some changes to auth

MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.cs

@@ -131,8 +131,6 @@ public partial class MareHub : Hub<IMareHub>, IMareHub
 
         if (!string.IsNullOrEmpty(userCharaIdent))
         {
-            _mareMetrics.DecGauge(MetricsAPI.GaugeAuthorizedConnections);
-
             _logger.LogCallInfo();
             _clientIdentService.MarkUserOffline(AuthenticatedUserId);
 

MareSynchronosServer/MareSynchronosServer/RequirementHandlers/UserRequirementHandler.cs

@@ -23,9 +23,8 @@ public class UserRequirementHandler : AuthorizationHandler<UserRequirement, HubI
     protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, UserRequirement requirement, HubInvocationContext resource)
     {
         var uid = context.User.Claims.SingleOrDefault(g => string.Equals(g.Type, ClaimTypes.NameIdentifier, StringComparison.Ordinal))?.Value;
-        var auth = context.User.Claims.SingleOrDefault(g => string.Equals(g.Type, ClaimTypes.Authentication, StringComparison.Ordinal))?.Value;
 
-        if (uid == null || auth == null) context.Fail();
+        if (uid == null) context.Fail();
 
         if ((requirement.Requirements & UserRequirements.Identified) is UserRequirements.Identified)
         {

MareSynchronosServer/MareSynchronosShared/Authentication/SecretKeyAuthenticationHandler.cs

@@ -1,4 +1,5 @@
-using System.Security.Claims;
+using System.Collections.Concurrent;
+using System.Security.Claims;
 using System.Text.Encodings.Web;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
@@ -14,6 +15,7 @@ public class SecretKeyAuthenticationHandler : AuthenticationHandler<Authenticati
 
     private readonly IHttpContextAccessor _accessor;
     private readonly SecretKeyAuthenticatorService secretKeyAuthenticatorService;
+    private static readonly ConcurrentDictionary<string, SemaphoreSlim> IPLocks = new(StringComparer.Ordinal);
 
     public SecretKeyAuthenticationHandler(IHttpContextAccessor accessor, SecretKeyAuthenticatorService secretKeyAuthenticatorService,
         IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
@@ -32,11 +34,20 @@ public class SecretKeyAuthenticationHandler : AuthenticationHandler<Authenticati
 
         if (!Request.Headers.TryGetValue("Authorization", out var authHeader))
         {
-            authHeader = string.Empty;
+            return AuthenticateResult.Fail("Failed Authorization");
         }
 
         var ip = _accessor.GetIpAddress();
 
+        if (!IPLocks.TryGetValue(ip, out var semaphore))
+        {
+            semaphore = new SemaphoreSlim(1);
+            IPLocks[ip] = semaphore;
+        }
+
+        try
+        {
+            await semaphore.WaitAsync(Context.RequestAborted).ConfigureAwait(false);
             var authResult = await secretKeyAuthenticatorService.AuthorizeAsync(ip, authHeader).ConfigureAwait(false);
 
             if (!authResult.Success)
@@ -47,7 +58,6 @@ public class SecretKeyAuthenticationHandler : AuthenticationHandler<Authenticati
             var claims = new List<Claim>
             {
                 new(ClaimTypes.NameIdentifier, authResult.Uid),
-            new(ClaimTypes.Authentication, authHeader)
             };
 
             var identity = new ClaimsIdentity(claims, nameof(SecretKeyAuthenticationHandler));
@@ -56,4 +66,9 @@ public class SecretKeyAuthenticationHandler : AuthenticationHandler<Authenticati
 
             return AuthenticateResult.Success(ticket);
         }
+        finally
+        {
+            semaphore.Release();
+        }
+    }
 }