public KeyStore Sign(KeyUsage usage, int quota, AccountData account, DateTime from, DateTime to)
{
var key = new byte[GlobalConfig.TOKEN_LENGTH];
_cryptoRandom.GetBytes(key);
if (usage.Usage == 0)
{
throw new InvalidOperationException("Key Usage Not Recorded");
}
//var keyStore = _context.KeyStore.CreateProxy();
var keyStore = new KeyStore();
{
keyStore.Key = key;
keyStore.HoldingAccountNavigation = account;
keyStore.ValidFrom = from;
keyStore.ValidUntil = to;
keyStore.LastActive = _time.UtcNow;
keyStore.UsageNavigation = usage;
keyStore.ReuseCounter = -1;
keyStore.Quota = quota;
};
_context.KeyStore.Add(keyStore);
_context.SaveChanges();
_auth.EnsureKey(keyStore, usage, GlobalOperation.GENERATE_APIKEY, 0, "Sign New Key", "N/A");
return(keyStore);
}
public ActionResult <MilvanethProtocol> SessionCreate(MilvanethProtocol data)
{
if (!(data?.Data is AuthRequest request) || !request.Check())
{
return(new MilvanethProtocol
{
Context = null,
Data = new AuthResponse
{
Message = GlobalMessage.DATA_INVALID_INPUT,
ReportTime = _time.SafeNow,
}
});
}
try
{
var key = _context.KeyStore
.Include(x => x.HoldingAccountNavigation)
.ThenInclude(x => x.PrivilegeLevelNavigation)
.Include(x => x.UsageNavigation)
.Single(x => x.Key.SequenceEqual(request.AuthToken));
_auth.EnsureKey(key, new KeyUsage {
CreateSession = true
}, GlobalOperation.SESSION_CREATE, 0, "Create session via session/create",
_accessor.GetIp());
var account = key.HoldingAccountNavigation;
_auth.EnsureAccount(account, new PrivilegeConfig {
AccessData = true
}, GlobalOperation.SESSION_CREATE, 0,
"Create session via session/create", _accessor.GetIp());
var renew = _api.Sign(_renewToken, 1, account, _time.UtcNow,
_time.UtcNow.AddSeconds(GlobalConfig.TOKEN_RENEW_LIFE_TIME));
var access = _token.Sign(new TokenPayload(_time.UtcNow.AddSeconds(GlobalConfig.TOKEN_DATA_LIFE_TIME),
account.AccountId, TokenPurpose.AccessToken, renew.KeyId));
_context.SaveChanges();
return(new MilvanethProtocol
{
Context = null,
Data = new AuthResponse
{
Message = GlobalMessage.OK_SUCCESS,
ReportTime = _time.SafeNow,
RenewToken = renew.Key,
SessionToken = access
}
});
}
catch (Exception e)
{
Log.Error(e, "Error in SESSION/CREATE");
return(new MilvanethProtocol
{
Context = null,
Data = new ServerChallenge
{
Message = GlobalMessage.OP_INVALID,
ReportTime = _time.SafeNow,
}
});
}
}
public ActionResult <MilvanethProtocol> AuthReset(MilvanethProtocol data)
{
if (!(data?.Data is RecoveryRequest request) || !request.Check())
{
return(new MilvanethProtocol
{
Context = null,
Data = new ServerResponse
{
Message = GlobalMessage.DATA_INVALID_INPUT,
ReportTime = _time.SafeNow,
}
});
}
try
{
var key = _context.KeyStore
.Include(x => x.HoldingAccountNavigation)
.ThenInclude(x => x.PrivilegeLevelNavigation)
.Include(x => x.UsageNavigation)
.Single(x => x.Key.SequenceEqual(request.OperationToken));
_auth.EnsureKey(key, new KeyUsage {
ChangePassword = true
}, GlobalOperation.AUTH_RESET, 0, "Change password via auth/reset",
_accessor.GetIp());
var account = key.HoldingAccountNavigation;
if (!string.IsNullOrWhiteSpace(request.Email))
{
account.Email = request.Email;
}
account.GroupParam = (short)request.GroupParam;
account.Salt = request.Salt;
account.Verifier = request.Verifier;
var auth = _api.Sign(_authToken, 1, account, _time.UtcNow, _time.UtcNow.AddSeconds(GlobalConfig.TOKEN_ACCOUNT_LIFE_TIME));
_context.AccountData.Update(account);
_context.SaveChanges();
return(new MilvanethProtocol
{
Context = null,
Data = new ServerResponse
{
Message = GlobalMessage.OK_SUCCESS,
ReportTime = _time.SafeNow,
AuthToken = auth.Key
}
});
}
catch (Exception e)
{
Log.Error(e, "Error in AUTH/RESET");
return(new MilvanethProtocol
{
Context = null,
Data = new ServerResponse
{
Message = GlobalMessage.OP_INVALID,
ReportTime = _time.SafeNow,
}
});
}
}