Skip to content

Commit

Permalink
MV Auth: Add User claim
Browse files Browse the repository at this point in the history
  • Loading branch information
@Skyedra
Skyedra committed Aug 14, 2024
1 parent 085a23a commit 12a8fca
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 5 deletions.
3 changes: 1 addition & 2 deletions Robust.Client/Console/Commands/LauncherAuthCommand.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ public override void Execute(IConsoleShell shell, string argStr, string[] args)
using var con = new SqliteConnection($"Data Source={dbPath};Mode=ReadOnly");
con.Open();
using var cmd = con.CreateCommand();
cmd.CommandText = "SELECT UserName, PublicKey, PrivateKey FROM LoginMV";
cmd.CommandText = "SELECT UserName, PublicKey, PrivateKey FROM LoginMVKey";

if (wantName != null)
{
Expand Down Expand Up @@ -67,7 +67,6 @@ public override void Execute(IConsoleShell shell, string argStr, string[] args)
.AddClaim("exp", DateTimeOffset.UtcNow.AddMinutes(5).ToUnixTimeSeconds()) // expiry
.AddClaim("nbf", DateTimeOffset.UtcNow.AddMinutes(-5).ToUnixTimeSeconds()) // not before
.AddClaim("iat", DateTimeOffset.UtcNow) // issued at
.AddClaim("jti", "TODO") // TODO
.AddClaim("aud", "TODO") // TODO
.AddClaim("preferredUserName", userName)
.Encode();
Expand Down
39 changes: 36 additions & 3 deletions Robust.Shared/Network/NetManager.ServerAuth.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
using System.Net.Http;
using System.Net.Http.Json;
using System.Security.Cryptography;
using System.Text.Json.Nodes;
using System.Threading.Tasks;
using JWT;
using JWT.Algorithms;
Expand Down Expand Up @@ -144,6 +145,8 @@ private async void HandleHandshake(NetPeerData peer, NetConnection connection)
var userPublicKey = ECDsa.Create();
userPublicKey.ImportFromPem(userPublicKeyString);

string jwtJsonString = "";

try
{
IJsonSerializer serializer = new JsonNetSerializer();
Expand All @@ -153,8 +156,7 @@ private async void HandleHandshake(NetPeerData peer, NetConnection connection)
IJwtAlgorithm algorithm = new ES256Algorithm(userPublicKey);
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm);

var jwtJson = decoder.Decode(userJWTString);

jwtJsonString = decoder.Decode(userJWTString);
}
catch (TokenNotYetValidException)
{
Expand All @@ -178,10 +180,41 @@ private async void HandleHandshake(NetPeerData peer, NetConnection connection)
return;
}

if (String.IsNullOrEmpty(jwtJsonString))
{
connection.Disconnect("JWT Validation Error - No JSON in JWT.");
return;
}

// Verify JWT is actually for this server
JsonNode? jsonNode = JsonNode.Parse(jwtJsonString);

if (jsonNode == null)
{
connection.Disconnect("JWT Validation Error - Bad/Missing JSON in JWT.");
return;
}

var audienceClaimNode = jsonNode["aud"];
if (audienceClaimNode == null)
{
connection.Disconnect("JWT Validation Error - No audience claim in JWT.");
return;
}

string signedForServerInJWT = audienceClaimNode.GetValue<string>();
string serverSignatureBase64 = Convert.ToBase64String(CryptoPublicKey);
if (signedForServerInJWT != serverSignatureBase64)
{
// It could just be that the server recently restarted and launcher has old key.
connection.Disconnect("JWT Validation Error\nJWT appears to be for another server.\nTry returning to launcher and reconnect.");
return;
}

_logger.Verbose(
$"{connection.RemoteEndPoint}: JWT appears valid");

// TODO - Find user based on public key
// Find user based on public key

// Get public key in byte format. This should be a bit more efficient than
// doing lookups based on base64() keys, and by using the parsed ES256 object
Expand Down

0 comments on commit 12a8fca

Please sign in to comment.