Try to fix boardcasting with Antigravity.
This commit is contained in:
@@ -50,25 +50,23 @@ public static class AuthHelper
|
||||
|
||||
public static bool IsServerTokenValid(HttpContext context, PeerCache peerCache)
|
||||
{
|
||||
var serverUrl = context.Request.Headers["X-Server-Url"].ToString().Trim().TrimEnd('/');
|
||||
var serverId = context.Request.Headers["X-Server-Id"].ToString().Trim();
|
||||
var serverToken = context.Request.Headers["X-Server-Token"].ToString();
|
||||
|
||||
if (string.IsNullOrEmpty(serverUrl) || string.IsNullOrEmpty(serverToken))
|
||||
if (string.IsNullOrEmpty(serverId) || string.IsNullOrEmpty(serverToken))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// 1. Verify if it's a handshaked downstream peer calling us (upstream verification)
|
||||
if (peerCache.VerifySessionToken(serverUrl, serverToken))
|
||||
if (peerCache.VerifySessionToken(serverId, serverToken))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// 2. Verify if it's our configured upstream calling us (downstream verification)
|
||||
var configuration = context.RequestServices.GetRequiredService<IConfiguration>();
|
||||
var destUrl = (configuration["Sync:DestinationServerUrl"] ?? "").Trim().TrimEnd('/');
|
||||
|
||||
if (!string.IsNullOrEmpty(destUrl) && string.Equals(serverUrl, destUrl, StringComparison.OrdinalIgnoreCase))
|
||||
if (!string.IsNullOrEmpty(SyncEndpoints.UpstreamServerGuid) &&
|
||||
string.Equals(serverId, SyncEndpoints.UpstreamServerGuid, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
// The request is coming from our upstream. Verify the token matches the one we received during handshake!
|
||||
if (!string.IsNullOrEmpty(SyncEndpoints.UpstreamSessionToken) &&
|
||||
|
||||
@@ -6,29 +6,44 @@ namespace SNote.Server.Security;
|
||||
|
||||
public class PeerCache
|
||||
{
|
||||
// Mapping: PeerUrl (normalized) -> PeerDetails (SessionToken, PublicKeyPem)
|
||||
// Mapping: PeerGuid -> PeerDetails (SessionToken, PublicKeyPem, PeerUrl)
|
||||
private readonly ConcurrentDictionary<string, PeerDetails> _downstreamPeers = new(StringComparer.OrdinalIgnoreCase);
|
||||
private readonly ConcurrentDictionary<string, DateTime> _recentBroadcastIds = new(StringComparer.OrdinalIgnoreCase);
|
||||
|
||||
public void RegisterPeer(string peerUrl, string sessionToken, string publicKeyPem)
|
||||
public void RegisterPeer(string peerGuid, string sessionToken, string publicKeyPem, string peerUrl)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(peerUrl) || string.IsNullOrWhiteSpace(sessionToken)) return;
|
||||
if (string.IsNullOrWhiteSpace(peerGuid) || string.IsNullOrWhiteSpace(sessionToken)) return;
|
||||
|
||||
var cleanUrl = peerUrl.Trim().TrimEnd('/');
|
||||
var details = new PeerDetails(sessionToken, publicKeyPem.Trim());
|
||||
var details = new PeerDetails(sessionToken, publicKeyPem.Trim(), cleanUrl);
|
||||
|
||||
_downstreamPeers[cleanUrl] = details;
|
||||
Console.WriteLine($"[PeerCache] Registered downstream peer node: {cleanUrl} with secure session token.");
|
||||
_downstreamPeers[peerGuid] = details;
|
||||
Console.WriteLine($"[PeerCache] Registered downstream peer node: {peerGuid} (URL: {cleanUrl}) with secure session token.");
|
||||
}
|
||||
|
||||
public void RemovePeer(string peerUrl)
|
||||
public void RemovePeer(string peerGuid)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(peerGuid)) return;
|
||||
|
||||
if (_downstreamPeers.TryRemove(peerGuid, out var details))
|
||||
{
|
||||
Console.WriteLine($"[PeerCache] Evicted offline peer node: {peerGuid} (URL: {details.PeerUrl})");
|
||||
}
|
||||
}
|
||||
|
||||
public void RemovePeerByUrl(string peerUrl)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(peerUrl)) return;
|
||||
|
||||
var cleanUrl = peerUrl.Trim().TrimEnd('/');
|
||||
if (_downstreamPeers.TryRemove(cleanUrl, out _))
|
||||
foreach (var kvp in _downstreamPeers)
|
||||
{
|
||||
Console.WriteLine($"[PeerCache] Evicted offline peer node: {cleanUrl}");
|
||||
if (string.Equals(kvp.Value.PeerUrl, cleanUrl, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
if (_downstreamPeers.TryRemove(kvp.Key, out _))
|
||||
{
|
||||
Console.WriteLine($"[PeerCache] Evicted offline peer node by URL: {cleanUrl} (GUID: {kvp.Key})");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -37,36 +52,46 @@ public class PeerCache
|
||||
return new List<string>(_downstreamPeers.Keys);
|
||||
}
|
||||
|
||||
public string? GetToken(string peerUrl)
|
||||
public string? GetToken(string peerGuid)
|
||||
{
|
||||
var cleanUrl = peerUrl.Trim().TrimEnd('/');
|
||||
return _downstreamPeers.TryGetValue(cleanUrl, out var details) ? details.SessionToken : null;
|
||||
return _downstreamPeers.TryGetValue(peerGuid, out var details) ? details.SessionToken : null;
|
||||
}
|
||||
|
||||
public string? GetPublicKey(string peerUrl)
|
||||
public string? GetPublicKey(string peerGuid)
|
||||
{
|
||||
var cleanUrl = peerUrl.Trim().TrimEnd('/');
|
||||
return _downstreamPeers.TryGetValue(cleanUrl, out var details) ? details.PublicKeyPem : null;
|
||||
return _downstreamPeers.TryGetValue(peerGuid, out var details) ? details.PublicKeyPem : null;
|
||||
}
|
||||
|
||||
public bool VerifySessionToken(string peerUrl, string token)
|
||||
public string? GetPublicKeyByUrl(string peerUrl)
|
||||
{
|
||||
if (string.IsNullOrEmpty(peerUrl) || string.IsNullOrEmpty(token)) return false;
|
||||
var cleanUrl = peerUrl.Trim().TrimEnd('/');
|
||||
foreach (var details in _downstreamPeers.Values)
|
||||
{
|
||||
if (string.Equals(details.PeerUrl, cleanUrl, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
return details.PublicKeyPem;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public bool VerifySessionToken(string peerGuid, string token)
|
||||
{
|
||||
if (string.IsNullOrEmpty(peerGuid) || string.IsNullOrEmpty(token)) return false;
|
||||
|
||||
var cleanUrl = peerUrl.Trim().TrimEnd('/');
|
||||
if (_downstreamPeers.TryGetValue(cleanUrl, out var details))
|
||||
if (_downstreamPeers.TryGetValue(peerGuid, out var details))
|
||||
{
|
||||
return string.Equals(details.SessionToken, token, StringComparison.Ordinal);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public List<(string Url, string Token)> GetActivePeers()
|
||||
public List<(string Guid, string Url, string Token)> GetActivePeers()
|
||||
{
|
||||
var list = new List<(string Url, string Token)>();
|
||||
var list = new List<(string Guid, string Url, string Token)>();
|
||||
foreach (var kvp in _downstreamPeers)
|
||||
{
|
||||
list.Add((kvp.Key, kvp.Value.SessionToken));
|
||||
list.Add((kvp.Key, kvp.Value.PeerUrl, kvp.Value.SessionToken));
|
||||
}
|
||||
return list;
|
||||
}
|
||||
@@ -89,4 +114,4 @@ public class PeerCache
|
||||
}
|
||||
}
|
||||
|
||||
public record PeerDetails(string SessionToken, string PublicKeyPem);
|
||||
public record PeerDetails(string SessionToken, string PublicKeyPem, string PeerUrl);
|
||||
|
||||
Reference in New Issue
Block a user