Make token validation on each request (auth provider should take care for caching)

This commit is contained in:
ChronosX88 2020-10-10 23:50:29 +04:00
parent 400c5410e9
commit 4dc832856e
Signed by: ChronosXYZ
GPG Key ID: 085A69A82C8C511A
2 changed files with 22 additions and 29 deletions

View File

@ -4,7 +4,6 @@ namespace Zirconium.Core.Models
{
public class Session
{
public string LastTokenHash { get; set; }
public SessionAuthData LastTokenPayload { get; set; }
public IPAddress ClientAddress { get; set; }
public ConnectionHandler ConnectionHandler { get; set; }

View File

@ -45,37 +45,28 @@ namespace Zirconium.Core
{
if (h.IsAuthorizationRequired())
{
string hash;
using (SHA512 shaM = new SHA512Managed())
SessionAuthData tokenPayload;
try
{
hash = shaM.ComputeHash(message.AuthToken.ToByteArray()).ConvertToString();
tokenPayload = _app.AuthManager.ValidateToken(message.AuthToken);
}
if (session.LastTokenHash != hash)
catch (Exception e)
{
SessionAuthData tokenPayload;
try
{
tokenPayload = _app.AuthManager.ValidateToken(message.AuthToken);
}
catch (Exception e)
{
Log.Warning(e.Message);
var errorMsg = OtherUtils.GenerateProtocolError(
message,
"unauthorized",
"Unauthorized access",
new Dictionary<string, object>()
);
errorMsg.From = _app.Config.ServerID;
var serializedMsg = JsonConvert.SerializeObject(errorMsg);
Log.Warning(e.Message);
var errorMsg = OtherUtils.GenerateProtocolError(
message,
"unauthorized",
"Unauthorized access",
new Dictionary<string, object>()
);
errorMsg.From = _app.Config.ServerID;
var serializedMsg = JsonConvert.SerializeObject(errorMsg);
session.ConnectionHandler.SendMessage(serializedMsg);
return;
}
session.LastTokenHash = hash;
session.LastTokenPayload = tokenPayload;
session.LastTokenPayload = null;
session.ConnectionHandler.SendMessage(serializedMsg);
return;
}
session.LastTokenPayload = tokenPayload;
}
var task = Task.Run(() =>
@ -85,9 +76,12 @@ namespace Zirconium.Core
});
handlerTasks.Add(task);
}
try {
try
{
Task.WaitAll(handlerTasks.ToArray());
} catch (Exception e) {
}
catch (Exception e)
{
Log.Error(e.ToString());
}
}