diff options
| author |  vnugent <public@vaughnnugent.com> | 2024-03-09 19:13:21 -0500 |
|---|---|---|
| committer | vnugent <public@vaughnnugent.com> | 2024-03-09 19:13:21 -0500 |
| commit | 5d4192880654fd6e00e587814169415b42621327 (patch) | |
| tree | f35e2e41e346c5067f0195e7b0f7197e9729e940 /plugins/ObjectCacheServer/src/Endpoints/CacheNegotationManager.cs | |
| parent | a4b3504bb891829074d1efde0433eae010862181 (diff) | |
chore: #2 Minor fixes and polish before release
Diffstat (limited to 'plugins/ObjectCacheServer/src/Endpoints/CacheNegotationManager.cs')
| -rw-r--r-- | plugins/ObjectCacheServer/src/Endpoints/CacheNegotationManager.cs | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/plugins/ObjectCacheServer/src/Endpoints/CacheNegotationManager.cs b/plugins/ObjectCacheServer/src/Endpoints/CacheNegotationManager.cs index 48f4448..99433e1 100644 --- a/plugins/ObjectCacheServer/src/Endpoints/CacheNegotationManager.cs +++ b/plugins/ObjectCacheServer/src/Endpoints/CacheNegotationManager.cs @@ -62,14 +62,10 @@ namespace VNLib.Data.Caching.ObjectCache.Server.Endpoints * client could use trial and error to find the servers buffer configuration. */ - private static readonly TimeSpan AuthTokenExpiration = TimeSpan.FromSeconds(30); - private readonly string AudienceLocalServerId = Guid.NewGuid().ToString("N"); private readonly ObjectCacheSystemState _sysState = plugin.GetOrCreateSingleton<ObjectCacheSystemState>(); - private NodeConfig NodeConfig => _sysState.Configuration; - private CacheMemoryConfiguration CacheConfig => _sysState.MemoryConfiguration; public bool IsClientNegotiationValid(string authToken, out ClientNegotiationState state) @@ -80,12 +76,12 @@ namespace VNLib.Data.Caching.ObjectCache.Server.Endpoints using JsonWebToken jwt = JsonWebToken.Parse(authToken); //verify signature for client - if (NodeConfig.KeyStore.VerifyJwt(jwt, false)) + if (_sysState.KeyStore.VerifyJwt(jwt, false)) { //Validated as normal client } //May be signed by a cache server - else if (NodeConfig.KeyStore.VerifyJwt(jwt, true)) + else if (_sysState.KeyStore.VerifyJwt(jwt, true)) { //Set peer and verified flag since the another cache server signed the request state.IsPeer = true; @@ -114,11 +110,11 @@ namespace VNLib.Data.Caching.ObjectCache.Server.Endpoints //Verified, now we can create an auth message with a short expiration JsonWebToken auth = new(); - auth.WriteHeader(NodeConfig.KeyStore.GetJwtHeader()); + auth.WriteHeader(_sysState.KeyStore.GetJwtHeader()); auth.InitPayloadClaim() .AddClaim("aud", AudienceLocalServerId) .AddClaim("iat", now.ToUnixTimeSeconds()) - .AddClaim("exp", now.Add(AuthTokenExpiration).ToUnixTimeSeconds()) + .AddClaim("exp", now.Add(CacheConstants.ClientAuthTokenExpiration).ToUnixTimeSeconds()) .AddClaim("nonce", RandomHash.GetRandomBase32(8)) .AddClaim("chl", state.Challenge!) //Set the ispeer flag if the request was signed by a cache server @@ -134,7 +130,7 @@ namespace VNLib.Data.Caching.ObjectCache.Server.Endpoints .CommitClaims(); //Sign the auth message from our private key - NodeConfig.KeyStore.SignJwt(auth); + _sysState.KeyStore.SignJwt(auth); return auth; } @@ -150,7 +146,7 @@ namespace VNLib.Data.Caching.ObjectCache.Server.Endpoints using JsonWebToken jwt = JsonWebToken.Parse(upgradeToken); //verify signature against the cache public key, since this server must have signed it - if (!NodeConfig.KeyStore.VerifyCachePeer(jwt)) + if (!_sysState.KeyStore.VerifyCachePeer(jwt)) { return false; } @@ -172,7 +168,7 @@ namespace VNLib.Data.Caching.ObjectCache.Server.Endpoints } //Check node ip address matches if required - if (NodeConfig.VerifyIp) + if (_sysState.ClusterConfig.VerifyIp) { if (!doc.RootElement.TryGetProperty("ip", out JsonElement ipEl)) { @@ -198,7 +194,7 @@ namespace VNLib.Data.Caching.ObjectCache.Server.Endpoints } //Verify token signature against a fellow cache public key - return NodeConfig.KeyStore.VerifyUpgradeToken(tokenSignature, upgradeToken, isPeer); + return _sysState.KeyStore.VerifyUpgradeToken(tokenSignature, upgradeToken, isPeer); } } } |