ToxicMushroom/mare.server
1
0
Fork 0
mirror of https://github.com/Caraxi/mare.server.git synced 2025-12-30 17:13:39 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

rework authentication and some other crap for optimizing sql parallelism

Browse source
This commit is contained in:
Stanley Dimant 2022-07-10 17:20:30 +02:00
parent 9c63ce9c99
commit b9ac535836
14 changed files with 331 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

44
MareSynchronosServer/MareSynchronosServer/Authentication/SecretKeyAuthenticationHandler.cs
View file

@ -1,6 +1,6 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Data;
using System.Linq;
using System.Security.Claims;
using System.Security.Cryptography;
@ -17,71 +17,41 @@ namespace MareSynchronosServer.Authentication
{
public class SecretKeyAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
public static ConcurrentDictionary<string, object> IdentificationLocks = new();
private readonly MareDbContext _mareDbContext;
public const string AuthScheme = "SecretKeyAuth";
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
if (!Request.Headers.ContainsKey("Authorization") || !Request.Headers.ContainsKey("CharacterNameHash"))
if (!Request.Headers.ContainsKey("Authorization"))
return AuthenticateResult.Fail("Failed Authorization");
var authHeader = Request.Headers["Authorization"].ToString();
var charNameHeader = Request.Headers["CharacterNameHash"].ToString();
if (string.IsNullOrEmpty(authHeader) || string.IsNullOrEmpty(charNameHeader) || charNameHeader == "--")
if (string.IsNullOrEmpty(authHeader))
return AuthenticateResult.Fail("Failed Authorization");
var isBanned = await _mareDbContext.BannedUsers.AnyAsync(u => u.CharacterIdentification == charNameHeader);
if (isBanned)
{
return AuthenticateResult.Fail("Banned");
}
using var sha256 = SHA256.Create();
var hashedHeader = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(authHeader))).Replace("-", "");
var user = _mareDbContext.Users.SingleOrDefault(m => m.SecretKey == hashedHeader);
var user = await _mareDbContext.Users.AsNoTracking().SingleOrDefaultAsync(m => m.SecretKey == hashedHeader);
if (user == null)
{
return AuthenticateResult.Fail("Failed Authorization");
}
if (!IdentificationLocks.TryGetValue(charNameHeader, out var lockObject))
{
lockObject = new();
IdentificationLocks[charNameHeader] = lockObject;
}
if (user.CharacterIdentification != charNameHeader)
{
lock (lockObject)
{
try
{
user.CharacterIdentification = charNameHeader;
_mareDbContext.Users.Update(user);
_mareDbContext.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
}
}
}
var claims = new List<Claim> {
new Claim(ClaimTypes.Name, user.CharacterIdentification),
new Claim(ClaimTypes.NameIdentifier, user.UID)
};
var identity = new ClaimsIdentity(claims, nameof(SecretKeyAuthenticationHandler));
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, this.Scheme.Name);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return AuthenticateResult.Success(ticket);
}
public SecretKeyAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, MareDbContext mareDbContext) : base(options, logger, encoder, clock)
public SecretKeyAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
MareDbContext mareDbContext, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
{
_mareDbContext = mareDbContext;
}