public ApiSystemHelper(IConfiguration configuration, CommonLinkUtility commonLinkUtility, MachinePseudoKeys machinePseudoKeys)
{
ApiSystemUrl = configuration["web:api-system"];
ApiCacheUrl = configuration["web:api-cache"];
CommonLinkUtility = commonLinkUtility;
Skey = machinePseudoKeys.GetMachineConstant();
}
static SignalrServiceClient()
{
Timeout = TimeSpan.FromSeconds(1);
Log = LogManager.GetLogger("ASC");
SKey = MachinePseudoKeys.GetMachineConstant();
Url = ConfigurationManagerExtension.AppSettings["web.hub.internal"];
EnableSignalr = !string.IsNullOrEmpty(Url);
try
{
var replaceSetting = ConfigurationManagerExtension.AppSettings["jabber.replace-domain"];
if (!string.IsNullOrEmpty(replaceSetting))
{
JabberReplaceDomain = true;
var q =
replaceSetting.Split(new[] { "->" }, StringSplitOptions.RemoveEmptyEntries)
.Select(s => s.Trim().ToLowerInvariant())
.ToList();
JabberReplaceFromDomain = q.ElementAt(0);
JabberReplaceToDomain = q.ElementAt(1);
}
}
catch (Exception)
{
}
}
public void Configure(string name, SignalrServiceClient options)
{
options.Log = Options.CurrentValue;
options.hub = name.Trim('/');
options.TenantManager = TenantManager;
options.CoreSettings = CoreSettings;
options.SKey = MachinePseudoKeys.GetMachineConstant();
options.Url = Configuration["web:hub:internal"];
options.EnableSignalr = !string.IsNullOrEmpty(options.Url);
try
{
var replaceSetting = Configuration["jabber:replace-domain"];
if (!string.IsNullOrEmpty(replaceSetting))
{
options.JabberReplaceDomain = true;
var q =
replaceSetting.Split(new[] { "->" }, StringSplitOptions.RemoveEmptyEntries)
.Select(s => s.Trim().ToLowerInvariant())
.ToList();
options.JabberReplaceFromDomain = q.ElementAt(0);
options.JabberReplaceToDomain = q.ElementAt(1);
}
}
catch (Exception)
{
}
}
public OnlyoShortener()
{
url = ConfigurationManagerExtension.AppSettings["web.url-shortener"];
internalUrl = ConfigurationManagerExtension.AppSettings["web.url-shortener.internal"];
sKey = MachinePseudoKeys.GetMachineConstant();
if (!url.EndsWith("/"))
{
url += '/';
}
}
private static string GenerateAccessToken(UserInfo user)
{
var userSalt = TfaAppUserSettings.GetSalt(user.ID);
//from Signature.Create
var machineSalt = Encoding.UTF8.GetString(MachinePseudoKeys.GetMachineConstant());
var token = Convert.ToBase64String(SHA256.Create().ComputeHash(Encoding.UTF8.GetBytes(userSalt + machineSalt)));
var encodedToken = HttpServerUtility.UrlTokenEncode(Encoding.UTF8.GetBytes(token));
return(encodedToken.Substring(0, 10));
}
public string GetDocKey <T>(T fileId, int fileVersion, DateTime modified)
{
var str = string.Format("teamlab_{0}_{1}_{2}_{3}",
fileId,
fileVersion,
modified.GetHashCode(),
Global.GetDocDbKey());
var keyDoc = Encoding.UTF8.GetBytes(str)
.ToList()
.Concat(MachinePseudoKeys.GetMachineConstant())
.ToArray();
return(DocumentServiceConnector.GenerateRevisionId(Hasher.Base64Hash(keyDoc, HashAlg.SHA256)));
}
public OnlyoShortener(
IConfiguration configuration,
CommonLinkUtility commonLinkUtility,
MachinePseudoKeys machinePseudoKeys)
{
url = configuration["web:url-shortener:value"];
internalUrl = configuration["web:url-shortener:internal"];
sKey = machinePseudoKeys.GetMachineConstant();
if (!url.EndsWith("/"))
{
url += '/';
}
CommonLinkUtility = commonLinkUtility;
}
public static string GetDocKey(object fileId, int fileVersion, DateTime modified)
{
var str = string.Format("teamlab_{0}_{1}_{2}_{3}",
fileId,
fileVersion,
modified.GetHashCode(),
GetDocDbKey());
var keyDoc = Encoding.UTF8.GetBytes(str)
.ToList()
.Concat(MachinePseudoKeys.GetMachineConstant())
.ToArray();
return(Global.InvalidTitleChars.Replace(Hasher.Base64Hash(keyDoc, HashAlg.SHA256), "_"));
}
protected override Task <AuthenticateResult> HandleAuthenticateAsync()
{
if (Convert.ToBoolean(Configuration[Scheme.Name] ?? "false"))
{
Log.DebugFormat("Auth for {0} skipped", Scheme.Name);
return(Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(Context.User, new AuthenticationProperties(), Scheme.Name))));
}
try
{
Context.Request.Headers.TryGetValue("Authorization", out var headers);
var header = headers.FirstOrDefault();
if (string.IsNullOrEmpty(header))
{
Log.Debug("Auth header is NULL");
return(Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Unauthorized.ToString()))));
}
var substring = "ASC";
if (header.StartsWith(substring, StringComparison.InvariantCultureIgnoreCase))
{
var splitted = header.Substring(substring.Length).Trim().Split(':', StringSplitOptions.RemoveEmptyEntries);
if (splitted.Length < 3)
{
Log.DebugFormat("Auth failed: invalid token {0}.", header);
return(Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Unauthorized.ToString()))));
}
var pkey = splitted[0];
var date = splitted[1];
var orighash = splitted[2];
Log.Debug("Variant of correct auth:" + ApiSystemHelper.CreateAuthToken(pkey));
if (!string.IsNullOrWhiteSpace(date))
{
var timestamp = DateTime.ParseExact(date, "yyyyMMddHHmmss", CultureInfo.InvariantCulture);
var trustInterval = TimeSpan.FromMinutes(Convert.ToDouble(Configuration["auth:trust-interval"] ?? "5"));
if (DateTime.UtcNow > timestamp.Add(trustInterval))
{
Log.DebugFormat("Auth failed: invalid timesatmp {0}, now {1}.", timestamp, DateTime.UtcNow);
return(Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Forbidden.ToString()))));
}
}
var skey = MachinePseudoKeys.GetMachineConstant();
using var hasher = new HMACSHA1(skey);
var data = string.Join("\n", date, pkey);
var hash = hasher.ComputeHash(Encoding.UTF8.GetBytes(data));
if (WebEncoders.Base64UrlEncode(hash) != orighash && Convert.ToBase64String(hash) != orighash)
{
Log.DebugFormat("Auth failed: invalid token {0}, expect {1} or {2}.", orighash, WebEncoders.Base64UrlEncode(hash), Convert.ToBase64String(hash));
return(Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Forbidden.ToString()))));
}
}
else
{
Log.DebugFormat("Auth failed: invalid auth header. Sheme: {0}, parameter: {1}.", Scheme.Name, header);
return(Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Forbidden.ToString()))));
}
}
catch (Exception ex)
{
Log.Error(ex);
return(Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.InternalServerError.ToString()))));
}
var identity = new ClaimsIdentity(Scheme.Name);
Log.InfoFormat("Auth success {0}", Scheme.Name);
if (HttpContextAccessor?.HttpContext != null)
{
HttpContextAccessor.HttpContext.User = new CustomClaimsPrincipal(new ClaimsIdentity(Scheme.Name), identity);
}
return(Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(Context.User, new AuthenticationProperties(), Scheme.Name))));
}
public static T Read <T>(string signature)
{
return(Read <T>(signature, Encoding.UTF8.GetString(MachinePseudoKeys.GetMachineConstant())));
}
public static string Create <T>(T obj)
{
return(Create(obj, Encoding.UTF8.GetString(MachinePseudoKeys.GetMachineConstant())));
}
protected static string GetPasswordHash(Guid userId, string password)
{
return(Hasher.Base64Hash(password + userId + Encoding.UTF8.GetString(MachinePseudoKeys.GetMachineConstant()), HashAlg.SHA512));
}
static ApiSystemHelper()
{
ApiSystemUrl = ConfigurationManagerExtension.AppSettings["web.api-system"];
ApiCacheUrl = ConfigurationManagerExtension.AppSettings["web.api-cache"];
Skey = MachinePseudoKeys.GetMachineConstant();
}