🐛 Serval bug fixes

2025-07-17 14:24:30 +08:00
parent b14af43996
commit 4e2a7ebbce
12 changed files with 111 additions and 77 deletions
--- a/DysonNetwork.Pass/.gitignore
+++ b/DysonNetwork.Pass/.gitignore
@@ -1 +1,2 @@
-/wwwroot/dist
+/wwwroot/dist
 /Keys
--- a/DysonNetwork.Pass/Account/Account.cs
+++ b/DysonNetwork.Pass/Account/Account.cs
@@ -12,7 +12,7 @@ namespace DysonNetwork.Pass.Account;
 [Index(nameof(Name), IsUnique = true)]
 public class Account : ModelBase
 {
-    public Guid Id { get; set; }
+    public Guid Id { get; set; } = Guid.NewGuid();
    [MaxLength(256)] public string Name { get; set; } = string.Empty;
    [MaxLength(256)] public string Nick { get; set; } = string.Empty;
    [MaxLength(32)] public string Language { get; set; } = string.Empty;
--- a/DysonNetwork.Pass/Account/AccountService.cs
+++ b/DysonNetwork.Pass/Account/AccountService.cs
@@ -84,79 +84,69 @@ public class AccountService(
        bool isActivated = false
    )
    {
-        await using var transaction = await db.Database.BeginTransactionAsync();
+        var dupeNameCount = await db.Accounts.Where(a => a.Name == name).CountAsync();
-        try
+        if (dupeNameCount > 0)
            throw new InvalidOperationException("Account name has already been taken.");
        var account = new Account
        {
-            var dupeNameCount = await db.Accounts.Where(a => a.Name == name).CountAsync();
+            Name = name,
-            if (dupeNameCount > 0)
+            Nick = nick,
-                throw new InvalidOperationException("Account name has already been taken.");
+            Language = language,
-
+            Contacts = new List<AccountContact>
            var account = new Account
            {
-                Name = name,
+                new()
                Nick = nick,
                Language = language,
                Contacts = new List<AccountContact>
                {
-                    new()
+                    Type = AccountContactType.Email,
-                    {
+                    Content = email,
-                        Type = AccountContactType.Email,
+                    VerifiedAt = isEmailVerified ? SystemClock.Instance.GetCurrentInstant() : null,
-                        Content = email,
+                    IsPrimary = true
                        VerifiedAt = isEmailVerified ? SystemClock.Instance.GetCurrentInstant() : null,
                        IsPrimary = true
                    }
                },
                AuthFactors = password is not null
                    ? new List<AccountAuthFactor>
                    {
                        new AccountAuthFactor
                        {
                            Type = AccountAuthFactorType.Password,
                            Secret = password,
                            EnabledAt = SystemClock.Instance.GetCurrentInstant()
                        }.HashSecret()
                    }
                    : [],
                Profile = new AccountProfile()
            };
            if (isActivated)
            {
                account.ActivatedAt = SystemClock.Instance.GetCurrentInstant();
                var defaultGroup = await db.PermissionGroups.FirstOrDefaultAsync(g => g.Key == "default");
                if (defaultGroup is not null)
                {
                    db.PermissionGroupMembers.Add(new PermissionGroupMember
                    {
                        Actor = $"user:{account.Id}",
                        Group = defaultGroup
                    });
                }
-            }
+            },
-            else
+            AuthFactors = password is not null
-            {
+                ? new List<AccountAuthFactor>
-                var spell = await spells.CreateMagicSpell(
+                {
-                    account,
+                    new AccountAuthFactor
                    MagicSpellType.AccountActivation,
                    new Dictionary<string, object>
                    {
-                        { "contact_method", account.Contacts.First().Content }
+                        Type = AccountAuthFactorType.Password,
-                    }
+                        Secret = password,
-                );
+                        EnabledAt = SystemClock.Instance.GetCurrentInstant()
-                await spells.NotifyMagicSpell(spell, true);
+                    }.HashSecret()
-            }
+                }
                : [],
            Profile = new AccountProfile()
        };
-            db.Accounts.Add(account);
+        if (isActivated)
            await db.SaveChangesAsync();
            await transaction.CommitAsync();
            return account;
        }
        catch
        {
-            await transaction.RollbackAsync();
+            account.ActivatedAt = SystemClock.Instance.GetCurrentInstant();
-            throw;
+            var defaultGroup = await db.PermissionGroups.FirstOrDefaultAsync(g => g.Key == "default");
            if (defaultGroup is not null)
            {
                db.PermissionGroupMembers.Add(new PermissionGroupMember
                {
                    Actor = $"user:{account.Id}",
                    Group = defaultGroup
                });
            }
        }
        db.Accounts.Add(account);
        await db.SaveChangesAsync();
        if (isActivated) return account;
        var spell = await spells.CreateMagicSpell(
            account,
            MagicSpellType.AccountActivation,
            new Dictionary<string, object>
            {
                { "contact_method", account.Contacts.First().Content }
            }
        );
        await spells.NotifyMagicSpell(spell, true);
        return account;
    }
    public async Task<Account> CreateAccount(OidcUserInfo userInfo)
--- a/DysonNetwork.Pass/Auth/Session.cs
+++ b/DysonNetwork.Pass/Auth/Session.cs
@@ -31,6 +31,7 @@ public class AuthSession : ModelBase
        LastGrantedAt = LastGrantedAt?.ToTimestamp(),
        ExpiredAt = ExpiredAt?.ToTimestamp(),
        AccountId = AccountId.ToString(),
        Account = Account.ToProtoValue(),
        ChallengeId = ChallengeId.ToString(),
        Challenge = Challenge.ToProtoValue(),
        AppId = AppId?.ToString()
--- a/DysonNetwork.Pass/Program.cs
+++ b/DysonNetwork.Pass/Program.cs
@@ -1,4 +1,3 @@
 using System.Text.Json;
 using DysonNetwork.Pass;
 using DysonNetwork.Pass.Pages.Data;
 using DysonNetwork.Pass.Startup;
@@ -6,7 +5,6 @@ using DysonNetwork.Shared.Http;
 using DysonNetwork.Shared.PageData;
 using DysonNetwork.Shared.Registry;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.FileProviders;
 var builder = WebApplication.CreateBuilder(args);
@@ -18,11 +16,12 @@ builder.Services.AddAppMetrics();
 // Add application services
 builder.Services.AddRegistryService(builder.Configuration);
 builder.Services.AddPusherService();
 builder.Services.AddAppServices(builder.Configuration);
 builder.Services.AddAppRateLimiting();
 builder.Services.AddAppAuthentication();
 builder.Services.AddAppSwagger();
 builder.Services.AddPusherService();
 builder.Services.AddDriveService();
 // Add flush handlers and websocket handlers
 builder.Services.AddAppFlushHandlers();
--- a/DysonNetwork.Pass/Startup/ApplicationConfiguration.cs
+++ b/DysonNetwork.Pass/Startup/ApplicationConfiguration.cs
@@ -75,6 +75,7 @@ public static class ApplicationConfiguration
        app.MapGrpcService<AccountServiceGrpc>();
        app.MapGrpcService<AuthServiceGrpc>();
        app.MapGrpcService<ActionLogServiceGrpc>();
        app.MapGrpcService<PermissionServiceGrpc>();
        return app;
    }
--- a/DysonNetwork.Pusher/Program.cs
+++ b/DysonNetwork.Pusher/Program.cs
@@ -16,6 +16,7 @@ builder.Services.AddAppRateLimiting();
 builder.Services.AddAppAuthentication();
 builder.Services.AddAppSwagger();
 builder.Services.AddDysonAuth();
 builder.Services.AddAccountService();
 // Add flush handlers and websocket handlers
 builder.Services.AddAppFlushHandlers();
--- a/DysonNetwork.Shared/Auth/AuthScheme.cs
+++ b/DysonNetwork.Shared/Auth/AuthScheme.cs
@@ -29,8 +29,6 @@ public class DysonTokenAuthHandler(
        try
        {
            var now = SystemClock.Instance.GetCurrentInstant();
            // Validate token and extract session ID
            AuthSession session;
            try
@@ -59,8 +57,20 @@ public class DysonTokenAuthHandler(
                new("token_type", tokenInfo.Type.ToString())
            };
-            // return AuthenticateResult.Success(ticket);
+            // Add scopes as claims
-            return AuthenticateResult.NoResult();
+            session.Challenge.Scopes.ToList().ForEach(scope => claims.Add(new Claim("scope", scope)));
            // Add superuser claim if applicable
            if (session.Account.IsSuperuser)
                claims.Add(new Claim("is_superuser", "1"));
            // Create the identity and principal
            var identity = new ClaimsIdentity(claims, AuthConstants.SchemeName);
            var principal = new ClaimsPrincipal(identity);
            var ticket = new AuthenticationTicket(principal, AuthConstants.SchemeName);
            return AuthenticateResult.Success(ticket);
        }
        catch (Exception ex)
        {
--- a/DysonNetwork.Shared/Proto/GrpcClientHelper.cs
+++ b/DysonNetwork.Shared/Proto/GrpcClientHelper.cs
@@ -49,6 +49,18 @@ public static class GrpcClientHelper
        return new AccountService.AccountServiceClient(CreateCallInvoker(url, clientCertPath, clientKeyPath,
            clientCertPassword));
    }
    public static async Task<ActionLogService.ActionLogServiceClient> CreateActionLogServiceClient(
        IEtcdClient etcdClient,
        string clientCertPath,
        string clientKeyPath,
        string? clientCertPassword = null
    )
    {
        var url = await GetServiceUrlFromEtcd(etcdClient, "DysonNetwork.Pass");
        return new ActionLogService.ActionLogServiceClient(CreateCallInvoker(url, clientCertPath, clientKeyPath,
            clientCertPassword));
    }
    public static async Task<AuthService.AuthServiceClient> CreateAuthServiceClient(
        IEtcdClient etcdClient,
--- a/DysonNetwork.Shared/Registry/ServiceHelper.cs
+++ b/DysonNetwork.Shared/Registry/ServiceHelper.cs
@@ -40,7 +40,21 @@ public static class ServiceHelper
                .CreateAccountServiceClient(etcdClient, clientCertPath, clientKeyPath, clientCertPassword)
                .GetAwaiter()
                .GetResult();
-        });       
+        });  
        services.AddSingleton<ActionLogService.ActionLogServiceClient>(sp =>
        {
            var etcdClient = sp.GetRequiredService<IEtcdClient>();
            var config = sp.GetRequiredService<IConfiguration>();
            var clientCertPath = config["Service:ClientCert"]!;
            var clientKeyPath = config["Service:ClientKey"]!;
            var clientCertPassword = config["Service:CertPassword"];
            return GrpcClientHelper
                .CreateActionLogServiceClient(etcdClient, clientCertPath, clientKeyPath, clientCertPassword)
                .GetAwaiter()
                .GetResult();
        }); 
        return services;
    }
--- a/DysonNetwork.Shared/Registry/ServiceRegistry.cs
+++ b/DysonNetwork.Shared/Registry/ServiceRegistry.cs
@@ -8,8 +8,12 @@ namespace DysonNetwork.Shared.Registry;
 public class ServiceRegistry(IEtcdClient etcd, ILogger<ServiceRegistry> logger)
 {
-    public async Task RegisterService(string serviceName, string serviceUrl, long leaseTtlSeconds = 60,
+    public async Task RegisterService(
-        CancellationToken cancellationToken = default)
+        string serviceName,
        string serviceUrl,
        long leaseTtlSeconds = 60,
        CancellationToken cancellationToken = default
    )
    {
        var key = $"/services/{serviceName}";
        var leaseResponse = await etcd.LeaseGrantAsync(
--- a/DysonNetwork.Sphere/DysonNetwork.Sphere.csproj
+++ b/DysonNetwork.Sphere/DysonNetwork.Sphere.csproj
@@ -177,6 +177,7 @@
        <_ContentIncludedByDefault Remove="Pages\Auth\VerifyFactor.cshtml" />
        <_ContentIncludedByDefault Remove="Pages\Checkpoint\CheckpointPage.cshtml" />
        <_ContentIncludedByDefault Remove="Pages\Spell\MagicSpellPage.cshtml" />
        <_ContentIncludedByDefault Remove="Keys\Solian.json" />
    </ItemGroup>
    <ItemGroup>