diff --git a/MareAPI b/MareAPI index 714d990..50a447c 160000 --- a/MareAPI +++ b/MareAPI @@ -1 +1 @@ -Subproject commit 714d990c0b5492cd2a19bb021f1570c6bc10e7c3 +Subproject commit 50a447c4d0e4264fa8f08f90998c3e36e0b098e2 diff --git a/MareSynchronosServer/MareSynchronosServer/Authentication/SecretKeyAuthenticationHandler.cs b/MareSynchronosServer/MareSynchronosServer/Authentication/SecretKeyAuthenticationHandler.cs index b69baf4..0d7c1c5 100644 --- a/MareSynchronosServer/MareSynchronosServer/Authentication/SecretKeyAuthenticationHandler.cs +++ b/MareSynchronosServer/MareSynchronosServer/Authentication/SecretKeyAuthenticationHandler.cs @@ -7,6 +7,8 @@ using System.Text.Encodings.Web; using System.Threading.Tasks; using MareSynchronosServer.Data; using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; @@ -20,8 +22,13 @@ namespace MareSynchronosServer.Authentication protected override async Task HandleAuthenticateAsync() { - if (!Request.Headers.ContainsKey("Authorization")) + var endpoint = Context.GetEndpoint(); + var endpointMetaData = endpoint?.Metadata?.GetMetadata(); + + if (!Request.Headers.ContainsKey("Authorization") && endpointMetaData == null) return AuthenticateResult.Fail("Failed Authorization"); + else if (!Request.Headers.ContainsKey("Authorization") && endpointMetaData != null) + return AuthenticateResult.NoResult(); var authHeader = Request.Headers["Authorization"].ToString(); @@ -37,6 +44,10 @@ namespace MareSynchronosServer.Authentication { return AuthenticateResult.Fail("Failed Authorization"); } + else if (endpointMetaData != null && uid == null) + { + return AuthenticateResult.NoResult(); + } var claims = new List { new Claim(ClaimTypes.NameIdentifier, uid) diff --git a/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.User.cs b/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.User.cs index a92ee94..9f194b2 100644 --- a/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.User.cs +++ b/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.User.cs @@ -1,8 +1,5 @@ -using System; -using System.Collections.Generic; +using System.Collections.Generic; using System.Linq; -using System.Security.Cryptography; -using System.Text; using System.Threading.Tasks; using MareSynchronos.API; using MareSynchronosServer.Authentication; @@ -82,12 +79,6 @@ namespace MareSynchronosServer.Hubs return otherEntries.Select(e => e.User.CharacterIdentification).Distinct().ToList(); } - [HubMethodName(Api.InvokeUserGetOnlineUsers)] - public async Task GetOnlineUsers() - { - return await _dbContext.Users.CountAsync(u => !string.IsNullOrEmpty(u.CharacterIdentification)); - } - [Authorize(AuthenticationSchemes = SecretKeyAuthenticationHandler.AuthScheme)] [HubMethodName(Api.InvokeUserGetPairedClients)] public async Task> GetPairedClients() @@ -139,7 +130,7 @@ namespace MareSynchronosServer.Hubs MareMetrics.UserPushDataTo.Inc(visibleCharacterIds.Count); } - [HubMethodName(Api.InvokeUserRegister)] + /*[HubMethodName(Api.InvokeUserRegister)] public async Task Register() { using var sha256 = SHA256.Create(); @@ -177,7 +168,7 @@ namespace MareSynchronosServer.Hubs await _dbContext.SaveChangesAsync(); return computedHash; - } + }*/ [Authorize(AuthenticationSchemes = SecretKeyAuthenticationHandler.AuthScheme)] diff --git a/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.cs b/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.cs index 396817f..b06f316 100644 --- a/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.cs +++ b/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.cs @@ -4,8 +4,10 @@ using System.Security.Claims; using System.Security.Cryptography; using System.Threading.Tasks; using MareSynchronos.API; +using MareSynchronosServer.Authentication; using MareSynchronosServer.Data; using MareSynchronosServer.Metrics; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http.Features; using Microsoft.AspNetCore.SignalR; using Microsoft.EntityFrameworkCore; @@ -14,6 +16,8 @@ using Microsoft.Extensions.Logging; namespace MareSynchronosServer.Hubs { + [AllowAnonymous] + [Authorize(AuthenticationSchemes = SecretKeyAuthenticationHandler.AuthScheme)] public partial class MareHub : Hub { private readonly SystemInfoService _systemInfoService; @@ -29,6 +33,7 @@ namespace MareSynchronosServer.Hubs _dbContext = mareDbContext; } + [AllowAnonymous] [HubMethodName(Api.InvokeHeartbeat)] public async Task Heartbeat(string? characterIdentification) { @@ -44,7 +49,6 @@ namespace MareSynchronosServer.Hubs if (!string.IsNullOrEmpty(userId) && !isBanned && !string.IsNullOrEmpty(characterIdentification)) { - _logger.LogInformation("Connection from " + userId); var user = (await _dbContext.Users.SingleAsync(u => u.UID == userId)); if (!string.IsNullOrEmpty(user.CharacterIdentification) && characterIdentification != user.CharacterIdentification) { @@ -77,11 +81,13 @@ namespace MareSynchronosServer.Hubs } [HubMethodName(Api.InvokeGetSystemInfo)] + [AllowAnonymous] public async Task GetSystemInfo() { return _systemInfoService.SystemInfoDto; } + [AllowAnonymous] public override Task OnConnectedAsync() { var feature = Context.Features.Get(); @@ -90,6 +96,7 @@ namespace MareSynchronosServer.Hubs return base.OnConnectedAsync(); } + [AllowAnonymous] public override async Task OnDisconnectedAsync(Exception exception) { MareMetrics.Connections.Dec(); diff --git a/MareSynchronosServer/MareSynchronosServer/Startup.cs b/MareSynchronosServer/MareSynchronosServer/Startup.cs index c22c3bb..24b92d1 100644 --- a/MareSynchronosServer/MareSynchronosServer/Startup.cs +++ b/MareSynchronosServer/MareSynchronosServer/Startup.cs @@ -15,8 +15,7 @@ using Microsoft.AspNetCore.SignalR; using Prometheus; using WebSocketOptions = Microsoft.AspNetCore.Builder.WebSocketOptions; using Microsoft.Extensions.FileProviders; -using Microsoft.Extensions.Logging; -using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.AspNetCore.Authorization; namespace MareSynchronosServer { @@ -63,6 +62,7 @@ namespace MareSynchronosServer options.DefaultScheme = SecretKeyAuthenticationHandler.AuthScheme; }) .AddScheme(SecretKeyAuthenticationHandler.AuthScheme, options => { }); + services.AddAuthorization(options => options.FallbackPolicy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. @@ -90,19 +90,18 @@ namespace MareSynchronosServer KeepAliveInterval = TimeSpan.FromSeconds(10), }; - app.UseStaticFiles(new StaticFileOptions() - { - FileProvider = new PhysicalFileProvider(Configuration["CacheDirectory"]), - RequestPath = "/cache", - ServeUnknownFileTypes = true - }); - app.UseHttpMetrics(); app.UseWebSockets(webSocketOptions); app.UseAuthentication(); app.UseAuthorization(); + app.UseStaticFiles(new StaticFileOptions() + { + FileProvider = new PhysicalFileProvider(Configuration["CacheDirectory"]), + RequestPath = "/cache", + ServeUnknownFileTypes = true + }); app.UseEndpoints(endpoints => {