Add hashing and other security features #12

Merged
Wesser merged 45 commits from feat/add-security into feat/add-setup 2024-05-29 06:42:47 +03:00
Showing only changes of commit d84011cd71 - Show all commits

View File

@ -57,4 +57,33 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I
RefreshToken = authTokenStruct.RefreshToken RefreshToken = authTokenStruct.RefreshToken
}; };
} }
public async Task<AuthTokenResponse> RefreshTokenAsync(TokenRequest request, string refreshToken, CancellationToken cancellation = default)
{
var authToken = await cache.GetAsync<AuthToken>(GetAuthCacheKey(request.Fingerprint), cancellation)
?? throw new SecurityException(request.Fingerprint);
if (authToken.RefreshToken != refreshToken ||
authToken.UserAgent != request.UserAgent &&
authToken.Ip != request.Ip)
{
await cache.RemoveAsync(request.Fingerprint, cancellation);
await RevokeAccessToken(authToken.AccessToken);
throw new SecurityException(request.Fingerprint);
}
var accessToken = GenerateAccessToken(authToken.UserId);
await RevokeAccessToken(authToken.AccessToken);
authToken.AccessToken = accessToken.Token;
await SetAuthTokenDataToCache(request.Fingerprint, authToken, cancellation);
return new AuthTokenResponse
{
AccessToken = accessToken.Token,
ExpiresIn = accessToken.ExpireIn,
RefreshToken = GenerateRefreshToken()
};
}
} }