From 17d10e2b6597a946959f3c1eaecf4569ec3844fa Mon Sep 17 00:00:00 2001 From: Loporrit <141286461+loporrit@users.noreply.github.com> Date: Fri, 8 Aug 2025 05:10:36 +0000 Subject: [PATCH] Generate secret keys locally --- MareAPI | 2 +- .../Controllers/JwtController.cs | 29 ++++++++++++++++++- .../Services/AccountRegistrationService.cs | 8 ++--- 3 files changed, 32 insertions(+), 7 deletions(-) diff --git a/MareAPI b/MareAPI index 8b77956..b2f4453 160000 --- a/MareAPI +++ b/MareAPI @@ -1 +1 @@ -Subproject commit 8b77956ec8620eb96f9f12b72182e0a6c70b23d1 +Subproject commit b2f4453b79a67d28dd5048ab3e7e84241663ab5a diff --git a/MareSynchronosServer/MareSynchronosAuthService/Controllers/JwtController.cs b/MareSynchronosServer/MareSynchronosAuthService/Controllers/JwtController.cs index 6de9f16..11323db 100644 --- a/MareSynchronosServer/MareSynchronosAuthService/Controllers/JwtController.cs +++ b/MareSynchronosServer/MareSynchronosAuthService/Controllers/JwtController.cs @@ -1,4 +1,5 @@ using MareSynchronos.API.Dto; +using MareSynchronos.API.Dto.Account; using MareSynchronos.API.Routes; using MareSynchronosAuthService.Services; using MareSynchronosShared; @@ -146,7 +147,33 @@ public class JwtController : Controller { var ua = HttpContext.Request.Headers["User-Agent"][0] ?? "-"; var ip = _accessor.GetIpAddress(); - return Json(await _accountRegistrationService.RegisterAccountAsync(ua, ip)); + + // Legacy endpoint: generate a secret key for the user + var computedHash = StringUtils.Sha256String(StringUtils.GenerateRandomString(64) + DateTime.UtcNow.ToString()); + var hashedKey = StringUtils.Sha256String(computedHash); + + var dto = await _accountRegistrationService.RegisterAccountAsync(ua, ip, hashedKey); + + return Json(new RegisterReplyDto() + { + Success = dto.Success, + ErrorMessage = dto.ErrorMessage, + UID = dto.UID, + SecretKey = computedHash + }); + } + + [AllowAnonymous] + [HttpPost(MareAuth.Auth_RegisterV2)] + public async Task RegisterV2(string hashedSecretKey) + { + if (string.IsNullOrEmpty(hashedSecretKey)) return BadRequest("No HashedSecretKey"); + if (hashedSecretKey.Length != 64) return BadRequest("Bad HashedSecretKey"); + if (!hashedSecretKey.All(char.IsAsciiHexDigitUpper)) return BadRequest("Bad HashedSecretKey"); + + var ua = HttpContext.Request.Headers["User-Agent"][0] ?? "-"; + var ip = _accessor.GetIpAddress(); + return Json(await _accountRegistrationService.RegisterAccountAsync(ua, ip, hashedSecretKey)); } private JwtSecurityToken CreateToken(IEnumerable authClaims) diff --git a/MareSynchronosServer/MareSynchronosAuthService/Services/AccountRegistrationService.cs b/MareSynchronosServer/MareSynchronosAuthService/Services/AccountRegistrationService.cs index 88bd462..2b0a1b0 100644 --- a/MareSynchronosServer/MareSynchronosAuthService/Services/AccountRegistrationService.cs +++ b/MareSynchronosServer/MareSynchronosAuthService/Services/AccountRegistrationService.cs @@ -45,9 +45,9 @@ public class AccountRegistrationService _serviceScopeFactory = serviceScopeFactory; } - public async Task RegisterAccountAsync(string ua, string ip) + public async Task RegisterAccountAsync(string ua, string ip, string hashedSecretKey) { - var reply = new RegisterReplyDto(); + var reply = new RegisterReplyV2Dto(); if (!_registrationUserAgentRegex.Match(ua).Success) { @@ -99,10 +99,9 @@ public class AccountRegistrationService user.LastLoggedIn = DateTime.UtcNow; - var computedHash = StringUtils.Sha256String(StringUtils.GenerateRandomString(64) + DateTime.UtcNow.ToString()); var auth = new Auth() { - HashedKey = StringUtils.Sha256String(computedHash), + HashedKey = hashedSecretKey, User = user, }; @@ -115,7 +114,6 @@ public class AccountRegistrationService reply.Success = true; reply.UID = user.UID; - reply.SecretKey = computedHash; RecordIpRegistration(ip);