rework authentication

MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.Groups.cs

@@ -509,7 +509,7 @@ public partial class MareHub
         _logger.LogCallInfo(MareHubLogger.Args(gid, uid, "Success"));
     }
 
-    [Authorize(AuthenticationSchemes = SecretKeyGrpcAuthenticationHandler.AuthScheme)]
+    [Authorize(Policy = "Identified")]
     public async Task<List<BannedGroupUserDto>> GroupGetBannedUsers(string gid)
     {
         _logger.LogCallInfo(MareHubLogger.Args(gid));

MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.User.cs

@@ -38,8 +38,6 @@ public partial class MareHub
             await Task.Delay(1000).ConfigureAwait(false);
         }
 
-        await _authServiceClient.RemoveAuthAsync(new UidMessage() { Uid = userid }).ConfigureAwait(false);
-
         _dbContext.ClientPairs.RemoveRange(ownPairData);
         await _dbContext.SaveChangesAsync().ConfigureAwait(false);
         var otherPairData = await _dbContext.ClientPairs.Include(u => u.User)

MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.cs

@@ -20,7 +20,6 @@ namespace MareSynchronosServer.Hubs;
 public partial class MareHub : Hub<IMareHub>, IMareHub
 {
     private readonly MareMetrics _mareMetrics;
-    private readonly AuthService.AuthServiceClient _authServiceClient;
     private readonly FileService.FileServiceClient _fileServiceClient;
     private readonly SystemInfoService _systemInfoService;
     private readonly IHttpContextAccessor _contextAccessor;
@@ -33,12 +32,11 @@ public partial class MareHub : Hub<IMareHub>, IMareHub
     private readonly int _maxJoinedGroupsByUser;
     private readonly int _maxGroupUserCount;
 
-    public MareHub(MareMetrics mareMetrics, AuthService.AuthServiceClient authServiceClient, FileService.FileServiceClient fileServiceClient,
+    public MareHub(MareMetrics mareMetrics, FileService.FileServiceClient fileServiceClient,
         MareDbContext mareDbContext, ILogger<MareHub> logger, SystemInfoService systemInfoService, IConfiguration configuration, IHttpContextAccessor contextAccessor,
         GrpcClientIdentificationService clientIdentService)
     {
         _mareMetrics = mareMetrics;
-        _authServiceClient = authServiceClient;
         _fileServiceClient = fileServiceClient;
         _systemInfoService = systemInfoService;
         var config = configuration.GetRequiredSection("MareSynchronos");

MareSynchronosServer/MareSynchronosServer/Startup.cs

@@ -90,17 +90,6 @@ public class Startup
             MetricsAPI.GaugeGroupPairsPaused
         }));
 
-        services.AddGrpcClient<AuthService.AuthServiceClient>(c =>
-        {
-            c.Address = new Uri(mareConfig.GetValue<string>("ServiceAddress"));
-        }).ConfigureChannel(c =>
-        {
-            c.ServiceConfig = new ServiceConfig { MethodConfigs = { noRetryConfig } };
-            c.HttpHandler = new SocketsHttpHandler()
-            {
-                EnableMultipleHttp2Connections = true
-            };
-        });
         services.AddGrpcClient<FileService.FileServiceClient>(c =>
         {
             c.Address = new Uri(mareConfig.GetValue<string>("StaticFileServiceAddress"));
@@ -120,10 +109,9 @@ public class Startup
             };
         });
 
-        services.AddSingleton<GrpcAuthenticationService>();
+        services.AddSingleton<SecretKeyAuthenticatorService>();
         services.AddSingleton<GrpcClientIdentificationService>();
         services.AddTransient<IAuthorizationHandler, UserRequirementHandler>();
-        services.AddHostedService(p => p.GetService<GrpcAuthenticationService>());
         services.AddHostedService(p => p.GetService<GrpcClientIdentificationService>());
 
         services.AddDbContextPool<MareDbContext>(options =>
@@ -136,17 +124,17 @@ public class Startup
             options.EnableThreadSafetyChecks(false);
         }, mareConfig.GetValue("DbContextPoolSize", 1024));
 
-        services.AddAuthentication(SecretKeyGrpcAuthenticationHandler.AuthScheme)
-            .AddScheme<AuthenticationSchemeOptions, SecretKeyGrpcAuthenticationHandler>(SecretKeyGrpcAuthenticationHandler.AuthScheme, options => { options.Validate(); });
+        services.AddAuthentication(SecretKeyAuthenticationHandler.AuthScheme)
+            .AddScheme<AuthenticationSchemeOptions, SecretKeyAuthenticationHandler>(SecretKeyAuthenticationHandler.AuthScheme, options => { options.Validate(); });
 
         services.AddAuthorization(options =>
         {
             options.DefaultPolicy = new AuthorizationPolicyBuilder()
-                .AddAuthenticationSchemes(SecretKeyGrpcAuthenticationHandler.AuthScheme)
+                .AddAuthenticationSchemes(SecretKeyAuthenticationHandler.AuthScheme)
                 .RequireAuthenticatedUser().Build();
             options.AddPolicy("Authenticated", policy =>
             {
-                policy.AddAuthenticationSchemes(SecretKeyGrpcAuthenticationHandler.AuthScheme);
+                policy.AddAuthenticationSchemes(SecretKeyAuthenticationHandler.AuthScheme);
                 policy.RequireAuthenticatedUser();
             });
             options.AddPolicy("Identified", policy =>