add some form of caching to the authorization

2025-12-30 17:13:39 +01:00 · 2022-08-06 12:33:25 +02:00 · 2022-08-06 12:33:25 +02:00 · ad367d7568
commit ad367d7568
parent 8047710b50
9 changed files with 429 additions and 15 deletions
--- a/MareSynchronosServer/MareSynchronosServer/Authentication/SecretKeyAuthenticationHandler.cs
+++ b/MareSynchronosServer/MareSynchronosServer/Authentication/SecretKeyAuthenticationHandler.cs
@ -1,9 +1,12 @@
 using System;
+using System.Collections.Concurrent;
 using System.Collections.Generic;
+using System.Linq;
 using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Encodings.Web;
+using System.Threading;
 using System.Threading.Tasks;
 using MareSynchronosServer.Data;
 using Microsoft.AspNetCore.Authentication;
@ -17,6 +20,29 @@ namespace MareSynchronosServer.Authentication
    {
        private readonly MareDbContext _mareDbContext;
        public const string AuthScheme = "SecretKeyAuth";
+        private const string unauthorized = "Unauthorized";
+        public static ConcurrentDictionary<string, string> Authentications = new();
+        private static SemaphoreSlim dbLockSemaphore = new SemaphoreSlim(20);
+
+        public static void ClearUnauthorizedUsers()
+        {
+            foreach (var item in Authentications.ToArray())
+            {
+                if (item.Value == unauthorized)
+                {
+                    Authentications[item.Key] = string.Empty;
+                }
+            }
+        }
+
+        public static void RemoveAuthentication(string uid)
+        {
+            var auth = Authentications.Where(u => u.Value == uid);
+            if (auth.Any())
+            {
+                Authentications.Remove(auth.First().Key, out _);
+            }
+        }

        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
        {
@ -30,12 +56,38 @@ namespace MareSynchronosServer.Authentication

            using var sha256 = SHA256.Create();
            var hashedHeader = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(authHeader))).Replace("-", "");
-            var uid = (await _mareDbContext.Auth.Include("User").AsNoTracking()
-                .FirstOrDefaultAsync(m => m.HashedKey == hashedHeader))?.UserUID;

-            if (uid == null)
+            if (Authentications.TryGetValue(hashedHeader, out string uid))
            {
-                return AuthenticateResult.Fail("Failed Authorization");
+                if (uid == unauthorized)
+                    return AuthenticateResult.Fail("Failed Authorization");
+                else
+                    Logger.LogDebug("Found cached entry for " + uid);
+            }
+
+            if (string.IsNullOrEmpty(uid))
+            {
+                try
+                {
+                    dbLockSemaphore.Wait();
+                    uid = (await _mareDbContext.Auth.Include("User").AsNoTracking()
+                        .FirstOrDefaultAsync(m => m.HashedKey == hashedHeader))?.UserUID;
+                }
+                catch { }
+                finally
+                {
+                    dbLockSemaphore.Release();
+                }
+
+                if (uid == null)
+                {
+                    Authentications[hashedHeader] = unauthorized;
+                    return AuthenticateResult.Fail("Failed Authorization");
+                }
+                else
+                {
+                    Authentications[hashedHeader] = uid;
+                }
            }

            var claims = new List<Claim> {