diff options
author | vnugent <public@vaughnnugent.com> | 2023-03-25 14:25:21 -0400 |
---|---|---|
committer | vnugent <public@vaughnnugent.com> | 2023-03-25 14:25:21 -0400 |
commit | a37e01df6b8c10525ea4311344959fe5273059c1 (patch) | |
tree | 0d8cc9775a08a3ad9ddb4a4be71a54066945899e /libs | |
parent | 373247c40cefdd5920b3d0e03c7e42239269c5bd (diff) |
Defer cors to host/middleware/user code
Diffstat (limited to 'libs')
4 files changed, 25 insertions, 70 deletions
diff --git a/libs/VNLib.Plugins.Sessions.OAuth/src/Endpoints/AccessTokenEndpoint.cs b/libs/VNLib.Plugins.Sessions.OAuth/src/Endpoints/AccessTokenEndpoint.cs index 9f0f35d..a867152 100644 --- a/libs/VNLib.Plugins.Sessions.OAuth/src/Endpoints/AccessTokenEndpoint.cs +++ b/libs/VNLib.Plugins.Sessions.OAuth/src/Endpoints/AccessTokenEndpoint.cs @@ -54,11 +54,11 @@ namespace VNLib.Plugins.Sessions.OAuth.Endpoints private readonly Task<ReadOnlyJsonWebKey?> JWTVerificationKey; //override protection settings to allow most connections to authenticate + ///<inheritdoc/> protected override ProtectionSettings EndpointProtectionSettings { get; } = new() { DisableBrowsersOnly = true, - DisableSessionsRequired = true, - DisableVerifySessionCors = true + DisableSessionsRequired = true }; public AccessTokenEndpoint(PluginBase pbase, IConfigScope config) @@ -120,8 +120,8 @@ namespace VNLib.Plugins.Sessions.OAuth.Endpoints } //Convert the clientid and secret to lowercase - clientId = clientId.ToLower(); - secret = secret.ToLower(); + clientId = clientId.ToLower(null); + secret = secret.ToLower(null); //Convert secret to private string that is unreferrenced using PrivateString secretPv = new(secret, false); diff --git a/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionProvider.cs b/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionProvider.cs index cc550de..d099e3c 100644 --- a/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionProvider.cs +++ b/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionProvider.cs @@ -48,7 +48,7 @@ namespace VNLib.Plugins.Sessions.OAuth /// Provides OAuth2 session management /// </summary> [ConfigurationName(O2SessionProviderEntry.OAUTH2_CONFIG_KEY)] - internal sealed class OAuth2SessionProvider : ISessionProvider, ITokenManager, IApplicationTokenFactory + internal sealed class OAuth2SessionProvider : ISessionProvider, ITokenManager, IApplicationTokenFactory, IIntervalScheduleable { private static readonly SessionHandle Skip = new(null, FileProcessArgs.VirtualSkip, null); @@ -68,6 +68,9 @@ namespace VNLib.Plugins.Sessions.OAuth _tokenFactory = plugin.GetOrCreateSingleton<OAuth2TokenFactory>(); TokenStore = new(plugin.GetContextOptions()); _tokenTypeString = $"client_credential,{_tokenFactory.TokenType}"; + + //Schedule interval + plugin.ScheduleInterval(this, TimeSpan.FromMinutes(2)); } public void SetLog(ILogProvider log) => _sessions.SetLog(log); @@ -196,9 +199,8 @@ namespace VNLib.Plugins.Sessions.OAuth /* * Interval for removing expired tokens */ - - [AsyncInterval(Minutes = 2)] - private async Task OnIntervalAsync(ILogProvider log, CancellationToken cancellationToken) + + public async Task OnIntervalAsync(ILogProvider log, CancellationToken cancellationToken) { //Calculate valid token time DateTime validAfter = DateTime.UtcNow.Subtract(_tokenFactory.SessionValidFor); diff --git a/libs/VNLib.Plugins.Sessions.VNCache/src/IWebSessionIdFactory.cs b/libs/VNLib.Plugins.Sessions.VNCache/src/IWebSessionIdFactory.cs deleted file mode 100644 index 117b839..0000000 --- a/libs/VNLib.Plugins.Sessions.VNCache/src/IWebSessionIdFactory.cs +++ /dev/null @@ -1,58 +0,0 @@ -/* -* Copyright (c) 2022 Vaughn Nugent -* -* Library: VNLib -* Package: VNLib.Plugins.Essentials.Sessions.VNCache -* File: IWebSessionIdFactory.cs -* -* IWebSessionIdFactory.cs is part of VNLib.Plugins.Essentials.Sessions.VNCache which is part of the larger -* VNLib collection of libraries and utilities. -* -* VNLib.Plugins.Essentials.Sessions.VNCache is free software: you can redistribute it and/or modify -* it under the terms of the GNU Affero General Public License as -* published by the Free Software Foundation, either version 3 of the -* License, or (at your option) any later version. -* -* VNLib.Plugins.Essentials.Sessions.VNCache is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU Affero General Public License for more details. -* -* You should have received a copy of the GNU Affero General Public License -* along with this program. If not, see https://www.gnu.org/licenses/. -*/ - -using System; -using System.Diagnostics.CodeAnalysis; - -using VNLib.Net.Http; - -namespace VNLib.Plugins.Sessions.VNCache -{ - /// <summary> - /// Id factory for <see cref="WebSessionProvider"/> - /// </summary> - internal interface IWebSessionIdFactory - { - /// <summary> - /// The maxium amount of time a session is valid for. Sessions will be invalidated - /// after this time - /// </summary> - TimeSpan ValidFor { get; } - - /// <summary> - /// Gets a new session-id for the connection and manipulates the entity as necessary - /// </summary> - /// <param name="entity">The connection to generate the new session for</param> - /// <returns>The new session-id</returns> - string GenerateSessionId(IHttpEvent entity); - - /// <summary> - /// Attempts to recover a session id from - /// </summary> - /// <param name="entity">The entity to get the session-id for</param> - /// <param name="sessionId">The found ID for the session if accepted</param> - /// <returns>True if a session id was found or set for the session</returns> - bool TryGetSessionId(IHttpEvent entity, [NotNullWhen(true)] out string? sessionId); - } -} diff --git a/libs/VNLib.Plugins.Sessions.VNCache/src/WebSessionIdFactory.cs b/libs/VNLib.Plugins.Sessions.VNCache/src/WebSessionIdFactory.cs index 96e9938..03d8980 100644 --- a/libs/VNLib.Plugins.Sessions.VNCache/src/WebSessionIdFactory.cs +++ b/libs/VNLib.Plugins.Sessions.VNCache/src/WebSessionIdFactory.cs @@ -35,7 +35,7 @@ using VNLib.Plugins.Sessions.Cache.Client; namespace VNLib.Plugins.Sessions.VNCache { /// <summary> - /// <see cref="IWebSessionIdFactory"/> implementation, using + /// <see cref="ISessionIdFactory"/> implementation, using /// http cookies as session id storage /// </summary> [ConfigurationName(WebSessionProviderEntry.WEB_SESSION_CONFIG)] @@ -77,13 +77,24 @@ namespace VNLib.Plugins.Sessions.VNCache public string RegenerateId(IHttpEvent entity) { //Random hex hash - string cookie = RandomHash.GetRandomBase32(_cookieSize); + string sessionId = RandomHash.GetRandomBase32(_cookieSize); + + //Create new cookie + HttpCookie cookie = new(SessionCookieName, sessionId) + { + ValidFor = ValidFor, + Secure = true, + HttpOnly = true, + Domain = null, + Path = "/", + SameSite = CookieSameSite.Lax + }; //Set the session id cookie - entity.Server.SetCookie(SessionCookieName, cookie, ValidFor, secure: true, httpOnly: true); + entity.Server.SetCookie(cookie); //return session-id value from cookie value - return cookie; + return sessionId; } public string? TryGetSessionId(IHttpEvent entity) |