ToxicMushroom/mare.server
1
0
Fork 0
mirror of https://github.com/Caraxi/mare.server.git synced 2025-12-31 19:33:39 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Mare 0.9 (#27)

Browse source 
* add jwt expiry

* update api

* merge

* start rework permissions

* ok so in theory this compiles

* make it work I guess

* reuse some permissions

* fix intermediate connectivity issues

* fixes

* whatever

* some fixes I guess

* fix some stuff

* idk some random fixes I guess

* change some defaults

* update nuget

* adjust order of operations

* adjust deletion of account

* remove todo

---------

Co-authored-by: rootdarkarchon <root.darkarchon@outlook.com>
This commit is contained in:
rootdarkarchon 2023-10-17 21:36:33 +02:00 committed by GitHub
parent 2c9d432fed
commit 302e6ffb62
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
39 changed files with 3564 additions and 454 deletions
Download patch file Download diff file Expand all files Collapse all files

2
MareSynchronosServer/MareSynchronosServer/Authentication/SecretKeyAuthReply.cs
View file

@ -1,3 +1,3 @@
namespace MareSynchronosServer.Authentication;
public record SecretKeyAuthReply(bool Success, string Uid, bool TempBan, bool Permaban);
public record SecretKeyAuthReply(bool Success, string Uid, string PrimaryUid, bool TempBan, bool Permaban);

18
MareSynchronosServer/MareSynchronosServer/Authentication/SecretKeyAuthenticatorService.cs
View file

@ -50,24 +50,34 @@ public class SecretKeyAuthenticatorService
_failedAuthorizations.Remove(ip, out _);
});
}
return new(Success: false, Uid: null, TempBan: true, Permaban: false);
return new(Success: false, Uid: null, PrimaryUid: null, TempBan: true, Permaban: false);
}
using var scope = _serviceScopeFactory.CreateScope();
using var context = scope.ServiceProvider.GetService<MareDbContext>();
var authReply = await context.Auth.AsNoTracking().SingleOrDefaultAsync(u => u.HashedKey == hashedSecretKey).ConfigureAwait(false);
var isBanned = authReply?.IsBanned ?? false;
var primaryUid = authReply.PrimaryUserUID ?? authReply.UserUID;
SecretKeyAuthReply reply = new(authReply != null, authReply?.UserUID, false, authReply?.IsBanned ?? false);
if (authReply.PrimaryUserUID != null)
{
var primaryUser = await context.Auth.AsNoTracking().SingleOrDefaultAsync(u => u.UserUID == authReply.PrimaryUserUID).ConfigureAwait(false);
isBanned = isBanned || primaryUser.IsBanned;
}
SecretKeyAuthReply reply = new(authReply != null, authReply?.UserUID, authReply.PrimaryUserUID ?? authReply.UserUID, TempBan: false, isBanned);
if (reply.Success)
{
_metrics.IncCounter(MetricsAPI.CounterAuthenticationSuccesses);
_metrics.IncGauge(MetricsAPI.GaugeAuthenticationCacheEntries);
_cachedPositiveResponses[hashedSecretKey] = reply;
_ = Task.Run(async () =>
{
await Task.Delay(TimeSpan.FromMinutes(5)).ConfigureAwait(false);
_cachedPositiveResponses.TryRemove(hashedSecretKey, out _);
_metrics.DecGauge(MetricsAPI.GaugeAuthenticationCacheEntries);
});
}
@ -85,7 +95,7 @@ public class SecretKeyAuthenticatorService
_logger.LogWarning("Failed authorization from {ip}", ip);
var whitelisted = _configurationService.GetValueOrDefault(nameof(MareConfigurationAuthBase.WhitelistedIps), new List<string>());
if (!whitelisted.Any(w => ip.Contains(w, StringComparison.OrdinalIgnoreCase)))
if (!whitelisted.Exists(w => ip.Contains(w, StringComparison.OrdinalIgnoreCase)))
{
if (_failedAuthorizations.TryGetValue(ip, out var auth))
{
@ -97,6 +107,6 @@ public class SecretKeyAuthenticatorService
}
}
return new(Success: false, Uid: null, TempBan: false, Permaban: false);
return new(Success: false, Uid: null, PrimaryUid: null, TempBan: false, Permaban: false);
}
}