azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-06-21 11:31:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e3b0fe6582f35aa71c25544133dab60d226f7d57
admin/Azaion.Services/MissionTokenService.cs
T
Oleksandr Bezdieniezhnykh 8e7c602f51
ci/woodpecker/push/01-test Pipeline failed
Details
ci/woodpecker/push/02-build-push unknown status
Details
[AZ-535] [AZ-533] Logout/revocation surface + UAV mission tokens 
AZ-535: POST /logout (caller's session), /logout/all (all sessions for user),
admin POST /sessions/{sid}/revoke, and verifier-only GET /sessions/revoked
snapshot. New Service role gates the snapshot. Idempotent revoke; reason +
revoked_by_user_id audited per row.

AZ-533: POST /sessions/mission mints a long-lived no-refresh ES256 token bound
to one aircraft + one mission. Audience narrowed to satellite-provider, hard
12 h cap, persisted as class='mission' so the existing logout/revoke surface
covers it. Successful CompanionPC /login or /token/refresh auto-revokes that
aircraft's open mission session (post-flight reconnect).

Schema: 09_sessions_logout_and_mission.sql adds revoked_by_user_id, class,
aircraft_id; drops NOT NULL on refresh_hash for mission rows; adds two partial
indexes for the auto-revoke and snapshot hot paths.

Tests: 13 new e2e tests, all green; full suite 75/76 (1 pre-existing flake in
PasswordHashingTests AC5 timing assertion, unrelated to this batch).

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-14 05:51:23 +03:00

139 lines
5.7 KiB
C#
Raw Blame History

using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text.Json;
using System.Text.RegularExpressions;
using Azaion.Common;
using Azaion.Common.Configs;
using Azaion.Common.Database;
using Azaion.Common.Entities;
using Azaion.Common.Requests;
using LinqToDB;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
namespace Azaion.Services;
/// <summary>
/// AZ-533 — issues long-lived single-use access tokens for offline UAV missions.
/// Distinct from <see cref="IAuthService"/> because:
/// <list type="bullet">
/// <item>Lifetime is per-mission (≤ 12 h), not per-session policy.</item>
/// <item>Audience is narrowed to <c>satellite-provider</c>, not the broad admin audience.</item>
/// <item>No refresh: a single token covers the entire flight, then dies.</item>
/// <item>Carries mission-specific claims (mission_id, aircraft_id, valid_region).</item>
/// </list>
/// </summary>
public interface IMissionTokenService
{
Task<MissionSessionResponse> Issue(Guid pilotUserId, MissionSessionRequest request, CancellationToken ct = default);
}
public class MissionTokenService(
IDbFactory dbFactory,
IJwtSigningKeyProvider signingKeys,
IOptions<JwtConfig> jwtConfig) : IMissionTokenService
{
private const string MissionAudience = "satellite-provider";
private const double MaxDurationHours = 12.0;
private const double MinDurationHours = 0.1;
private const double LifetimeBufferHours = 1.0; // covers post-flight reconnect grace
private static readonly Regex MissionIdPattern =
new(@"^M-\d{4}-\d{2}-\d{2}-\d{3}$", RegexOptions.Compiled);
private readonly JwtConfig _jwt = jwtConfig.Value;
public async Task<MissionSessionResponse> Issue(Guid pilotUserId, MissionSessionRequest request, CancellationToken ct = default)
{
Validate(request);
// Aircraft must exist with Role=CompanionPC. Anything else is a config error.
var aircraft = await dbFactory.Run(async db =>
await db.Users.FirstOrDefaultAsync(u => u.Id == request.AircraftId, token: ct));
if (aircraft == null || aircraft.Role != RoleEnum.CompanionPC)
throw new BusinessException(ExceptionEnum.AircraftNotFound);
var now = DateTime.UtcNow;
var expAt = now.AddHours(request.PlannedDurationH + LifetimeBufferHours);
var sid = Guid.NewGuid();
var jti = Guid.NewGuid();
// Persist the session BEFORE we mint the token so revocation lookups can
// never miss a token that's already in the wild.
await dbFactory.RunAdmin(async db =>
await db.InsertAsync(new Session
{
Id = sid,
UserId = pilotUserId,
FamilyId = sid, // mission sessions are their own family — no rotation
IssuedAt = now,
LastUsedAt = now,
ExpiresAt = expAt,
FamilyStartedAt = now,
Class = SessionClasses.Mission,
AircraftId = request.AircraftId,
// RefreshHash null — no refresh value backs a mission token.
}, token: ct));
var token = MintToken(pilotUserId, request, sid, jti, expAt);
return new MissionSessionResponse
{
AccessToken = token,
AccessExp = expAt,
TokenClass = SessionClasses.Mission,
SessionId = sid,
};
}
private static void Validate(MissionSessionRequest request)
{
if (string.IsNullOrWhiteSpace(request.MissionId) || !MissionIdPattern.IsMatch(request.MissionId))
throw new BusinessException(ExceptionEnum.InvalidMissionRequest);
if (request.PlannedDurationH < MinDurationHours || request.PlannedDurationH > MaxDurationHours)
throw new BusinessException(ExceptionEnum.InvalidMissionRequest);
}
private string MintToken(Guid pilotUserId, MissionSessionRequest request, Guid sid, Guid jti, DateTime expAt)
{
var active = signingKeys.Active;
var creds = new SigningCredentials(active.SecurityKey, SecurityAlgorithms.EcdsaSha256);
var claims = new List<Claim>
{
new(ClaimTypes.NameIdentifier, pilotUserId.ToString()),
new(JwtRegisteredClaimNames.Sid, sid.ToString()),
new(JwtRegisteredClaimNames.Jti, jti.ToString()),
new("mission_id", request.MissionId),
new("aircraft_id", request.AircraftId.ToString()),
new("token_class", SessionClasses.Mission),
};
if (request.RequestedScope is { Count: > 0 })
foreach (var p in request.RequestedScope)
claims.Add(new Claim("permissions", p));
if (request.ValidRegion != null)
claims.Add(new Claim(
"valid_region",
JsonSerializer.Serialize(request.ValidRegion),
JsonClaimValueTypes.Json));
var descriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = expAt,
Issuer = _jwt.Issuer,
// AZ-533 — narrowed audience: satellite-provider only, not the broad
// interactive audience. Verifiers downstream gate on this claim.
Audience = MissionAudience,
SigningCredentials = creds
};
var handler = new JwtSecurityTokenHandler();
var token = handler.CreateToken(descriptor);
return handler.WriteToken(token);
}
}
Reference in New Issue View Git Blame Copy Permalink