🐛 Cors, and bug fixes

2025-04-12 18:59:11 +08:00 · 2025-04-12 18:59:11 +08:00 · 31d98199e7
commit 31d98199e7
parent 5cef6d72e4
4 changed files with 58 additions and 11 deletions
--- a/DysonNetwork.Sphere/Account/AccountController.cs
+++ b/DysonNetwork.Sphere/Account/AccountController.cs
@ -1,4 +1,5 @@
 using System.ComponentModel.DataAnnotations;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;

@ -6,7 +7,7 @@ namespace DysonNetwork.Sphere.Account;

 [ApiController]
 [Route("/accounts")]
-public class AccountController(AppDatabase db)
+public class AccountController(AppDatabase db, IHttpContextAccessor httpContext)
 {
    [HttpGet("{name}")]
    [ProducesResponseType<Account>(StatusCodes.Status200OK)]
@ -22,13 +23,22 @@ public class AccountController(AppDatabase db)
        [Required] [MaxLength(256)] public string Name { get; set; } = string.Empty;
        [Required] [MaxLength(256)] public string Nick { get; set; } = string.Empty;
        [Required] [MaxLength(1024)] public string Email { get; set; } = string.Empty;
-        [Required] [MinLength(4)] [MaxLength(128)] public string Password { get; set; } = string.Empty;
+
+        [Required]
+        [MinLength(4)]
+        [MaxLength(128)]
+        public string Password { get; set; } = string.Empty;
    }
-    
+
    [HttpPost]
    [ProducesResponseType<Account>(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status400BadRequest)]
    public async Task<ActionResult<Account>> CreateAccount([FromBody] AccountCreateRequest request)
    {
+        var dupeNameCount = await db.Accounts.Where(a => a.Name == request.Name).CountAsync();
+        if (dupeNameCount > 0)
+            return new BadRequestObjectResult("The name is already taken.");
+
        var account = new Account
        {
            Name = request.Name,
@ -50,9 +60,23 @@ public class AccountController(AppDatabase db)
                }.HashSecret()
            }
        };
-        
+
        await db.Accounts.AddAsync(account);
        await db.SaveChangesAsync();
        return account;
    }
+    
+    [Authorize]
+    [HttpGet("me")]
+    [ProducesResponseType<Account>(StatusCodes.Status200OK)]
+    public async Task<ActionResult<Account>> GetMe()
+    {
+        var userIdClaim = httpContext.HttpContext?.User.FindFirst("user_id")?.Value;
+        long? userId = long.TryParse(userIdClaim, out var id) ? id : null;
+        if (userId is null) return new BadRequestObjectResult("Invalid or missing user_id claim.");
+
+        var account = await db.Accounts.FindAsync(userId);
+
+        return new OkObjectResult(account);
+    }
 }
--- a/DysonNetwork.Sphere/Auth/AuthController.cs
+++ b/DysonNetwork.Sphere/Auth/AuthController.cs
@ -24,11 +24,23 @@ public class AuthController(AppDatabase db, AccountService accounts, AuthService
    public async Task<ActionResult<Challenge>> StartChallenge([FromBody] ChallengeRequest request)
    {
        var account = await accounts.LookupAccount(request.Account);
-        if (account is null) return new NotFoundResult();
+        if (account is null) return new NotFoundObjectResult("Account was not found.");

        var ipAddress = httpContext.HttpContext?.Connection.RemoteIpAddress?.ToString();
        var userAgent = httpContext.HttpContext?.Request.Headers.UserAgent.ToString();

+        var now = Instant.FromDateTimeUtc(DateTime.UtcNow);
+
+        // Trying to pick up challenges from the same IP address and user agent
+        var existingChallenge = await db.AuthChallenges
+            .Where(e => e.Account == account)
+            .Where(e => e.IpAddress == ipAddress)
+            .Where(e => e.UserAgent == userAgent)
+            .Where(e => e.StepRemain > 0)
+            .Where(e => e.ExpiredAt != null && now < e.ExpiredAt)
+            .FirstOrDefaultAsync();
+        if (existingChallenge is not null) return existingChallenge;
+
        var challenge = new Challenge
        {
            Account = account,
@ -149,7 +161,10 @@ public class AuthController(AppDatabase db, AccountService accounts, AuthService
                if (!Guid.TryParse(sessionIdClaim, out var sessionId))
                    return new UnauthorizedObjectResult("Invalid or missing session_id claim in refresh token.");

-                session = await db.AuthSessions.FirstOrDefaultAsync(s => s.Id == sessionId);
+                session = await db.AuthSessions
+                    .Include(e => e.Account)
+                    .Include(e => e.Challenge)
+                    .FirstOrDefaultAsync(s => s.Id == sessionId);
                if (session is null)
                    return new NotFoundObjectResult("Session not found or expired.");

--- a/DysonNetwork.Sphere/Program.cs
+++ b/DysonNetwork.Sphere/Program.cs
@ -45,6 +45,7 @@ builder.Services.AddSingleton<IAuthorizationHandler, CasbinAuthorizationHandler>

 // Other pipelines

+builder.Services.AddCors();
 builder.Services.AddAuthorization();
 builder.Services.AddAuthentication("Bearer").AddJwtBearer(options =>
 {
@ -108,6 +109,12 @@ builder.Services.AddScoped<AuthService>();

 var app = builder.Build();

+using (var scope = app.Services.CreateScope())
+{
+    var db = scope.ServiceProvider.GetRequiredService<AppDatabase>();
+    db.Database.Migrate();
+}
+
 if (app.Environment.IsDevelopment()) app.MapOpenApi();

 app.UseSwagger();
@ -118,11 +125,11 @@ app.UseForwardedHeaders(new ForwardedHeadersOptions
    ForwardedHeaders = ForwardedHeaders.All
 });

-using (var scope = app.Services.CreateScope())
-{
-    var db = scope.ServiceProvider.GetRequiredService<AppDatabase>();
-    db.Database.Migrate();
-}
+app.UseCors(opts =>
+    opts.SetIsOriginAllowed(_ => true)
+        .AllowCredentials()
+        .AllowAnyHeader()
+        .AllowAnyMethod());

 app.UseHttpsRedirection();
 app.UseAuthorization();
--- a/DysonNetwork.sln.DotSettings.user
+++ b/DysonNetwork.sln.DotSettings.user
@ -1,5 +1,6 @@
 <wpf:ResourceDictionary xml:space="preserve" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:s="clr-namespace:System;assembly=mscorlib" xmlns:ss="urn:shemas-jetbrains-com:settings-storage-xaml" xmlns:wpf="http://schemas.microsoft.com/winfx/2006/xaml/presentation">
 	<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003AClaim_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FLibrary_003FApplication_0020Support_003FJetBrains_003FRider2024_002E3_003Fresharper_002Dhost_003FDecompilerCache_003Fdecompiler_003Fa7fdc52b6e574ae7b9822133be91162a15800_003Ff7_003Feebffd8d_003FClaim_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
+	<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003ACorsPolicyBuilder_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FLibrary_003FApplication_0020Support_003FJetBrains_003FRider2024_002E3_003Fresharper_002Dhost_003FDecompilerCache_003Fdecompiler_003F051ad509d0504b7ca10dedd9c2cabb9914200_003F8e_003Fb28257cb_003FCorsPolicyBuilder_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
 	<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003ADbContext_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FLibrary_003FApplication_0020Support_003FJetBrains_003FRider2024_002E3_003Fresharper_002Dhost_003FSourcesCache_003Fa0b45f29f34f594814a7b1fbc25fe5ef3c18257956ed4f4fbfa68717db58_003FDbContext_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
 	<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003AEntityFrameworkServiceCollectionExtensions_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FLibrary_003FApplication_0020Support_003FJetBrains_003FRider2024_002E3_003Fresharper_002Dhost_003FSourcesCache_003F4a28847852ee9ba45fd3107526c0a749a733bd4f4ebf33aa3c9a59737a3f758_003FEntityFrameworkServiceCollectionExtensions_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>
 	<s:String x:Key="/Default/CodeInspection/ExcludedFiles/FilesAndFoldersToSkip2/=7020124F_002D9FFC_002D4AC3_002D8F3D_002DAAB8E0240759_002Ff_003AEnumerable_002Ecs_002Fl_003A_002E_002E_003F_002E_002E_003F_002E_002E_003FLibrary_003FApplication_0020Support_003FJetBrains_003FRider2024_002E3_003Fresharper_002Dhost_003FDecompilerCache_003Fdecompiler_003F832399abc13b45b6bdbabfa022e4a28487e00_003F7f_003F7aece4dd_003FEnumerable_002Ecs/@EntryIndexedValue">ForceIncluded</s:String>