From 97187a8e45b25283ffc2aae34883564f5b745501 Mon Sep 17 00:00:00 2001 From: Polianin Nikita Date: Thu, 26 Dec 2024 08:44:05 +0300 Subject: [PATCH] sec: save readonly byte array instead string --- Security/DependencyInjection.cs | 27 +++++++++++++++++++++++++-- Security/Services/OAuthService.cs | 6 ++++-- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/Security/DependencyInjection.cs b/Security/DependencyInjection.cs index d3d4b38..4ddceb6 100644 --- a/Security/DependencyInjection.cs +++ b/Security/DependencyInjection.cs @@ -6,11 +6,29 @@ using Mirea.Api.Security.Common.Interfaces; using Mirea.Api.Security.Services; using System; using System.Collections.Generic; +using System.Text; namespace Mirea.Api.Security; public static class DependencyInjection { + private static ReadOnlyMemory NormalizeKey(string key, int requiredLength) + { + var keyBytes = Encoding.UTF8.GetBytes(key); + + if (keyBytes.Length < requiredLength) + { + var normalizedKey = new byte[requiredLength]; + Array.Copy(keyBytes, normalizedKey, keyBytes.Length); + return new ReadOnlyMemory(normalizedKey); + } + + if (keyBytes.Length > requiredLength) + Array.Resize(ref keyBytes, requiredLength); + + return new ReadOnlyMemory(keyBytes); + } + public static IServiceCollection AddSecurityServices(this IServiceCollection services, IConfiguration configuration) { var saltSize = int.Parse(configuration["SECURITY_SALT_SIZE"]!); @@ -61,8 +79,13 @@ public static class DependencyInjection providers.Add(provider, (clientId, secret)); } - services.AddSingleton(provider => new OAuthService(provider.GetRequiredService>(), providers, - configuration["SECURITY_ENCRYPTION_TOKEN"]!)); + services.AddSingleton(provider => new OAuthService( + provider.GetRequiredService>(), + providers, + provider.GetRequiredService()) + { + SecretKey = NormalizeKey(configuration["SECURITY_ENCRYPTION_TOKEN"]!, 32) + }); return services; } diff --git a/Security/Services/OAuthService.cs b/Security/Services/OAuthService.cs index 929f1b7..a0a5964 100644 --- a/Security/Services/OAuthService.cs +++ b/Security/Services/OAuthService.cs @@ -20,6 +20,8 @@ namespace Mirea.Api.Security.Services; public class OAuthService(ILogger logger, Dictionary providers, string secretKey) { + public required ReadOnlyMemory SecretKey { private get; init; } + private static readonly Dictionary ProviderData = new() { [OAuthProvider.Google] = new OAuthProviderUrisData @@ -101,9 +103,9 @@ public class OAuthService(ILogger logger, Dictionary