示例#1
0
        public async Task InvokeAsync(HttpContext ctx)
        {
            var options = ctx.RequestServices.GetService <SQRLOptions>() ?? new SQRLOptions();

            if (ctx.Request.Path != options.LoginPath || ctx.Request.Method != HttpMethods.Post || !ctx.Request.IsHttps)
            {
                await _next(ctx);

                return;
            }

            //todo: validate nut
            var cache    = ctx.RequestServices.GetService <IMemoryCache>();
            var userRepo = ctx.RequestServices.GetService <IUserRepo>();

            var auth = new SQRLVM
            {
                Client = ctx.Request.Form["client"],
                Ids    = ctx.Request.Form["ids"],
                Server = ctx.Request.Form["server"]
            };

            var req = SQRL.DecodeRequest(ctx.Request.Host.Value, RequestIP(), auth);
            var res = SQRL.ComoseResponse(req, userRepo.Get, userRepo.Update, (key, user) =>
            {
                cache.Set(key, user);
            });

            if (req.cmd != "query")
            {
                res.url = options.CPSPath(ctx, res.nut);
            }

            var rv = res.Serialize();

            ctx.Response.StatusCode    = 200;
            ctx.Response.ContentType   = "application/x-www-form-urlencoded";
            ctx.Response.ContentLength = rv.Length;
            await ctx.Response.WriteAsync(rv);

            string RequestIP() => ctx.Request.IsHttps ? ctx.Request.Host.Host == "localhost" ? "127.0.0.1" : ctx.Request.Host.Host : "0.0.0.0";
        }
示例#2
0
        public static SQRLRequest DecodeRequest(string host, string ipAddress, SQRLVM vm)
        {
            var dict = Unpack(FromBase64URL(vm.Client).UTF8String());

            var rv = new SQRLRequest
            {
                idk = dict.GetOrDefault("idk"),
                suk = dict.GetOrDefault("suk"),
                vuk = dict.GetOrDefault("vuk"),
                cmd = dict.GetOrDefault("cmd"),

                Signature = FromBase64URL(vm.Ids),
            };

            rv.PublicKey = FromBase64URL(rv.idk);
            rv.IsValid   = ValidateSQRLPost(rv.Signature, vm.Client, vm.Server, rv.PublicKey);
            rv.RequestIP = ipAddress;
            rv.Host      = host;

            return(rv);
        }