Update to RSA encryption instead of hmac
Docker Build and Release Upload / build (push) Successful in 1m28s
Docker Build and Release Upload / build (push) Successful in 1m28s
This commit is contained in:
@@ -55,6 +55,14 @@ RUN set -e && \
|
||||
################
|
||||
|
||||
FROM mcr.microsoft.com/dotnet/aspnet:9.0
|
||||
|
||||
WORKDIR /certs
|
||||
RUN apt update && apt upgrade -y && \
|
||||
apt install -y openssl && \
|
||||
openssl genrsa -out private_key.pem 2048 && \
|
||||
openssl rsa -in private_key.pem -pubout -out public_key.pem
|
||||
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
ENV ASPNETCORE_HTTP_PORTS=5000
|
||||
|
||||
@@ -32,7 +32,7 @@ string? _dbpass = Environment.GetEnvironmentVariable("MySQLPass");
|
||||
string dbPass = !string.IsNullOrEmpty(_dbpass) ? _dbpass : "oasv34$8gpv023dd";
|
||||
|
||||
// Create the database serivice
|
||||
DatabaseService databaseService = new DatabaseService(connectionString: "server=" + dbserver + ";user=" + dbUser + ";database=" + dbdatabase + ";password=" + dbPass + ";port=3307;");
|
||||
DatabaseService databaseService = new DatabaseService(connectionString: "server=" + dbserver + ";user=" + dbUser + ";database=" + dbdatabase + ";password=" + dbPass + ";port=3306;");
|
||||
builder.Services.Add( new ServiceDescriptor( typeof( DatabaseService ), databaseService ) );
|
||||
|
||||
////////////////////////////////
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Claims;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using Auth.Entities;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
@@ -7,6 +8,9 @@ using Microsoft.IdentityModel.Tokens;
|
||||
namespace Auth.Services {
|
||||
public class AuthJWT {
|
||||
|
||||
public static RsaSecurityKey RsaPublicKey = LoadRSAKey("/certs/public_key.pem");
|
||||
public static RsaSecurityKey RsaPrivateKey = LoadRSAKey("/certs/private_key.pem");
|
||||
|
||||
public static string TokenAudience = "mistox-llc-auth-token";
|
||||
public static string TokenIssuer = "https://auth.mistox.com";
|
||||
public static string TokenSecretKey = "";
|
||||
@@ -18,15 +22,13 @@ namespace Auth.Services {
|
||||
ValidateIssuerSigningKey = true,
|
||||
ValidIssuer = TokenIssuer,
|
||||
ValidAudience = TokenAudience,
|
||||
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(TokenSecretKey)),
|
||||
IssuerSigningKey = RsaPublicKey,
|
||||
ClockSkew = TimeSpan.FromMinutes(1)
|
||||
};
|
||||
|
||||
public static string GenereateJWTToken(Account account, bool StayLoggedIn) {
|
||||
var tokenHandler = new JwtSecurityTokenHandler();
|
||||
var key = Encoding.UTF8.GetBytes(TokenSecretKey);
|
||||
|
||||
var tokenDiscriptor = new SecurityTokenDescriptor {
|
||||
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
|
||||
SecurityTokenDescriptor tokenDiscriptor = new SecurityTokenDescriptor {
|
||||
Subject = new ClaimsIdentity([
|
||||
new Claim(ClaimTypes.NameIdentifier, account.ID.ToString()),
|
||||
new Claim(ClaimTypes.Name, account.UserName),
|
||||
@@ -37,7 +39,7 @@ namespace Auth.Services {
|
||||
]),
|
||||
Expires = DateTime.UtcNow.AddDays(7),
|
||||
IssuedAt = DateTime.UtcNow,
|
||||
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256),
|
||||
SigningCredentials = new SigningCredentials(RsaPrivateKey, SecurityAlgorithms.RsaSha256),
|
||||
Audience = TokenAudience,
|
||||
Issuer = TokenIssuer
|
||||
};
|
||||
@@ -56,5 +58,12 @@ namespace Auth.Services {
|
||||
}, Convert.ToBoolean(principal.FindFirst(ClaimTypes.IsPersistent)!.Value));
|
||||
}
|
||||
|
||||
public static RsaSecurityKey LoadRSAKey(string KeyPath) {
|
||||
string KeyText = File.ReadAllText(KeyPath);
|
||||
RSA rsa = RSA.Create();
|
||||
rsa.ImportFromPem(KeyText.ToCharArray());
|
||||
return new RsaSecurityKey(rsa);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user