From 143bd35a8891cbef7e11c0d41f043d2efccd1b9a Mon Sep 17 00:00:00 2001 From: Stanley Dimant Date: Sun, 12 Jan 2025 15:07:06 +0100 Subject: [PATCH] fix more shit --- .../MareSynchronosAuthService/Startup.cs | 2 +- .../ExistingUserRequirementHandler.cs | 4 +- .../RedisDbUserRequirementHandler.cs | 54 +++++++++++++++++++ .../UserRequirementHandler.cs | 1 - 4 files changed, 57 insertions(+), 4 deletions(-) create mode 100644 MareSynchronosServer/MareSynchronosShared/RequirementHandlers/RedisDbUserRequirementHandler.cs diff --git a/MareSynchronosServer/MareSynchronosAuthService/Startup.cs b/MareSynchronosServer/MareSynchronosAuthService/Startup.cs index 7abc210..f9a19be 100644 --- a/MareSynchronosServer/MareSynchronosAuthService/Startup.cs +++ b/MareSynchronosServer/MareSynchronosAuthService/Startup.cs @@ -94,7 +94,7 @@ public class Startup private static void ConfigureAuthorization(IServiceCollection services) { - services.AddTransient(); + services.AddTransient(); services.AddTransient(); services.AddTransient(); diff --git a/MareSynchronosServer/MareSynchronosShared/RequirementHandlers/ExistingUserRequirementHandler.cs b/MareSynchronosServer/MareSynchronosShared/RequirementHandlers/ExistingUserRequirementHandler.cs index 0cc3f4a..5eaba34 100644 --- a/MareSynchronosServer/MareSynchronosShared/RequirementHandlers/ExistingUserRequirementHandler.cs +++ b/MareSynchronosServer/MareSynchronosShared/RequirementHandlers/ExistingUserRequirementHandler.cs @@ -8,9 +8,9 @@ namespace MareSynchronosShared.RequirementHandlers; public class ExistingUserRequirementHandler : AuthorizationHandler { private readonly IDbContextFactory _dbContextFactory; - private readonly ILogger _logger; + private readonly ILogger _logger; - public ExistingUserRequirementHandler(IDbContextFactory dbContext, ILogger logger) + public ExistingUserRequirementHandler(IDbContextFactory dbContext, ILogger logger) { _dbContextFactory = dbContext; _logger = logger; diff --git a/MareSynchronosServer/MareSynchronosShared/RequirementHandlers/RedisDbUserRequirementHandler.cs b/MareSynchronosServer/MareSynchronosShared/RequirementHandlers/RedisDbUserRequirementHandler.cs new file mode 100644 index 0000000..0a20948 --- /dev/null +++ b/MareSynchronosServer/MareSynchronosShared/RequirementHandlers/RedisDbUserRequirementHandler.cs @@ -0,0 +1,54 @@ +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.SignalR; +using MareSynchronosShared.Data; +using Microsoft.EntityFrameworkCore; +using MareSynchronosShared.Utils; +using StackExchange.Redis; +using Microsoft.Extensions.Logging; + +namespace MareSynchronosShared.RequirementHandlers; + +public class RedisDbUserRequirementHandler : AuthorizationHandler +{ + private readonly IDbContextFactory _dbContextFactory; + private readonly ILogger _logger; + private readonly IDatabase _redis; + + public RedisDbUserRequirementHandler(IDbContextFactory dbContextFactory, ILogger logger, IDatabase redisDb) + { + _dbContextFactory = dbContextFactory; + _logger = logger; + _redis = redisDb; + } + + protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, UserRequirement requirement, HubInvocationContext resource) + { + var uid = context.User.Claims.SingleOrDefault(g => string.Equals(g.Type, MareClaimTypes.Uid, StringComparison.Ordinal))?.Value; + + if (uid == null) context.Fail(); + + if ((requirement.Requirements & UserRequirements.Identified) is UserRequirements.Identified) + { + var ident = await _redis.StringGetAsync("UID:" + uid).ConfigureAwait(false); + if (ident == RedisValue.EmptyString) context.Fail(); + } + + if ((requirement.Requirements & UserRequirements.Administrator) is UserRequirements.Administrator) + { + using var dbContext = await _dbContextFactory.CreateDbContextAsync().ConfigureAwait(false); + var user = await dbContext.Users.AsNoTracking().SingleOrDefaultAsync(b => b.UID == uid).ConfigureAwait(false); + if (user == null || !user.IsAdmin) context.Fail(); + _logger.LogInformation("Admin {uid} authenticated", uid); + } + + if ((requirement.Requirements & UserRequirements.Moderator) is UserRequirements.Moderator) + { + using var dbContext = await _dbContextFactory.CreateDbContextAsync().ConfigureAwait(false); + var user = await dbContext.Users.AsNoTracking().SingleOrDefaultAsync(b => b.UID == uid).ConfigureAwait(false); + if (user == null || !user.IsAdmin && !user.IsModerator) context.Fail(); + _logger.LogInformation("Admin/Moderator {uid} authenticated", uid); + } + + context.Succeed(requirement); + } +} diff --git a/MareSynchronosServer/MareSynchronosShared/RequirementHandlers/UserRequirementHandler.cs b/MareSynchronosServer/MareSynchronosShared/RequirementHandlers/UserRequirementHandler.cs index 954473a..5cc38e5 100644 --- a/MareSynchronosServer/MareSynchronosShared/RequirementHandlers/UserRequirementHandler.cs +++ b/MareSynchronosServer/MareSynchronosShared/RequirementHandlers/UserRequirementHandler.cs @@ -9,7 +9,6 @@ using Microsoft.Extensions.Logging; namespace MareSynchronosShared.RequirementHandlers; - public class UserRequirementHandler : AuthorizationHandler { private readonly IDbContextFactory _dbContextFactory;