t0w0bi/ClubPenguinServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

some changes to auth

Browse Source
This commit is contained in:
rootdarkarchon
2022-12-29 20:14:47 +01:00
parent 3634cccd1e
commit cbe361208c
3 changed files with 30 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.cs
View File

@@ -131,8 +131,6 @@ public partial class MareHub : Hub<IMareHub>, IMareHub
if (!string.IsNullOrEmpty(userCharaIdent))
{
_mareMetrics.DecGauge(MetricsAPI.GaugeAuthorizedConnections);
_logger.LogCallInfo();
_clientIdentService.MarkUserOffline(AuthenticatedUserId);

3
MareSynchronosServer/MareSynchronosServer/RequirementHandlers/UserRequirementHandler.cs
View File

@@ -23,9 +23,8 @@ public class UserRequirementHandler : AuthorizationHandler<UserRequirement, HubI
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, UserRequirement requirement, HubInvocationContext resource)
{
var uid = context.User.Claims.SingleOrDefault(g => string.Equals(g.Type, ClaimTypes.NameIdentifier, StringComparison.Ordinal))?.Value;
var auth = context.User.Claims.SingleOrDefault(g => string.Equals(g.Type, ClaimTypes.Authentication, StringComparison.Ordinal))?.Value;
if (uid == null || auth == null) context.Fail();
if (uid == null) context.Fail();
if ((requirement.Requirements & UserRequirements.Identified) is UserRequirements.Identified)
{

21
MareSynchronosServer/MareSynchronosShared/Authentication/SecretKeyAuthenticationHandler.cs
View File

@@ -1,4 +1,5 @@
using System.Security.Claims;
using System.Collections.Concurrent;
using System.Security.Claims;
using System.Text.Encodings.Web;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
@@ -14,6 +15,7 @@ public class SecretKeyAuthenticationHandler : AuthenticationHandler<Authenticati
private readonly IHttpContextAccessor _accessor;
private readonly SecretKeyAuthenticatorService secretKeyAuthenticatorService;
private static readonly ConcurrentDictionary<string, SemaphoreSlim> IPLocks = new(StringComparer.Ordinal);
public SecretKeyAuthenticationHandler(IHttpContextAccessor accessor, SecretKeyAuthenticatorService secretKeyAuthenticatorService,
IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
@@ -32,11 +34,20 @@ public class SecretKeyAuthenticationHandler : AuthenticationHandler<Authenticati
if (!Request.Headers.TryGetValue("Authorization", out var authHeader))
{
authHeader = string.Empty;
return AuthenticateResult.Fail("Failed Authorization");
}
var ip = _accessor.GetIpAddress();
if (!IPLocks.TryGetValue(ip, out var semaphore))
{
semaphore = new SemaphoreSlim(1);
IPLocks[ip] = semaphore;
}
try
{
await semaphore.WaitAsync(Context.RequestAborted).ConfigureAwait(false);
var authResult = await secretKeyAuthenticatorService.AuthorizeAsync(ip, authHeader).ConfigureAwait(false);
if (!authResult.Success)
@@ -47,7 +58,6 @@ public class SecretKeyAuthenticationHandler : AuthenticationHandler<Authenticati
var claims = new List<Claim>
{
new(ClaimTypes.NameIdentifier, authResult.Uid),
new(ClaimTypes.Authentication, authHeader)
};
var identity = new ClaimsIdentity(claims, nameof(SecretKeyAuthenticationHandler));
@@ -56,4 +66,9 @@ public class SecretKeyAuthenticationHandler : AuthenticationHandler<Authenticati
return AuthenticateResult.Success(ticket);
}
finally
{
semaphore.Release();
}
}
}