Winsomnia/MireaBackend
2
0
Fork 0
Code Pull Requests Actions Projects Releases Activity

Release v1.0.0 #16

Merged
Wesser merged 492 commits from release/v1.0.0 into master 2025-02-12 09:19:32 +03:00
Conversation 0 Commits 492 Files Changed 301 +13698 -98
270 changed files with 13698 additions and 98 deletions
Showing only changes of commit 598ebabc5c - Show all commits
.env
.gitea/workflows
deploy-stage.yamltest.yaml
.gitignore
ApiDto
ApiDto.csproj
Common
AuthRoles.csOAuthProvider.csPairPeriodTime.csTwoFactorAuthentication.cs
Requests
Configuration
CacheRequest.csDatabaseRequest.csEmailRequest.csLoggingRequest.csScheduleConfigurationRequest.cs
CreateUserRequest.csLoginRequest.csScheduleRequest.csTwoFactorAuthRequest.cs
Responses
AvailableProvidersResponse.csCampusBasicInfoResponse.csCampusDetailsResponse.csDisciplineResponse.csErrorResponse.csFacultyResponse.csGroupDetailsResponse.csGroupResponse.csLectureHallDetailsResponse.csLectureHallResponse.csProfessorResponse.csScheduleResponse.cs
Backend.slnDockerfile
Endpoint
Backend.http
Common
Attributes
BadRequestResponseAttribute.csCacheMaxAgeAttribute.csLocalhostAttribute.csMaintenanceModeIgnoreAttribute.csNotFoundResponseAttribute.csSwaggerDefaultAttribute.csTokenAuthenticationAttribute.cs
Exceptions
ControllerArgumentException.cs
Interfaces
IMaintenanceModeNotConfigureService.csIMaintenanceModeService.csISetupToken.cs
MapperDto
AvailableProvidersConverter.csPairPeriodTimeConverter.csTwoFactorAuthenticationConverter.cs
Services
MaintenanceModeNotConfigureService.csMaintenanceModeService.csPathBuilder.csScheduleSyncManager.cs
Security
DistributedCacheService.csJwtTokenService.csMemoryCacheService.csMemoryRevokedTokenService.cs
UrlHelper.cs
Configuration
Core
BackgroundTasks
ScheduleSyncService.cs
Middleware
CacheMaxAgeMiddleware.csCookieAuthorizationMiddleware.csCustomExceptionHandlerMiddleware.csJwtRevocationMiddleware.csMaintenanceModeMiddleware.cs
Startup
ApiVersioningConfiguration.csCacheConfiguration.csEnvironmentConfiguration.csJwtConfiguration.csLoggerConfiguration.csSecureConfiguration.csSwaggerConfiguration.cs
ISaveSettings.cs
Model
Admin.csGeneralConfig.cs
GeneralSettings
CacheSettings.csDbSettings.csEmailSettings.csLogSettings.csScheduleSettings.cs
SwaggerOptions
ConfigureSwaggerOptions.csSwaggerDefaultValues.csSwaggerExampleFilter.cs
Validation
Attributes
RequiredSettingsAttribute.cs
Interfaces
IIsConfigured.cs
SetupTokenService.cs
Validators
SettingsRequiredValidator.cs
Controllers
BaseController.cs
Configuration
SetupController.cs
V1
AuthController.csCampusController.csDisciplineController.csFacultyController.csGroupController.csImportController.csLectureHallController.csProfessorController.csScheduleController.cs
WeatherForecastController.cs
Endpoint.csprojProgram.cs
Sync
Common
DataRepository.cs
ScheduleSynchronizer.cs
WeatherForecast.cs
wwwroot/css/swagger
SwaggerDark.css
README.md
Security
Common
CookieNames.cs
Domain
Caching
AuthToken.csFirstAuthToken.cs
CookieOptionsParameters.cs
OAuth2
OAuthProviderUrisData.csOAuthTokenResponse.cs
UserInfo
GoogleUserInfo.csMailRuUserInfo.csYandexUserInfo.cs
OAuthProvider.csOAuthUser.csRequestContextInfo.csTwoFactorAuthenticator.csUser.cs
Interfaces
IAccessToken.csICacheService.csIRevokedToken.csIUserInfo.cs
DependencyInjection.cs
Properties
launchSettings.json
Security.csproj
Services
AuthService.csGeneratorKey.csOAuthService.csPasswordHashService.csTotpService.cs
SqlData
Application
Application.csproj
Common
Behaviors
ValidationBehavior.cs
Exceptions
NotFoundException.cs
Cqrs
Campus/Queries
GetCampusBasicInfoList
CampusBasicInfoDto.csCampusBasicInfoVm.csGetCampusBasicInfoListQuery.csGetCampusBasicInfoListQueryHandler.cs
GetCampusDetails
CampusDetailsVm.csGetCampusDetailsQuery.csGetCampusDetailsQueryHandler.cs
Discipline/Queries
GetDisciplineDetails
DisciplineInfoVm.csGetDisciplineInfoQuery.csGetDisciplineInfoQueryHandler.cs
GetDisciplineList
DisciplineListVm.csDisciplineLookupDto.csGetDisciplineListQuery.csGetDisciplineListQueryHandler.cs
Faculty/Queries/GetFacultyList
FacultyListVm.csFacultyLookupDto.csGetFacultyListQuery.csGetFacultyListQueryHandler.cs
Group/Queries
GetGroupDetails
GetGroupInfoQuery.csGetGroupInfoQueryHandler.csGroupInfoVm.cs
GetGroupList
GetGroupListQuery.csGetGroupListQueryHandler.csGroupListVm.csGroupLookupDto.cs
LectureHall/Queries
GetLectureHallDetails
GetLectureHallInfoQuery.csGetLectureHallInfoQueryHandler.csLectureHallInfoVm.cs
GetLectureHallList
GetLectureHallListQuery.csGetLectureHallListQueryHandler.csLectureHallListVm.csLectureHallLookupDto.cs
Professor/Queries
GetProfessorDetails
GetProfessorInfoQuery.csGetProfessorInfoQueryHandler.csProfessorInfoVm.cs
GetProfessorDetailsBySearch
GetProfessorInfoSearchQuery.csGetProfessorInfoSearchQueryHandler.csProfessorInfoListVm.cs
GetProfessorList
GetProfessorListQuery.csGetProfessorListQueryHandler.csProfessorListVm.csProfessorLookupDto.cs
Schedule/Queries/GetScheduleList
GetScheduleListQuery.csGetScheduleListQueryHandler.csScheduleListVm.csScheduleLookupDto.cs
DependencyInjection.cs
Interfaces/DbContexts
IDbContextBase.cs
Schedule
ICampusDbContext.csIDisciplineDbContext.csIFacultyDbContext.csIGroupDbContext.csILectureHallDbContext.csILessonAssociationDbContext.csILessonDbContext.csIProfessorDbContext.csISpecificWeekDbContext.csITypeOfOccupationDbContext.cs
Domain
Domain.csproj
Schedule
Campus.csDiscipline.csFaculty.csGroup.csLectureHall.csLesson.csLessonAssociation.csProfessor.csSpecificWeek.csTypeOfOccupation.cs
Migrations
MysqlMigrations
Migrations
20240601023106_InitialMigration.Designer.cs20240601023106_InitialMigration.cs20241027034820_RemoveUnusedRef.Designer.cs20241027034820_RemoveUnusedRef.csUberDbContextModelSnapshot.cs
MysqlMigrations.csproj
PsqlMigrations
Migrations
20240601021702_InitialMigration.Designer.cs20240601021702_InitialMigration.cs20241027032753_RemoveUnusedRef.Designer.cs20241027032753_RemoveUnusedRef.csUberDbContextModelSnapshot.cs
PsqlMigrations.csproj
SqliteMigrations
Migrations
20240601015714_InitialMigration.Designer.cs20240601015714_InitialMigration.cs20241027032931_RemoveUnusedRef.Designer.cs20241027032931_RemoveUnusedRef.csUberDbContextModelSnapshot.cs
SqliteMigrations.csproj
Persistence
Common
BaseDbContext.csConfigurationResolver.csDatabaseProvider.csDbContextFactory.csModelBuilderExtensions.cs
Contexts/Schedule
CampusDbContext.csDisciplineDbContext.csFacultyDbContext.csGroupDbContext.csLectureHallDbContext.csLessonAssociationDbContext.csLessonDbContext.csProfessorDbContext.csSpecificWeekDbContext.csTypeOfOccupationDbContext.cs
DbInitializer.csDependencyInjection.cs
EntityTypeConfigurations
Mark.cs
Mysql/Schedule
CampusConfiguration.csDisciplineConfiguration.csFacultyConfiguration.csGroupConfiguration.csLectureHallConfiguration.csLessonAssociationConfiguration.csLessonConfiguration.csProfessorConfiguration.csSpecificWeekConfiguration.csTypeOfOccupationConfiguration.cs
Postgresql/Schedule
CampusConfiguration.csDisciplineConfiguration.csFacultyConfiguration.csGroupConfiguration.csLectureHallConfiguration.csLessonAssociationConfiguration.csLessonConfiguration.csProfessorConfiguration.csSpecificWeekConfiguration.csTypeOfOccupationConfiguration.cs
Sqlite/Schedule
CampusConfiguration.csDisciplineConfiguration.csFacultyConfiguration.csGroupConfiguration.csLectureHallConfiguration.csLessonAssociationConfiguration.csLessonConfiguration.csProfessorConfiguration.csSpecificWeekConfiguration.csTypeOfOccupationConfiguration.cs
Persistence.csprojUberDbContext.cs
nuget.config

2
Security/DependencyInjection.cs

@ -61,7 +61,7 @@ public static class DependencyInjection
providers.Add(provider, (clientId, secret)); providers.Add(provider, (clientId, secret));
} }
services.AddSingleton(provider => new OAuthService(provider.GetRequiredService<ILogger<OAuthService>>(), providers)); services.AddSingleton(provider => new OAuthService(provider.GetRequiredService<ILogger<OAuthService>>(), providers, configuration["SECURITY_ENCRYPTION_TOKEN"]!));
return services; return services;
} }

19
Security/Services/OAuthService.cs

@ -10,13 +10,15 @@ using System.Linq;
using System.Net.Http; using System.Net.Http;
using System.Net.Http.Headers; using System.Net.Http.Headers;
using System.Security; using System.Security;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json; using System.Text.Json;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
namespace Mirea.Api.Security.Services; namespace Mirea.Api.Security.Services;
public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider, (string ClientId, string Secret)> providers) public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider, (string ClientId, string Secret)> providers, string secretKey)
{ {
private static readonly Dictionary<OAuthProvider, OAuthProviderUrisData> ProviderData = new() private static readonly Dictionary<OAuthProvider, OAuthProviderUrisData> ProviderData = new()
{ {
@ -97,6 +99,12 @@ public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider
return userInfo?.MapToInternalUser(); return userInfo?.MapToInternalUser();
} }
private static string GetHmacString(RequestContextInfo contextInfo, string secretKey)
{
var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secretKey));
return Convert.ToBase64String(hmac.ComputeHash(
Encoding.UTF8.GetBytes($"{contextInfo.Fingerprint}_{contextInfo.Ip}_{contextInfo.UserAgent}")));
}
public Uri GetProviderRedirect(HttpContext context, CookieOptionsParameters cookieOptions, string redirectUri, OAuthProvider provider) public Uri GetProviderRedirect(HttpContext context, CookieOptionsParameters cookieOptions, string redirectUri, OAuthProvider provider)
{ {
@ -106,7 +114,7 @@ public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider
"&response_type=code" + "&response_type=code" +
$"&redirect_uri={redirectUri}" + $"&redirect_uri={redirectUri}" +
$"&scope={ProviderData[provider].Scope}" + $"&scope={ProviderData[provider].Scope}" +
$"&state={new RequestContextInfo(context, cookieOptions).Fingerprint}_{Enum.GetName(provider)}"; $"&state={GetHmacString(new RequestContextInfo(context, cookieOptions), secretKey)}_{Enum.GetName(provider)}";
@ -121,8 +129,6 @@ public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider
public async Task<(OAuthProvider provider, OAuthUser User)> LoginOAuth(HttpContext context, CookieOptionsParameters cookieOptions, string redirectUrl, string code, string state, CancellationToken cancellation = default) public async Task<(OAuthProvider provider, OAuthUser User)> LoginOAuth(HttpContext context, CookieOptionsParameters cookieOptions, string redirectUrl, string code, string state, CancellationToken cancellation = default)
{ {
var requestContext = new RequestContextInfo(context, cookieOptions);
var partsState = state.Split('_'); var partsState = state.Split('_');
if (!Enum.TryParse<OAuthProvider>(partsState.Last(), true, out var provider) || if (!Enum.TryParse<OAuthProvider>(partsState.Last(), true, out var provider) ||
@ -133,9 +139,10 @@ public class OAuthService(ILogger<OAuthService> logger, Dictionary<OAuthProvider
throw new InvalidOperationException("Invalid authorization request."); throw new InvalidOperationException("Invalid authorization request.");
} }
var fingerprint = string.Join("_", partsState.SkipLast(1)); var secretStateData = string.Join("_", partsState.SkipLast(1));
var secretData = GetHmacString(new RequestContextInfo(context, cookieOptions), secretKey);
if (requestContext.Fingerprint != fingerprint) if (secretData != secretStateData)
{ {
logger.LogWarning("Fingerprint mismatch. Possible CSRF attack detected."); logger.LogWarning("Fingerprint mismatch. Possible CSRF attack detected.");
throw new SecurityException("Suspicious activity detected. Please try again."); throw new SecurityException("Suspicious activity detected. Please try again.");