diff --git a/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.cs b/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.cs index cab8565..fbaa55c 100644 --- a/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.cs +++ b/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.cs @@ -131,8 +131,6 @@ public partial class MareHub : Hub, IMareHub if (!string.IsNullOrEmpty(userCharaIdent)) { - _mareMetrics.DecGauge(MetricsAPI.GaugeAuthorizedConnections); - _logger.LogCallInfo(); _clientIdentService.MarkUserOffline(AuthenticatedUserId); diff --git a/MareSynchronosServer/MareSynchronosServer/RequirementHandlers/UserRequirementHandler.cs b/MareSynchronosServer/MareSynchronosServer/RequirementHandlers/UserRequirementHandler.cs index 5916651..4fc2443 100644 --- a/MareSynchronosServer/MareSynchronosServer/RequirementHandlers/UserRequirementHandler.cs +++ b/MareSynchronosServer/MareSynchronosServer/RequirementHandlers/UserRequirementHandler.cs @@ -23,9 +23,8 @@ public class UserRequirementHandler : AuthorizationHandler string.Equals(g.Type, ClaimTypes.NameIdentifier, StringComparison.Ordinal))?.Value; - var auth = context.User.Claims.SingleOrDefault(g => string.Equals(g.Type, ClaimTypes.Authentication, StringComparison.Ordinal))?.Value; - if (uid == null || auth == null) context.Fail(); + if (uid == null) context.Fail(); if ((requirement.Requirements & UserRequirements.Identified) is UserRequirements.Identified) { diff --git a/MareSynchronosServer/MareSynchronosShared/Authentication/SecretKeyAuthenticationHandler.cs b/MareSynchronosServer/MareSynchronosShared/Authentication/SecretKeyAuthenticationHandler.cs index 8f3c761..0630a5a 100644 --- a/MareSynchronosServer/MareSynchronosShared/Authentication/SecretKeyAuthenticationHandler.cs +++ b/MareSynchronosServer/MareSynchronosShared/Authentication/SecretKeyAuthenticationHandler.cs @@ -1,4 +1,5 @@ -using System.Security.Claims; +using System.Collections.Concurrent; +using System.Security.Claims; using System.Text.Encodings.Web; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; @@ -14,6 +15,7 @@ public class SecretKeyAuthenticationHandler : AuthenticationHandler IPLocks = new(StringComparer.Ordinal); public SecretKeyAuthenticationHandler(IHttpContextAccessor accessor, SecretKeyAuthenticatorService secretKeyAuthenticatorService, IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) @@ -32,28 +34,41 @@ public class SecretKeyAuthenticationHandler : AuthenticationHandler + try { - new(ClaimTypes.NameIdentifier, authResult.Uid), - new(ClaimTypes.Authentication, authHeader) - }; + await semaphore.WaitAsync(Context.RequestAborted).ConfigureAwait(false); + var authResult = await secretKeyAuthenticatorService.AuthorizeAsync(ip, authHeader).ConfigureAwait(false); - var identity = new ClaimsIdentity(claims, nameof(SecretKeyAuthenticationHandler)); - var principal = new ClaimsPrincipal(identity); - var ticket = new AuthenticationTicket(principal, Scheme.Name); + if (!authResult.Success) + { + return AuthenticateResult.Fail("Failed Authorization"); + } - return AuthenticateResult.Success(ticket); + var claims = new List + { + new(ClaimTypes.NameIdentifier, authResult.Uid), + }; + + var identity = new ClaimsIdentity(claims, nameof(SecretKeyAuthenticationHandler)); + var principal = new ClaimsPrincipal(identity); + var ticket = new AuthenticationTicket(principal, Scheme.Name); + + return AuthenticateResult.Success(ticket); + } + finally + { + semaphore.Release(); + } } }