Update key store to validate account and site

2025-09-09 21:47:34 -07:00
parent 0e16bee869
commit f1222b4ec6
7 changed files with 52 additions and 23 deletions
@@ -43,7 +43,7 @@ export class LoginComponent {
    }

    this.errorMsgs.push("Waiting for response from server");
-    this.http.post( "api/auth/login", { "UserName": this.UserName, "Password": this.Password, "StayLoggedIn": this.StayLoggedIn, "SameSite": (this.returnURL == '/') }, { responseType: 'text' } ).subscribe({
+    this.http.post( "api/auth/login", { "UserName": this.UserName, "Password": this.Password, "StayLoggedIn": this.StayLoggedIn, "Site": this.returnURL }, { responseType: 'text' } ).subscribe({
      next: data => {
        this.errorMsgs = [ "Login Token: " + data ];
        window.location.href = this.returnURL + "?LoginToken=" + data;
@@ -52,14 +52,14 @@ namespace Auth.Controllers {
                            test.CurrentPasswordAttempts = 0;
                            await _databaseService.SetAccount(test);
                            
-                            if (request.SameSite) {
-                                SignIn(Response, AuthJWT.GenereateJWTToken(test, request.StayLoggedIn));
+                            if (request.Site == "/") {
+                                SignIn(Response, AuthJWT.GenereateJWTToken(test, request.Site, request.StayLoggedIn));
                            } else {
                                string Ticket = Guid.NewGuid().ToString().Replace("-", "");
-                                string JWT = AuthJWT.GenereateJWTToken(test, request.StayLoggedIn);
+                                string JWT = AuthJWT.GenereateJWTToken(test, request.Site, request.StayLoggedIn);
                                AuthJWT.LoginSessions[Ticket] = new JWTMemCache {
                                    JWT = JWT,
-                                    ExpiresAt = DateTime.UtcNow.AddSeconds(30)
+                                    ExpiresAt = DateTime.UtcNow.AddSeconds(20)
                                };

                                return Ok(Ticket);
@@ -2,6 +2,8 @@ using Microsoft.AspNetCore.Mvc;
 using System.Web.Http;
 using StackExchange.Redis;
 using Auth.Services.DatabaseService;
+using Auth.Services;
+using Auth.Entities;

 namespace Auth.Controllers {
    [ApiController]
@@ -18,16 +20,26 @@ namespace Auth.Controllers {

        [Route("get")]
        [HttpGet]
-        public async Task<ActionResult<string>> Get(string key) {
-            RedisValue result = await _redisdb.StringGetAsync(key);
+        public async Task<ActionResult<string>> Get(string JWT, string key) {
+            Account? account = AuthJWT.ValidateJWTToken(JWT);
+            if (account != null) {
+                RedisValue result = await _redisdb.StringGetAsync( account.Site + key);
                return Ok(result.ToString());
+            } else {
+                return BadRequest("JWT Not Valid");
+            }
        }

        [Route("set")]
        [HttpGet]
-        public async Task<ActionResult> Set(string key, string value) {
-            await _redisdb.StringSetAsync(key, value);
+        public async Task<ActionResult> Set(string JWT, string key, string value) {
+            Account? account = AuthJWT.ValidateJWTToken(JWT);
+            if (account != null) {
+                await _redisdb.StringSetAsync(account.Site + key, value);
                return Ok();
+            } else {
+                return BadRequest("JWT Not Valid");
+            }
        }

    }
@@ -3,8 +3,8 @@ namespace Auth.DTO {
    public class LoginRequest {
        public string UserName { get; set; } = "";
        public string Password { get; set; } = "";
+        public string Site { get; set; } = "";
        public bool StayLoggedIn { get; set; }
-        public bool SameSite { get; set; }
    }

    public class JWTRenewRequest {
@@ -14,5 +14,6 @@ namespace Auth.Entities {
        public string PasswordToken { get; set; } = "";
        public DateTime PasswordTokenCreated { get; set; }
        public string DataServer { get; set; } = "";
+        public string Site { get; set; } = "";
    }
 }
@@ -1,10 +1,6 @@
 using Auth.Services;
 using Auth.Services.DatabaseService;
-using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.IdentityModel.Tokens;
-using System.IdentityModel.Tokens.Jwt;
-using System.Text;

 var builder = WebApplication.CreateBuilder(args);

@@ -25,7 +25,7 @@ namespace Auth.Services {
            ClockSkew = TimeSpan.FromMinutes(1)
        };

-        public static string GenereateJWTToken(Account account, bool StayLoggedIn) {
+        public static string GenereateJWTToken(Account account, string RequestedSite, bool StayLoggedIn) {
            JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
            SecurityTokenDescriptor tokenDiscriptor = new SecurityTokenDescriptor {
                Subject = new ClaimsIdentity([
@@ -34,6 +34,7 @@ namespace Auth.Services {
                    new Claim(ClaimTypes.Email, account.Email),
                    new Claim(ClaimTypes.Role, account.Role),
                    new Claim(ClaimTypes.UserData, account.DataServer),
+                    new Claim(ClaimTypes.Dns, RequestedSite),
                    new Claim(ClaimTypes.IsPersistent, StayLoggedIn.ToString()),
                ]),
                Expires = DateTime.UtcNow.AddDays(7),
@@ -47,14 +48,33 @@ namespace Auth.Services {
            return tokenHandler.WriteToken(token);
        }

+        public static Account? ValidateJWTToken(string Token) {
+            try {
+                JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
+                ClaimsPrincipal principal = tokenHandler.ValidateToken( Token, TokenParameters, out SecurityToken validatedToken );
+                return new Account {
+                    ID = Convert.ToInt32(principal.FindFirstValue(ClaimTypes.NameIdentifier)),
+                    UserName = principal.FindFirstValue(ClaimTypes.Name)!,
+                    Email = principal.FindFirstValue(ClaimTypes.Email)!,
+                    Role = principal.FindFirstValue(ClaimTypes.Role)!,
+                    DataServer = principal.FindFirstValue(ClaimTypes.UserData)!,
+                    Site = principal.FindFirstValue(ClaimTypes.Dns)!
+                };
+            } catch (Exception) {
+                return null;
+            }
+        }
+
        public static string RenewJWTToken(ClaimsPrincipal principal) {
            return GenereateJWTToken(new Account {
-                ID = Convert.ToInt32(principal.FindFirst(ClaimTypes.NameIdentifier)!.Value),
-                UserName = principal.FindFirst(ClaimTypes.Name)!.Value,
-                Email = principal.FindFirst(ClaimTypes.Email)!.Value,
-                Role = principal.FindFirst(ClaimTypes.Role)!.Value,
-                DataServer = principal.FindFirst(ClaimTypes.UserData)!.Value
-            }, Convert.ToBoolean(principal.FindFirst(ClaimTypes.IsPersistent)!.Value));
+                ID = Convert.ToInt32(principal.FindFirstValue(ClaimTypes.NameIdentifier)),
+                UserName = principal.FindFirstValue(ClaimTypes.Name)!,
+                Email = principal.FindFirstValue(ClaimTypes.Email)!,
+                Role = principal.FindFirstValue(ClaimTypes.Role)!,
+                DataServer = principal.FindFirstValue(ClaimTypes.UserData)!
+            },
+            principal.FindFirstValue(ClaimTypes.Dns)!,
+            Convert.ToBoolean(principal.FindFirstValue(ClaimTypes.IsPersistent)!));
        }

        public static RsaSecurityKey LoadRSAKey(string KeyPath) {