mirror of
https://github.com/azaion/admin.git
synced 2026-04-22 23:56:32 +00:00
add Cache.cs
fix hardware hash stack in the jwt token claims
This commit is contained in:
Alex Bezdieniezhnykh
+12
-4
@@ -98,10 +98,13 @@ builder.Services.Configure<JwtConfig>(builder.Configuration.GetSection(nameof(Jw
|
|||||||
builder.Services.Configure<ConnectionStrings>(builder.Configuration.GetSection(nameof(ConnectionStrings)));
|
builder.Services.Configure<ConnectionStrings>(builder.Configuration.GetSection(nameof(ConnectionStrings)));
|
||||||
|
|
||||||
builder.Services.AddScoped<IUserService, UserService>();
|
builder.Services.AddScoped<IUserService, UserService>();
|
||||||
|
builder.Services.AddScoped<IAuthService, AuthService>();
|
||||||
builder.Services.AddScoped<IResourcesService, ResourcesService>();
|
builder.Services.AddScoped<IResourcesService, ResourcesService>();
|
||||||
builder.Services.AddSingleton<IAuthService, AuthService>();
|
|
||||||
builder.Services.AddSingleton<IDbFactory, DbFactory>();
|
builder.Services.AddSingleton<IDbFactory, DbFactory>();
|
||||||
|
|
||||||
|
builder.Services.AddLazyCache();
|
||||||
|
builder.Services.AddScoped<ICache, MemoryCache>();
|
||||||
|
|
||||||
builder.Services.AddValidatorsFromAssemblyContaining<RegisterUserValidator>();
|
builder.Services.AddValidatorsFromAssemblyContaining<RegisterUserValidator>();
|
||||||
|
|
||||||
var app = builder.Build();
|
var app = builder.Build();
|
||||||
@@ -145,7 +148,7 @@ app.MapPost("/resources/{dataFolder?}",
|
|||||||
app.MapPost("/resources/get/{dataFolder?}", //Need to have POST method for secure password
|
app.MapPost("/resources/get/{dataFolder?}", //Need to have POST method for secure password
|
||||||
async ([FromBody]GetResourceRequest request, [FromRoute]string? dataFolder, IAuthService authService, IUserService userService, IResourcesService resourcesService, CancellationToken cancellationToken) =>
|
async ([FromBody]GetResourceRequest request, [FromRoute]string? dataFolder, IAuthService authService, IUserService userService, IResourcesService resourcesService, CancellationToken cancellationToken) =>
|
||||||
{
|
{
|
||||||
var user = authService.CurrentUser;
|
var user = await authService.GetCurrentUser();
|
||||||
if (user == null)
|
if (user == null)
|
||||||
throw new UnauthorizedAccessException();
|
throw new UnauthorizedAccessException();
|
||||||
|
|
||||||
@@ -159,8 +162,13 @@ app.MapPost("/resources/get/{dataFolder?}", //Need to have POST method for secur
|
|||||||
.WithOpenApi(op => new OpenApiOperation(op){ Summary = "Gets encrypted by users Password and HardwareHash resources. POST method for secure password"});
|
.WithOpenApi(op => new OpenApiOperation(op){ Summary = "Gets encrypted by users Password and HardwareHash resources. POST method for secure password"});
|
||||||
|
|
||||||
app.MapPut("/resources/reset-hardware",
|
app.MapPut("/resources/reset-hardware",
|
||||||
async (string email, IUserService userService, CancellationToken cancellationToken)
|
async (string email, IUserService userService, ICache cache, CancellationToken cancellationToken) =>
|
||||||
=> await userService.UpdateHardware(email, new HardwareInfo(), cancellationToken))
|
{
|
||||||
|
await userService.UpdateHardware(email, new HardwareInfo(), cancellationToken);
|
||||||
|
var user = await userService.GetByEmail(email, cancellationToken);
|
||||||
|
cache.Invalidate($"{nameof(User)}.{user?.Id}");
|
||||||
|
})
|
||||||
|
.RequireAuthorization(apiAdminPolicy)
|
||||||
.WithOpenApi(op => new OpenApiOperation(op){ Summary = "Resets hardware id in case of hardware change"});
|
.WithOpenApi(op => new OpenApiOperation(op){ Summary = "Resets hardware id in case of hardware change"});
|
||||||
|
|
||||||
app.Run();
|
app.Run();
|
||||||
|
|||||||
@@ -12,6 +12,6 @@
|
|||||||
"JwtConfig": {
|
"JwtConfig": {
|
||||||
"Issuer": "AzaionApi",
|
"Issuer": "AzaionApi",
|
||||||
"Audience": "Annotators/OrangePi/Admins",
|
"Audience": "Annotators/OrangePi/Admins",
|
||||||
"TokenLifetimeHours": 2.5
|
"TokenLifetimeHours": 4
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,6 +0,0 @@
|
|||||||
namespace Azaion.Common.Configs;
|
|
||||||
|
|
||||||
public class Constants
|
|
||||||
{
|
|
||||||
public const string HARDWARE_ID = nameof(HARDWARE_ID);
|
|
||||||
}
|
|
||||||
@@ -11,31 +11,28 @@ namespace Azaion.Services;
|
|||||||
|
|
||||||
public interface IAuthService
|
public interface IAuthService
|
||||||
{
|
{
|
||||||
User? CurrentUser { get; }
|
Guid? GetCurrentUserId();
|
||||||
|
Task<User?> GetCurrentUser();
|
||||||
string CreateToken(User user);
|
string CreateToken(User user);
|
||||||
}
|
}
|
||||||
|
|
||||||
public class AuthService(IHttpContextAccessor httpContextAccessor, IOptions<JwtConfig> jwtConfig) : IAuthService
|
public class AuthService(IHttpContextAccessor httpContextAccessor, IOptions<JwtConfig> jwtConfig, IUserService userService) : IAuthService
|
||||||
{
|
{
|
||||||
public User? CurrentUser
|
|
||||||
{
|
public Guid? GetCurrentUserId()
|
||||||
get
|
|
||||||
{
|
{
|
||||||
var claims = httpContextAccessor.HttpContext?.User.Claims.ToDictionary(x => x.Type);
|
var claims = httpContextAccessor.HttpContext?.User.Claims.ToDictionary(x => x.Type);
|
||||||
if (claims == null)
|
if (claims == null)
|
||||||
return null;
|
return null;
|
||||||
|
|
||||||
if (!Enum.TryParse(claims[ClaimTypes.Role].Value, out RoleEnum role))
|
var id = Guid.Parse(claims[ClaimTypes.NameIdentifier].Value);
|
||||||
throw new ApplicationException("Invalid role");
|
return id;
|
||||||
|
|
||||||
return new User
|
|
||||||
{
|
|
||||||
Id = Guid.Parse(claims[ClaimTypes.NameIdentifier].Value),
|
|
||||||
Email = claims[ClaimTypes.Name].Value,
|
|
||||||
Role = role,
|
|
||||||
HardwareHash = claims[Constants.HARDWARE_ID].Value,
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async Task<User?> GetCurrentUser()
|
||||||
|
{
|
||||||
|
var id = GetCurrentUserId();
|
||||||
|
return await userService.GetById(id);
|
||||||
}
|
}
|
||||||
|
|
||||||
public string CreateToken(User user)
|
public string CreateToken(User user)
|
||||||
@@ -47,9 +44,7 @@ public class AuthService(IHttpContextAccessor httpContextAccessor, IOptions<JwtC
|
|||||||
{
|
{
|
||||||
Subject = new ClaimsIdentity([
|
Subject = new ClaimsIdentity([
|
||||||
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
|
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
|
||||||
new Claim(ClaimTypes.Name, user.Email),
|
new Claim(ClaimTypes.Role, user.Role.ToString())
|
||||||
new Claim(ClaimTypes.Role, user.Role.ToString()),
|
|
||||||
new Claim(Constants.HARDWARE_ID, user.HardwareHash ?? "")
|
|
||||||
]),
|
]),
|
||||||
Expires = DateTime.UtcNow.AddHours(jwtConfig.Value.TokenLifetimeHours),
|
Expires = DateTime.UtcNow.AddHours(jwtConfig.Value.TokenLifetimeHours),
|
||||||
Issuer = jwtConfig.Value.Issuer,
|
Issuer = jwtConfig.Value.Issuer,
|
||||||
|
|||||||
@@ -21,6 +21,7 @@
|
|||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
|
<PackageReference Include="LazyCache.AspNetCore" Version="2.4.0" />
|
||||||
<PackageReference Include="Microsoft.AspNetCore.Http" Version="2.2.2" />
|
<PackageReference Include="Microsoft.AspNetCore.Http" Version="2.2.2" />
|
||||||
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
|
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
|
||||||
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.1.2" />
|
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.1.2" />
|
||||||
|
|||||||
@@ -0,0 +1,27 @@
|
|||||||
|
using LazyCache;
|
||||||
|
|
||||||
|
namespace Azaion.Services;
|
||||||
|
|
||||||
|
public interface ICache
|
||||||
|
{
|
||||||
|
Task<T> GetFromCacheAsync<T>(string key, Func<Task<T>> fetchFunc, TimeSpan? expiration = null);
|
||||||
|
void Invalidate(string key);
|
||||||
|
}
|
||||||
|
|
||||||
|
public class MemoryCache : ICache
|
||||||
|
{
|
||||||
|
private readonly IAppCache _cache = new CachingService();
|
||||||
|
|
||||||
|
public async Task<T> GetFromCacheAsync<T>(string key, Func<Task<T>> fetchFunc, TimeSpan? expiration = null)
|
||||||
|
{
|
||||||
|
expiration ??= TimeSpan.FromHours(4);
|
||||||
|
return await _cache.GetOrAddAsync(key, async entry =>
|
||||||
|
{
|
||||||
|
var result = await fetchFunc();
|
||||||
|
entry.AbsoluteExpirationRelativeToNow = expiration;
|
||||||
|
return result;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
public void Invalidate(string key) => _cache.Remove(key);
|
||||||
|
}
|
||||||
@@ -12,12 +12,14 @@ public interface IUserService
|
|||||||
{
|
{
|
||||||
Task RegisterUser(RegisterUserRequest request, CancellationToken cancellationToken = default);
|
Task RegisterUser(RegisterUserRequest request, CancellationToken cancellationToken = default);
|
||||||
Task<User> ValidateUser(LoginRequest request, CancellationToken cancellationToken = default);
|
Task<User> ValidateUser(LoginRequest request, CancellationToken cancellationToken = default);
|
||||||
|
Task<User?> GetById(Guid? id, CancellationToken cancellationToken = default);
|
||||||
|
Task<User?> GetByEmail(string email, CancellationToken cancellationToken = default);
|
||||||
Task UpdateHardware(string email, HardwareInfo hardwareInfo, CancellationToken cancellationToken = default);
|
Task UpdateHardware(string email, HardwareInfo hardwareInfo, CancellationToken cancellationToken = default);
|
||||||
Task<IEnumerable<User>> GetUsers(string? searchEmail, RoleEnum? searchRole, CancellationToken cancellationToken);
|
Task<IEnumerable<User>> GetUsers(string? searchEmail, RoleEnum? searchRole, CancellationToken cancellationToken);
|
||||||
Task CheckHardware(User user, GetResourceRequest request);
|
Task CheckHardware(User user, GetResourceRequest request);
|
||||||
}
|
}
|
||||||
|
|
||||||
public class UserService(IDbFactory dbFactory) : IUserService
|
public class UserService(IDbFactory dbFactory, ICache cache) : IUserService
|
||||||
{
|
{
|
||||||
public async Task RegisterUser(RegisterUserRequest request, CancellationToken cancellationToken = default)
|
public async Task RegisterUser(RegisterUserRequest request, CancellationToken cancellationToken = default)
|
||||||
{
|
{
|
||||||
@@ -37,6 +39,15 @@ public class UserService(IDbFactory dbFactory) : IUserService
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async Task<User?> GetById(Guid? id, CancellationToken cancellationToken = default) =>
|
||||||
|
await cache.GetFromCacheAsync($"{nameof(User)}.{id}",
|
||||||
|
async () => await dbFactory.Run(async db =>
|
||||||
|
await db.Users.FirstOrDefaultAsync(x => x.Id == id, cancellationToken)), TimeSpan.FromHours(2));
|
||||||
|
|
||||||
|
public async Task<User?> GetByEmail(string email, CancellationToken cancellationToken = default) =>
|
||||||
|
await dbFactory.Run(async db =>
|
||||||
|
await db.Users.FirstOrDefaultAsync(x => x.Email == email, cancellationToken));
|
||||||
|
|
||||||
public async Task<User> ValidateUser(LoginRequest request, CancellationToken cancellationToken = default) =>
|
public async Task<User> ValidateUser(LoginRequest request, CancellationToken cancellationToken = default) =>
|
||||||
await dbFactory.Run(async db =>
|
await dbFactory.Run(async db =>
|
||||||
{
|
{
|
||||||
@@ -82,6 +93,14 @@ public class UserService(IDbFactory dbFactory) : IUserService
|
|||||||
user.HardwareHash = request.Hardware.Hash;
|
user.HardwareHash = request.Hardware.Hash;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var hwHash = await dbFactory.Run(async db =>
|
||||||
|
await db.Users
|
||||||
|
.Where(x => x.Email == user.Email)
|
||||||
|
.Select(x => x.HardwareHash)
|
||||||
|
.FirstOrDefaultAsync());
|
||||||
|
if (hwHash != user.HardwareHash)
|
||||||
|
user.HardwareHash = hwHash;
|
||||||
|
|
||||||
if (user.HardwareHash != request.Hardware.Hash)
|
if (user.HardwareHash != request.Hardware.Hash)
|
||||||
throw new BusinessException(ExceptionEnum.HardwareIdMismatch);
|
throw new BusinessException(ExceptionEnum.HardwareIdMismatch);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user