public string GetAccessToken(Guid applicationId, string session) { var model = AuthorizationUserInfo.Create(session, applicationId); return(EncryptionTools.AesEncrypt(model.ToString(), Settings.AesSecretKey)); }
public static bool AuthenticateByToken(RequestContext requestContext, IApplicationService appService, out AuthorizationUserInfo authAppInfo, out Application app) { authAppInfo = null; app = null; var authToken = GetTokenFromAuthorizationHeader(requestContext.HttpContext.Request); if (string.IsNullOrWhiteSpace(authToken)) { return(false); } TokenAuthenticationInfo info = null; try { var infoJson = Encoding.UTF8.GetString(Convert.FromBase64String(authToken.Trim())); info = JsonConvert.DeserializeObject <TokenAuthenticationInfo>(infoJson); } catch { // ignore } if (string.IsNullOrWhiteSpace(info?.AppToken)) { throw new ChalkableSecurityException("Invalid auth token"); } var ts = ChalkableAuthorization.DateTimeToUnixTimestamp(DateTime.UtcNow.AddMinutes(-5)); if (ts > info.Timestamp) { throw new ChalkableSecurityException("Auth token has expired"); } try { var authInfo = EncryptionTools.AesDecrypt(info.AppToken, Chalkable.Common.Settings.AesSecretKey); authAppInfo = AuthorizationUserInfo.FromString(authInfo); } catch (Exception) { throw new ChalkableSecurityException("Invalid auth app token"); } app = appService.GetApplicationById(authAppInfo.ApplicationId); if (app == null) { throw new ChalkableSecurityException("Invalid auth app token"); } var hash = ChalkableAuthorization.ComputeSignature(requestContext.HttpContext.Request.HttpMethod, requestContext.HttpContext.Request.Url , requestContext.HttpContext.Request.ContentLength, info.Timestamp, info.AppToken, app.SecretKey); if (string.CompareOrdinal(hash, info.Signature) != 0) { throw new ChalkableSecurityException("Auth token has invalid signature"); } return(true); }