diff options
4 files changed, 13 insertions, 48 deletions
diff --git a/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionConfig.cs b/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionConfig.cs index 9e612d5..ab36e25 100644 --- a/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionConfig.cs +++ b/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionConfig.cs @@ -22,10 +22,10 @@ * along with this program. If not, see https://www.gnu.org/licenses/. */ -using System; using System.Text.Json.Serialization; using VNLib.Plugins.Extensions.Loading; +using VNLib.Plugins.Extensions.Loading.Configuration; namespace VNLib.Plugins.Sessions.OAuth @@ -47,27 +47,12 @@ namespace VNLib.Plugins.Sessions.OAuth [JsonPropertyName("access_token_type")] public string TokenType { get; set; } = "Bearer"; - public void Validate() + public void OnValidate() { - if (MaxTokensPerApp < 1) - { - throw new ArgumentOutOfRangeException("max_tokens_per_app", "You must configure at least 1 Oatuh2 access token per application, or disable this plugin"); - } - - if (AccessTokenSize < 16) - { - throw new ArgumentOutOfRangeException("access_token_size", "You must configure an access token size of at least 16 bytes in length"); - } - - if (TokenLifeTimeSeconds < 1) - { - throw new ArgumentOutOfRangeException("token_valid_for_sec", "You must configure an access token lifetime"); - } - - if (string.IsNullOrWhiteSpace(CachePrefix)) - { - throw new ArgumentException("You must specify a cache prefix", "cache_prefix"); - } + Validate.Range(MaxTokensPerApp, 1, int.MaxValue); + Validate.Range(AccessTokenSize, 16, int.MaxValue); + Validate.Range(TokenLifeTimeSeconds, 1, int.MaxValue); + Validate.NotNull(CachePrefix, "You must specify a cache prefix"); } } }
\ No newline at end of file diff --git a/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionProvider.cs b/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionProvider.cs index bc06052..fe176d6 100644 --- a/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionProvider.cs +++ b/libs/VNLib.Plugins.Sessions.OAuth/src/OAuth2SessionProvider.cs @@ -71,6 +71,8 @@ namespace VNLib.Plugins.Sessions.OAuth TokenStore = new(plugin.GetContextOptions()); _tokenTypeString = $"client_credential,{_tokenFactory.TokenType}"; + _maxConnections = config.GetValueOrDefault("max_connections", p => p.GetUInt32(), 1000u); + //Schedule interval plugin.ScheduleInterval(this, TimeSpan.FromMinutes(2)); @@ -168,7 +170,7 @@ namespace VNLib.Plugins.Sessions.OAuth session.Invalidate(); //Clears important security variables - InitNewSession(session, null); + InitNewSession(session, app: null); } return new SessionHandle(session, OnSessionReleases); @@ -198,7 +200,7 @@ namespace VNLib.Plugins.Sessions.OAuth await _sessions.CommitSessionAsync(newSession); //Init new token result to pass to client - return new OAuth2TokenResult() + return new OAuth2TokenResult { ExpiresSeconds = (int)_tokenFactory.SessionValidFor.TotalSeconds, TokenType = _tokenFactory.TokenType, diff --git a/libs/VNLib.Plugins.Sessions.VNCache/src/WebSession.cs b/libs/VNLib.Plugins.Sessions.VNCache/src/WebSession.cs index 8cdf73b..85389be 100644 --- a/libs/VNLib.Plugins.Sessions.VNCache/src/WebSession.cs +++ b/libs/VNLib.Plugins.Sessions.VNCache/src/WebSession.cs @@ -1,5 +1,5 @@ /* -* Copyright (c) 2023 Vaughn Nugent +* Copyright (c) 2024 Vaughn Nugent * * Library: VNLib * Package: VNLib.Plugins.Essentials.Sessions.VNCache @@ -33,7 +33,7 @@ using VNLib.Plugins.Sessions.Cache.Client; namespace VNLib.Plugins.Sessions.VNCache { - internal class WebSession(string sessionId, IDictionary<string, string> sessionData, bool isNew) + internal sealed class WebSession(string sessionId, IDictionary<string, string> sessionData, bool isNew) : RemoteSession(sessionId, sessionData, isNew) { internal void InitNewSession(IHttpEvent entity) diff --git a/plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs b/plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs index 6a21ded..e8578a8 100644 --- a/plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs +++ b/plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs @@ -48,7 +48,6 @@ namespace VNLib.Plugins.Essentials.Sessions if (session.IsSet) { - /* * Check if the session was established over a secure connection, * and if the current connection is insecure, redirect them to a @@ -72,25 +71,6 @@ namespace VNLib.Plugins.Essentials.Sessions //If session is not new, then verify it matches stored credentials if (!session.IsNew && session.SessionType == SessionType.Web) { - /* - * When sessions are created for connections that come from a different - * origin, their origin is stored for later. - * - * If the session was created from a different origin or the current connection - * is cross origin, then the origin must match the stored origin. - */ - - if (_secConfig.EnforceStrictCors) - { - if ((entity.Server.CrossOrigin || session.CrossOrigin) - && !session.CrossOriginMatch - && entity.Server.Origin != null) - { - _log.Debug("Denied connection from {0} due to cross-origin session mismatch.", entity.TrustedRemoteIp); - return ValueTask.FromResult(FileProcessArgs.Deny); - } - } - if (_secConfig.EnfoceStrictTlsProtocol) { //Try to prevent security downgrade attacks @@ -105,11 +85,9 @@ namespace VNLib.Plugins.Essentials.Sessions return ValueTask.FromResult(FileProcessArgs.Continue); } - + sealed class SecConfig { - [JsonPropertyName("strict_cors")] - public bool EnforceStrictCors { get; set; } = true; [JsonPropertyName("strict_tls_protocol")] public bool EnfoceStrictTlsProtocol { get; set; } = true; |