diff options
Diffstat (limited to 'back-end')
-rw-r--r-- | back-end/src/Endpoints/BmAccountEndpoint.cs | 35 | ||||
-rw-r--r-- | back-end/src/SimpleBookmark.csproj | 8 |
2 files changed, 15 insertions, 28 deletions
diff --git a/back-end/src/Endpoints/BmAccountEndpoint.cs b/back-end/src/Endpoints/BmAccountEndpoint.cs index 9b57d39..e9401fa 100644 --- a/back-end/src/Endpoints/BmAccountEndpoint.cs +++ b/back-end/src/Endpoints/BmAccountEndpoint.cs @@ -79,7 +79,7 @@ namespace SimpleBookmark.Endpoints * long term exposure of a signing key. * */ - AuthMan = new JwtAuthManager(); + AuthMan = new JwtAuthManager(64); if(config.TryGetProperty("key_regen_interval_mins", p => p.GetTimeSpan(TimeParseType.Minutes), out TimeSpan regen)) { @@ -333,52 +333,39 @@ namespace SimpleBookmark.Endpoints return base.DeleteAsync(entity); } - private sealed class JwtAuthManager() : IIntervalScheduleable + private sealed class JwtAuthManager(int keySize) : IIntervalScheduleable { /* * Random signing keys are rotated on the configured expiration * interval. */ - private byte[] secretKey = RandomHash.GetRandomBytes(64); + private byte[] secretKey = RandomHash.GetRandomBytes(keySize); Task IIntervalScheduleable.OnIntervalAsync(ILogProvider log, CancellationToken cancellationToken) { - secretKey = RandomHash.GetRandomBytes(64); + secretKey = RandomHash.GetRandomBytes(keySize); return Task.CompletedTask; } - public void SignJwt(JsonWebToken jwt) - { - if (ManagedHash.IsAlgSupported(HashAlg.BlAKE2B)) - { - jwt.Sign(secretKey, HashAlg.BlAKE2B); - } - else if (ManagedHash.IsAlgSupported(HashAlg.SHA3_256)) - { - jwt.Sign(secretKey, HashAlg.SHA3_256); - } - else - { - //fallback to sha256 - jwt.Sign(secretKey, HashAlg.SHA256); - } - } + public void SignJwt(JsonWebToken jwt) => jwt.Sign(secretKey, GetHashAlg()); + + public bool VerifyJwt(JsonWebToken jwt) => jwt.Verify(secretKey, GetHashAlg()); - public bool VerifyJwt(JsonWebToken jwt) + private static HashAlg GetHashAlg() { if (ManagedHash.IsAlgSupported(HashAlg.BlAKE2B)) { - return jwt.Verify(secretKey, HashAlg.BlAKE2B); + return HashAlg.BlAKE2B; } else if (ManagedHash.IsAlgSupported(HashAlg.SHA3_256)) { - return jwt.Verify(secretKey, HashAlg.SHA3_256); + return HashAlg.SHA3_256; } else { //fallback to sha256 - return jwt.Verify(secretKey, HashAlg.SHA256); + return HashAlg.SHA256; } } } diff --git a/back-end/src/SimpleBookmark.csproj b/back-end/src/SimpleBookmark.csproj index 03d3b03..609144b 100644 --- a/back-end/src/SimpleBookmark.csproj +++ b/back-end/src/SimpleBookmark.csproj @@ -34,10 +34,10 @@ <ItemGroup> <PackageReference Include="MemoryPack" Version="1.10.0" /> - <PackageReference Include="VNLib.Plugins.Extensions.Data" Version="0.1.0-ci0049" /> - <PackageReference Include="VNLib.Plugins.Extensions.Loading" Version="0.1.0-ci0049" /> - <PackageReference Include="VNLib.Plugins.Extensions.Loading.Sql" Version="0.1.0-ci0049" /> - <PackageReference Include="VNLib.Plugins.Extensions.Validation" Version="0.1.0-ci0049" /> + <PackageReference Include="VNLib.Plugins.Extensions.Data" Version="0.1.0-ci0050" /> + <PackageReference Include="VNLib.Plugins.Extensions.Loading" Version="0.1.0-ci0050" /> + <PackageReference Include="VNLib.Plugins.Extensions.Loading.Sql" Version="0.1.0-ci0050" /> + <PackageReference Include="VNLib.Plugins.Extensions.Validation" Version="0.1.0-ci0050" /> <PackageReference Include="VNLib.Plugins.Extensions.VNCache" Version="0.1.0-ci0052" /> </ItemGroup> |