add oauth or something

2024-10-29 12:27:55 +01:00
parent fe0ee4ed1e
commit 2554fa6d0e
16 changed files with 560 additions and 193 deletions
--- a/MareSynchronosServer/MareSynchronosAuthService/Services/SecretKeyAuthenticatorService.cs
+++ b/MareSynchronosServer/MareSynchronosAuthService/Services/SecretKeyAuthenticatorService.cs
@@ -2,6 +2,7 @@
 using MareSynchronosAuthService.Authentication;
 using MareSynchronosShared.Data;
 using MareSynchronosShared.Metrics;
+using MareSynchronosShared.Models;
 using MareSynchronosShared.Services;
 using MareSynchronosShared.Utils.Configuration;
 using Microsoft.EntityFrameworkCore;
@@ -25,32 +26,37 @@ public class SecretKeyAuthenticatorService
        _dbContextFactory = dbContextFactory;
    }

+    public async Task<SecretKeyAuthReply> AuthorizeOauthAsync(string ip, string primaryUid, string requestedUid)
+    {
+        _metrics.IncCounter(MetricsAPI.CounterAuthenticationRequests);
+
+        var checkOnIp = FailOnIp(ip);
+        if (checkOnIp != null) return checkOnIp;
+
+        using var context = await _dbContextFactory.CreateDbContextAsync().ConfigureAwait(false);
+        var authUser = await context.Auth.SingleOrDefaultAsync(u => u.UserUID == primaryUid).ConfigureAwait(false);
+        if (authUser == null) return AuthenticationFailure(ip);
+
+        var authReply = await context.Auth.Include(a => a.User).AsNoTracking()
+            .SingleOrDefaultAsync(u => u.UserUID == requestedUid).ConfigureAwait(false);
+        return await GetAuthReply(ip, context, authReply);
+    }
+
    public async Task<SecretKeyAuthReply> AuthorizeAsync(string ip, string hashedSecretKey)
    {
        _metrics.IncCounter(MetricsAPI.CounterAuthenticationRequests);

-        if (_failedAuthorizations.TryGetValue(ip, out var existingFailedAuthorization)
-            && existingFailedAuthorization.FailedAttempts > _configurationService.GetValueOrDefault(nameof(AuthServiceConfiguration.FailedAuthForTempBan), 5))
-        {
-            if (existingFailedAuthorization.ResetTask == null)
-            {
-                _logger.LogWarning("TempBan {ip} for authorization spam", ip);
-
-                existingFailedAuthorization.ResetTask = Task.Run(async () =>
-                {
-                    await Task.Delay(TimeSpan.FromMinutes(_configurationService.GetValueOrDefault(nameof(AuthServiceConfiguration.TempBanDurationInMinutes), 5))).ConfigureAwait(false);
-
-                }).ContinueWith((t) =>
-                {
-                    _failedAuthorizations.Remove(ip, out _);
-                });
-            }
-            return new(Success: false, Uid: null, PrimaryUid: null, Alias: null, TempBan: true, Permaban: false, MarkedForBan: false);
-        }
+        var checkOnIp = FailOnIp(ip);
+        if (checkOnIp != null) return checkOnIp;

        using var context = await _dbContextFactory.CreateDbContextAsync().ConfigureAwait(false);
        var authReply = await context.Auth.Include(a => a.User).AsNoTracking()
            .SingleOrDefaultAsync(u => u.HashedKey == hashedSecretKey).ConfigureAwait(false);
+        return await GetAuthReply(ip, context, authReply).ConfigureAwait(false);
+    }
+
+    private async Task<SecretKeyAuthReply> GetAuthReply(string ip, MareDbContext context, Auth? authReply)
+    {
        var isBanned = authReply?.IsBanned ?? false;
        var markedForBan = authReply?.MarkForBan ?? false;
        var primaryUid = authReply?.PrimaryUserUID ?? authReply?.UserUID;
@@ -70,13 +76,37 @@ public class SecretKeyAuthenticatorService
        {
            _metrics.IncCounter(MetricsAPI.CounterAuthenticationSuccesses);
            _metrics.IncGauge(MetricsAPI.GaugeAuthenticationCacheEntries);
+            return reply;
        }
        else
        {
            return AuthenticationFailure(ip);
        }
+    }

-        return reply;
+    private SecretKeyAuthReply? FailOnIp(string ip)
+    {
+        if (_failedAuthorizations.TryGetValue(ip, out var existingFailedAuthorization)
+            && existingFailedAuthorization.FailedAttempts > _configurationService.GetValueOrDefault(nameof(AuthServiceConfiguration.FailedAuthForTempBan), 5))
+        {
+            if (existingFailedAuthorization.ResetTask == null)
+            {
+                _logger.LogWarning("TempBan {ip} for authorization spam", ip);
+
+                existingFailedAuthorization.ResetTask = Task.Run(async () =>
+                {
+                    await Task.Delay(TimeSpan.FromMinutes(_configurationService.GetValueOrDefault(nameof(AuthServiceConfiguration.TempBanDurationInMinutes), 5))).ConfigureAwait(false);
+
+                }).ContinueWith((t) =>
+                {
+                    _failedAuthorizations.Remove(ip, out _);
+                });
+            }
+
+            return new(Success: false, Uid: null, PrimaryUid: null, Alias: null, TempBan: true, Permaban: false, MarkedForBan: false);
+        }
+
+        return null;
    }

    private SecretKeyAuthReply AuthenticationFailure(string ip)