working #43
@@ -1,6 +1,5 @@
|
||||
Server:
|
||||
Auth:
|
||||
Make sure autorenew works
|
||||
Make sure rate limiting isnt being broken by cloudflare
|
||||
|
||||
Auth-Key-Value-Storage:
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
namespace BoredCareers.Entities {
|
||||
public class JWTRenewRequest {
|
||||
public string JWT { get; set; } = "";
|
||||
}
|
||||
}
|
||||
+23
-15
@@ -9,6 +9,7 @@ using Microsoft.IdentityModel.Tokens;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Cryptography;
|
||||
using BoredCareers.Services.TimerService;
|
||||
using BoredCareers.Entities;
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
|
||||
@@ -110,6 +111,7 @@ using (HttpClient client = new HttpClient()) {
|
||||
Console.WriteLine("PublicKey loaded");
|
||||
}
|
||||
|
||||
// Pull JWT out of cookie for auth
|
||||
builder.Services.AddAuthentication(options => {
|
||||
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
@@ -196,28 +198,34 @@ app.UseRouting();
|
||||
|
||||
app.UseAuthentication();
|
||||
|
||||
// Autorenew JWT about to expire
|
||||
app.Use(async (context, next) =>{
|
||||
ClaimsPrincipal user = context.User;
|
||||
if (user.Identity?.IsAuthenticated == true) {
|
||||
string? token = context.Request.Cookies["mistox_session"];
|
||||
Claim? expClaim = user.FindFirst(JwtRegisteredClaimNames.Exp);
|
||||
if (expClaim != null && long.TryParse(expClaim.Value, out long expUnix)) {
|
||||
DateTimeOffset expTime = DateTimeOffset.FromUnixTimeSeconds(expUnix);
|
||||
if ((expTime - DateTimeOffset.UtcNow) < TimeSpan.FromMinutes(2)) {
|
||||
IHttpClientFactory clientFactory = context.RequestServices.GetRequiredService<IHttpClientFactory>();
|
||||
HttpClient client = clientFactory.CreateClient();
|
||||
HttpResponseMessage response = await client.PostAsync("https://auth.mistox.com/api/auth/renew", new StringContent(token));
|
||||
if (response.IsSuccessStatusCode) {
|
||||
string newJwt = await response.Content.ReadAsStringAsync();
|
||||
context.Response.Cookies.Append("mistox_session", newJwt, new CookieOptions {
|
||||
HttpOnly = true,
|
||||
Secure = true,
|
||||
SameSite = SameSiteMode.Strict,
|
||||
Expires = DateTimeOffset.UtcNow.AddYears(1)
|
||||
});
|
||||
Claim? staySignedIn = user.FindFirst(ClaimTypes.IsPersistent);
|
||||
if (staySignedIn != null && bool.TryParse(staySignedIn.Value, out bool sli) && sli == true) {
|
||||
Claim? expClaim = user.FindFirst(ClaimTypes.Expiration);
|
||||
if (expClaim != null && long.TryParse(expClaim.Value, out long expUnix)) {
|
||||
DateTimeOffset expTime = DateTimeOffset.FromUnixTimeSeconds(expUnix);
|
||||
if ((expTime - DateTimeOffset.UtcNow) < TimeSpan.FromDays(3)) {
|
||||
using (HttpClient client = new HttpClient()) {
|
||||
HttpResponseMessage response = await client.PostAsJsonAsync("https://auth.mistox.com/api/auth/renew", new JWTRenewRequest() { JWT = token });
|
||||
if (response.IsSuccessStatusCode) {
|
||||
string newJwt = await response.Content.ReadAsStringAsync();
|
||||
context.Response.Cookies.Append("mistox_session", newJwt, new CookieOptions {
|
||||
HttpOnly = true,
|
||||
Secure = true,
|
||||
SameSite = SameSiteMode.Strict,
|
||||
Expires = DateTimeOffset.UtcNow.AddYears(3)
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
context.Response.Cookies.Delete("mistox_session");
|
||||
}
|
||||
|
||||
await next();
|
||||
|
||||
Reference in New Issue
Block a user