azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-04-23 03:26:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

add Cache.cs

Browse Source 
fix hardware hash stack in the jwt token claims
This commit is contained in:
Alex Bezdieniezhnykh
2025-01-18 14:36:50 +02:00
parent 0945635a1c
commit 49de0351c1
7 changed files with 77 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Azaion.Api/Program.cs
+12 -4
View File
@@ -98,10 +98,13 @@ builder.Services.Configure<JwtConfig>(builder.Configuration.GetSection(nameof(Jw
builder.Services.Configure<ConnectionStrings>(builder.Configuration.GetSection(nameof(ConnectionStrings)));
builder.Services.AddScoped<IUserService, UserService>();
builder.Services.AddScoped<IAuthService, AuthService>();
builder.Services.AddScoped<IResourcesService, ResourcesService>();
builder.Services.AddSingleton<IAuthService, AuthService>();
builder.Services.AddSingleton<IDbFactory, DbFactory>();
builder.Services.AddLazyCache();
builder.Services.AddScoped<ICache, MemoryCache>();
builder.Services.AddValidatorsFromAssemblyContaining<RegisterUserValidator>();
var app = builder.Build();
@@ -145,7 +148,7 @@ app.MapPost("/resources/{dataFolder?}",
app.MapPost("/resources/get/{dataFolder?}", //Need to have POST method for secure password
async ([FromBody]GetResourceRequest request, [FromRoute]string? dataFolder, IAuthService authService, IUserService userService, IResourcesService resourcesService, CancellationToken cancellationToken) =>
{
var user = authService.CurrentUser;
var user = await authService.GetCurrentUser();
if (user == null)
throw new UnauthorizedAccessException();
@@ -159,8 +162,13 @@ app.MapPost("/resources/get/{dataFolder?}", //Need to have POST method for secur
.WithOpenApi(op => new OpenApiOperation(op){ Summary = "Gets encrypted by users Password and HardwareHash resources. POST method for secure password"});
app.MapPut("/resources/reset-hardware",
async (string email, IUserService userService, CancellationToken cancellationToken)
=> await userService.UpdateHardware(email, new HardwareInfo(), cancellationToken))
async (string email, IUserService userService, ICache cache, CancellationToken cancellationToken) =>
{
await userService.UpdateHardware(email, new HardwareInfo(), cancellationToken);
var user = await userService.GetByEmail(email, cancellationToken);
cache.Invalidate($"{nameof(User)}.{user?.Id}");
})
.RequireAuthorization(apiAdminPolicy)
.WithOpenApi(op => new OpenApiOperation(op){ Summary = "Resets hardware id in case of hardware change"});
app.Run();
Azaion.Api/appsettings.json
+1 -1
View File
@@ -12,6 +12,6 @@
"JwtConfig": {
"Issuer": "AzaionApi",
"Audience": "Annotators/OrangePi/Admins",
"TokenLifetimeHours": 2.5
"TokenLifetimeHours": 4
}
}
Azaion.Common/Configs/Constants.cs
-6
View File
@@ -1,6 +0,0 @@
namespace Azaion.Common.Configs;
public class Constants
{
public const string HARDWARE_ID = nameof(HARDWARE_ID);
}
Azaion.Services/AuthService.cs
+13 -18
View File
@@ -11,31 +11,28 @@ namespace Azaion.Services;
public interface IAuthService
{
User? CurrentUser { get; }
Guid? GetCurrentUserId();
Task<User?> GetCurrentUser();
string CreateToken(User user);
}
public class AuthService(IHttpContextAccessor httpContextAccessor, IOptions<JwtConfig> jwtConfig) : IAuthService
public class AuthService(IHttpContextAccessor httpContextAccessor, IOptions<JwtConfig> jwtConfig, IUserService userService) : IAuthService
{
public User? CurrentUser
{
get
public Guid? GetCurrentUserId()
{
var claims = httpContextAccessor.HttpContext?.User.Claims.ToDictionary(x => x.Type);
if (claims == null)
return null;
if (!Enum.TryParse(claims[ClaimTypes.Role].Value, out RoleEnum role))
throw new ApplicationException("Invalid role");
return new User
{
Id = Guid.Parse(claims[ClaimTypes.NameIdentifier].Value),
Email = claims[ClaimTypes.Name].Value,
Role = role,
HardwareHash = claims[Constants.HARDWARE_ID].Value,
};
var id = Guid.Parse(claims[ClaimTypes.NameIdentifier].Value);
return id;
}
public async Task<User?> GetCurrentUser()
{
var id = GetCurrentUserId();
return await userService.GetById(id);
}
public string CreateToken(User user)
@@ -47,9 +44,7 @@ public class AuthService(IHttpContextAccessor httpContextAccessor, IOptions<JwtC
{
Subject = new ClaimsIdentity([
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(ClaimTypes.Name, user.Email),
new Claim(ClaimTypes.Role, user.Role.ToString()),
new Claim(Constants.HARDWARE_ID, user.HardwareHash ?? "")
new Claim(ClaimTypes.Role, user.Role.ToString())
]),
Expires = DateTime.UtcNow.AddHours(jwtConfig.Value.TokenLifetimeHours),
Issuer = jwtConfig.Value.Issuer,
Azaion.Services/Azaion.Services.csproj
+1
View File
@@ -21,6 +21,7 @@
</ItemGroup>
<ItemGroup>
<PackageReference Include="LazyCache.AspNetCore" Version="2.4.0" />
<PackageReference Include="Microsoft.AspNetCore.Http" Version="2.2.2" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.1.2" />
Azaion.Services/Cache.cs
+27
View File
@@ -0,0 +1,27 @@
using LazyCache;
namespace Azaion.Services;
public interface ICache
{
Task<T> GetFromCacheAsync<T>(string key, Func<Task<T>> fetchFunc, TimeSpan? expiration = null);
void Invalidate(string key);
}
public class MemoryCache : ICache
{
private readonly IAppCache _cache = new CachingService();
public async Task<T> GetFromCacheAsync<T>(string key, Func<Task<T>> fetchFunc, TimeSpan? expiration = null)
{
expiration ??= TimeSpan.FromHours(4);
return await _cache.GetOrAddAsync(key, async entry =>
{
var result = await fetchFunc();
entry.AbsoluteExpirationRelativeToNow = expiration;
return result;
});
}
public void Invalidate(string key) => _cache.Remove(key);
}
Azaion.Services/UserService.cs
+20 -1
View File
@@ -12,12 +12,14 @@ public interface IUserService
{
Task RegisterUser(RegisterUserRequest request, CancellationToken cancellationToken = default);
Task<User> ValidateUser(LoginRequest request, CancellationToken cancellationToken = default);
Task<User?> GetById(Guid? id, CancellationToken cancellationToken = default);
Task<User?> GetByEmail(string email, CancellationToken cancellationToken = default);
Task UpdateHardware(string email, HardwareInfo hardwareInfo, CancellationToken cancellationToken = default);
Task<IEnumerable<User>> GetUsers(string? searchEmail, RoleEnum? searchRole, CancellationToken cancellationToken);
Task CheckHardware(User user, GetResourceRequest request);
}
public class UserService(IDbFactory dbFactory) : IUserService
public class UserService(IDbFactory dbFactory, ICache cache) : IUserService
{
public async Task RegisterUser(RegisterUserRequest request, CancellationToken cancellationToken = default)
{
@@ -37,6 +39,15 @@ public class UserService(IDbFactory dbFactory) : IUserService
});
}
public async Task<User?> GetById(Guid? id, CancellationToken cancellationToken = default) =>
await cache.GetFromCacheAsync($"{nameof(User)}.{id}",
async () => await dbFactory.Run(async db =>
await db.Users.FirstOrDefaultAsync(x => x.Id == id, cancellationToken)), TimeSpan.FromHours(2));
public async Task<User?> GetByEmail(string email, CancellationToken cancellationToken = default) =>
await dbFactory.Run(async db =>
await db.Users.FirstOrDefaultAsync(x => x.Email == email, cancellationToken));
public async Task<User> ValidateUser(LoginRequest request, CancellationToken cancellationToken = default) =>
await dbFactory.Run(async db =>
{
@@ -82,6 +93,14 @@ public class UserService(IDbFactory dbFactory) : IUserService
user.HardwareHash = request.Hardware.Hash;
}
var hwHash = await dbFactory.Run(async db =>
await db.Users
.Where(x => x.Email == user.Email)
.Select(x => x.HardwareHash)
.FirstOrDefaultAsync());
if (hwHash != user.HardwareHash)
user.HardwareHash = hwHash;
if (user.HardwareHash != request.Hardware.Hash)
throw new BusinessException(ExceptionEnum.HardwareIdMismatch);
}