queue + local sqlite WIP

2026-04-22 10:26:31 +00:00 · 2024-12-17 18:46:33 +02:00
parent 626767469a
commit 5fa18aa514
47 changed files with 694 additions and 222 deletions
@@ -0,0 +1,14 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <TargetFramework>net8.0</TargetFramework>
+        <ImplicitUsings>enable</ImplicitUsings>
+        <Nullable>enable</Nullable>
+    </PropertyGroup>
+
+    <ItemGroup>
+      <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
+      <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.3.0" />
+    </ItemGroup>
+
+</Project>
@@ -0,0 +1,8 @@
+namespace Azaion.CommonSecurity.DTO;
+
+public class ApiConfig
+{
+    public string Url { get; set; } = null!;
+    public int RetryCount {get;set;}
+    public double TimeoutSeconds { get; set; }
+}
@@ -0,0 +1,7 @@
+namespace Azaion.CommonSecurity.DTO;
+
+public class ApiCredentials(string email, string password) : EventArgs
+{
+    public string Email { get; set; } = email;
+    public string Password { get; set; } = password;
+}
@@ -0,0 +1,11 @@
+namespace Azaion.CommonSecurity.DTO;
+
+public class HardwareInfo
+{
+    public string CPU { get; set; } = null!;
+    public string GPU { get; set; } = null!;
+    public string MacAddress { get; set; } = null!;
+    public string Memory { get; set; } = null!;
+
+    public string Hash { get; set; } = null!;
+}
@@ -0,0 +1,6 @@
+namespace Azaion.CommonSecurity.DTO;
+
+public class LoginResponse
+{
+    public string Token { get; set; } = null!;
+}
@@ -0,0 +1,12 @@
+namespace Azaion.CommonSecurity.DTO;
+
+public enum RoleEnum
+{
+    None = 0,
+    Operator = 10, //only annotator is available. Could send annotations to queue.
+    Validator = 20, //annotator + dataset explorer. This role allows to receive annotations from the queue.
+    CompanionPC = 30,
+    Admin = 40, //
+    ResourceUploader = 50, //Uploading dll and ai models
+    ApiAdmin = 1000 //everything
+}
@@ -0,0 +1,6 @@
+namespace Azaion.CommonSecurity.DTO;
+
+public class SecureAppConfig
+{
+    public ApiConfig ApiConfig { get; set; } = null!;
+}
@@ -0,0 +1,21 @@
+using System.Security.Claims;
+
+namespace Azaion.CommonSecurity.DTO;
+
+public class User
+{
+    public Guid Id { get; set; }
+    public string Email { get; set; }
+    public RoleEnum Role { get; set; }
+
+    public User(IEnumerable<Claim> claims)
+    {
+        var claimDict = claims.ToDictionary(x => x.Type, x => x.Value);
+
+        Id = Guid.Parse(claimDict[SecurityConstants.CLAIM_NAME_ID]);
+        Email = claimDict[SecurityConstants.CLAIM_EMAIL];
+        if (!Enum.TryParse(claimDict[SecurityConstants.CLAIM_ROLE], out RoleEnum role))
+            role = RoleEnum.None;
+        Role = role;
+    }
+}
@@ -0,0 +1,18 @@
+namespace Azaion.CommonSecurity;
+
+public class SecurityConstants
+{
+    public const string CONFIG_PATH = "config.json";
+
+    #region ApiConfig
+
+    public const string DEFAULT_API_URL = "https://api.azaion.com/";
+    public const int DEFAULT_API_RETRY_COUNT = 3;
+    public const int DEFAULT_API_TIMEOUT_SECONDS = 40;
+
+    public const string CLAIM_NAME_ID = "nameid";
+    public const string CLAIM_EMAIL = "unique_name";
+    public const string CLAIM_ROLE = "role";
+
+    #endregion ApiConfig
+}
@@ -0,0 +1,127 @@
+using System.IdentityModel.Tokens.Jwt;
+using System.Net;
+using System.Net.Http.Headers;
+using System.Security;
+using System.Text;
+using Azaion.CommonSecurity.DTO;
+using Newtonsoft.Json;
+
+namespace Azaion.CommonSecurity.Services;
+
+public class AzaionApiClient(HttpClient httpClient) : IDisposable
+{
+    const string JSON_MEDIA = "application/json";
+
+    private string Email { get; set; } = null!;
+    private SecureString Password { get; set; } = new();
+
+    private string JwtToken { get; set; } = null!;
+    public User User { get; set; } = null!;
+
+    public static AzaionApiClient Create(ApiCredentials credentials)
+    {
+        ApiConfig apiConfig;
+        try
+        {
+            if (!File.Exists(SecurityConstants.CONFIG_PATH))
+                throw new FileNotFoundException(SecurityConstants.CONFIG_PATH);
+            var configStr = File.ReadAllText(SecurityConstants.CONFIG_PATH);
+            apiConfig = JsonConvert.DeserializeObject<SecureAppConfig>(configStr)!.ApiConfig;
+        }
+        catch (Exception e)
+        {
+            Console.WriteLine(e);
+            apiConfig = new ApiConfig
+            {
+                Url = SecurityConstants.DEFAULT_API_URL,
+                RetryCount = SecurityConstants.DEFAULT_API_RETRY_COUNT ,
+                TimeoutSeconds = SecurityConstants.DEFAULT_API_TIMEOUT_SECONDS
+            };
+        }
+
+        var api = new AzaionApiClient(new HttpClient
+        {
+            BaseAddress = new Uri(apiConfig.Url),
+            Timeout = TimeSpan.FromSeconds(apiConfig.TimeoutSeconds)
+        });
+
+        api.EnterCredentials(credentials);
+        return api;
+    }
+
+    public void EnterCredentials(ApiCredentials credentials)
+    {
+        if (string.IsNullOrWhiteSpace(credentials.Email) || string.IsNullOrWhiteSpace(credentials.Password))
+            throw new Exception("Email or password is empty!");
+
+        Email = credentials.Email;
+        Password = credentials.Password.ToSecureString();
+    }
+
+    public async Task<Stream> GetResource(string fileName, string password, HardwareInfo hardware)
+    {
+        var response = await Send(httpClient, new HttpRequestMessage(HttpMethod.Post, "/resources/get")
+        {
+            Content = new StringContent(JsonConvert.SerializeObject(new { fileName, password, hardware }), Encoding.UTF8, JSON_MEDIA)
+        });
+        return await response.Content.ReadAsStreamAsync();
+    }
+
+    private async Task Authorize()
+    {
+        if (string.IsNullOrEmpty(Email) || Password.Length == 0)
+            throw new Exception("Email or password is empty! Please do EnterCredentials first!");
+
+        var payload = new
+        {
+            email = Email,
+            password = Password.ToRealString()
+        };
+        var response = await httpClient.PostAsync(
+            "login",
+            new StringContent(JsonConvert.SerializeObject(payload), Encoding.UTF8, JSON_MEDIA));
+
+        if (!response.IsSuccessStatusCode)
+            throw new Exception($"EnterCredentials failed: {response.StatusCode}");
+
+        var responseData = await response.Content.ReadAsStringAsync();
+
+        var result = JsonConvert.DeserializeObject<LoginResponse>(responseData);
+
+        if (string.IsNullOrEmpty(result?.Token))
+            throw new Exception("JWT Token not found in response");
+
+        var handler = new JwtSecurityTokenHandler();
+        var token = handler.ReadJwtToken(result.Token);
+
+        User = new User(token.Claims);
+        JwtToken = result.Token;
+    }
+
+    private async Task<HttpResponseMessage> Send(HttpClient client, HttpRequestMessage request)
+    {
+        if (string.IsNullOrEmpty(JwtToken))
+             await Authorize();
+        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", JwtToken);
+        var response = await client.SendAsync(request);
+
+        if (response.StatusCode == HttpStatusCode.Unauthorized)
+        {
+            await Authorize();
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", JwtToken);
+            response = await client.SendAsync(request);
+        }
+
+        if (response.IsSuccessStatusCode)
+            return response;
+
+        var result = await response.Content.ReadAsStringAsync();
+        throw new Exception($"Failed: {response.StatusCode}! Result: {result}");
+    }
+
+    public void Dispose()
+    {
+        httpClient.Dispose();
+        Password.Dispose();
+    }
+}
@@ -0,0 +1,108 @@
+using System.Diagnostics;
+using System.Net.NetworkInformation;
+using System.Security.Cryptography;
+using System.Text;
+using Azaion.CommonSecurity.DTO;
+
+namespace Azaion.CommonSecurity.Services;
+
+public interface IHardwareService
+{
+    HardwareInfo GetHardware();
+}
+
+public class HardwareService : IHardwareService
+{
+    private const string WIN32_GET_HARDWARE_COMMAND =
+        "wmic OS get TotalVisibleMemorySize /Value && " +
+        "wmic CPU get Name /Value && " +
+        "wmic path Win32_VideoController get Name /Value";
+
+    private const string UNIX_GET_HARDWARE_COMMAND =
+        "/bin/bash -c \"free -g | grep Mem: | awk '{print $2}' && " +
+        "lscpu | grep 'Model name:' | cut -d':' -f2 && " +
+        "lspci | grep VGA | cut -d':' -f3\"";
+
+    public HardwareInfo GetHardware()
+    {
+        try
+        {
+            var output = RunCommand(Environment.OSVersion.Platform == PlatformID.Win32NT
+                ? WIN32_GET_HARDWARE_COMMAND
+                : UNIX_GET_HARDWARE_COMMAND);
+
+            var lines = output
+                .Replace("TotalVisibleMemorySize=", "")
+                .Replace("Name=", "")
+                .Replace("  ", " ")
+                .Trim()
+                .Split(['\n', '\r'], StringSplitOptions.RemoveEmptyEntries);
+
+            var memoryStr = "Unknown RAM";
+            if (lines.Length > 0)
+            {
+                memoryStr = lines[0];
+                if (int.TryParse(memoryStr, out var memKb))
+                    memoryStr = $"{Math.Round(memKb / 1024.0 / 1024.0)} Gb";
+            }
+
+            var hardwareInfo = new HardwareInfo
+            {
+                Memory = memoryStr,
+                CPU = lines.Length > 1 && string.IsNullOrEmpty(lines[1])
+                    ? "Unknown RAM"
+                    : lines[1],
+                GPU = lines.Length > 2 && string.IsNullOrEmpty(lines[2])
+                    ? "Unknown GPU"
+                    : lines[2]
+            };
+            hardwareInfo.Hash = ToHash($"Azaion_{MacAddress()}_{hardwareInfo.CPU}_{hardwareInfo.GPU}");
+            return hardwareInfo;
+        }
+        catch (Exception ex)
+        {
+            Console.WriteLine(ex.Message);
+            throw;
+        }
+    }
+
+    private string MacAddress()
+    {
+        var macAddress = NetworkInterface
+            .GetAllNetworkInterfaces()
+            .Where(nic => nic.OperationalStatus == OperationalStatus.Up)
+            .Select(nic => nic.GetPhysicalAddress().ToString())
+            .FirstOrDefault();
+
+        return macAddress ?? string.Empty;
+    }
+
+    private string RunCommand(string command)
+    {
+        try
+        {
+            using var process = new Process();
+            process.StartInfo.FileName = Environment.OSVersion.Platform == PlatformID.Unix ? "/bin/bash" : "cmd.exe";
+            process.StartInfo.Arguments = Environment.OSVersion.Platform == PlatformID.Unix
+                ? $"-c \"{command}\""
+                : $"/c {command}";
+            process.StartInfo.RedirectStandardOutput = true;
+            process.StartInfo.UseShellExecute = false;
+            process.StartInfo.CreateNoWindow = true;
+
+            process.Start();
+            var result = process.StandardOutput.ReadToEnd();
+            process.WaitForExit();
+
+            return result.Trim();
+        }
+        catch
+        {
+            return string.Empty;
+        }
+    }
+
+    private static string ToHash(string str) =>
+        Convert.ToBase64String(SHA384.HashData(Encoding.UTF8.GetBytes(str)));
+
+}
@@ -0,0 +1,58 @@
+using System.Reflection;
+using Azaion.CommonSecurity.DTO;
+
+namespace Azaion.CommonSecurity.Services;
+
+public interface IResourceLoader
+{
+    Task<MemoryStream> Load(string fileName, CancellationToken cancellationToken = default);
+    Assembly? LoadAssembly(string asmName);
+}
+
+public class ResourceLoader(AzaionApiClient api, ApiCredentials credentials) : IResourceLoader
+{
+    private static readonly List<string> EncryptedResources =
+    [
+        "Azaion.Annotator",
+        "Azaion.Dataset"
+    ];
+
+    public Assembly? LoadAssembly(string resourceName)
+    {
+        var assemblyName = resourceName.Split(',').First();
+        if (EncryptedResources.Contains(assemblyName))
+        {
+            try
+            {
+                var stream = Load($"{assemblyName}.dll").GetAwaiter().GetResult();
+                return Assembly.Load(stream.ToArray());
+            }
+            catch (Exception e)
+            {
+                Console.WriteLine(e);
+                var currentLocation = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location)!;
+                var dllPath = Path.Combine(currentLocation, "dummy", $"{assemblyName}.dll");
+                return Assembly.LoadFile(dllPath);
+            }
+        }
+
+        var loadedAssembly = AppDomain.CurrentDomain.GetAssemblies()
+            .FirstOrDefault(a => a.GetName().Name == assemblyName);
+
+        return loadedAssembly;
+    }
+
+    public async Task<MemoryStream> Load(string fileName, CancellationToken cancellationToken = default)
+    {
+        var hardwareService = new HardwareService();
+        var hardwareInfo = hardwareService.GetHardware();
+
+        var encryptedStream = Task.Run(() => api.GetResource(fileName, credentials.Password, hardwareInfo), cancellationToken).Result;
+
+        var key = Security.MakeEncryptionKey(credentials.Email, credentials.Password, hardwareInfo.Hash);
+        var stream = new MemoryStream();
+        await encryptedStream.DecryptTo(stream, key, cancellationToken);
+        stream.Seek(0, SeekOrigin.Begin);
+        return stream;
+    }
+}
@@ -0,0 +1,82 @@
+using System.Runtime.InteropServices;
+using System.Security;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace Azaion.CommonSecurity.Services;
+
+public static class Security
+{
+    private const int BUFFER_SIZE = 524288; // 512 KB buffer size
+
+    public static string ToHash(this string str) =>
+        Convert.ToBase64String(SHA384.HashData(Encoding.UTF8.GetBytes(str)));
+
+    public static string MakeEncryptionKey(string email, string password, string? hardwareHash) =>
+        $"{email}-{password}-{hardwareHash}-#%@AzaionKey@%#---".ToHash();
+
+    public static SecureString ToSecureString(this string str)
+    {
+        var secureString = new SecureString();
+        foreach (var c in str.ToCharArray())
+            secureString.AppendChar(c);
+
+        return secureString;
+    }
+
+    public static string? ToRealString(this SecureString value)
+    {
+        var valuePtr = IntPtr.Zero;
+        try
+        {
+            valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value);
+            return Marshal.PtrToStringUni(valuePtr);
+        }
+        finally
+        {
+            Marshal.ZeroFreeGlobalAllocUnicode(valuePtr);
+        }
+    }
+
+
+    public static async Task EncryptTo(this Stream stream, Stream toStream, string key, CancellationToken cancellationToken = default)
+    {
+        if (stream is { CanRead: false }) throw new ArgumentNullException(nameof(stream));
+        if (key is not { Length: > 0 }) throw new ArgumentNullException(nameof(key));
+
+        using var aes = Aes.Create();
+        aes.Key = SHA256.HashData(Encoding.UTF8.GetBytes(key));
+        aes.GenerateIV();
+
+        using var encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
+        await using var cs = new CryptoStream(toStream, encryptor, CryptoStreamMode.Write, leaveOpen: true);
+
+        // Prepend IV to the encrypted data
+        await toStream.WriteAsync(aes.IV.AsMemory(0, aes.IV.Length), cancellationToken);
+
+        var buffer = new byte[BUFFER_SIZE];
+        int bytesRead;
+        while ((bytesRead = await stream.ReadAsync(buffer, cancellationToken)) > 0)
+            await cs.WriteAsync(buffer.AsMemory(0, bytesRead), cancellationToken);
+    }
+
+    public static async Task DecryptTo(this Stream encryptedStream,  Stream toStream, string key, CancellationToken cancellationToken = default)
+    {
+        using var aes = Aes.Create();
+        aes.Key = SHA256.HashData(Encoding.UTF8.GetBytes(key));
+
+        // Read the IV from the start of the input stream
+        var iv = new byte[aes.BlockSize / 8];
+        _ = await encryptedStream.ReadAsync(iv, cancellationToken);
+        aes.IV = iv;
+
+        using var decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
+        await using var cryptoStream = new CryptoStream(encryptedStream, decryptor, CryptoStreamMode.Read, leaveOpen: true);
+
+        // Read and write in chunks
+        var buffer = new byte[BUFFER_SIZE];
+        int bytesRead;
+        while ((bytesRead = await cryptoStream.ReadAsync(buffer, cancellationToken)) > 0)
+            await toStream.WriteAsync(buffer.AsMemory(0, bytesRead), cancellationToken);
+    }
+}