Auth fixes
This commit is contained in:
parent
c58d3dbcdf
commit
7ca4b5ceb3
3 changed files with 34 additions and 11 deletions
|
|
@ -30,11 +30,10 @@ public class Requests
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
string body = await LoadBody(bodyReader);
|
|
||||||
string id = await Utils.IdFromName(username);
|
string id = await Utils.IdFromName(username);
|
||||||
string password = await Utils.GetPassword(id);
|
string password = await Utils.GetPassword(id);
|
||||||
body = await Utils.NonceDecryptBody(username, password, body);
|
secret = await Utils.NonceDecryptBody(username, password, secret);
|
||||||
string auth = await Utils.Auth(id, password, body);
|
string auth = await Utils.Auth(id, password, secret);
|
||||||
if (auth != Utils.LOGIN_SUCCESS)
|
if (auth != Utils.LOGIN_SUCCESS)
|
||||||
{
|
{
|
||||||
await context.Response.WriteAsync(auth);
|
await context.Response.WriteAsync(auth);
|
||||||
|
|
@ -71,6 +70,7 @@ public class Requests
|
||||||
switch (step)
|
switch (step)
|
||||||
{
|
{
|
||||||
case "init":
|
case "init":
|
||||||
|
{
|
||||||
foreach (var kvp in createHolder) // czyszczenie nieaktywnych od 2 minut requestow
|
foreach (var kvp in createHolder) // czyszczenie nieaktywnych od 2 minut requestow
|
||||||
{
|
{
|
||||||
if (kvp.Value.date < DateTimeOffset.UtcNow.AddMinutes(-2))
|
if (kvp.Value.date < DateTimeOffset.UtcNow.AddMinutes(-2))
|
||||||
|
|
@ -107,7 +107,9 @@ public class Requests
|
||||||
|
|
||||||
await context.Response.WriteAsync(serializedPayload);
|
await context.Response.WriteAsync(serializedPayload);
|
||||||
return;
|
return;
|
||||||
|
}
|
||||||
case "register":
|
case "register":
|
||||||
|
{
|
||||||
string body = await LoadBody(bodyReader);
|
string body = await LoadBody(bodyReader);
|
||||||
|
|
||||||
KeyExchangePayloadClient serializedBody = JsonSerializer.Deserialize(
|
KeyExchangePayloadClient serializedBody = JsonSerializer.Deserialize(
|
||||||
|
|
@ -149,14 +151,16 @@ public class Requests
|
||||||
await context.Response.Body.WriteAsync(captchaResult.ImageBytes, 0,
|
await context.Response.Body.WriteAsync(captchaResult.ImageBytes, 0,
|
||||||
captchaResult.ImageBytes.Length);
|
captchaResult.ImageBytes.Length);
|
||||||
return;
|
return;
|
||||||
|
}
|
||||||
case "finish":
|
case "finish":
|
||||||
body = await LoadBody(bodyReader);
|
{
|
||||||
|
string body = await LoadBody(bodyReader);
|
||||||
|
|
||||||
CaptchaPayloadClient serialized = JsonSerializer.Deserialize(
|
CaptchaPayloadClient serialized = JsonSerializer.Deserialize(
|
||||||
body,
|
body,
|
||||||
AppJsonSerializerContext.Default.CaptchaPayloadClient
|
AppJsonSerializerContext.Default.CaptchaPayloadClient
|
||||||
);
|
);
|
||||||
if (!createHolder.TryGetValue(serialized.idKey, out entry))
|
if (!createHolder.TryGetValue(serialized.idKey, out var entry))
|
||||||
{
|
{
|
||||||
await context.Response.WriteAsync("Account request expired");
|
await context.Response.WriteAsync("Account request expired");
|
||||||
return;
|
return;
|
||||||
|
|
@ -263,6 +267,7 @@ public class Requests
|
||||||
await context.Response.WriteAsync("Account created");
|
await context.Response.WriteAsync("Account created");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
await next();
|
await next();
|
||||||
}
|
}
|
||||||
|
|
@ -368,7 +373,7 @@ public class Requests
|
||||||
string id = await Utils.IdFromName(username);
|
string id = await Utils.IdFromName(username);
|
||||||
string body = await LoadBody(bodyReader);
|
string body = await LoadBody(bodyReader);
|
||||||
string password = await Utils.GetPassword(id);
|
string password = await Utils.GetPassword(id);
|
||||||
string newPass = await Utils.NonceDecryptBody(username, password, body);
|
string newPass = await Utils.NonceDecryptBody(username, password, body, false);
|
||||||
secret = await Utils.NonceDecryptBody(username, password, secret);
|
secret = await Utils.NonceDecryptBody(username, password, secret);
|
||||||
|
|
||||||
string auth = await Utils.Auth(id, password, secret);
|
string auth = await Utils.Auth(id, password, secret);
|
||||||
|
|
@ -416,7 +421,9 @@ public class Requests
|
||||||
string id = await Utils.IdFromName(username);
|
string id = await Utils.IdFromName(username);
|
||||||
string body = await LoadBody(bodyReader);
|
string body = await LoadBody(bodyReader);
|
||||||
string password = await Utils.GetPassword(id);
|
string password = await Utils.GetPassword(id);
|
||||||
body = await Utils.NonceDecryptBody(username, password, body);
|
|
||||||
|
|
||||||
|
body = await Utils.NonceDecryptBody(username, password, body, false);
|
||||||
secret = await Utils.NonceDecryptBody(username, password, secret);
|
secret = await Utils.NonceDecryptBody(username, password, secret);
|
||||||
|
|
||||||
string auth = await Utils.Auth(id, secret, password);
|
string auth = await Utils.Auth(id, secret, password);
|
||||||
|
|
@ -518,7 +525,7 @@ public class Requests
|
||||||
string id = await Utils.IdFromName(username);
|
string id = await Utils.IdFromName(username);
|
||||||
string body = await LoadBody(bodyReader);
|
string body = await LoadBody(bodyReader);
|
||||||
string password = await Utils.GetPassword(id);
|
string password = await Utils.GetPassword(id);
|
||||||
body = await Utils.NonceDecryptBody(username, password, body);
|
body = await Utils.NonceDecryptBody(username, password, body, false);
|
||||||
secret = await Utils.NonceDecryptBody(username, password, secret);
|
secret = await Utils.NonceDecryptBody(username, password, secret);
|
||||||
|
|
||||||
Universal2String serializedBody = JsonSerializer.Deserialize(
|
Universal2String serializedBody = JsonSerializer.Deserialize(
|
||||||
|
|
|
||||||
|
|
@ -136,14 +136,18 @@ public class Utils
|
||||||
return LOGIN_SUCCESS;
|
return LOGIN_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static async Task<string> NonceDecryptBody(string username, string password, string body)
|
public static async Task<string> NonceDecryptBody(string username, string password, string body, bool delEntry = true)
|
||||||
{
|
{
|
||||||
if (!Requests.nonceHolder.TryGetValue(username, out (string, DateTimeOffset) nonce))
|
if (!Requests.nonceHolder.TryGetValue(username, out (string, DateTimeOffset) nonce))
|
||||||
{
|
{
|
||||||
return "Invalid nonce";
|
return "Invalid nonce";
|
||||||
}
|
}
|
||||||
string decBody = Encryption.Encryption.PacketDecPass(body, password, nonce.Item1);
|
string decBody = Encryption.Encryption.PacketDecPass(body, password, nonce.Item1);
|
||||||
|
if (delEntry)
|
||||||
|
{
|
||||||
Requests.nonceHolder.TryRemove(username, out _);
|
Requests.nonceHolder.TryRemove(username, out _);
|
||||||
|
}
|
||||||
|
|
||||||
return decBody;
|
return decBody;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -44,6 +44,18 @@ public class Program
|
||||||
IQueryCollection query = context.Request.Query;
|
IQueryCollection query = context.Request.Query;
|
||||||
using StreamReader reader = new StreamReader(context.Request.Body);
|
using StreamReader reader = new StreamReader(context.Request.Body);
|
||||||
|
|
||||||
|
|
||||||
|
//custom header moment
|
||||||
|
context.Response.Headers["Access-Control-Allow-Origin"] = "*";
|
||||||
|
context.Response.Headers["Access-Control-Allow-Headers"] = "*";
|
||||||
|
context.Response.Headers["Access-Control-Allow-Methods"] = "*";
|
||||||
|
if (context.Request.Method.ToUpper() == "OPTIONS")
|
||||||
|
{
|
||||||
|
context.Response.StatusCode = 200;
|
||||||
|
await context.Response.CompleteAsync();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
switch (path)
|
switch (path)
|
||||||
{
|
{
|
||||||
case "/_larpix/serverinfo":
|
case "/_larpix/serverinfo":
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue