstanceActionFailure(var failure)):
-        form.SubmitModel.StopSubmitting(failure.ToSentence());
-        break;
-
-      case Err<UserInstanceActionFailure>(OfUserActionFailure(UserActionFailure.NotAuthorized)):
-        form.SubmitModel.StopSubmitting("You do not have permission to create or edit instances.");
-        break;
-
-      default:
-        form.SubmitModel.StopSubmitting("Unknown error.");
-        break;
     }
   }
 

Web/Phantom.Web/Shared/InstanceCommandInput.razor

@@ -1,12 +1,11 @@
-@using Phantom.Common.Data.Replies
+@using Phantom.Web.Services.Instances
 @using Phantom.Common.Data.Web.Users
-@using Phantom.Utils.Result
+@using Phantom.Common.Data.Replies
-@using Phantom.Web.Services.Instances
 @inherits Phantom.Web.Components.PhantomComponent
 @inject InstanceManager InstanceManager
 
 <Form Model="form" OnSubmit="ExecuteCommand">
-  <label for="command-input" class="form-label">Execute Command</label>
+  <label for="command-input" class="form-label">Instance Name</label>
   <div class="input-group flex-nowrap">
     <span class="input-group-text" style="padding-top: 0.3rem;">/</span>
     <input id="command-input" class="form-control" type="text" placeholder="command" @bind="form.Command" @bind:event="oninput" disabled="@(Disabled || form.SubmitModel.IsSubmitting)" @ref="commandInputElement" />
@@ -37,29 +36,19 @@
   private async Task ExecuteCommand(EditContext context) {
     await form.SubmitModel.StartSubmitting();
 
-    var result = await InstanceManager.SendCommandToInstance(await GetAuthenticatedUser(), AgentGuid, InstanceGuid, form.Command, CancellationToken);
+    var loggedInUserGuid = await GetUserGuid();
+    if (loggedInUserGuid == null || !await CheckPermission(Permission.ControlInstances)) {
+      form.SubmitModel.StopSubmitting("You do not have permission to execute commands.");
+      return;
+    }
 
-    switch (result.Variant()) {
+    var result = await InstanceManager.SendCommandToInstance(loggedInUserGuid.Value, AgentGuid, InstanceGuid, form.Command, CancellationToken);
-      case Ok<SendCommandToInstanceResult>(SendCommandToInstanceResult.Success):
+    if (result.Is(SendCommandToInstanceResult.Success)) {
       form.Command = string.Empty;
       form.SubmitModel.StopSubmitting();
-        break;
+    }
-
+    else {
-      case Ok<SendCommandToInstanceResult>(var sendCommandToInstanceResult):
+      form.SubmitModel.StopSubmitting(result.Map(Messages.ToSentence, InstanceActionFailureExtensions.ToSentence));
-        form.SubmitModel.StopSubmitting(sendCommandToInstanceResult.ToSentence());
-        break;
-
-      case Err<UserInstanceActionFailure>(OfInstanceActionFailure(var failure)):
-        form.SubmitModel.StopSubmitting(failure.ToSentence());
-        break;
-
-      case Err<UserInstanceActionFailure>(OfUserActionFailure(UserActionFailure.NotAuthorized)):
-        form.SubmitModel.StopSubmitting("You do not have permission to send commands to this instance.");
-        break;
-
-      default:
-        form.SubmitModel.StopSubmitting("Unknown error.");
-        break;
     }
 
     StateHasChanged();

Web/Phantom.Web/Shared/InstanceStopDialog.razor

@@ -1,9 +1,8 @@
-@using Phantom.Common.Data.Replies
+@using Phantom.Web.Services.Instances
-@using Phantom.Common.Data.Web.Users
-@using Phantom.Utils.Result
-@using Phantom.Web.Services.Instances
 @using System.ComponentModel.DataAnnotations
+@using Phantom.Common.Data.Web.Users
 @using Phantom.Common.Data.Minecraft
+@using Phantom.Common.Data.Replies
 @inherits Phantom.Web.Components.PhantomComponent
 @inject IJSRuntime Js;
 @inject InstanceManager InstanceManager;
@@ -54,29 +53,19 @@
   private async Task StopInstance(EditContext context) {
     await form.SubmitModel.StartSubmitting();
 
-    var result = await InstanceManager.StopInstance(await GetAuthenticatedUser(), AgentGuid, InstanceGuid, new MinecraftStopStrategy(form.StopInSeconds), CancellationToken);
+    var loggedInUserGuid = await GetUserGuid();
+    if (loggedInUserGuid == null || !await CheckPermission(Permission.ControlInstances)) {
+      form.SubmitModel.StopSubmitting("You do not have permission to stop instances.");
+      return;
+    }
 
-    switch (result.Variant()) {
+    var result = await InstanceManager.StopInstance(loggedInUserGuid.Value, AgentGuid, InstanceGuid, new MinecraftStopStrategy(form.StopInSeconds), CancellationToken);
-      case Ok<StopInstanceResult>(StopInstanceResult.StopInitiated):
+    if (result.Is(StopInstanceResult.StopInitiated)) {
       await Js.InvokeVoidAsync("closeModal", ModalId);
       form.SubmitModel.StopSubmitting();
-        break;
+    }
-
+    else {
-      case Ok<StopInstanceResult>(var stopInstanceResult):
+      form.SubmitModel.StopSubmitting(result.Map(Messages.ToSentence, InstanceActionFailureExtensions.ToSentence));
-        form.SubmitModel.StopSubmitting(stopInstanceResult.ToSentence());
-        break;
-
-      case Err<UserInstanceActionFailure>(OfInstanceActionFailure(var failure)):
-        form.SubmitModel.StopSubmitting(failure.ToSentence());
-        break;
-
-      case Err<UserInstanceActionFailure>(OfUserActionFailure(UserActionFailure.NotAuthorized)):
-        form.SubmitModel.StopSubmitting("You do not have permission to stop this instance.");
-        break;
-
-      default:
-        form.SubmitModel.StopSubmitting("Unknown error.");
-        break;
     }
   }
 

Web/Phantom.Web/Shared/UserAddDialog.razor

@@ -1,6 +1,5 @@
 @using Phantom.Common.Data.Web.Users
 @using Phantom.Common.Data.Web.Users.CreateUserResults
-@using Phantom.Utils.Result
 @using Phantom.Web.Services.Users
 @using System.ComponentModel.DataAnnotations
 @inherits Phantom.Web.Components.PhantomComponent
@@ -53,23 +52,23 @@
   private async Task AddUser(EditContext context) {
     await form.SubmitModel.StartSubmitting();
 
-    var result = await UserManager.Create(await GetAuthenticatedUser(), form.Username, form.Password, CancellationToken);
+    var loggedInUserGuid = await GetUserGuid();
+    if (loggedInUserGuid == null || !await CheckPermission(Permission.EditUsers)) {
+      form.SubmitModel.StopSubmitting("You do not have permission to add users.");
+      return;
+    }
 
-    switch (result.Variant()) {
+    switch (await UserManager.Create(loggedInUserGuid.Value, form.Username, form.Password, CancellationToken)) {
-      case Ok<CreateUserResult>(Success success):
+      case Success success:
         await UserAdded.InvokeAsync(success.User);
         await Js.InvokeVoidAsync("closeModal", ModalId);
         form.SubmitModel.StopSubmitting();
         break;
 
-      case Ok<CreateUserResult>(CreationFailed fail):
+      case CreationFailed fail:
         form.SubmitModel.StopSubmitting(fail.Error.ToSentences("\n"));
         break;
 
-      case Err<UserActionFailure>(UserActionFailure.NotAuthorized):
-        form.SubmitModel.StopSubmitting("You do not have permission to add users.");
-        break;
-
       default:
         form.SubmitModel.StopSubmitting("Unknown error.");
         break;

Web/Phantom.Web/Shared/UserDeleteDialog.razor

@@ -1,5 +1,4 @@
 @using Phantom.Common.Data.Web.Users
-@using Phantom.Web.Services.Authentication
 @using Phantom.Web.Services.Users
 @inherits UserEditDialogBase
 @inject UserManager UserManager
@@ -18,13 +17,8 @@
 
 @code {
 
-  protected override async Task<UserActionFailure?> DoEdit(AuthenticatedUser? authenticatedUser, UserInfo editedUser) {
+  protected override async Task DoEdit(Guid loggedInUserGuid, UserInfo user) {
-    var result = await UserManager.DeleteByGuid(authenticatedUser, editedUser.Guid, CancellationToken);
+    switch (await UserManager.DeleteByGuid(loggedInUserGuid, user.Guid, CancellationToken)) {
-    if (!result) {
-      return result.Error;
-    }
-    
-    switch (result.Value) {
       case DeleteUserResult.Deleted:
       case DeleteUserResult.NotFound:
         await OnEditSuccess();
@@ -34,8 +28,6 @@
         OnEditFailure("Could not delete user.");
         break;
     }
-    
-    return null;
   }
 
 }

Web/Phantom.Web/Shared/UserEditDialogBase.cs

@@ -3,7 +3,6 @@ using Microsoft.JSInterop;
 using Phantom.Common.Data.Web.Users;
 using Phantom.Web.Components;
 using Phantom.Web.Components.Forms;
-using Phantom.Web.Services.Authentication;
 
 namespace Phantom.Web.Shared;
 
@@ -42,26 +41,19 @@ public abstract class UserEditDialogBase : PhantomComponent {
 	protected async Task Submit() {
 		await SubmitModel.StartSubmitting();
 
-		if (EditedUser == null) {
+		var loggedInUserGuid = await GetUserGuid();
-			SubmitModel.StopSubmitting("Invalid user.");
+		if (loggedInUserGuid == null || !await CheckPermission(Permission.EditUsers)) {
-			return;
-		}
-
-		switch (await DoEdit(await GetAuthenticatedUser(), EditedUser)) {
-			case null:
-				break;
-
-			case UserActionFailure.NotAuthorized:
 			SubmitModel.StopSubmitting("You do not have permission to edit users.");
-				break;
+		}
-
+		else if (EditedUser == null) {
-			default:
+			SubmitModel.StopSubmitting("Invalid user.");
-				SubmitModel.StopSubmitting("Unknown error.");
+		}
-				break;
+		else {
+			await DoEdit(loggedInUserGuid.Value, EditedUser);
 		}
 	}
 	
-	protected abstract Task<UserActionFailure?> DoEdit(AuthenticatedUser? authenticatedUser, UserInfo editedUser);
+	protected abstract Task DoEdit(Guid loggedInUserGuid, UserInfo user);
 
 	protected async Task OnEditSuccess() {
 		await UserModified.InvokeAsync(EditedUser);

Web/Phantom.Web/Shared/UserRolesDialog.razor

@@ -1,6 +1,5 @@
 @using System.Collections.Immutable
 @using Phantom.Common.Data.Web.Users
-@using Phantom.Web.Services.Authentication
 @using Phantom.Web.Services.Users
 @inherits UserEditDialogBase
 @inject RoleManager RoleManager
@@ -37,8 +36,8 @@
     this.items = allRoles.Select(role => new RoleItem(role, currentRoleGuids.Contains(role.Guid))).ToList();
   }
 
-  protected override async Task<UserActionFailure?> DoEdit(AuthenticatedUser? authenticatedUser, UserInfo editedUser) {
+  protected override async Task DoEdit(Guid loggedInUserGuid, UserInfo user) {
-    var currentRoleGuids = await UserRoleManager.GetUserRoles(editedUser.Guid, CancellationToken);
+    var currentRoleGuids = await UserRoleManager.GetUserRoles(user.Guid, CancellationToken);
     var addToRoleGuids = ImmutableHashSet.CreateBuilder<Guid>();
     var removeFromRoleGuids = ImmutableHashSet.CreateBuilder<Guid>();
 
@@ -57,21 +56,18 @@
       }
     }
     
-    return await DoChangeUserRoles(authenticatedUser, editedUser, addToRoleGuids.ToImmutable(), removeFromRoleGuids.ToImmutable());
+    await DoChangeUserRoles(user, loggedInUserGuid, addToRoleGuids.ToImmutable(), removeFromRoleGuids.ToImmutable());
   }
 
-  private async Task<UserActionFailure?> DoChangeUserRoles(AuthenticatedUser? authenticatedUser, UserInfo editedUser, ImmutableHashSet<Guid> addToRoleGuids, ImmutableHashSet<Guid> removeFromRoleGuids) {
+  private async Task DoChangeUserRoles(UserInfo user, Guid loggedInUserGuid, ImmutableHashSet<Guid> addToRoleGuids, ImmutableHashSet<Guid> removeFromRoleGuids) {
-    var result = await UserRoleManager.ChangeUserRoles(authenticatedUser, editedUser.Guid, addToRoleGuids, removeFromRoleGuids, CancellationToken);
+    var result = await UserRoleManager.ChangeUserRoles(loggedInUserGuid, user.Guid, addToRoleGuids, removeFromRoleGuids, CancellationToken);
-    if (!result) {
-      return result.Error;
-    }
     
-    var failedToAdd = addToRoleGuids.Except(result.Value.AddedToRoleGuids);
+    var failedToAdd = addToRoleGuids.Except(result.AddedToRoleGuids);
-    var failedToRemove = removeFromRoleGuids.Except(result.Value.RemovedFromRoleGuids);
+    var failedToRemove = removeFromRoleGuids.Except(result.RemovedFromRoleGuids);
     
     if (failedToAdd.IsEmpty && failedToRemove.IsEmpty) {
       await OnEditSuccess();
-      return null;
+      return;
     }
     
     var errors = new List<string>();
@@ -85,7 +81,6 @@
     }
     
     OnEditFailure(string.Join("\n", errors));
-    return null;
   }
 
   private string GetRoleName(Guid roleGuid) {