derek/auth-mistox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update to RSA encryption instead of hmac
Docker Build and Release Upload / build (push) Successful in 1m28s
Details

Browse Source
This commit is contained in:
Derek Holloway
2025-07-26 09:17:29 -07:00
parent fe3401a9b3
commit 3c3ed90f5c
3 changed files with 25 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+8
View File
@@ -55,6 +55,14 @@ RUN set -e && \
################ ################
FROM mcr.microsoft.com/dotnet/aspnet:9.0 FROM mcr.microsoft.com/dotnet/aspnet:9.0
WORKDIR /certs
RUN apt update && apt upgrade -y && \
apt install -y openssl && \
openssl genrsa -out private_key.pem 2048 && \
openssl rsa -in private_key.pem -pubout -out public_key.pem
WORKDIR /app WORKDIR /app
ENV ASPNETCORE_HTTP_PORTS=5000 ENV ASPNETCORE_HTTP_PORTS=5000
src/Server/Program.cs
+1 -1
View File
@@ -32,7 +32,7 @@ string? _dbpass = Environment.GetEnvironmentVariable("MySQLPass");
string dbPass = !string.IsNullOrEmpty(_dbpass) ? _dbpass : "oasv34$8gpv023dd"; string dbPass = !string.IsNullOrEmpty(_dbpass) ? _dbpass : "oasv34$8gpv023dd";
// Create the database serivice // Create the database serivice
DatabaseService databaseService = new DatabaseService(connectionString: "server=" + dbserver + ";user=" + dbUser + ";database=" + dbdatabase + ";password=" + dbPass + ";port=3307;"); DatabaseService databaseService = new DatabaseService(connectionString: "server=" + dbserver + ";user=" + dbUser + ";database=" + dbdatabase + ";password=" + dbPass + ";port=3306;");
builder.Services.Add( new ServiceDescriptor( typeof( DatabaseService ), databaseService ) ); builder.Services.Add( new ServiceDescriptor( typeof( DatabaseService ), databaseService ) );
//////////////////////////////// ////////////////////////////////
src/Server/Services/AuthJWT.cs
+16 -7
View File
@@ -1,5 +1,6 @@
using System.IdentityModel.Tokens.Jwt; using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims; using System.Security.Claims;
using System.Security.Cryptography;
using System.Text; using System.Text;
using Auth.Entities; using Auth.Entities;
using Microsoft.IdentityModel.Tokens; using Microsoft.IdentityModel.Tokens;
@@ -7,6 +8,9 @@ using Microsoft.IdentityModel.Tokens;
namespace Auth.Services { namespace Auth.Services {
public class AuthJWT { public class AuthJWT {
public static RsaSecurityKey RsaPublicKey = LoadRSAKey("/certs/public_key.pem");
public static RsaSecurityKey RsaPrivateKey = LoadRSAKey("/certs/private_key.pem");
public static string TokenAudience = "mistox-llc-auth-token"; public static string TokenAudience = "mistox-llc-auth-token";
public static string TokenIssuer = "https://auth.mistox.com"; public static string TokenIssuer = "https://auth.mistox.com";
public static string TokenSecretKey = ""; public static string TokenSecretKey = "";
@@ -18,15 +22,13 @@ namespace Auth.Services {
ValidateIssuerSigningKey = true, ValidateIssuerSigningKey = true,
ValidIssuer = TokenIssuer, ValidIssuer = TokenIssuer,
ValidAudience = TokenAudience, ValidAudience = TokenAudience,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(TokenSecretKey)), IssuerSigningKey = RsaPublicKey,
ClockSkew = TimeSpan.FromMinutes(1) ClockSkew = TimeSpan.FromMinutes(1)
}; };
public static string GenereateJWTToken(Account account, bool StayLoggedIn) { public static string GenereateJWTToken(Account account, bool StayLoggedIn) {
var tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.UTF8.GetBytes(TokenSecretKey); SecurityTokenDescriptor tokenDiscriptor = new SecurityTokenDescriptor {
var tokenDiscriptor = new SecurityTokenDescriptor {
Subject = new ClaimsIdentity([ Subject = new ClaimsIdentity([
new Claim(ClaimTypes.NameIdentifier, account.ID.ToString()), new Claim(ClaimTypes.NameIdentifier, account.ID.ToString()),
new Claim(ClaimTypes.Name, account.UserName), new Claim(ClaimTypes.Name, account.UserName),
@@ -37,7 +39,7 @@ namespace Auth.Services {
]), ]),
Expires = DateTime.UtcNow.AddDays(7), Expires = DateTime.UtcNow.AddDays(7),
IssuedAt = DateTime.UtcNow, IssuedAt = DateTime.UtcNow,
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256), SigningCredentials = new SigningCredentials(RsaPrivateKey, SecurityAlgorithms.RsaSha256),
Audience = TokenAudience, Audience = TokenAudience,
Issuer = TokenIssuer Issuer = TokenIssuer
}; };
@@ -46,7 +48,7 @@ namespace Auth.Services {
return tokenHandler.WriteToken(token); return tokenHandler.WriteToken(token);
} }
public static string RenewJWTToken( ClaimsPrincipal principal ) { public static string RenewJWTToken(ClaimsPrincipal principal) {
return GenereateJWTToken(new Account { return GenereateJWTToken(new Account {
ID = Convert.ToInt32(principal.FindFirst(ClaimTypes.NameIdentifier)!.Value), ID = Convert.ToInt32(principal.FindFirst(ClaimTypes.NameIdentifier)!.Value),
UserName = principal.FindFirst(ClaimTypes.Name)!.Value, UserName = principal.FindFirst(ClaimTypes.Name)!.Value,
@@ -56,5 +58,12 @@ namespace Auth.Services {
}, Convert.ToBoolean(principal.FindFirst(ClaimTypes.IsPersistent)!.Value)); }, Convert.ToBoolean(principal.FindFirst(ClaimTypes.IsPersistent)!.Value));
} }
public static RsaSecurityKey LoadRSAKey(string KeyPath) {
string KeyText = File.ReadAllText(KeyPath);
RSA rsa = RSA.Create();
rsa.ImportFromPem(KeyText.ToCharArray());
return new RsaSecurityKey(rsa);
}
} }
} }