🐛 Fix bugs

2025-06-17 00:40:05 +08:00 · 2025-06-17 00:40:05 +08:00 · 1a5d0bbfc0
commit 1a5d0bbfc0
parent b868d0c153
5 changed files with 108 additions and 48 deletions
--- a/DysonNetwork.Sphere/.gitignore
+++ b/DysonNetwork.Sphere/.gitignore
@ -1,5 +1,6 @@
 Keys
 Uploads
+DataProtection-Keys

 node_modules
 bun.lock
--- a/DysonNetwork.Sphere/Auth/OpenId/ConnectionController.cs
+++ b/DysonNetwork.Sphere/Auth/OpenId/ConnectionController.cs
@ -192,32 +192,51 @@ public class ConnectionController(
        }
        catch (Exception ex)
        {
-            return BadRequest($"Error processing callback: {ex.Message}");
+            return BadRequest($"Error processing {provider} authentication: {ex.Message}");
        }

+        if (string.IsNullOrEmpty(userInfo.UserId))
+        {
+            return BadRequest($"{provider} did not return a valid user identifier.");
+        }
+
+        // Check if this provider account is already connected to any user
        var existingConnection = await db.AccountConnections
            .FirstOrDefaultAsync(c =>
                c.Provider.Equals(provider, StringComparison.OrdinalIgnoreCase) &&
                c.ProvidedIdentifier == userInfo.UserId);

+        // If it's connected to a different user, return error
        if (existingConnection != null && existingConnection.AccountId != accountId)
        {
            return BadRequest($"This {provider} account is already linked to another user.");
        }

-        var userConnection = await db.AccountConnections
-            .FirstOrDefaultAsync(c =>
-                c.AccountId == accountId && c.Provider.Equals(provider, StringComparison.OrdinalIgnoreCase));
+        // Check if the current user already has this provider connected
+        var userHasProvider = await db.AccountConnections
+            .AnyAsync(c => 
+                c.AccountId == accountId && 
+                c.Provider.Equals(provider, StringComparison.OrdinalIgnoreCase));

-        var clock = SystemClock.Instance;
-        if (userConnection != null)
+        if (userHasProvider)
        {
-            userConnection.AccessToken = userInfo.AccessToken;
-            userConnection.RefreshToken = userInfo.RefreshToken;
-            userConnection.LastUsedAt = clock.GetCurrentInstant();
+            // Update existing connection with new tokens
+            var connection = await db.AccountConnections
+                .FirstOrDefaultAsync(c =>
+                    c.AccountId == accountId && 
+                    c.Provider.Equals(provider, StringComparison.OrdinalIgnoreCase));
+
+            if (connection != null)
+            {
+                connection.AccessToken = userInfo.AccessToken;
+                connection.RefreshToken = userInfo.RefreshToken;
+                connection.LastUsedAt = SystemClock.Instance.GetCurrentInstant();
+                connection.Meta = userInfo.ToMetadata();
+            }
        }
        else
        {
+            // Create new connection
            db.AccountConnections.Add(new AccountConnection
            {
                AccountId = accountId,
@ -225,17 +244,26 @@ public class ConnectionController(
                ProvidedIdentifier = userInfo.UserId!,
                AccessToken = userInfo.AccessToken,
                RefreshToken = userInfo.RefreshToken,
-                LastUsedAt = clock.GetCurrentInstant(),
+                LastUsedAt = SystemClock.Instance.GetCurrentInstant(),
                Meta = userInfo.ToMetadata(),
            });
        }

+        try
+        {
            await db.SaveChangesAsync();
+        }
+        catch (DbUpdateException ex)
+        {
+            return StatusCode(500, $"Failed to save {provider} connection. Please try again.");
+        }

+        // Clean up and redirect
        var returnUrl = HttpContext.Session.GetString($"oidc_return_url_{callbackData.State}");
        HttpContext.Session.Remove($"oidc_return_url_{callbackData.State}");
+        HttpContext.Session.Remove($"oidc_state_{callbackData.State}");

-        return Redirect(string.IsNullOrEmpty(returnUrl) ? "/" : returnUrl);
+        return Redirect(string.IsNullOrEmpty(returnUrl) ? "/settings/connections" : returnUrl);
    }

    private async Task<IActionResult> HandleLoginOrRegistration(
--- a/DysonNetwork.Sphere/Auth/OpenId/OidcController.cs
+++ b/DysonNetwork.Sphere/Auth/OpenId/OidcController.cs
@ -23,7 +23,7 @@ public class OidcController(
        {
            var oidcService = GetOidcService(provider);

-            // If user is already authenticated, treat as an account connection request
+            // If the user is already authenticated, treat as an account connection request
            if (HttpContext.Items["CurrentUser"] is Account.Account currentUser)
            {
                var state = Guid.NewGuid().ToString();
--- a/DysonNetwork.Sphere/DysonNetwork.Sphere.csproj
+++ b/DysonNetwork.Sphere/DysonNetwork.Sphere.csproj
@ -26,6 +26,7 @@
        <PackageReference Include="MailKit" Version="4.11.0" />
        <PackageReference Include="MaxMind.GeoIP2" Version="5.3.0" />
        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.4" />
+        <PackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" Version="8.0.0" />
        <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.2" />
        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.3">
            <PrivateAssets>all</PrivateAssets>
--- a/DysonNetwork.Sphere/Program.cs
+++ b/DysonNetwork.Sphere/Program.cs
@ -35,6 +35,7 @@ using Quartz;
 using StackExchange.Redis;
 using tusdotnet;
 using tusdotnet.Stores;
+using Microsoft.AspNetCore.DataProtection;

 var builder = WebApplication.CreateBuilder(args);

@ -90,12 +91,41 @@ builder.Services.AddSingleton<ICacheService, CacheServiceRedis>();

 builder.Services.AddHttpClient();

+// Configure Data Protection for persistent session keys
+var keysDirectory = Path.Combine(builder.Environment.ContentRootPath, "DataProtection-Keys");
+Directory.CreateDirectory(keysDirectory);
+
+builder.Services.AddDataProtection()
+    .PersistKeysToFileSystem(new DirectoryInfo(keysDirectory))
+    .SetApplicationName("DysonNetwork.Sphere");
+
+// Configure cookie policy to be essential for session
+builder.Services.Configure<CookiePolicyOptions>(options =>
+{
+    options.CheckConsentNeeded = _ => false; // Required for session to work without consent
+    options.MinimumSameSitePolicy = SameSiteMode.Lax;
+});
+
+// Add session with consistent cookie settings
+builder.Services.AddSession(options =>
+{
+    options.Cookie.Name = "_dynses";
+    options.Cookie.HttpOnly = true;
+    options.Cookie.IsEssential = true;
+    options.IdleTimeout = TimeSpan.FromMinutes(30);
+});
+
 // Register OIDC services
 builder.Services.AddScoped<OidcService, GoogleOidcService>();
 builder.Services.AddScoped<OidcService, AppleOidcService>();
 builder.Services.AddScoped<OidcService, GitHubOidcService>();
 builder.Services.AddScoped<OidcService, MicrosoftOidcService>();
 builder.Services.AddScoped<OidcService, DiscordOidcService>();
+builder.Services.AddScoped<GoogleOidcService>();
+builder.Services.AddScoped<AppleOidcService>();
+builder.Services.AddScoped<GitHubOidcService>();
+builder.Services.AddScoped<MicrosoftOidcService>();
+builder.Services.AddScoped<DiscordOidcService>();
 builder.Services.AddControllers().AddJsonOptions(options =>
 {
    options.JsonSerializerOptions.PropertyNamingPolicy = JsonNamingPolicy.SnakeCaseLower;