Solar/Swarm
2
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

🐛 Trying to fix connection issues

Browse Source
This commit is contained in:
LittleSheep
2025-06-17 20:01:20 +08:00
parent 1a5d0bbfc0
commit 50d8f74a98
3 changed files with 77 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
DysonNetwork.Sphere/Auth/OpenId/ConnectionController.cs
View File

@ -2,7 +2,7 @@ using DysonNetwork.Sphere.Account;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using DysonNetwork.Sphere.Auth.OpenId;
using DysonNetwork.Sphere.Storage;
using NodaTime;
namespace DysonNetwork.Sphere.Auth.OpenId;
@ -14,9 +14,13 @@ public class ConnectionController(
AppDatabase db,
IEnumerable<OidcService> oidcServices,
AccountService accounts,
AuthService auth
AuthService auth,
ICacheService cacheService
) : ControllerBase
{
private const string StateCachePrefix = "oidc-state:";
private const string ReturnUrlCachePrefix = "oidc-returning:";
private static readonly TimeSpan StateExpiration = TimeSpan.FromMinutes(15);
[HttpGet]
public async Task<ActionResult<List<AccountConnection>>> GetConnections()
{
@ -142,10 +146,12 @@ public class ConnectionController(
var state = Guid.NewGuid().ToString("N");
var nonce = Guid.NewGuid().ToString("N");
HttpContext.Session.SetString($"oidc_state_{state}", $"{currentUser.Id}|{request.Provider}|{nonce}");
var stateValue = $"{currentUser.Id}|{request.Provider}|{nonce}";
var finalReturnUrl = !string.IsNullOrEmpty(request.ReturnUrl) ? request.ReturnUrl : "/settings/connections";
HttpContext.Session.SetString($"oidc_return_url_{state}", finalReturnUrl);
// Store state and return URL in cache
await cacheService.SetAsync($"{StateCachePrefix}{state}", stateValue, StateExpiration);
await cacheService.SetAsync($"{ReturnUrlCachePrefix}{state}", finalReturnUrl, StateExpiration);
var authUrl = oidcService.GetAuthorizationUrl(state, nonce);
@ -169,14 +175,22 @@ public class ConnectionController(
if (callbackData.State == null)
return BadRequest("State parameter is missing.");
var sessionState = HttpContext.Session.GetString($"oidc_state_{callbackData.State!}");
HttpContext.Session.Remove($"oidc_state_{callbackData.State}");
// Get and validate state from cache
var stateKey = $"{StateCachePrefix}{callbackData.State}";
var stateValue = await cacheService.GetAsync<string>(stateKey);
if (string.IsNullOrEmpty(stateValue))
{
return BadRequest("Invalid or expired state parameter");
}
// If sessionState is present, it's a manual connection flow for an existing user.
if (sessionState == null) return await HandleLoginOrRegistration(provider, oidcService, callbackData);
var stateParts = sessionState.Split('|');
if (stateParts.Length != 3 || !stateParts[1].Equals(provider, StringComparison.OrdinalIgnoreCase))
return BadRequest("State mismatch.");
// Remove state from cache to prevent replay attacks
await cacheService.RemoveAsync(stateKey);
var stateParts = stateValue.Split('|');
if (stateParts.Length != 3)
{
return BadRequest("Invalid state format");
}
var accountId = Guid.Parse(stateParts[0]);
return await HandleManualConnection(provider, oidcService, callbackData, accountId);
@ -259,9 +273,9 @@ public class ConnectionController(
}
// Clean up and redirect
var returnUrl = HttpContext.Session.GetString($"oidc_return_url_{callbackData.State}");
HttpContext.Session.Remove($"oidc_return_url_{callbackData.State}");
HttpContext.Session.Remove($"oidc_state_{callbackData.State}");
var returnUrlKey = $"{ReturnUrlCachePrefix}{callbackData.State}";
var returnUrl = await cacheService.GetAsync<string>(returnUrlKey);
await cacheService.RemoveAsync(returnUrlKey);
return Redirect(string.IsNullOrEmpty(returnUrl) ? "/settings/connections" : returnUrl);
}

20
DysonNetwork.Sphere/Auth/OpenId/OidcController.cs
View File

@ -1,4 +1,5 @@
using DysonNetwork.Sphere.Account;
using DysonNetwork.Sphere.Storage;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Microsoft.IdentityModel.Tokens;
@ -12,12 +13,16 @@ public class OidcController(
IServiceProvider serviceProvider,
AppDatabase db,
AccountService accounts,
AuthService authService
AuthService auth,
ICacheService cache
)
: ControllerBase
{
private const string StateCachePrefix = "oidc-state:";
private static readonly TimeSpan StateExpiration = TimeSpan.FromMinutes(15);
[HttpGet("{provider}")]
public ActionResult SignIn([FromRoute] string provider, [FromQuery] string? returnUrl = "/")
public async Task<ActionResult> SignIn([FromRoute] string provider, [FromQuery] string? returnUrl = "/")
{
try
{
@ -29,10 +34,11 @@ public class OidcController(
var state = Guid.NewGuid().ToString();
var nonce = Guid.NewGuid().ToString();
// Store user's ID, provider, and nonce in session. The callback will use this.
HttpContext.Session.SetString($"oidc_state_{state}", $"{currentUser.Id}|{provider}|{nonce}");
// Store user's ID, provider, and nonce in cache. The callback will use this.
var stateValue = $"{currentUser.Id}|{provider}|{nonce}";
await cache.SetAsync($"{StateCachePrefix}{state}", stateValue, StateExpiration);
// The state parameter sent to the provider is the GUID key for the session state.
// The state parameter sent to the provider is the GUID key for the cache.
var authUrl = oidcService.GetAuthorizationUrl(state, nonce);
return Redirect(authUrl);
}
@ -88,7 +94,7 @@ public class OidcController(
);
// Generate token using existing auth service
var token = authService.CreateToken(session);
var token = auth.CreateToken(session);
return Ok(new AuthController.TokenExchangeResponse { Token = token });
}
@ -156,7 +162,7 @@ public class OidcController(
Meta = userInfo.ToMetadata()
};
db.AccountConnections.Add(connection);
await db.AccountConnections.AddAsync(connection);
await db.SaveChangesAsync();
return existingAccount;