Saving

2023-02-19 00:43:43 +01:00
parent 9719a0c0fd
commit 1e66851113
146 changed files with 738 additions and 382 deletions
--- a/PrivaPub/StaticServices/AuthTokenManager.cs
+++ b/PrivaPub/StaticServices/AuthTokenManager.cs
@ -0,0 +1,55 @@
+using Microsoft.IdentityModel.Tokens;
+
+using PrivaPub.ClientModels;
+using PrivaPub.ClientModels.User;
+using PrivaPub.Models.User;
+
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+
+namespace PrivaPub.StaticServices
+{
+	public class AuthTokenManager
+	{
+		readonly IConfiguration Configuration;
+
+		public AuthTokenManager(IConfiguration configuration)
+		{
+			Configuration = configuration;
+		}
+
+		public JwtUser GenerateToken(RootUser user, ViewAvatarServer userSettings)
+		{
+			var expiration = DateTime.UtcNow.AddHours(int.Parse(Configuration["AppConfiguration:Jwt:HoursTimeout"]));
+			var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["AppConfiguration:Jwt:Key"]));
+			var jwtUser = new JwtUser
+			{
+				UserId = user.ID,
+				Email = user.Email,
+				Username = user.UserName,
+				Expiration = expiration.Ticks,
+				Policies = user.Policies,
+				UserSettings = userSettings
+			};
+			var claims = new List<Claim>
+			{
+				new(ClaimTypes.UserData, user.ID),
+				new(ClaimTypes.Name, user.UserName)
+			};
+
+			claims.Add(new(Policies.IsUser, $"{user.Policies.Contains(Policies.IsUser)}".ToLower()));
+			claims.Add(new(Policies.IsModerator, $"{user.Policies.Contains(Policies.IsModerator)}".ToLower()));
+			claims.Add(new(Policies.IsAdmin, $"{user.Policies.Contains(Policies.IsAdmin)}".ToLower()));
+
+			var token = new JwtSecurityToken(issuer: Configuration["AppConfiguration:Jwt:Issuer"], audience: Configuration["AppConfiguration:Jwt:Audience"],
+					claims: claims,
+					expires: expiration,
+					signingCredentials: new(securityKey, SecurityAlgorithms.HmacSha512)
+			);
+			var tokenHandler = new JwtSecurityTokenHandler();
+			jwtUser.Token = tokenHandler.WriteToken(token);
+			return jwtUser;
+		}
+	}
+}
--- a/PrivaPub/StaticServices/DbEntities.cs
+++ b/PrivaPub/StaticServices/DbEntities.cs
@ -0,0 +1,27 @@
+using MongoDB.Entities;
+
+using PrivaPub.Models;
+using PrivaPub.Models.Data;
+using PrivaPub.Models.Post;
+using PrivaPub.Models.User;
+
+namespace PrivaPub.StaticServices
+{
+	public class DbEntities
+	{
+		public Find<RootUser> RootUsers { get { return DB.Find<RootUser>(); } }
+		public Find<RootUserNote> RootUserNotes { get { return DB.Find<RootUserNote>(); } }
+
+		public Find<AppConfiguration> AppConfiguration { get { return DB.Find<AppConfiguration>(); } }
+		public Find<Language> Languages { get { return DB.Find<Language>(); } }
+		public Find<EmailRecovery> EmailRecoveries { get { return DB.Find<EmailRecovery>(); } }
+
+		public Find<Post> Posts { get { return DB.Find<Post>(); } }
+		public Find<DmPost> DmPosts { get { return DB.Find<DmPost>(); } }
+
+		public Find<Avatar> Avatars { get { return DB.Find<Avatar>(); } }
+		public Find<ForeignAvatar> ForeignAvatars { get { return DB.Find<ForeignAvatar>(); } }
+
+		public Find<RootToAvatar> RootToAvatars { get { return DB.Find<RootToAvatar>(); } }
+	}
+}
--- a/PrivaPub/StaticServices/IPasswordHasher.cs
+++ b/PrivaPub/StaticServices/IPasswordHasher.cs
@ -0,0 +1,9 @@
+namespace PrivaPub.StaticServices
+{
+	public interface IPasswordHasher
+	{
+		string Hash(string password);
+
+		(bool verified, bool needsUpgrade) Check(string hash, string password);
+	}
+}
--- a/PrivaPub/StaticServices/PasswordHasher.cs
+++ b/PrivaPub/StaticServices/PasswordHasher.cs
@ -0,0 +1,54 @@
+using Microsoft.Extensions.Options;
+
+using System.Security.Cryptography;
+
+namespace PrivaPub.StaticServices
+{
+	public sealed class PasswordHasher : IPasswordHasher
+	{
+		private const int SaltSize = 16;
+		private const int KeySize = 32;
+		private HashingOptions Options { get; }
+
+		public PasswordHasher(IOptionsMonitor<HashingOptions> options)
+		{
+			Options = options.CurrentValue;
+		}
+
+		public (bool verified, bool needsUpgrade) Check(string hash, string password)
+		{
+			var parts = hash.Split('~', 3);
+
+			if (parts.Length != 3)
+				throw new FormatException("Unexpected hash format.");
+
+			var iterations = Convert.ToInt32(parts[2]);
+			var salt = Convert.FromBase64String(parts[1]);
+			var key = Convert.FromBase64String(parts[0]);
+
+			var needsUpgrade = iterations != Options.Iterations;
+
+			using (var algorithm = new Rfc2898DeriveBytes(password, salt, iterations, HashAlgorithmName.SHA512))
+			{
+				var keyToCheck = algorithm.GetBytes(KeySize);
+				var verified = keyToCheck.SequenceEqual(key);
+				return (verified, needsUpgrade);
+			}
+		}
+
+		public string Hash(string password)
+		{
+			using (var algorithm = new Rfc2898DeriveBytes(password, SaltSize, Options.Iterations, HashAlgorithmName.SHA512))
+			{
+				var key = Convert.ToBase64String(algorithm.GetBytes(KeySize));
+				var salt = Convert.ToBase64String(algorithm.Salt);
+				return $"{key}~{salt}~{Options.Iterations}";
+			}
+		}
+	}
+
+	public sealed class HashingOptions
+	{
+		public int Iterations { get; set; } = 9789;
+	}
+}