Update expire on JWT to be official lease

Low numbers to test autorenew
Update inputs for key/value controller
2025-09-22 19:02:49 -07:00 · 2025-09-22 18:31:07 -07:00 · 2025-09-09 22:04:28 -07:00 · 2025-09-09 21:59:12 -07:00 · 2025-09-09 21:58:08 -07:00 · 2025-09-09 21:47:34 -07:00
21 changed files with 770 additions and 206 deletions
@@ -14,9 +14,9 @@ services:
      - EmailAddress=${Email_Address}
      - EmailPassword=${Email_Password}
    ports:
-      - 5000:5000
+      - 8001:5000
    volumes:
-      - ./JWTcerts:/certs
+      - ./certs:/certs
    depends_on:
      - auth-database
@@ -28,3 +28,13 @@ services:
      - ./data:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: ${MySQL_Pass}
  auth-redis:
    image: redis
    container_name: auth_redis
    ports:
      - "6379:6379"
    volumes:
      - ./kvdata:/data
      - ./redis.conf:/usr/local/etc/redis/redis.conf
    command: ["redis-server", "/usr/local/etc/redis/redis.conf"]
@@ -0,0 +1,540 @@
 # Redis configuration file example
 # Note on units: when memory size is needed, it is possible to specify
 # it in the usual form of 1k 5GB 4M and so forth:
 #
 # 1k => 1000 bytes
 # 1kb => 1024 bytes
 # 1m => 1000000 bytes
 # 1mb => 1024*1024 bytes
 # 1g => 1000000000 bytes
 # 1gb => 1024*1024*1024 bytes
 #
 # units are case insensitive so 1GB 1Gb 1gB are all the same.
 # By default Redis does not run as a daemon. Use 'yes' if you need it.
 # Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
 daemonize no
 # When running daemonized, Redis writes a pid file in /var/run/redis.pid by
 # default. You can specify a custom pid file location here.
 pidfile /var/run/redis/redis-server.pid
 # Accept connections on the specified port, default is 6379.
 # If port 0 is specified Redis will not listen on a TCP socket.
 port 6379
 # If you want you can bind a single interface, if the bind option is not
 # specified all the interfaces will listen for incoming connections.
 #
 #bind 127.0.0.1
 # Specify the path for the unix socket that will be used to listen for
 # incoming connections. There is no default, so Redis will not listen
 # on a unix socket when not specified.
 #
 # unixsocket /var/run/redis/redis.sock
 # unixsocketperm 755
 # Close the connection after a client is idle for N seconds (0 to disable)
 timeout 0
 # Set server verbosity to 'debug'
 # it can be one of:
 # debug (a lot of information, useful for development/testing)
 # verbose (many rarely useful info, but not a mess like the debug level)
 # notice (moderately verbose, what you want in production probably)
 # warning (only very important / critical messages are logged)
 loglevel notice
 # Specify the log file name. Also 'stdout' can be used to force
 # Redis to log on the standard output. Note that if you use standard
 # output for logging but daemonize, logs will be sent to /dev/null
 logfile 'stdout'
 # To enable logging to the system logger, just set 'syslog-enabled' to yes,
 # and optionally update the other syslog parameters to suit your needs.
 # syslog-enabled no
 # Specify the syslog identity.
 # syslog-ident redis
 # Specify the syslog facility.  Must be USER or between LOCAL0-LOCAL7.
 # syslog-facility local0
 # Set the number of databases. The default database is DB 0, you can select
 # a different one on a per-connection basis using SELECT <dbid> where
 # dbid is a number between 0 and 'databases'-1
 databases 16
 ################################ SNAPSHOTTING  #################################
 #
 # Save the DB on disk:
 #
 #   save <seconds> <changes>
 #
 #   Will save the DB if both the given number of seconds and the given
 #   number of write operations against the DB occurred.
 #
 #   In the example below the behaviour will be to save:
 #   after 900 sec (15 min) if at least 1 key changed
 #   after 300 sec (5 min) if at least 10 keys changed
 #   after 60 sec if at least 10000 keys changed
 #
 #   Note: you can disable saving at all commenting all the "save" lines.
 #
 #   It is also possible to remove all the previously configured save
 #   points by adding a save directive with a single empty string argument
 #   like in the following example:
 #
 #   save ""
 save 900 1
 save 300 10
 save 60 10000
 # By default Redis will stop accepting writes if RDB snapshots are enabled
 # (at least one save point) and the latest background save failed.
 # This will make the user aware (in an hard way) that data is not persisting
 # on disk properly, otherwise chances are that no one will notice and some
 # distater will happen.
 #
 # If the background saving process will start working again Redis will
 # automatically allow writes again.
 #
 # However if you have setup your proper monitoring of the Redis server
 # and persistence, you may want to disable this feature so that Redis will
 # continue to work as usually even if there are problems with disk,
 # permissions, and so forth.
 stop-writes-on-bgsave-error yes
 # Compress string objects using LZF when dump .rdb databases?
 # For default that's set to 'yes' as it's almost always a win.
 # If you want to save some CPU in the saving child set it to 'no' but
 # the dataset will likely be bigger if you have compressible values or keys.
 rdbcompression yes
 # Since verison 5 of RDB a CRC64 checksum is placed at the end of the file.
 # This makes the format more resistant to corruption but there is a performance
 # hit to pay (around 10%) when saving and loading RDB files, so you can disable it
 # for maximum performances.
 #
 # RDB files created with checksum disabled have a checksum of zero that will
 # tell the loading code to skip the check.
 rdbchecksum yes
 # The filename where to dump the DB
 dbfilename dump.rdb
 # The working directory.
 #
 # The DB will be written inside this directory, with the filename specified
 # above using the 'dbfilename' configuration directive.
 # 
 # Also the Append Only File will be created inside this directory.
 # 
 # Note that you must specify a directory here, not a file name.
 dir /data
 ################################# REPLICATION #################################
 # Master-Slave replication. Use slaveof to make a Redis instance a copy of
 # another Redis server. Note that the configuration is local to the slave
 # so for example it is possible to configure the slave to save the DB with a
 # different interval, or to listen to another port, and so on.
 #
 #slaveof 127.0.0.1 6379
 # If the master is password protected (using the "requirepass" configuration
 # directive below) it is possible to tell the slave to authenticate before
 # starting the replication synchronization process, otherwise the master will
 # refuse the slave request.
 #
 # masterauth <master-password>
 # When a slave lost the connection with the master, or when the replication
 # is still in progress, the slave can act in two different ways:
 #
 # 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
 #    still reply to client requests, possibly with out of date data, or the
 #    data set may just be empty if this is the first synchronization.
 #
 # 2) if slave-serve-stale data is set to 'no' the slave will reply with
 #    an error "SYNC with master in progress" to all the kind of commands
 #    but to INFO and SLAVEOF.
 #
 slave-serve-stale-data yes
 # You can configure a slave instance to accept writes or not. Writing against
 # a slave instance may be useful to store some ephemeral data (because data
 # written on a slave will be easily deleted after resync with the master) but
 # may also cause problems if clients are writing to it because of a
 # misconfiguration.
 #
 # Since Redis 2.6 by default slaves are read-only.
 #
 # Note: read only slaves are not designed to be exposed to untrusted clients
 # on the internet. It's just a protection layer against misuse of the instance.
 # Still a read only slave exports by default all the administrative commands
 # such as CONFIG, DEBUG, and so forth. To a limited extend you can improve
 # security of read only slaves using 'rename-command' to shadow all the
 # administrative / dangerous commands.
 slave-read-only yes
 # Slaves send PINGs to server in a predefined interval. It's possible to change
 # this interval with the repl_ping_slave_period option. The default value is 10
 # seconds.
 #
 # repl-ping-slave-period 10
 # The following option sets a timeout for both Bulk transfer I/O timeout and
 # master data or ping response timeout. The default value is 60 seconds.
 #
 # It is important to make sure that this value is greater than the value
 # specified for repl-ping-slave-period otherwise a timeout will be detected
 # every time there is low traffic between the master and the slave.
 #
 # repl-timeout 60
 # The slave priority is an integer number published by Redis in the INFO output.
 # It is used by Redis Sentinel in order to select a slave to promote into a
 # master if the master is no longer working correctly.
 #
 # A slave with a low priority number is considered better for promotion, so
 # for instance if there are three slaves with priority 10, 100, 25 Sentinel will
 # pick the one wtih priority 10, that is the lowest.
 #
 # However a special priority of 0 marks the slave as not able to perform the
 # role of master, so a slave with priority of 0 will never be selected by
 # Redis Sentinel for promotion.
 #
 # By default the priority is 100.
 slave-priority 100
 ################################## SECURITY ###################################
 # Require clients to issue AUTH <PASSWORD> before processing any other
 # commands.  This might be useful in environments in which you do not trust
 # others with access to the host running redis-server.
 #
 # This should stay commented out for backward compatibility and because most
 # people do not need auth (e.g. they run their own servers).
 # 
 # Warning: since Redis is pretty fast an outside user can try up to
 # 150k passwords per second against a good box. This means that you should
 # use a very strong password otherwise it will be very easy to break.
 #
 # requirepass foobared
 # Command renaming.
 #
 # It is possible to change the name of dangerous commands in a shared
 # environment. For instance the CONFIG command may be renamed into something
 # of hard to guess so that it will be still available for internal-use
 # tools but not available for general clients.
 #
 # Example:
 #
 # rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
 #
 # It is also possible to completely kill a command renaming it into
 # an empty string:
 #
 # rename-command CONFIG ""
 ################################### LIMITS ####################################
 # Set the max number of connected clients at the same time. By default
 # this limit is set to 10000 clients, however if the Redis server is not
 # able ot configure the process file limit to allow for the specified limit
 # the max number of allowed clients is set to the current file limit
 # minus 32 (as Redis reserves a few file descriptors for internal uses).
 #
 # Once the limit is reached Redis will close all the new connections sending
 # an error 'max number of clients reached'.
 #
 # maxclients 10000
 # Don't use more memory than the specified amount of bytes.
 # When the memory limit is reached Redis will try to remove keys
 # accordingly to the eviction policy selected (see maxmemmory-policy).
 #
 # If Redis can't remove keys according to the policy, or if the policy is
 # set to 'noeviction', Redis will start to reply with errors to commands
 # that would use more memory, like SET, LPUSH, and so on, and will continue
 # to reply to read-only commands like GET.
 #
 # This option is usually useful when using Redis as an LRU cache, or to set
 # an hard memory limit for an instance (using the 'noeviction' policy).
 #
 # WARNING: If you have slaves attached to an instance with maxmemory on,
 # the size of the output buffers needed to feed the slaves are subtracted
 # from the used memory count, so that network problems / resyncs will
 # not trigger a loop where keys are evicted, and in turn the output
 # buffer of slaves is full with DELs of keys evicted triggering the deletion
 # of more keys, and so forth until the database is completely emptied.
 #
 # In short... if you have slaves attached it is suggested that you set a lower
 # limit for maxmemory so that there is some free RAM on the system for slave
 # output buffers (but this is not needed if the policy is 'noeviction').
 #
 # maxmemory <bytes>
 # MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
 # is reached? You can select among five behavior:
 # 
 # volatile-lru -> remove the key with an expire set using an LRU algorithm
 # allkeys-lru -> remove any key accordingly to the LRU algorithm
 # volatile-random -> remove a random key with an expire set
 # allkeys-random -> remove a random key, any key
 # volatile-ttl -> remove the key with the nearest expire time (minor TTL)
 # noeviction -> don't expire at all, just return an error on write operations
 # 
 # Note: with all the kind of policies, Redis will return an error on write
 #       operations, when there are not suitable keys for eviction.
 #
 #       At the date of writing this commands are: set setnx setex append
 #       incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
 #       sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
 #       zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
 #       getset mset msetnx exec sort
 #
 # The default is:
 #
 # maxmemory-policy volatile-lru
 # LRU and minimal TTL algorithms are not precise algorithms but approximated
 # algorithms (in order to save memory), so you can select as well the sample
 # size to check. For instance for default Redis will check three keys and
 # pick the one that was used less recently, you can change the sample size
 # using the following configuration directive.
 #
 # maxmemory-samples 3
 ############################## APPEND ONLY MODE ###############################
 # By default Redis asynchronously dumps the dataset on disk. This mode is
 # good enough in many applications, but an issue with the Redis process or
 # a power outage may result into a few minutes of writes lost (depending on
 # the configured save points).
 #
 # The Append Only File is an alternative persistence mode that provides
 # much better durability. For instance using the default data fsync policy
 # (see later in the config file) Redis can lose just one second of writes in a
 # dramatic event like a server power outage, or a single write if something
 # wrong with the Redis process itself happens, but the operating system is
 # still running correctly.
 #
 # AOF and RDB persistence can be enabled at the same time without problems.
 # If the AOF is enabled on startup Redis will load the AOF, that is the file
 # with the better durability guarantees.
 #
 # Please check http://redis.io/topics/persistence for more information.
 appendonly yes
 # The name of the append only file (default: "appendonly.aof")
 # appendfilename appendonly.aof
 # The fsync() call tells the Operating System to actually write data on disk
 # instead to wait for more data in the output buffer. Some OS will really flush 
 # data on disk, some other OS will just try to do it ASAP.
 #
 # Redis supports three different modes:
 #
 # no: don't fsync, just let the OS flush the data when it wants. Faster.
 # always: fsync after every write to the append only log . Slow, Safest.
 # everysec: fsync only one time every second. Compromise.
 #
 # The default is "everysec" that's usually the right compromise between
 # speed and data safety. It's up to you to understand if you can relax this to
 # "no" that will let the operating system flush the output buffer when
 # it wants, for better performances (but if you can live with the idea of
 # some data loss consider the default persistence mode that's snapshotting),
 # or on the contrary, use "always" that's very slow but a bit safer than
 # everysec.
 #
 # More details please check the following article:
 # http://antirez.com/post/redis-persistence-demystified.html
 #
 # If unsure, use "everysec".
 # appendfsync always
 appendfsync everysec
 # appendfsync no
 # When the AOF fsync policy is set to always or everysec, and a background
 # saving process (a background save or AOF log background rewriting) is
 # performing a lot of I/O against the disk, in some Linux configurations
 # Redis may block too long on the fsync() call. Note that there is no fix for
 # this currently, as even performing fsync in a different thread will block
 # our synchronous write(2) call.
 #
 # In order to mitigate this problem it's possible to use the following option
 # that will prevent fsync() from being called in the main process while a
 # BGSAVE or BGREWRITEAOF is in progress.
 #
 # This means that while another child is saving the durability of Redis is
 # the same as "appendfsync none", that in practical terms means that it is
 # possible to lost up to 30 seconds of log in the worst scenario (with the
 # default Linux settings).
 # 
 # If you have latency problems turn this to "yes". Otherwise leave it as
 # "no" that is the safest pick from the point of view of durability.
 no-appendfsync-on-rewrite no
 # Automatic rewrite of the append only file.
 # Redis is able to automatically rewrite the log file implicitly calling
 # BGREWRITEAOF when the AOF log size will growth by the specified percentage.
 # 
 # This is how it works: Redis remembers the size of the AOF file after the
 # latest rewrite (or if no rewrite happened since the restart, the size of
 # the AOF at startup is used).
 #
 # This base size is compared to the current size. If the current size is
 # bigger than the specified percentage, the rewrite is triggered. Also
 # you need to specify a minimal size for the AOF file to be rewritten, this
 # is useful to avoid rewriting the AOF file even if the percentage increase
 # is reached but it is still pretty small.
 #
 # Specify a percentage of zero in order to disable the automatic AOF
 # rewrite feature.
 auto-aof-rewrite-percentage 100
 auto-aof-rewrite-min-size 64mb
 ################################ LUA SCRIPTING  ###############################
 # Max execution time of a Lua script in milliseconds.
 #
 # If the maximum execution time is reached Redis will log that a script is
 # still in execution after the maximum allowed time and will start to
 # reply to queries with an error.
 #
 # When a long running script exceed the maximum execution time only the
 # SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
 # used to stop a script that did not yet called write commands. The second
 # is the only way to shut down the server in the case a write commands was
 # already issue by the script but the user don't want to wait for the natural
 # termination of the script.
 #
 # Set it to 0 or a negative value for unlimited execution without warnings.
 lua-time-limit 5000
 ################################## SLOW LOG ###################################
 # The Redis Slow Log is a system to log queries that exceeded a specified
 # execution time. The execution time does not include the I/O operations
 # like talking with the client, sending the reply and so forth,
 # but just the time needed to actually execute the command (this is the only
 # stage of command execution where the thread is blocked and can not serve
 # other requests in the meantime).
 # 
 # You can configure the slow log with two parameters: one tells Redis
 # what is the execution time, in microseconds, to exceed in order for the
 # command to get logged, and the other parameter is the length of the
 # slow log. When a new command is logged the oldest one is removed from the
 # queue of logged commands.
 # The following time is expressed in microseconds, so 1000000 is equivalent
 # to one second. Note that a negative number disables the slow log, while
 # a value of zero forces the logging of every command.
 slowlog-log-slower-than 10000
 # There is no limit to this length. Just be aware that it will consume memory.
 # You can reclaim memory used by the slow log with SLOWLOG RESET.
 slowlog-max-len 128
 ############################### ADVANCED CONFIG ###############################
 # Hashes are encoded using a memory efficient data structure when they have a
 # small number of entries, and the biggest entry does not exceed a given
 # threshold. These thresholds can be configured using the following directives.
 hash-max-ziplist-entries 512
 hash-max-ziplist-value 64
 # Similarly to hashes, small lists are also encoded in a special way in order
 # to save a lot of space. The special representation is only used when
 # you are under the following limits:
 list-max-ziplist-entries 512
 list-max-ziplist-value 64
 # Sets have a special encoding in just one case: when a set is composed
 # of just strings that happens to be integers in radix 10 in the range
 # of 64 bit signed integers.
 # The following configuration setting sets the limit in the size of the
 # set in order to use this special memory saving encoding.
 set-max-intset-entries 512
 # Similarly to hashes and lists, sorted sets are also specially encoded in
 # order to save a lot of space. This encoding is only used when the length and
 # elements of a sorted set are below the following limits:
 zset-max-ziplist-entries 128
 zset-max-ziplist-value 64
 # Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
 # order to help rehashing the main Redis hash table (the one mapping top-level
 # keys to values). The hash table implementation Redis uses (see dict.c)
 # performs a lazy rehashing: the more operation you run into an hash table
 # that is rehashing, the more rehashing "steps" are performed, so if the
 # server is idle the rehashing is never complete and some more memory is used
 # by the hash table.
 # 
 # The default is to use this millisecond 10 times every second in order to
 # active rehashing the main dictionaries, freeing memory when possible.
 #
 # If unsure:
 # use "activerehashing no" if you have hard latency requirements and it is
 # not a good thing in your environment that Redis can reply form time to time
 # to queries with 2 milliseconds delay.
 #
 # use "activerehashing yes" if you don't have such hard requirements but
 # want to free memory asap when possible.
 activerehashing yes
 # The client output buffer limits can be used to force disconnection of clients
 # that are not reading data from the server fast enough for some reason (a
 # common reason is that a Pub/Sub client can't consume messages as fast as the
 # publisher can produce them).
 #
 # The limit can be set differently for the three different classes of clients:
 #
 # normal -> normal clients
 # slave  -> slave clients and MONITOR clients
 # pubsub -> clients subcribed to at least one pubsub channel or pattern
 #
 # The syntax of every client-output-buffer-limit directive is the following:
 #
 # client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
 #
 # A client is immediately disconnected once the hard limit is reached, or if
 # the soft limit is reached and remains reached for the specified number of
 # seconds (continuously).
 # So for instance if the hard limit is 32 megabytes and the soft limit is
 # 16 megabytes / 10 seconds, the client will get disconnected immediately
 # if the size of the output buffers reach 32 megabytes, but will also get
 # disconnected if the client reaches 16 megabytes and continuously overcomes
 # the limit for 10 seconds.
 #
 # By default normal clients are not limited because they don't receive data
 # without asking (in a push way), but just after a request, so only
 # asynchronous clients may create a scenario where data is requested faster
 # than it can read.
 #
 # Instead there is a default limit for pubsub and slave clients, since
 # subscribers and slaves receive data in a push fashion.
 #
 # Both the hard or the soft limit can be disabled just setting it to zero.
 client-output-buffer-limit normal 0 0 0
 client-output-buffer-limit slave 256mb 64mb 60
 client-output-buffer-limit pubsub 32mb 8mb 60
 ################################## INCLUDES ###################################
 # Include one or more other config files here.  This is useful if you
 # have a standard template that goes to all Redis server but also need
 # to customize a few per-server settings.  Include files can include
 # other files, so use this wisely.
 #
 # include /path/to/local.conf
 # include /path/to/other.conf
@@ -1,4 +1,14 @@
 <div class="center">
  <div class="big-frame">
    <h1>Your logging into</h1>
    @if (returnURL == '/'){
      <h2>https://auth.mistox.com</h2>
    } @else {
      <h2>{{ this.returnURL }}</h2>
    }
  </div>
  <form class="big-frame" #accountForm="ngForm" (ngSubmit)="onSubmit()">
    <h3>Login</h3>
@@ -35,6 +45,13 @@
        }
      </ul>
    }
  </form>
  @if (returnURL != '/') {
    <div class="big-frame" style="width: 600px;">
      <h1>WARNING</h1>
      <h2>By signing in you are giving the remote website access to your profile. They will not have access to your credentials but will have access to your account data.</h2>
    </div>
  }
 </div>
@@ -43,7 +43,7 @@ export class LoginComponent {
    }
    this.errorMsgs.push("Waiting for response from server");
-    this.http.post( "api/auth/login", { "UserName": this.UserName, "Password": this.Password, "StayLoggedIn": this.StayLoggedIn }, { responseType: 'text' } ).subscribe({
+    this.http.post( "api/auth/login", { "UserName": this.UserName, "Password": this.Password, "StayLoggedIn": this.StayLoggedIn, "Site": this.returnURL }, { responseType: 'text' } ).subscribe({
      next: data => {
        this.errorMsgs = [ "Login Token: " + data ];
        window.location.href = this.returnURL + "?LoginToken=" + data;
@@ -1,16 +0,0 @@
 .center {
    width: 100%;
    display: flex;
    justify-content: center;
 }
 .frame {
    background-color: #000;
    padding: 20px;
    margin: 20px 0;
    border-radius: 10px;
 }
 .center p {
    color: #FFF;
 }
@@ -1,5 +1,5 @@
 <div class="center">
-    <div class="frame">
+    <div class="big-frame text-frame">
        <p>Welcome to Mistox LLC. A project and hobby of Derek Holloway.</p>
        <br />
        <p>I am an indi-developer who has been making small projects since I was 13. I originally learned lua and spent 4 years mastering it. Then I moved onto C# which is my preferred language</p>
@@ -8,7 +8,6 @@ import { CommonModule } from '@angular/common';
@Component({
  selector: 'legal-about',
  templateUrl: './about.component.html',
    styleUrls: [ './about.component.css' ],
  imports: [ FormsModule, CommonModule ]
 })
 export class AboutComponent {
@@ -1,15 +0,0 @@
 .center {
    background-color: green;
 }
 .tile-frame {
    column-count: 4;
    column-gap: 20px;
    padding: 20px;
    width: calc(100% - 40px);
 }
 .tile{
    background-color: aqua;
    height: 40px;
 }
@@ -1,11 +1,5 @@
-<div class="tile-frame">
+<div class="center">
-
+    <div class="big-frame text-frame">
    <div class="tile">
    </div>
    <div class="tile">
    </div>
 </div>
@@ -8,7 +8,6 @@ import { CommonModule } from '@angular/common';
@Component({
  selector: 'legal-contact',
  templateUrl: './contact.component.html',
  styleUrls: [ './contact.component.css' ],
  imports: [ FormsModule, CommonModule ]
 })
 export class ContactComponent {
@@ -1,15 +0,0 @@
 .center {
    background-color: green;
 }
 .tile-frame {
    column-count: 4;
    column-gap: 20px;
    padding: 20px;
    width: calc(100% - 40px);
 }
 .tile{
    background-color: aqua;
    height: 40px;
 }
@@ -1,11 +1,5 @@
-<div class="tile-frame">
+<div class="center">
-
+    <div class="big-frame text-frame">
    <div class="tile">
    </div>
    <div class="tile">
    </div>
 </div>
@@ -8,7 +8,6 @@ import { CommonModule } from '@angular/common';
@Component({
  selector: 'legal-privacy',
  templateUrl: './privacy.component.html',
  styleUrls: [ './privacy.component.css' ],
  imports: [ FormsModule, CommonModule ]
 })
 export class PrivacyComponent {
@@ -1,26 +1,70 @@
 /* You can add global styles to this file, and also import other style files */
 :root {
-    --Mistox-Dark: #5e0c0c;
+    --mistox-bg-dark: oklch(0.92 0.065 264);
-    --Mistox-Medium: #890620;
+    --mistox-bg-medium: oklch(0.96 0.065 264);
-    --Mistox-Light: #B6465F;
+    --mistox-bg-light: oklch(1 0.065 264);
-    --Mistox-Bright: #FC440F;
+
-    --Mistox-Frame: #FF5A00CC;
+    --mistox-text: oklch(0.15 0.13 264);
-    --Mistox-Button: #ff9999;
+    --mistox-text-sub: oklch(0.4 0.13 264);
-    --Mistox-Button-Hover: #ff999977;
+
-    --Mistox-White: #FFF;
+    --mistox-border-light: oklch(1 0.13 264);
-    --Mistox-Black: #000;
+    --mistox-border: oklch(0.6 0.13 264);
-    --Mistox-Background: #ebebeb;
+    --mistox-border-dark: oklch(0.7 0.13 264);
    --mistox-button-text: oklch(1 0.00011 271.152);
    --mistox-button-primary: oklch(0.4 0.13 264);
    --mistox-button-primary-click: oklch(0.3 0.13 264);
    --mistox-button-secondary: oklch(0.4 0.13 84);
    --mistox-button-secondary-click: oklch(0.3 0.13 84);
    --mistox-alert-danger: oklch(0.5 0.13 30);
    --mistox-alert-warning: oklch(0.5 0.13 100);
    --mistox-alert-success: oklch(0.5 0.13 160);
    --mistox-alert-info: oklch(0.5 0.13 260);
    --mistox-shadow: 0px 2px 2px oklch(0 0 0 / 0.2), 0px 4px 4px oklch(0 0 0 / 0.1);
    font-family: Arial, Helvetica, sans-serif;
 }
@media (prefers-color-scheme: dark) {
    :root {
        --mistox-bg-dark: oklch(0.1 0.065 264);
        --mistox-bg-medium: oklch(0.15 0.065 264);
        --mistox-bg-light: oklch(0.2 0.065 264);
        --mistox-text: oklch(0.96 0.1 264);
        --mistox-text-sub: oklch(0.76 0.1 264);
        --mistox-border-light: oklch(0.5 0.13 264);
        --mistox-border: oklch(0.4 0.13 264);
        --mistox-border-dark: oklch(0.3 0.13 264);
        --mistox-button-text: oklch(0 0.00011 271.152);
        --mistox-button-primary: oklch(0.76 0.13 264);
        --mistox-button-secondary: oklch(0.76 0.13 84);
        --mistox-alert-danger: oklch(0.7 0.13 30);
        --mistox-alert-warning: oklch(0.7 0.13 100);
        --mistox-alert-success: oklch(0.7 0.13 160);
        --mistox-alert-info: oklch(0.7 0.13 260);
        --mistox-shadow: 0px 2px 2px oklch(0 0 0 / 0.2), 0px 4px 4px oklch(0 0 0 / 0.1);
        color: #fff;
        font-family: Arial, Helvetica, sans-serif;
    }
 }
 html {
    background-color: #000;
 }
 body {
-    background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='28' height='49' viewBox='0 0 28 49'%3E%3Cg fill-rule='evenodd'%3E%3Cg id='hexagons' fill='%23999999' fill-opacity='0.2' fill-rule='nonzero'%3E%3Cpath d='M13.99 9.25l13 7.5v15l-13 7.5L1 31.75v-15l12.99-7.5zM3 17.9v12.7l10.99 6.34 11-6.35V17.9l-11-6.34L3 17.9zM0 15l12.98-7.5V0h-2v6.35L0 12.69v2.3zm0 18.5L12.98 41v8h-2v-6.85L0 35.81v-2.3zM15 0v7.5L27.99 15H28v-2.31h-.01L17 6.35V0h-2zm0 49v-8l12.99-7.5H28v2.31h-.01L17 42.15V49h-2z'/%3E%3C/g%3E%3C/g%3E%3C/svg%3E");
+    background-color: var(--mistox-bg-medium);
    background-color: var(--Mistox-White);
 }
 /* Header / Footer */
@@ -30,7 +74,7 @@ body {
    width: 100%;
    height: 200px;
    /*background-color: var(--Mistox-Dark);*/
-    background: linear-gradient(to bottom, var(--Mistox-Dark) 50%, transparent 100%);
+    background: linear-gradient(to bottom, var(--mistox-bg-light) 50%, transparent 100%);
 }
 .top-bar-logo {
@@ -58,8 +102,8 @@ body {
    margin: 10px;
    text-align: center;
    padding: 15px 0;
-    background-color: var(--Mistox-Dark);
+    background-color: var(--mistox-button-primary);
-    color: var(--Mistox-White);
+    color: var(--mistox-button-text);
    text-decoration: none;
    font-size: 16px;
    text-transform: uppercase;
@@ -70,21 +114,8 @@ body {
 }
    .nav-button:hover {
-        background-color: var(--Mistox-Medium);
+        background-color: var(--mistox-button-primary-click);
-        box-shadow: 4px 3px 6px var(--Mistox-Black);
+        box-shadow: 4px 3px 6px var(--mistox-shadow);
    }
    .nav-button:active {
        transform: translate( 4px, 2px );
        background-color: var(--Mistox-Dark);
        border: none;
        color: var(--Mistox-White);
        box-shadow: none;
    }
    .active {
        background-color: var(--Mistox-Light);
        color: var(--Mistox-Frame);
    }
 .content {
@@ -96,7 +127,7 @@ body {
    display: flex;
    width: 100%;
    height: 100px;
-    background: linear-gradient(to top, var(--Mistox-Dark) 50%, transparent 100%);
+    background: linear-gradient(to top, var(--mistox-bg-dark) 50%, transparent 100%);
 }
 .bottom-bar-logo {
@@ -130,11 +161,11 @@ body {
 .bottom-bar-float {
    align-items: end;
-    color: var(--Mistox-White);
+    color: var(--mistox-text);
 }
 .bottom-bar-padding {
-    color: var(--Mistox-White);
+    color: var(--mistox-text);
    margin: 15px;
 }
@@ -144,6 +175,7 @@ body {
    display: flex;
    justify-content: center;
    align-items: center;
    flex-direction: column;
    min-height: calc(100vh - 300px);
 }
@@ -164,23 +196,24 @@ body {
    width: auto !important;
 }
-.background-border {
+.big-frame {
-    border: var(--Mistox-Background) 2px solid;
+    background-color: var(--mistox-bg-light);
-    border-radius: 6px;
+    padding: 4px 20px;
    width: 400px;
    color: var(--mistox-text);
    border: 1px solid var(--mistox-border);
    break-inside: avoid;
    border-radius: 5px;
    margin: 10px;
 }
-.big-frame {
+.big-frame h1{
-    background-color: var(--Mistox-Background);
+    text-align: center;
    padding: 4px;
    width: 400px;
    color: var(--Mistox-Black);
    border: 1px solid var(--Mistox-Black);
    break-inside: avoid;
 }
 .big-frame h3{
    margin: 15px 0 30px 0;
-    color: var(--Mistox-Black);
+    color: var(--mistox-text);
    text-align: center;
 }
@@ -190,7 +223,11 @@ body {
    margin: 0;
    top: -20px;
    font-size: 15px;
-    color: var(--Mistox-Bright);
+    color: var(--mistox-alert-danger);
 }
 .big-frame p{
    color: var(--mistox-text-sub);
 }
 .frame-button {
@@ -201,7 +238,7 @@ body {
    position: relative;
    padding: 10px 0;
    font-size: 16px;
-    color: var(--Mistox-Black);
+    color: var(--mistox-text);
    pointer-events: none;
    transition: .5s;
    top: -70px;
@@ -216,10 +253,10 @@ body {
        margin: 0 20px;
        padding: 10px 0;
        font-size: 15px;
-        color: var(--Mistox-Black);
+        color: var(--mistox-text);
        margin-bottom: 30px;
        border: none;
-        border-bottom: 1px solid var(--Mistox-Black);
+        border-bottom: 1px solid var(--mistox-text);
        outline: none;
        background: transparent;
    }
@@ -228,32 +265,7 @@ body {
    .big-frame .frame-item input:not(:placeholder-shown) ~ label {
        top: -95px;
        left: 10px;
-        color: var(--Mistox-Light);
+        color: var(--mistox-alert-info);
        font-size: 12px;
    }
    .big-frame .frame-item textarea:autofill,
    .big-frame .frame-item textarea:-webkit-autofill,
    .big-frame .frame-item textarea {
        position: relative;
        width: calc(100% - 40px);
        margin: 0 20px;
        padding: 10px 0;
        font-size: 15px;
        color: var(--Mistox-White);
        margin-bottom: 30px;
        border: none;
        border-bottom: 1px solid var(--Mistox-Black);
        outline: none;
        background: transparent;
        height: 80px;
    }
    .big-frame .frame-item textarea:focus ~ label,
    .big-frame .frame-item textarea:not(:placeholder-shown) ~ label {
        top: -150px;
        left: 10px;
        color: var(--Mistox-Light);
        font-size: 12px;
    }
@@ -271,45 +283,18 @@ body {
    .sub-frame a {
        text-decoration: none;
-        color: #00F;
+        color: var(--mistox-alert-info);
    }
    .sub-frame a :hover {
        color: var(--Mistox-Bright);
    }
 .img-frame {
    width: 610px;
 }
 .image-holder{
    float: left;
    border: 1px solid var(--Mistox-Black);
    width: fit-content;
    border-radius: 6px;
 }
 .delete-button {
    position: absolute;
    width: 20px;
    height: 20px;
    text-align: center;
    color: #000;
    background-color: red;
    border: none;
    border-radius: 4px;
    transform: translate(180px, 0);
 }
    .delete-button:hover{
        background-color: #890620;
    }
 .submit{
    position: relative;
    padding: 10px 20px;
-    color: var(--Mistox-Black);
+    color: var(--mistox-button-text);
-    background-color: var(--Mistox-Background);
+    background-color: var(--mistox-button-secondary);
    font-size: 16px;
    text-decoration: none;
    text-transform: uppercase;
@@ -318,20 +303,14 @@ body {
    letter-spacing: 4px;
    margin: auto;
    border-radius: 5px;
-    border: solid 1px var(--Mistox-Black);
+    border: solid 1px var(--mistox-border-light);
 }
    .submit:hover {
-        box-shadow: 4px 3px 6px var(--Mistox-Dark);
+        box-shadow: 4px 3px 6px var(--mistox-button-secondary-click);
    }
    .submit:active {
        transform: translate( 4px, 2px );
        border: none;
        box-shadow: none;
    }
 ul {
    list-style: none;
-    color: var(--Mistox-Bright);
+    color: var(--mistox-text);
 }
@@ -52,15 +52,19 @@ namespace Auth.Controllers {
                            test.CurrentPasswordAttempts = 0;
                            await _databaseService.SetAccount(test);
                            if (request.Site == "/") {
                                SignIn(Response, AuthJWT.GenereateJWTToken(test, request.Site, request.StayLoggedIn));
                                return Ok();
                            } else {
                                string Ticket = Guid.NewGuid().ToString().Replace("-", "");
-                            string JWT = AuthJWT.GenereateJWTToken(test, request.StayLoggedIn);
+                                string JWT = AuthJWT.GenereateJWTToken(test, request.Site, request.StayLoggedIn);
                                AuthJWT.LoginSessions[Ticket] = new JWTMemCache {
                                    JWT = JWT,
-                                ExpiresAt = DateTime.UtcNow.AddSeconds(30)
+                                    ExpiresAt = DateTime.UtcNow.AddSeconds(20)
                                };
                            SignIn(Response, JWT);
                                return Ok(Ticket);
                            }
                        } else {
                            test.CurrentPasswordAttempts += 1;
                            await _databaseService.SetAccount(test);
@@ -0,0 +1,46 @@
 using Microsoft.AspNetCore.Mvc;
 using System.Web.Http;
 using StackExchange.Redis;
 using Auth.Services.DatabaseService;
 using Auth.Services;
 using Auth.Entities;
 namespace Auth.Controllers {
    [ApiController]
    [Route("api/db/")]
    public class RedisController : MistoxControllerBase {
        private readonly ConnectionMultiplexer _redis;
        private readonly IDatabase _redisdb;
        public RedisController(DatabaseService db) : base(db) {
            _redis = ConnectionMultiplexer.Connect("auth-redis:6379");
            _redisdb = _redis.GetDatabase();
        }
        [Route("get")]
        [HttpPost]
        public async Task<ActionResult<string>> Get([FromBody]string JWT, [FromQuery]string key) {
            Account? account = AuthJWT.ValidateJWTToken(JWT);
            if (account != null) {
                RedisValue result = await _redisdb.StringGetAsync( account.ID + account.Site + key );
                return Ok(result.ToString());
            } else {
                return BadRequest("JWT Not Valid");
            }
        }
        [Route("set")]
        [HttpPost]
        public async Task<ActionResult> Set([FromBody]string JWT, [FromQuery]string key, [FromQuery]string value) {
            Account? account = AuthJWT.ValidateJWTToken(JWT);
            if (account != null) {
                await _redisdb.StringSetAsync( account.ID + account.Site + key, value );
                return Ok();
            } else {
                return BadRequest("JWT Not Valid");
            }
        }
    }
 }
@@ -3,6 +3,7 @@ namespace Auth.DTO {
    public class LoginRequest {
        public string UserName { get; set; } = "";
        public string Password { get; set; } = "";
        public string Site { get; set; } = "";
        public bool StayLoggedIn { get; set; }
    }
@@ -14,5 +14,6 @@ namespace Auth.Entities {
        public string PasswordToken { get; set; } = "";
        public DateTime PasswordTokenCreated { get; set; }
        public string DataServer { get; set; } = "";
        public string Site { get; set; } = "";
    }
 }
@@ -1,10 +1,6 @@
 using Auth.Services;
 using Auth.Services.DatabaseService;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
 using System.Text;
 var builder = WebApplication.CreateBuilder(args);
@@ -73,9 +69,19 @@ builder.Services.AddAuthentication(options => {
    };
 });
-builder.Services.AddCors(o => o.AddDefaultPolicy(builder => {
+List<string> allowedOrigins = new List<string>{ "https://auth.mistox.com" };
-    builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();     // No CORS
+if (builder.Environment.IsDevelopment()) {
-}));
+    allowedOrigins.Add("http://localhost:5000");
 }
 builder.Services.AddCors(options => {
    options.AddDefaultPolicy(policy => {
        policy.WithOrigins(allowedOrigins.ToArray())
              .AllowAnyHeader()
              .AllowAnyMethod()
              .AllowCredentials();
    });
 });
 // Pages Service
 builder.Services.AddControllers();
@@ -12,6 +12,7 @@
    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="9.0.3" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.3" />
 	  <PackageReference Include="Microsoft.AspNetCore.Mvc.WebApiCompatShim" Version="2.3.0" />
 	  <PackageReference Include="StackExchange.Redis" Version="2.9.11" />
    <PackageReference Include="System.Net.Http" Version="4.3.4" />
    <PackageReference Include="BCrypt.Net-Next" Version="4.0.3" />
    <PackageReference Include="MySql.Data" Version="9.2.0" />
@@ -25,7 +25,7 @@ namespace Auth.Services {
            ClockSkew = TimeSpan.FromMinutes(1)
        };
-        public static string GenereateJWTToken(Account account, bool StayLoggedIn) {
+        public static string GenereateJWTToken(Account account, string RequestedSite, bool StayLoggedIn) {
            JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
            SecurityTokenDescriptor tokenDiscriptor = new SecurityTokenDescriptor {
                Subject = new ClaimsIdentity([
@@ -34,6 +34,7 @@ namespace Auth.Services {
                    new Claim(ClaimTypes.Email, account.Email),
                    new Claim(ClaimTypes.Role, account.Role),
                    new Claim(ClaimTypes.UserData, account.DataServer),
                    new Claim(ClaimTypes.Dns, RequestedSite),
                    new Claim(ClaimTypes.IsPersistent, StayLoggedIn.ToString()),
                ]),
                Expires = DateTime.UtcNow.AddDays(7),
@@ -47,14 +48,33 @@ namespace Auth.Services {
            return tokenHandler.WriteToken(token);
        }
        public static Account? ValidateJWTToken(string Token) {
            try {
                JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
                ClaimsPrincipal principal = tokenHandler.ValidateToken( Token, TokenParameters, out SecurityToken validatedToken );
                return new Account {
                    ID = Convert.ToInt32(principal.FindFirstValue(ClaimTypes.NameIdentifier)),
                    UserName = principal.FindFirstValue(ClaimTypes.Name)!,
                    Email = principal.FindFirstValue(ClaimTypes.Email)!,
                    Role = principal.FindFirstValue(ClaimTypes.Role)!,
                    DataServer = principal.FindFirstValue(ClaimTypes.UserData)!,
                    Site = principal.FindFirstValue(ClaimTypes.Dns)!
                };
            } catch (Exception) {
                return null;
            }
        }
        public static string RenewJWTToken(ClaimsPrincipal principal) {
            return GenereateJWTToken(new Account {
-                ID = Convert.ToInt32(principal.FindFirst(ClaimTypes.NameIdentifier)!.Value),
+                ID = Convert.ToInt32(principal.FindFirstValue(ClaimTypes.NameIdentifier)),
-                UserName = principal.FindFirst(ClaimTypes.Name)!.Value,
+                UserName = principal.FindFirstValue(ClaimTypes.Name)!,
-                Email = principal.FindFirst(ClaimTypes.Email)!.Value,
+                Email = principal.FindFirstValue(ClaimTypes.Email)!,
-                Role = principal.FindFirst(ClaimTypes.Role)!.Value,
+                Role = principal.FindFirstValue(ClaimTypes.Role)!,
-                DataServer = principal.FindFirst(ClaimTypes.UserData)!.Value
+                DataServer = principal.FindFirstValue(ClaimTypes.UserData)!
-            }, Convert.ToBoolean(principal.FindFirst(ClaimTypes.IsPersistent)!.Value));
+            },
            principal.FindFirstValue(ClaimTypes.Dns)!,
            Convert.ToBoolean(principal.FindFirstValue(ClaimTypes.IsPersistent)!));
        }
        public static RsaSecurityKey LoadRSAKey(string KeyPath) {
Author	SHA1	Message	Date
derek	ddd1685764	Update expire on JWT to be official lease Docker Build and Release Upload / build (push) Successful in 1m22s Details	2025-09-22 19:02:49 -07:00
derek	3fcfca40a8	Low numbers to test autorenew Docker Build and Release Upload / build (push) Successful in 1m22s Details	2025-09-22 18:31:07 -07:00
derek	56e2391204	Update inputs for key/value controller Docker Build and Release Upload / build (push) Successful in 1m27s Details	2025-09-09 22:04:28 -07:00
derek	12eaaadaef	Update for USER + SITE + Key = Value Docker Build and Release Upload / build (push) Waiting to run Details	2025-09-09 21:59:12 -07:00
derek	0bdc90f054	Fix login issue when on same site Docker Build and Release Upload / build (push) Has been cancelled Details	2025-09-09 21:58:08 -07:00
derek	f1222b4ec6	Update key store to validate account and site Docker Build and Release Upload / build (push) Successful in 1m24s Details	2025-09-09 21:47:34 -07:00
derek	0e16bee869	update server related stuff Docker Build and Release Upload / build (push) Successful in 1m22s Details	2025-09-09 20:25:29 -07:00
derek	b7315b750e	fix bad port Docker Build and Release Upload / build (push) Successful in 1m23s Details	2025-09-09 20:16:09 -07:00
derek	42caa7ce2d	update redis location Docker Build and Release Upload / build (push) Successful in 1m57s Details	2025-09-09 20:07:48 -07:00
derek	e9973ac07f	Add start to the key value store Docker Build and Release Upload / build (push) Successful in 1m23s Details	2025-09-09 19:49:26 -07:00
derek	95636d98e3	Update styles Docker Build and Release Upload / build (push) Successful in 1m27s Details	2025-09-09 19:31:34 -07:00
derek	7b99e76946	Warn for external site permissions	2025-09-09 19:25:19 -07:00
derek	51056c2ea5	Dont log into local site when only signing into external site	2025-09-09 19:24:53 -07:00