feat: add match token

feat: add ip to struct
style: rename variables
2024-05-29 05:27:49 +03:00 · 2024-05-29 05:27:27 +03:00 · 2024-05-29 04:58:21 +03:00 · 2024-05-29 04:57:44 +03:00 · 2024-05-29 04:55:34 +03:00 · 2024-05-29 04:48:37 +03:00
5 changed files with 66 additions and 30 deletions
--- a/Backend.sln
+++ b/Backend.sln
@ -25,6 +25,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Persistence", "Persistence\
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ApiDto", "ApiDto\ApiDto.csproj", "{0335FA36-E137-453F-853B-916674C168FE}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Security", "Security\Security.csproj", "{47A3C065-4E1D-4B1E-AAB4-2BB8F40E56B4}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@ -51,6 +53,10 @@ Global
 		{0335FA36-E137-453F-853B-916674C168FE}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{0335FA36-E137-453F-853B-916674C168FE}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{0335FA36-E137-453F-853B-916674C168FE}.Release|Any CPU.Build.0 = Release|Any CPU
+		{47A3C065-4E1D-4B1E-AAB4-2BB8F40E56B4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{47A3C065-4E1D-4B1E-AAB4-2BB8F40E56B4}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{47A3C065-4E1D-4B1E-AAB4-2BB8F40E56B4}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{47A3C065-4E1D-4B1E-AAB4-2BB8F40E56B4}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
--- a/Security/Common/Domain/PreAuthToken.cs
+++ b/Security/Common/Domain/PreAuthToken.cs
@ -5,5 +5,6 @@ public class PreAuthToken
    public required string Fingerprint { get; set; }
    public required string UserAgent { get; set; }
    public required string UserId { get; set; }
+    public required string Ip { get; set; }
    public required string Token { get; set; }
 }
--- a/Security/Services/GeneratorKey.cs
+++ b/Security/Services/GeneratorKey.cs
@ -0,0 +1,28 @@
+using System;
+using System.Buffers.Text;
+using System.Text;
+
+namespace Mirea.Api.Security.Services;
+
+public static class GeneratorKey
+{
+    public static ReadOnlySpan<byte> GenerateBytes(int size)
+    {
+        var key = new byte[size];
+        using var rng = System.Security.Cryptography.RandomNumberGenerator.Create();
+        rng.GetNonZeroBytes(key);
+        return key;
+    }
+
+    public static string GenerateBase64(int size) =>
+        Convert.ToBase64String(GenerateBytes(size));
+
+    public static string GenerateString(int size)
+    {
+        var randomBytes = GenerateBytes(size);
+        Span<byte> utf8Bytes = new byte[Base64.GetMaxEncodedToUtf8Length(randomBytes.Length)];
+
+        Base64.EncodeToUtf8(randomBytes, utf8Bytes, out _, out _);
+        return Encoding.UTF8.GetString(utf8Bytes);
+    }
+}
--- a/Security/Services/PasswordHashService.cs
+++ b/Security/Services/PasswordHashService.cs
@ -1,6 +1,5 @@
 using Konscious.Security.Cryptography;
 using System;
-using System.Buffers.Text;
 using System.Text;

 namespace Mirea.Api.Security.Services;
@ -41,29 +40,9 @@ public class PasswordHashService
        return result == 0;
    }

-    public static ReadOnlySpan<byte> GenerateRandomKeyBytes(int size)
-    {
-        var key = new byte[size];
-        using var rng = System.Security.Cryptography.RandomNumberGenerator.Create();
-        rng.GetNonZeroBytes(key);
-        return key;
-    }
-
-    public static string GenerateRandomKeyStringBase64(int size) =>
-        Convert.ToBase64String(GenerateRandomKeyBytes(size));
-
-    public static string GenerateRandomKeyString(int size)
-    {
-        var randomBytes = GenerateRandomKeyBytes(size);
-        Span<byte> utf8Bytes = new byte[Base64.GetMaxEncodedToUtf8Length(randomBytes.Length)];
-
-        Base64.EncodeToUtf8(randomBytes, utf8Bytes, out _, out _);
-        return Encoding.UTF8.GetString(utf8Bytes);
-    }
-
    public (string Salt, string Hash) HashPassword(string password)
    {
-        var salt = GenerateRandomKeyBytes(SaltSize);
+        var salt = GeneratorKey.GenerateBytes(SaltSize);
        var hash = HashPassword(password, salt);

        return (Convert.ToBase64String(salt), Convert.ToBase64String(hash));
--- a/Security/Services/PreAuthService.cs
+++ b/Security/Services/PreAuthService.cs
@ -3,6 +3,7 @@ using Mirea.Api.Security.Common.Dto.Requests;
 using Mirea.Api.Security.Common.Dto.Responses;
 using Mirea.Api.Security.Common.Interfaces;
 using System;
+using System.Security;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
@ -13,30 +14,51 @@ public class PreAuthService(ICacheService cache)
 {
    public TimeSpan Lifetime { private get; init; }

-    private static string GenerateFirstAuthToken() => Guid.NewGuid().ToString().Replace("-", "");
+    private static string GeneratePreAuthToken() => Guid.NewGuid().ToString().Replace("-", "") + 
+                                                      GeneratorKey.GenerateString(16);

-    public async Task<PreAuthTokenResponse> CreateLoginTokenAsync(TokenRequest request, string userId, CancellationToken cancellation = default)
+    private static string GetPreAuthCacheKey(string fingerprint) => $"{fingerprint}_pre_auth_token";
+
+    public async Task<PreAuthTokenResponse> GeneratePreAuthTokenAsync(TokenRequest request, string userId, CancellationToken cancellation = default)
    {
-        var firstAuthToken = GenerateFirstAuthToken();
+        var preAuthToken = GeneratePreAuthToken();

-        var loginStructure = new PreAuthToken
+        var preAuthTokenStruct = new PreAuthToken
        {
            Fingerprint = request.Fingerprint,
            UserId = userId,
            UserAgent = request.UserAgent,
-            Token = firstAuthToken
+            Token = preAuthToken,
+            Ip = request.Ip
        };

        await cache.SetAsync(
-            request.Fingerprint,
-            JsonSerializer.SerializeToUtf8Bytes(loginStructure),
+            GetPreAuthCacheKey(request.Fingerprint),
+            JsonSerializer.SerializeToUtf8Bytes(preAuthTokenStruct),
            Lifetime,
            cancellation);

        return new PreAuthTokenResponse
        {
-            Token = firstAuthToken,
+            Token = preAuthToken,
            ExpiresIn = DateTime.UtcNow.Add(Lifetime)
        };
    }
+    public async Task<string> MatchToken(TokenRequest request, string preAuthToken, CancellationToken cancellation = default)
+    {
+        var preAuthTokenStruct = await cache.GetAsync<PreAuthToken>(GetPreAuthCacheKey(request.Fingerprint), cancellation)
+            ?? throw new SecurityException($"The token was not found using fingerprint \"{request.Fingerprint}\"");
+
+        if (preAuthTokenStruct == null ||
+            preAuthTokenStruct.Token != preAuthToken ||
+            (preAuthTokenStruct.UserAgent != request.UserAgent &&
+             preAuthTokenStruct.Ip != request.Ip))
+        {
+            throw new SecurityException("It was not possible to verify the authenticity of the token");
+        }
+
+        await cache.RemoveAsync(GetPreAuthCacheKey(request.Fingerprint), cancellation);
+
+        return preAuthTokenStruct.UserId;
+    }
 }
Author	SHA1	Message	Date
Polianin Nikita	470031af39	feat: add match token	2024-05-29 05:27:49 +03:00
Polianin Nikita	916b3795ed	feat: add ip to struct	2024-05-29 05:27:27 +03:00
Polianin Nikita	f4ad1518ef	style: rename variables	2024-05-29 04:58:21 +03:00
Polianin Nikita	ac7bbde75e	fix: add key for save pre auth token	2024-05-29 04:57:44 +03:00
Polianin Nikita	47a57693f8	sec: complicate the token	2024-05-29 04:55:34 +03:00
Polianin Nikita	d05ba5349f	refactor: isolate key generation	2024-05-29 04:48:37 +03:00
Polianin Nikita	5fde5bd396	build: add security to sln	2024-05-29 04:34:39 +03:00