minor refactoring

MareSynchronosServer/MareSynchronosShared/Authentication/SecretKeyAuthenticationHandler.cs

@@ -1,217 +0,0 @@
-using System.Security.Claims;
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Encodings.Web;
-using MareSynchronosServer;
-using MareSynchronosServer.Metrics;
-using MareSynchronosShared.Data;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Http;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using ISystemClock = Microsoft.AspNetCore.Authentication.ISystemClock;
-
-namespace MareSynchronosShared.Authentication
-{
-    public class FailedAuthorization : IDisposable
-    {
-        private int failedAttempts = 1;
-        public int FailedAttempts => failedAttempts;
-        public Task ResetTask { get; set; }
-        public CancellationTokenSource? ResetCts { get; set; }
-
-        public void Dispose()
-        {
-            try
-            {
-                ResetCts?.Cancel();
-                ResetCts?.Dispose();
-            }
-            catch { }
-        }
-
-        public void IncreaseFailedAttempts()
-        {
-            Interlocked.Increment(ref failedAttempts);
-        }
-    }
-
-    public class SecretKeyAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
-    {
-        private readonly IHttpContextAccessor _accessor;
-        private readonly MareDbContext _mareDbContext;
-        private readonly IConfiguration _configuration;
-        public const string AuthScheme = "SecretKeyAuth";
-        private const string unauthorized = "Unauthorized";
-        public static readonly Dictionary<string, string> Authentications = new();
-        private static readonly Dictionary<string, FailedAuthorization> FailedAuthorizations = new();
-        private static readonly object authDictLock = new();
-        private static readonly object failedAuthLock = new();
-        private readonly int failedAttemptsForTempBan;
-        private readonly int tempBanMinutes;
-
-        public static void ClearUnauthorizedUsers()
-        {
-            lock (authDictLock)
-            {
-                foreach (var item in Authentications.ToArray())
-                {
-                    if (item.Value == unauthorized)
-                    {
-                        Authentications[item.Key] = string.Empty;
-                    }
-                }
-            }
-        }
-
-        public static void RemoveAuthentication(string uid)
-        {
-            lock (authDictLock)
-            {
-                var auth = Authentications.Where(u => u.Value == uid);
-                if (auth.Any())
-                {
-                    Authentications.Remove(auth.First().Key);
-                }
-            }
-        }
-
-        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
-        {
-            MareMetrics.AuthenticationRequests.Inc();
-
-            if (!Request.Headers.ContainsKey("Authorization"))
-            {
-                MareMetrics.AuthenticationFailures.Inc();
-                return AuthenticateResult.Fail("Failed Authorization");
-            }
-
-            var authHeader = Request.Headers["Authorization"].ToString();
-
-            if (string.IsNullOrEmpty(authHeader))
-            {
-                MareMetrics.AuthenticationFailures.Inc();
-                return AuthenticateResult.Fail("Failed Authorization");
-            }
-
-            var ip = _accessor.GetIpAddress();
-
-            lock (failedAuthLock)
-            {
-                if (FailedAuthorizations.TryGetValue(ip, out var failedAuth) && failedAuth.FailedAttempts > failedAttemptsForTempBan)
-                {
-                    MareMetrics.AuthenticationFailures.Inc();
-
-                    failedAuth.ResetCts?.Cancel();
-                    failedAuth.ResetCts?.Dispose();
-                    failedAuth.ResetCts = new CancellationTokenSource();
-                    var token = failedAuth.ResetCts.Token;
-                    failedAuth.ResetTask = Task.Run(async () =>
-                    {
-                        await Task.Delay(TimeSpan.FromMinutes(tempBanMinutes), token).ConfigureAwait(false);
-                        if (token.IsCancellationRequested) return;
-                        FailedAuthorization fauth;
-                        lock (failedAuthLock)
-                        {
-                            FailedAuthorizations.Remove(ip, out fauth);
-                        }
-                        fauth.Dispose();
-                    }, token);
-
-                    Logger.LogWarning("TempBan {ip} for authorization spam", ip);
-                    return AuthenticateResult.Fail("Failed Authorization");
-                }
-            }
-
-            using var sha256 = SHA256.Create();
-            var hashedHeader = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(authHeader))).Replace("-", "");
-
-            string uid;
-            lock (authDictLock)
-            {
-                if (Authentications.TryGetValue(hashedHeader, out uid))
-                {
-                    if (uid == unauthorized)
-                    {
-                        MareMetrics.AuthenticationFailures.Inc();
-
-                        lock (failedAuthLock)
-                        {
-                            Logger.LogWarning("Failed authorization from {ip}", ip);
-                            if (FailedAuthorizations.TryGetValue(ip, out var auth))
-                            {
-                                auth.IncreaseFailedAttempts();
-                            }
-                            else
-                            {
-                                FailedAuthorizations[ip] = new FailedAuthorization();
-                            }
-                        }
-
-                        return AuthenticateResult.Fail("Failed Authorization");
-                    }
-
-                    MareMetrics.AuthenticationCacheHits.Inc();
-                }
-            }
-
-            if (string.IsNullOrEmpty(uid))
-            {
-                uid = (await _mareDbContext.Auth.AsNoTracking()
-                    .FirstOrDefaultAsync(m => m.HashedKey == hashedHeader).ConfigureAwait(false))?.UserUID;
-
-                if (uid == null)
-                {
-                    lock (authDictLock)
-                    {
-                        Authentications[hashedHeader] = unauthorized;
-                    }
-
-                    Logger.LogWarning("Failed authorization from {ip}", ip);
-                    lock (failedAuthLock)
-                    {
-                        if (FailedAuthorizations.TryGetValue(ip, out var auth))
-                        {
-                            auth.IncreaseFailedAttempts();
-                        }
-                        else
-                        {
-                            FailedAuthorizations[ip] = new FailedAuthorization();
-                        }
-                    }
-
-                    MareMetrics.AuthenticationFailures.Inc();
-                    return AuthenticateResult.Fail("Failed Authorization");
-                }
-                else
-                {
-                    Authentications[hashedHeader] = uid;
-                }
-            }
-
-            var claims = new List<Claim> {
-                new Claim(ClaimTypes.NameIdentifier, uid)
-            };
-
-            var identity = new ClaimsIdentity(claims, nameof(SecretKeyAuthenticationHandler));
-            var principal = new ClaimsPrincipal(identity);
-            var ticket = new AuthenticationTicket(principal, Scheme.Name);
-
-            MareMetrics.AuthenticationSuccesses.Inc();
-
-            return AuthenticateResult.Success(ticket);
-        }
-
-        public SecretKeyAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, IHttpContextAccessor accessor,
-            MareDbContext mareDbContext, IConfiguration configuration, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
-        {
-            _accessor = accessor;
-            _mareDbContext = mareDbContext;
-            _configuration = configuration;
-            failedAttemptsForTempBan = _configuration.GetValue<int>("FailedAuthForTempBan", 5);
-            tempBanMinutes = _configuration.GetValue<int>("TempBanDurationInMinutes", 30);
-        }
-    }
-}

MareSynchronosServer/MareSynchronosShared/Authentication/SecretKeyGrpcAuthenticationHandler.cs

@@ -0,0 +1,59 @@
+using System.Security.Claims;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Encodings.Web;
+using MareSynchronosServer;
+using MareSynchronosShared.Data;
+using MareSynchronosShared.Metrics;
+using MareSynchronosShared.Protos;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using ISystemClock = Microsoft.AspNetCore.Authentication.ISystemClock;
+
+namespace MareSynchronosShared.Authentication
+{
+
+    public class SecretKeyGrpcAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
+    {
+        public const string AuthScheme = "SecretKeyGrpcAuth";
+
+        private readonly AuthService.AuthServiceClient _authClient;
+        private readonly IHttpContextAccessor _accessor;
+
+        public SecretKeyGrpcAuthenticationHandler(IHttpContextAccessor accessor, AuthService.AuthServiceClient authClient, 
+            IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
+        {
+            this._authClient = authClient;
+            _accessor = accessor;
+        }
+
+        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            Request.Headers.TryGetValue("Authorization", out var authHeader);
+            var ip = _accessor.GetIpAddress();
+
+            var authResult = await _authClient.AuthorizeAsync(new AuthRequest() {Ip = ip, SecretKey = authHeader});
+
+            if (!authResult.Success)
+            {
+                return AuthenticateResult.Fail("Failed Authorization");
+            }
+
+            string uid = authResult.Uid;
+
+            var claims = new List<Claim>
+            {
+                new(ClaimTypes.NameIdentifier, uid)
+            };
+
+            var identity = new ClaimsIdentity(claims, nameof(SecretKeyGrpcAuthenticationHandler));
+            var principal = new ClaimsPrincipal(identity);
+            var ticket = new AuthenticationTicket(principal, Scheme.Name);
+
+            return AuthenticateResult.Success(ticket);
+        }
+    }
+}

MareSynchronosServer/MareSynchronosShared/MareSynchronosShared.csproj

@@ -6,10 +6,19 @@
 		<Nullable>enable</Nullable>
 	</PropertyGroup>
 
+	<ItemGroup>
+	  <None Remove="Protos\mareservices.proto" />
+	</ItemGroup>
+
 	<ItemGroup>
 		<FrameworkReference Include="Microsoft.AspNetCore.App" />
 	</ItemGroup>
 
+	<ItemGroup>
+		<PackageReference Include="EFCore.NamingConventions" Version="6.0.0" />
+		<PackageReference Include="Grpc.AspNetCore" Version="2.40.0" />
+	</ItemGroup>
+
 	<ItemGroup>
 		<PackageReference Include="Microsoft.AspNetCore.Authentication" Version="2.2.0" />
 		<PackageReference Include="Microsoft.AspNetCore.Authentication.Core" Version="2.2.0" />
@@ -22,4 +31,10 @@
 		<PackageReference Include="prometheus-net" Version="6.0.0" />
 	</ItemGroup>
 
+	<ItemGroup>
+	  <Protobuf Include="Protos\mareservices.proto">
+	    <GrpcServices>Both</GrpcServices>
+	  </Protobuf>
+	</ItemGroup>
+
 </Project>

MareSynchronosServer/MareSynchronosShared/Metrics/MareMetrics.cs

@@ -1,58 +0,0 @@
-using System.IO;
-using System.Linq;
-using MareSynchronosShared.Data;
-using Microsoft.Extensions.Configuration;
-using Prometheus;
-
-namespace MareSynchronosServer.Metrics
-{
-    public class MareMetrics
-    {
-        public static readonly Counter InitializedConnections =
-            Prometheus.Metrics.CreateCounter("mare_initialized_connections", "Initialized Connections");
-        public static readonly Gauge Connections =
-            Prometheus.Metrics.CreateGauge("mare_unauthorized_connections", "Unauthorized Connections");
-        public static readonly Gauge AuthorizedConnections =
-            Prometheus.Metrics.CreateGauge("mare_authorized_connections", "Authorized Connections");
-        public static readonly Gauge AvailableWorkerThreads = Prometheus.Metrics.CreateGauge("mare_available_threadpool", "Available Threadpool Workers");
-        public static readonly Gauge AvailableIOWorkerThreads = Prometheus.Metrics.CreateGauge("mare_available_threadpool_io", "Available Threadpool IO Workers");
-
-        public static readonly Gauge UsersRegistered = Prometheus.Metrics.CreateGauge("mare_users_registered", "Total Registrations");
-
-        public static readonly Gauge Pairs = Prometheus.Metrics.CreateGauge("mare_pairs", "Total Pairs");
-        public static readonly Gauge PairsPaused = Prometheus.Metrics.CreateGauge("mare_pairs_paused", "Total Paused Pairs");
-
-        public static readonly Gauge FilesTotal = Prometheus.Metrics.CreateGauge("mare_files", "Total uploaded files");
-        public static readonly Gauge FilesTotalSize =
-            Prometheus.Metrics.CreateGauge("mare_files_size", "Total uploaded files (bytes)");
-
-        public static readonly Counter UserPushData = Prometheus.Metrics.CreateCounter("mare_user_push", "Users pushing data");
-        public static readonly Counter UserPushDataTo =
-            Prometheus.Metrics.CreateCounter("mare_user_push_to", "Users Receiving Data");
-
-        public static readonly Counter UserDownloadedFiles =
-            Prometheus.Metrics.CreateCounter("mare_user_downloaded_files", "Total Downloaded Files by Users");
-        public static readonly Counter UserDownloadedFilesSize =
-            Prometheus.Metrics.CreateCounter("mare_user_downloaded_files_size", "Total Downloaded Files Size by Users");
-
-        public static readonly Gauge
-            CPUUsage = Prometheus.Metrics.CreateGauge("mare_cpu_usage", "Total calculated CPU usage in %");
-        public static readonly Gauge RAMUsage =
-            Prometheus.Metrics.CreateGauge("mare_ram_usage", "Total calculated RAM usage in bytes for Mare + MSSQL");
-        public static readonly Gauge NetworkOut = Prometheus.Metrics.CreateGauge("mare_network_out", "Network out in byte/s");
-        public static readonly Gauge NetworkIn = Prometheus.Metrics.CreateGauge("mare_network_in", "Network in in byte/s");
-        public static readonly Counter AuthenticationRequests = Prometheus.Metrics.CreateCounter("mare_auth_requests", "Mare Authentication Requests");
-        public static readonly Counter AuthenticationCacheHits = Prometheus.Metrics.CreateCounter("mare_auth_requests_cachehit", "Mare Authentication Requests Cache Hits");
-        public static readonly Counter AuthenticationFailures = Prometheus.Metrics.CreateCounter("mare_auth_requests_fail", "Mare Authentication Requests Failed");
-        public static readonly Counter AuthenticationSuccesses = Prometheus.Metrics.CreateCounter("mare_auth_requests_success", "Mare Authentication Requests Success");
-
-        public static void InitializeMetrics(MareDbContext dbContext, IConfiguration configuration)
-        {
-            UsersRegistered.IncTo(dbContext.Users.Count());
-            Pairs.IncTo(dbContext.ClientPairs.Count());
-            PairsPaused.IncTo(dbContext.ClientPairs.Count(p => p.IsPaused));
-            FilesTotal.IncTo(dbContext.Files.Count());
-            FilesTotalSize.IncTo(Directory.EnumerateFiles(configuration["CacheDirectory"]).Sum(f => new FileInfo(f).Length));
-        }
-    }
-}

MareSynchronosServer/MareSynchronosShared/Metrics/MetricsAPI.cs

@@ -0,0 +1,21 @@
+namespace MareSynchronosShared.Metrics;
+
+public class MetricsAPI
+{
+    public const string CounterInitializedConnections = "mare_initialized_connections";
+    public const string GaugeConnections = "mare_unauthorized_connections";
+    public const string GaugeAuthorizedConnections = "mare_authorized_connections";
+    public const string GaugeAvailableWorkerThreads = "mare_available_threadpool";
+    public const string GaugeAvailableIOWorkerThreads = "mare_available_threadpool_io";
+    public const string GaugeUsersRegistered = "mare_users_registered";
+    public const string GaugePairs = "mare_pairs";
+    public const string GaugePairsPaused = "mare_pairs_paused";
+    public const string GaugeFilesTotal = "mare_files";
+    public const string GaugeFilesTotalSize = "mare_files_size";
+    public const string CounterUserPushData = "mare_user_push";
+    public const string CounterUserPushDataTo = "mare_user_push_to";
+    public const string CounterAuthenticationRequests = "mare_auth_requests";
+    public const string CounterAuthenticationCacheHits = "mare_auth_requests_cachehit";
+    public const string CounterAuthenticationFailures = "mare_auth_requests_fail";
+    public const string CounterAuthenticationSuccesses = "mare_auth_requests_success";
+}

MareSynchronosServer/MareSynchronosShared/Protos/mareservices.proto

@@ -0,0 +1,49 @@
+syntax = "proto3";
+
+option csharp_namespace = "MareSynchronosShared.Protos";
+
+package mareservices;
+
+service AuthService {
+  rpc Authorize (AuthRequest) returns (AuthReply);
+  rpc RemoveAuth (RemoveAuthRequest) returns (Empty);
+  rpc ClearUnauthorized (Empty) returns (Empty);
+}
+
+service MetricsService {
+	rpc IncreaseCounter (IncreaseCounterRequest) returns (Empty);
+	rpc SetGauge (SetGaugeRequest) returns (Empty);
+	rpc DecGauge (GaugeRequest) returns (Empty);
+	rpc IncGauge (GaugeRequest) returns (Empty);
+}
+
+message Empty { }
+
+message GaugeRequest {
+	string gaugeName = 1;
+	double value = 2;
+}
+
+message SetGaugeRequest {
+	string gaugeName = 1;
+	double value = 2;
+}
+
+message IncreaseCounterRequest {
+	string counterName = 1;
+	double value = 2;
+}
+
+message RemoveAuthRequest {
+	string uid = 1;
+}
+
+message AuthRequest {
+	string ip = 1;
+	string secretKey = 2;
+}
+
+message AuthReply {
+  bool success = 1;
+  string uid = 2;
+}