From e090f2d093774ae7500c2bd1d09b34c3a24641dd Mon Sep 17 00:00:00 2001 From: Oleksandr Bezdieniezhnykh Date: Thu, 2 Oct 2025 10:06:45 +0300 Subject: [PATCH] bump ImageSharp version vulnerability fix decouple Loader from Common dll fix current user url in api --- Azaion.Common/Azaion.Common.csproj | 2 +- Azaion.Common/Constants.cs | 1 - Azaion.Common/Database/Detection.cs | 5 ++- Azaion.Common/Database/MediaFile.cs | 14 ++++--- Azaion.Common/Services/AuthProvider.cs | 2 +- Azaion.LoaderUI/App.xaml.cs | 5 +-- Azaion.LoaderUI/Azaion.LoaderUI.csproj | 5 +-- Azaion.LoaderUI/ConstantsLoader.cs | 52 ++++++++++++++++++++++++++ Azaion.LoaderUI/Login.xaml.cs | 17 ++++----- 9 files changed, 76 insertions(+), 27 deletions(-) diff --git a/Azaion.Common/Azaion.Common.csproj b/Azaion.Common/Azaion.Common.csproj index 3f1339f..e7d9996 100644 --- a/Azaion.Common/Azaion.Common.csproj +++ b/Azaion.Common/Azaion.Common.csproj @@ -23,7 +23,7 @@ - + diff --git a/Azaion.Common/Constants.cs b/Azaion.Common/Constants.cs index e90914f..e6d7e7a 100644 --- a/Azaion.Common/Constants.cs +++ b/Azaion.Common/Constants.cs @@ -12,7 +12,6 @@ namespace Azaion.Common; public static class Constants { public const string CONFIG_PATH = "config.json"; - public const string LOADER_CONFIG_PATH = "loaderconfig.json"; public const string DEFAULT_API_URL = "https://api.azaion.com"; public const string AZAION_SUITE_EXE = "Azaion.Suite.exe"; diff --git a/Azaion.Common/Database/Detection.cs b/Azaion.Common/Database/Detection.cs index e99849f..df56da2 100644 --- a/Azaion.Common/Database/Detection.cs +++ b/Azaion.Common/Database/Detection.cs @@ -9,8 +9,9 @@ public class Detection : YoloLabel { [JsonProperty(PropertyName = "an")][Key("an")] public string AnnotationName { get; set; } = null!; [JsonProperty(PropertyName = "p")][Key("p")] public double Confidence { get; set; } - [JsonProperty(PropertyName = "dn")][Key("dn")] public string Description { get; set; } - [JsonProperty(PropertyName = "af")][Key("af")] public AffiliationEnum Affiliation { get; set; } + + [JsonProperty(PropertyName = "dn")] [Key("dn")] public string Description { get; set; } = null!; + [JsonProperty(PropertyName = "af")] [Key("af")] public AffiliationEnum Affiliation { get; set; } //For db & serialization public Detection(){} diff --git a/Azaion.Common/Database/MediaFile.cs b/Azaion.Common/Database/MediaFile.cs index b35ac91..7e4f701 100644 --- a/Azaion.Common/Database/MediaFile.cs +++ b/Azaion.Common/Database/MediaFile.cs @@ -3,16 +3,18 @@ namespace Azaion.Common.Database; public class MediaFile { public string Name { get; set; } = null!; - public string LocalPath { get; set; } = null!; - public DateTime? ProcessedDate { get; set; } - public MediaDetectionStatus MediaDetectionStatus { get; set; } = MediaDetectionStatus.New; + public string MediaUrl { get; set; } = null!; + public DateTime? LastProcessedDate { get; set; } + public MediaStatus Status { get; set; } = MediaStatus.New; + public int? RecognisedObjects { get; set; } } -public enum MediaDetectionStatus +public enum MediaStatus { None, New, - Processing, - Processed, + AIProcessing, + AIProcessed, + ManualConfirmed, Error } \ No newline at end of file diff --git a/Azaion.Common/Services/AuthProvider.cs b/Azaion.Common/Services/AuthProvider.cs index d3aa34d..2ebb3c4 100644 --- a/Azaion.Common/Services/AuthProvider.cs +++ b/Azaion.Common/Services/AuthProvider.cs @@ -29,7 +29,7 @@ public class AzaionApi(ILogger logger, HttpClient client, ICache cache, ApiCrede get { var user = cache.GetFromCache(Constants.CURRENT_USER_CACHE_KEY, - () => Get("currentUser")); + () => Get("users/current")); if (user == null) throw new Exception("Can't get current user"); return user; diff --git a/Azaion.LoaderUI/App.xaml.cs b/Azaion.LoaderUI/App.xaml.cs index 7da8d9e..a7270d4 100644 --- a/Azaion.LoaderUI/App.xaml.cs +++ b/Azaion.LoaderUI/App.xaml.cs @@ -1,5 +1,4 @@ using System.Windows; -using Azaion.Common; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; @@ -29,7 +28,7 @@ public partial class App var host = Host.CreateDefaultBuilder() .ConfigureAppConfiguration((_, config) => config .AddCommandLine(Environment.GetCommandLineArgs()) - .AddJsonFile(Constants.LOADER_CONFIG_PATH, optional: true)) + .AddJsonFile(ConstantsLoader.LOADER_CONFIG_PATH, optional: true)) .UseSerilog() .ConfigureServices((context, services) => { @@ -37,7 +36,7 @@ public partial class App services.Configure(context.Configuration.GetSection(nameof(DirectoriesConfig))); services.AddHttpClient((sp, client) => { - client.BaseAddress = new Uri(Constants.DEFAULT_API_URL); + client.BaseAddress = new Uri(ConstantsLoader.DEFAULT_API_URL); client.DefaultRequestHeaders.Add("Accept", "application/json"); client.DefaultRequestHeaders.Add("User-Agent", "Azaion.LoaderUI"); }); diff --git a/Azaion.LoaderUI/Azaion.LoaderUI.csproj b/Azaion.LoaderUI/Azaion.LoaderUI.csproj index b130b06..d1bf4b8 100644 --- a/Azaion.LoaderUI/Azaion.LoaderUI.csproj +++ b/Azaion.LoaderUI/Azaion.LoaderUI.csproj @@ -24,6 +24,7 @@ + @@ -45,8 +46,4 @@ - - - - diff --git a/Azaion.LoaderUI/ConstantsLoader.cs b/Azaion.LoaderUI/ConstantsLoader.cs index 7fa9243..af7ef0a 100644 --- a/Azaion.LoaderUI/ConstantsLoader.cs +++ b/Azaion.LoaderUI/ConstantsLoader.cs @@ -1,3 +1,8 @@ +using System.Diagnostics; +using System.Security.Cryptography; +using System.Text; +using Newtonsoft.Json; + namespace Azaion.LoaderUI; public static class ConstantsLoader @@ -5,4 +10,51 @@ public static class ConstantsLoader public const string SUITE_FOLDER = "suite"; public const string SUITE_STAGE_FOLDER = "suite-stage"; public const int EXTERNAL_LOADER_PORT = 5020; + public const string AZAION_SUITE_EXE = "Azaion.Suite.exe"; + public const string LOADER_CONFIG_PATH = "loaderconfig.json"; + + + public const string DEFAULT_ZMQ_LOADER_HOST = "127.0.0.1"; + public const string DEFAULT_API_URL = "https://api.azaion.com"; + public const string EXTERNAL_LOADER_PATH = "azaion-loader.exe"; + public const string EXTERNAL_INFERENCE_PATH = "azaion-inference.exe"; + + public static Version GetLocalVersion() + { + var localFileInfo = FileVersionInfo.GetVersionInfo(AZAION_SUITE_EXE); + if (string.IsNullOrWhiteSpace(localFileInfo.ProductVersion)) + throw new Exception($"Can't find {AZAION_SUITE_EXE} and its version"); + + return new Version(localFileInfo.FileVersion!); + } + + private static string GenDefaultKey() + { + var date = DateTime.UtcNow; + return $"sAzaion_default_dfvkjhg_{date:yyyy}-{date:MM}_{date:dd}_{date:HH}_key"; + } + + public static string Encrypt(T model, string? key = null) where T : class + { + var json = JsonConvert.SerializeObject(model); + var inputBytes = Encoding.UTF8.GetBytes(json); + + var keyBytes = SHA256.HashData(Encoding.UTF8.GetBytes(key ?? GenDefaultKey())); + var iv = RandomNumberGenerator.GetBytes(16); + + using var aes = Aes.Create(); + aes.Key = keyBytes; + aes.IV = iv; + aes.Mode = CipherMode.CFB; + aes.Padding = PaddingMode.ISO10126; + + using var encryptor = aes.CreateEncryptor(); + var ciphertext = encryptor.TransformFinalBlock(inputBytes, 0, inputBytes.Length); + + var result = new byte[iv.Length + ciphertext.Length]; + iv.CopyTo(result, 0); + ciphertext.CopyTo(result, iv.Length); + + return Convert.ToBase64String(result); + } } \ No newline at end of file diff --git a/Azaion.LoaderUI/Login.xaml.cs b/Azaion.LoaderUI/Login.xaml.cs index 47a2b42..f497070 100644 --- a/Azaion.LoaderUI/Login.xaml.cs +++ b/Azaion.LoaderUI/Login.xaml.cs @@ -6,7 +6,6 @@ using System.Windows; using System.Windows.Controls; using System.Windows.Input; using System.Windows.Media; -using Azaion.Common; using MessagePack; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; @@ -56,9 +55,9 @@ public partial class Login Validate(creds); TbStatus.Foreground = Brushes.Black; - var localVersion = Constants.GetLocalVersion(); + var localVersion = ConstantsLoader.GetLocalVersion(); var installerVersion = await GetInstallerVer() ?? localVersion; - var credsEncrypted = Security.Encrypt(creds); + var credsEncrypted = ConstantsLoader.Encrypt(creds); if (installerVersion > localVersion) { @@ -71,17 +70,17 @@ public partial class Login Process.Start(new ProcessStartInfo { FileName = "cmd.exe", - Arguments = $"/c updater.cmd {Process.GetCurrentProcess().Id} {installerName} {Constants.AZAION_SUITE_EXE} \"{credsEncrypted}\"" + Arguments = $"/c updater.cmd {Process.GetCurrentProcess().Id} {installerName} {ConstantsLoader.AZAION_SUITE_EXE} \"{credsEncrypted}\"" }); } else { TbStatus.Text = "Your version is up to date!"; - Process.Start(Constants.AZAION_SUITE_EXE, $"-c {credsEncrypted}"); + Process.Start(ConstantsLoader.AZAION_SUITE_EXE, $"-c {credsEncrypted}"); await Task.Delay(800); TbStatus.Text = "Loading..."; - while (!Process.GetProcessesByName(Path.GetFileNameWithoutExtension(Constants.EXTERNAL_INFERENCE_PATH)).Any()) + while (!Process.GetProcessesByName(Path.GetFileNameWithoutExtension(ConstantsLoader.EXTERNAL_INFERENCE_PATH)).Any()) await Task.Delay(500); await Task.Delay(1500); } @@ -106,13 +105,13 @@ public partial class Login using var process = new Process(); process.StartInfo = new ProcessStartInfo { - FileName = Constants.EXTERNAL_LOADER_PATH, - Arguments = $"--port {ConstantsLoader.EXTERNAL_LOADER_PORT} --api {Constants.DEFAULT_API_URL}", + FileName = ConstantsLoader.EXTERNAL_LOADER_PATH, + Arguments = $"--port {ConstantsLoader.EXTERNAL_LOADER_PORT} --api {ConstantsLoader.DEFAULT_API_URL}", CreateNoWindow = true }; process.Start(); dealer.Options.Identity = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString("N")); - dealer.Connect($"tcp://{Constants.DEFAULT_ZMQ_INFERENCE_HOST}:{ConstantsLoader.EXTERNAL_LOADER_PORT}"); + dealer.Connect($"tcp://{ConstantsLoader.DEFAULT_ZMQ_LOADER_HOST}:{ConstantsLoader.EXTERNAL_LOADER_PORT}"); var result = SendCommand(dealer, RemoteCommand.Create(CommandType.Login, creds)); if (result.CommandType != CommandType.Ok)