some changes to auth

MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.cs

@@ -131,8 +131,6 @@ public partial class MareHub : Hub<IMareHub>, IMareHub
 
         if (!string.IsNullOrEmpty(userCharaIdent))
         {
-            _mareMetrics.DecGauge(MetricsAPI.GaugeAuthorizedConnections);
-
             _logger.LogCallInfo();
             _clientIdentService.MarkUserOffline(AuthenticatedUserId);
 

MareSynchronosServer/MareSynchronosServer/RequirementHandlers/UserRequirementHandler.cs

@@ -23,9 +23,8 @@ public class UserRequirementHandler : AuthorizationHandler<UserRequirement, HubI
     protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, UserRequirement requirement, HubInvocationContext resource)
     {
         var uid = context.User.Claims.SingleOrDefault(g => string.Equals(g.Type, ClaimTypes.NameIdentifier, StringComparison.Ordinal))?.Value;
-        var auth = context.User.Claims.SingleOrDefault(g => string.Equals(g.Type, ClaimTypes.Authentication, StringComparison.Ordinal))?.Value;
 
-        if (uid == null || auth == null) context.Fail();
+        if (uid == null) context.Fail();
 
         if ((requirement.Requirements & UserRequirements.Identified) is UserRequirements.Identified)
         {

MareSynchronosServer/MareSynchronosShared/Authentication/SecretKeyAuthenticationHandler.cs

@@ -1,4 +1,5 @@
-using System.Security.Claims;
+using System.Collections.Concurrent;
+using System.Security.Claims;
 using System.Text.Encodings.Web;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
@@ -14,6 +15,7 @@ public class SecretKeyAuthenticationHandler : AuthenticationHandler<Authenticati
 
     private readonly IHttpContextAccessor _accessor;
     private readonly SecretKeyAuthenticatorService secretKeyAuthenticatorService;
+    private static readonly ConcurrentDictionary<string, SemaphoreSlim> IPLocks = new(StringComparer.Ordinal);
 
     public SecretKeyAuthenticationHandler(IHttpContextAccessor accessor, SecretKeyAuthenticatorService secretKeyAuthenticatorService,
         IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
@@ -32,28 +34,41 @@ public class SecretKeyAuthenticationHandler : AuthenticationHandler<Authenticati
 
         if (!Request.Headers.TryGetValue("Authorization", out var authHeader))
         {
-            authHeader = string.Empty;
+            return AuthenticateResult.Fail("Failed Authorization");
         }
 
         var ip = _accessor.GetIpAddress();
 
-        var authResult = await secretKeyAuthenticatorService.AuthorizeAsync(ip, authHeader).ConfigureAwait(false);
+        if (!IPLocks.TryGetValue(ip, out var semaphore))
-
-        if (!authResult.Success)
         {
-            return AuthenticateResult.Fail("Failed Authorization");
+            semaphore = new SemaphoreSlim(1);
+            IPLocks[ip] = semaphore;
         }
 
-        var claims = new List<Claim>
+        try
         {
-            new(ClaimTypes.NameIdentifier, authResult.Uid),
+            await semaphore.WaitAsync(Context.RequestAborted).ConfigureAwait(false);
-            new(ClaimTypes.Authentication, authHeader)
+            var authResult = await secretKeyAuthenticatorService.AuthorizeAsync(ip, authHeader).ConfigureAwait(false);
-        };
 
-        var identity = new ClaimsIdentity(claims, nameof(SecretKeyAuthenticationHandler));
+            if (!authResult.Success)
-        var principal = new ClaimsPrincipal(identity);
+            {
-        var ticket = new AuthenticationTicket(principal, Scheme.Name);
+                return AuthenticateResult.Fail("Failed Authorization");
+            }
 
-        return AuthenticateResult.Success(ticket);
+            var claims = new List<Claim>
+            {
+                new(ClaimTypes.NameIdentifier, authResult.Uid),
+            };
+
+            var identity = new ClaimsIdentity(claims, nameof(SecretKeyAuthenticationHandler));
+            var principal = new ClaimsPrincipal(identity);
+            var ticket = new AuthenticationTicket(principal, Scheme.Name);
+
+            return AuthenticateResult.Success(ticket);
+        }
+        finally
+        {
+            semaphore.Release();
+        }
     }
 }