diff --git a/Dockerfile b/Dockerfile index e56ee72..1182a05 100755 --- a/Dockerfile +++ b/Dockerfile @@ -55,6 +55,14 @@ RUN set -e && \ ################ FROM mcr.microsoft.com/dotnet/aspnet:9.0 + +WORKDIR /certs +RUN apt update && apt upgrade -y && \ + apt install -y openssl && \ + openssl genrsa -out private_key.pem 2048 && \ + openssl rsa -in private_key.pem -pubout -out public_key.pem + + WORKDIR /app ENV ASPNETCORE_HTTP_PORTS=5000 diff --git a/src/Server/Program.cs b/src/Server/Program.cs index 5050a5d..86618d0 100755 --- a/src/Server/Program.cs +++ b/src/Server/Program.cs @@ -32,7 +32,7 @@ string? _dbpass = Environment.GetEnvironmentVariable("MySQLPass"); string dbPass = !string.IsNullOrEmpty(_dbpass) ? _dbpass : "oasv34$8gpv023dd"; // Create the database serivice -DatabaseService databaseService = new DatabaseService(connectionString: "server=" + dbserver + ";user=" + dbUser + ";database=" + dbdatabase + ";password=" + dbPass + ";port=3307;"); +DatabaseService databaseService = new DatabaseService(connectionString: "server=" + dbserver + ";user=" + dbUser + ";database=" + dbdatabase + ";password=" + dbPass + ";port=3306;"); builder.Services.Add( new ServiceDescriptor( typeof( DatabaseService ), databaseService ) ); //////////////////////////////// diff --git a/src/Server/Services/AuthJWT.cs b/src/Server/Services/AuthJWT.cs index b579cf7..7acde52 100644 --- a/src/Server/Services/AuthJWT.cs +++ b/src/Server/Services/AuthJWT.cs @@ -1,5 +1,6 @@ using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; +using System.Security.Cryptography; using System.Text; using Auth.Entities; using Microsoft.IdentityModel.Tokens; @@ -7,6 +8,9 @@ using Microsoft.IdentityModel.Tokens; namespace Auth.Services { public class AuthJWT { + public static RsaSecurityKey RsaPublicKey = LoadRSAKey("/certs/public_key.pem"); + public static RsaSecurityKey RsaPrivateKey = LoadRSAKey("/certs/private_key.pem"); + public static string TokenAudience = "mistox-llc-auth-token"; public static string TokenIssuer = "https://auth.mistox.com"; public static string TokenSecretKey = ""; @@ -18,15 +22,13 @@ namespace Auth.Services { ValidateIssuerSigningKey = true, ValidIssuer = TokenIssuer, ValidAudience = TokenAudience, - IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(TokenSecretKey)), + IssuerSigningKey = RsaPublicKey, ClockSkew = TimeSpan.FromMinutes(1) }; public static string GenereateJWTToken(Account account, bool StayLoggedIn) { - var tokenHandler = new JwtSecurityTokenHandler(); - var key = Encoding.UTF8.GetBytes(TokenSecretKey); - - var tokenDiscriptor = new SecurityTokenDescriptor { + JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); + SecurityTokenDescriptor tokenDiscriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity([ new Claim(ClaimTypes.NameIdentifier, account.ID.ToString()), new Claim(ClaimTypes.Name, account.UserName), @@ -37,7 +39,7 @@ namespace Auth.Services { ]), Expires = DateTime.UtcNow.AddDays(7), IssuedAt = DateTime.UtcNow, - SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256), + SigningCredentials = new SigningCredentials(RsaPrivateKey, SecurityAlgorithms.RsaSha256), Audience = TokenAudience, Issuer = TokenIssuer }; @@ -46,7 +48,7 @@ namespace Auth.Services { return tokenHandler.WriteToken(token); } - public static string RenewJWTToken( ClaimsPrincipal principal ) { + public static string RenewJWTToken(ClaimsPrincipal principal) { return GenereateJWTToken(new Account { ID = Convert.ToInt32(principal.FindFirst(ClaimTypes.NameIdentifier)!.Value), UserName = principal.FindFirst(ClaimTypes.Name)!.Value, @@ -56,5 +58,12 @@ namespace Auth.Services { }, Convert.ToBoolean(principal.FindFirst(ClaimTypes.IsPersistent)!.Value)); } + public static RsaSecurityKey LoadRSAKey(string KeyPath) { + string KeyText = File.ReadAllText(KeyPath); + RSA rsa = RSA.Create(); + rsa.ImportFromPem(KeyText.ToCharArray()); + return new RsaSecurityKey(rsa); + } + } } \ No newline at end of file