diff options
Diffstat (limited to 'Plugins/SessionCacheServer/Endpoints/BrokerHeartBeat.cs')
| -rw-r--r-- | Plugins/SessionCacheServer/Endpoints/BrokerHeartBeat.cs | 38 |
1 files changed, 18 insertions, 20 deletions
diff --git a/Plugins/SessionCacheServer/Endpoints/BrokerHeartBeat.cs b/Plugins/SessionCacheServer/Endpoints/BrokerHeartBeat.cs index bad0f7a..2e380a3 100644 --- a/Plugins/SessionCacheServer/Endpoints/BrokerHeartBeat.cs +++ b/Plugins/SessionCacheServer/Endpoints/BrokerHeartBeat.cs @@ -29,9 +29,7 @@ using System.Text.Json; using System.Threading; using System.Threading.Tasks; using System.Collections.Generic; -using System.Security.Cryptography; -using VNLib.Data.Caching.Extensions; using VNLib.Hashing.IdentityUtility; using VNLib.Plugins.Essentials.Endpoints; using VNLib.Plugins.Essentials.Extensions; @@ -48,7 +46,12 @@ namespace VNLib.Plugins.Essentials.Sessions.Server.Endpoints private readonly Task<IPAddress[]> BrokerIpList; private readonly PluginBase Pbase; - protected override ProtectionSettings EndpointProtectionSettings { get; } + protected override ProtectionSettings EndpointProtectionSettings { get; } = new() + { + DisableBrowsersOnly = true, + DisableSessionsRequired = true, + DisableVerifySessionCors = true + }; public BrokerHeartBeat(Func<string> token, ManualResetEvent keepaliveSet, Uri brokerUri, PluginBase pbase) { @@ -57,20 +60,13 @@ namespace VNLib.Plugins.Essentials.Sessions.Server.Endpoints BrokerIpList = Dns.GetHostAddressesAsync(brokerUri.DnsSafeHost); this.Pbase = pbase; - - EndpointProtectionSettings = new() - { - BrowsersOnly = false, - SessionsRequired = false, - VerifySessionCors = false, - }; } - private async Task<byte[]> GetBrokerPubAsync() + private async Task<ReadOnlyJsonWebKey> GetBrokerPubAsync() { - string? brokerPubKey = await Pbase.TryGetSecretAsync("broker_public_key") ?? throw new KeyNotFoundException("Missing required secret : broker_public_key"); + using SecretResult brokerPubKey = await Pbase.TryGetSecretAsync("broker_public_key") ?? throw new KeyNotFoundException("Missing required secret : broker_public_key"); - return Convert.FromBase64String(brokerPubKey); + return brokerPubKey.GetJsonWebKey(); } protected override async ValueTask<VfReturnType> GetAsync(HttpEntity entity) @@ -89,35 +85,36 @@ namespace VNLib.Plugins.Essentials.Sessions.Server.Endpoints } //Get the authorization jwt string? jwtAuth = entity.Server.Headers[HttpRequestHeader.Authorization]; + if (string.IsNullOrWhiteSpace(jwtAuth)) { //Token invalid entity.CloseResponse(HttpStatusCode.Forbidden); return VfReturnType.VirtualSkip; } + //Parse the jwt using JsonWebToken jwt = JsonWebToken.Parse(jwtAuth); - //Init signature alg - using (ECDsa alg = ECDsa.Create(FBMDataCacheExtensions.CacheCurve)) - { - //Get pub key - byte[] key = await GetBrokerPubAsync(); - alg.ImportSubjectPublicKeyInfo(key, out _); + //Verify the jwt using the broker's public key certificate + using (ReadOnlyJsonWebKey cert = await GetBrokerPubAsync()) + { //Verify the jwt - if (!jwt.Verify(alg, FBMDataCacheExtensions.CacheJwtAlgorithm)) + if (!jwt.VerifyFromJwk(cert)) { //Token invalid entity.CloseResponse(HttpStatusCode.Forbidden); return VfReturnType.VirtualSkip; } } + string? auth; //Recover the auth token from the jwt using (JsonDocument doc = jwt.GetPayload()) { auth = doc.RootElement.GetProperty("token").GetString(); } + //Verify token if(Token().Equals(auth, StringComparison.Ordinal)) { @@ -126,6 +123,7 @@ namespace VNLib.Plugins.Essentials.Sessions.Server.Endpoints entity.CloseResponse(HttpStatusCode.OK); return VfReturnType.VirtualSkip; } + //Token invalid entity.CloseResponse(HttpStatusCode.Forbidden); return VfReturnType.VirtualSkip; |