Initial

LightlessSyncServer/LightlessSyncShared/RequirementHandlers/ExistingUserRequirement.cs

@@ -0,0 +1,5 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace LightlessSyncShared.RequirementHandlers;
+
+public class ExistingUserRequirement : IAuthorizationRequirement { }

LightlessSyncServer/LightlessSyncShared/RequirementHandlers/ExistingUserRequirementHandler.cs

@@ -0,0 +1,84 @@
+using LightlessSyncShared.Data;
+using LightlessSyncShared.Utils;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Logging;
+using System.Collections.Concurrent;
+
+namespace LightlessSyncShared.RequirementHandlers;
+public class ExistingUserRequirementHandler : AuthorizationHandler<ExistingUserRequirement>
+{
+    private readonly IDbContextFactory<LightlessDbContext> _dbContextFactory;
+    private readonly ILogger<ExistingUserRequirementHandler> _logger;
+    private readonly static ConcurrentDictionary<string, (bool Exists, DateTime LastCheck)> _existingUserDict = [];
+    private readonly static ConcurrentDictionary<ulong, (bool Exists, DateTime LastCheck)> _existingDiscordDict = [];
+
+    public ExistingUserRequirementHandler(IDbContextFactory<LightlessDbContext> dbContext, ILogger<ExistingUserRequirementHandler> logger)
+    {
+        _dbContextFactory = dbContext;
+        _logger = logger;
+    }
+
+    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, ExistingUserRequirement requirement)
+    {
+        try
+        {
+            var uid = context.User.Claims.SingleOrDefault(g => string.Equals(g.Type, LightlessClaimTypes.Uid, StringComparison.Ordinal))?.Value;
+            if (uid == null)
+            {
+                context.Fail();
+                _logger.LogWarning("Failed to find UID in claims");
+                return;
+            }
+
+            var discordIdString = context.User.Claims.SingleOrDefault(g => string.Equals(g.Type, LightlessClaimTypes.DiscordId, StringComparison.Ordinal))?.Value;
+            if (discordIdString == null)
+            {
+                context.Fail();
+                _logger.LogWarning("Failed to find DiscordId in claims");
+                return;
+            }
+            if (!ulong.TryParse(discordIdString, out ulong discordId))
+            {
+                _logger.LogWarning("Failed to parse DiscordId");
+                context.Fail();
+                return;
+            }
+
+            using var dbContext = await _dbContextFactory.CreateDbContextAsync().ConfigureAwait(false);
+
+            if (!_existingUserDict.TryGetValue(uid, out (bool Exists, DateTime LastCheck) existingUser)
+                || DateTime.UtcNow.Subtract(existingUser.LastCheck).TotalHours > 1)
+            {
+                var userExists = await dbContext.Users.SingleOrDefaultAsync(context => context.UID == uid).ConfigureAwait(false) != null;
+                _existingUserDict[uid] = existingUser = (userExists, DateTime.UtcNow);
+            }
+            if (!existingUser.Exists)
+            {
+                _logger.LogWarning("Failed to find Lightless User {User} in DB", uid);
+                context.Fail();
+                return;
+            }
+
+            if (!_existingDiscordDict.TryGetValue(discordId, out (bool Exists, DateTime LastCheck) existingDiscordUser)
+                || DateTime.UtcNow.Subtract(existingDiscordUser.LastCheck).TotalHours > 1)
+            {
+                var discordUserExists = await dbContext.LodeStoneAuth.AsNoTracking().SingleOrDefaultAsync(b => b.DiscordId == discordId).ConfigureAwait(false) != null;
+                _existingDiscordDict[discordId] = existingDiscordUser = (discordUserExists, DateTime.UtcNow);
+            }
+
+            if (!existingDiscordUser.Exists)
+            {
+                _logger.LogWarning("Failed to find Discord User {User} in DB", discordId);
+                context.Fail();
+                return;
+            }
+
+            context.Succeed(requirement);
+        }
+        catch (Exception e)
+        {
+            _logger.LogWarning(e, "ExistingUserRequirementHandler failed");
+        }
+    }
+}

LightlessSyncServer/LightlessSyncShared/RequirementHandlers/RedisDbUserRequirementHandler.cs

@@ -0,0 +1,54 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.SignalR;
+using LightlessSyncShared.Data;
+using Microsoft.EntityFrameworkCore;
+using LightlessSyncShared.Utils;
+using StackExchange.Redis;
+using Microsoft.Extensions.Logging;
+
+namespace LightlessSyncShared.RequirementHandlers;
+
+public class RedisDbUserRequirementHandler : AuthorizationHandler<UserRequirement, HubInvocationContext>
+{
+    private readonly IDbContextFactory<LightlessDbContext> _dbContextFactory;
+    private readonly ILogger<RedisDbUserRequirementHandler> _logger;
+    private readonly IDatabase _redis;
+
+    public RedisDbUserRequirementHandler(IDbContextFactory<LightlessDbContext> dbContextFactory, ILogger<RedisDbUserRequirementHandler> logger, IDatabase redisDb)
+    {
+        _dbContextFactory = dbContextFactory;
+        _logger = logger;
+        _redis = redisDb;
+    }
+
+    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, UserRequirement requirement, HubInvocationContext resource)
+    {
+        var uid = context.User.Claims.SingleOrDefault(g => string.Equals(g.Type, LightlessClaimTypes.Uid, StringComparison.Ordinal))?.Value;
+
+        if (uid == null) context.Fail();
+
+        if ((requirement.Requirements & UserRequirements.Identified) is UserRequirements.Identified)
+        {
+            var ident = await _redis.StringGetAsync("UID:" + uid).ConfigureAwait(false);
+            if (ident == RedisValue.EmptyString) context.Fail();
+        }
+
+        if ((requirement.Requirements & UserRequirements.Administrator) is UserRequirements.Administrator)
+        {
+            using var dbContext = await _dbContextFactory.CreateDbContextAsync().ConfigureAwait(false);
+            var user = await dbContext.Users.AsNoTracking().SingleOrDefaultAsync(b => b.UID == uid).ConfigureAwait(false);
+            if (user == null || !user.IsAdmin) context.Fail();
+            _logger.LogInformation("Admin {uid} authenticated", uid);
+        }
+
+        if ((requirement.Requirements & UserRequirements.Moderator) is UserRequirements.Moderator)
+        {
+            using var dbContext = await _dbContextFactory.CreateDbContextAsync().ConfigureAwait(false);
+            var user = await dbContext.Users.AsNoTracking().SingleOrDefaultAsync(b => b.UID == uid).ConfigureAwait(false);
+            if (user == null || !user.IsAdmin && !user.IsModerator) context.Fail();
+            _logger.LogInformation("Admin/Moderator {uid} authenticated", uid);
+        }
+
+        context.Succeed(requirement);
+    }
+}

LightlessSyncServer/LightlessSyncShared/RequirementHandlers/UserRequirement.cs

@@ -0,0 +1,13 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace LightlessSyncShared.RequirementHandlers;
+
+public class UserRequirement : IAuthorizationRequirement
+{
+    public UserRequirement(UserRequirements requirements)
+    {
+        Requirements = requirements;
+    }
+
+    public UserRequirements Requirements { get; }
+}

LightlessSyncServer/LightlessSyncShared/RequirementHandlers/UserRequirementHandler.cs

@@ -0,0 +1,75 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.SignalR;
+using LightlessSyncShared.Data;
+using Microsoft.EntityFrameworkCore;
+using LightlessSyncShared.Utils;
+using StackExchange.Redis;
+using StackExchange.Redis.Extensions.Core.Abstractions;
+using Microsoft.Extensions.Logging;
+
+namespace LightlessSyncShared.RequirementHandlers;
+
+public class UserRequirementHandler : AuthorizationHandler<UserRequirement, HubInvocationContext>
+{
+    private readonly IDbContextFactory<LightlessDbContext> _dbContextFactory;
+    private readonly ILogger<UserRequirementHandler> _logger;
+    private readonly IRedisDatabase _redis;
+
+    public UserRequirementHandler(IDbContextFactory<LightlessDbContext> dbContextFactory, ILogger<UserRequirementHandler> logger, IRedisDatabase redisDb)
+    {
+        _dbContextFactory = dbContextFactory;
+        _logger = logger;
+        _redis = redisDb;
+    }
+
+    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, UserRequirement requirement, HubInvocationContext resource)
+    {
+        var uid = context.User.Claims.SingleOrDefault(g => string.Equals(g.Type, LightlessClaimTypes.Uid, StringComparison.Ordinal))?.Value;
+
+        if (uid == null)
+        {
+            context.Fail();
+            _logger.LogWarning("No user UID found in claims");
+            return;
+        }
+
+        if ((requirement.Requirements & UserRequirements.Identified) is UserRequirements.Identified)
+        {
+            var ident = await _redis.GetAsync<string>("UID:" + uid).ConfigureAwait(false);
+            if (ident == RedisValue.EmptyString)
+            {
+                context.Fail();
+                _logger.LogWarning("User {uid} not online", uid);
+                return;
+            }
+        }
+
+        if ((requirement.Requirements & UserRequirements.Administrator) is UserRequirements.Administrator)
+        {
+            using var dbContext = await _dbContextFactory.CreateDbContextAsync().ConfigureAwait(false);
+            var user = await dbContext.Users.AsNoTracking().SingleOrDefaultAsync(b => b.UID == uid).ConfigureAwait(false);
+            if (user == null || !user.IsAdmin)
+            {
+                context.Fail();
+                _logger.LogWarning("Admin request for {uid} unauthenticated", uid);
+                return;
+            }
+            _logger.LogInformation("Admin {uid} authenticated", uid);
+        }
+
+        if ((requirement.Requirements & UserRequirements.Moderator) is UserRequirements.Moderator)
+        {
+            using var dbContext = await _dbContextFactory.CreateDbContextAsync().ConfigureAwait(false);
+            var user = await dbContext.Users.AsNoTracking().SingleOrDefaultAsync(b => b.UID == uid).ConfigureAwait(false);
+            if (user == null || !user.IsAdmin && !user.IsModerator)
+            {
+                context.Fail();
+                _logger.LogWarning("Admin/Moderator for {uid} unauthenticated", uid);
+                return;
+            }
+            _logger.LogInformation("Admin/Moderator {uid} authenticated", uid);
+        }
+
+        context.Succeed(requirement);
+    }
+}

LightlessSyncServer/LightlessSyncShared/RequirementHandlers/UserRequirements.cs

@@ -0,0 +1,8 @@
+namespace LightlessSyncShared.RequirementHandlers;
+
+public enum UserRequirements
+{
+    Identified = 0b00000001,
+    Moderator = 0b00000010,
+    Administrator = 0b00000100,
+}

LightlessSyncServer/LightlessSyncShared/RequirementHandlers/ValidTokenHubRequirementHandler.cs

@@ -0,0 +1,54 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.SignalR;
+using LightlessSyncShared.Utils;
+using System.Globalization;
+
+namespace LightlessSyncShared.RequirementHandlers;
+
+public class ValidTokenRequirementHandler : AuthorizationHandler<ValidTokenRequirement>
+{
+    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ValidTokenRequirement requirement)
+    {
+        var expirationClaimValue = context.User.Claims.SingleOrDefault(r => string.Equals(r.Type, LightlessClaimTypes.Expires, StringComparison.Ordinal));
+        if (expirationClaimValue == null)
+        {
+            context.Fail();
+            return Task.CompletedTask;
+        }
+
+        DateTime expirationDate = new(long.Parse(expirationClaimValue.Value, CultureInfo.InvariantCulture), DateTimeKind.Utc);
+        if (expirationDate < DateTime.UtcNow)
+        {
+            context.Fail();
+            return Task.CompletedTask;
+        }
+
+        context.Succeed(requirement);
+
+        return Task.CompletedTask;
+    }
+}
+
+public class ValidTokenHubRequirementHandler : AuthorizationHandler<ValidTokenRequirement, HubInvocationContext>
+{
+    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ValidTokenRequirement requirement, HubInvocationContext resource)
+    {
+        var expirationClaimValue = context.User.Claims.SingleOrDefault(r => string.Equals(r.Type, LightlessClaimTypes.Expires, StringComparison.Ordinal));
+        if (expirationClaimValue == null)
+        {
+            context.Fail();
+            return Task.CompletedTask;
+        }
+
+        DateTime expirationDate = new(long.Parse(expirationClaimValue.Value, CultureInfo.InvariantCulture), DateTimeKind.Utc);
+        if (expirationDate < DateTime.UtcNow)
+        {
+            context.Fail();
+            return Task.CompletedTask;
+        }
+
+        context.Succeed(requirement);
+
+        return Task.CompletedTask;
+    }
+}

LightlessSyncServer/LightlessSyncShared/RequirementHandlers/ValidTokenRequirement.cs

@@ -0,0 +1,5 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace LightlessSyncShared.RequirementHandlers;
+
+public class ValidTokenRequirement : IAuthorizationRequirement { }