Try to fix boardcasting issue.

This commit is contained in:
Creeper Lv
2026-06-01 07:46:03 +10:00
parent c60540fb2b
commit 78a99dc279
+25 -2
View File
@@ -3,7 +3,10 @@ using System.Security.Claims;
using System.IdentityModel.Tokens.Jwt; using System.IdentityModel.Tokens.Jwt;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.IdentityModel.Tokens; using Microsoft.IdentityModel.Tokens;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using SNote.Server.Security; using SNote.Server.Security;
using SNote.Server.Endpoints;
namespace SNote.Server.Security; namespace SNote.Server.Security;
@@ -47,7 +50,7 @@ public static class AuthHelper
public static bool IsServerTokenValid(HttpContext context, PeerCache peerCache) public static bool IsServerTokenValid(HttpContext context, PeerCache peerCache)
{ {
var serverUrl = context.Request.Headers["X-Server-Url"].ToString(); var serverUrl = context.Request.Headers["X-Server-Url"].ToString().Trim().TrimEnd('/');
var serverToken = context.Request.Headers["X-Server-Token"].ToString(); var serverToken = context.Request.Headers["X-Server-Token"].ToString();
if (string.IsNullOrEmpty(serverUrl) || string.IsNullOrEmpty(serverToken)) if (string.IsNullOrEmpty(serverUrl) || string.IsNullOrEmpty(serverToken))
@@ -55,7 +58,27 @@ public static class AuthHelper
return false; return false;
} }
return peerCache.VerifySessionToken(serverUrl, serverToken); // 1. Verify if it's a handshaked downstream peer calling us (upstream verification)
if (peerCache.VerifySessionToken(serverUrl, serverToken))
{
return true;
}
// 2. Verify if it's our configured upstream calling us (downstream verification)
var configuration = context.RequestServices.GetRequiredService<IConfiguration>();
var destUrl = (configuration["Sync:DestinationServerUrl"] ?? "").Trim().TrimEnd('/');
if (!string.IsNullOrEmpty(destUrl) && string.Equals(serverUrl, destUrl, StringComparison.OrdinalIgnoreCase))
{
// The request is coming from our upstream. Verify the token matches the one we received during handshake!
if (!string.IsNullOrEmpty(SyncEndpoints.UpstreamSessionToken) &&
string.Equals(SyncEndpoints.UpstreamSessionToken, serverToken, StringComparison.Ordinal))
{
return true;
}
}
return false;
} }
// Helper to generate a server token for outgoing sync requests // Helper to generate a server token for outgoing sync requests