added dynamic s3 key generation

This commit is contained in:
Kim 2023-03-09 09:05:59 +01:00
parent 69fed10f69
commit 65624cf1aa
1 changed files with 58 additions and 19 deletions

View File

@ -1,14 +1,17 @@
using System.Diagnostics.CodeAnalysis; using System.Diagnostics.CodeAnalysis;
using System.Net.Http.Headers;
using System.Net.Mail; using System.Net.Mail;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Text; using System.Text;
using System.Text.Json; using System.Text.Json;
using System.Text.Json.Nodes; using System.Text.Json.Nodes;
using System.Text.RegularExpressions;
using Flurl.Http; using Flurl.Http;
using Innovenergy.Backend.Model; using Innovenergy.Backend.Model;
using Innovenergy.Backend.Utils; using Innovenergy.Backend.Utils;
using InnovEnergy.Lib.Utils; using InnovEnergy.Lib.Utils;
using SQLite; using SQLite;
using ResponseExtensions = Flurl.Http.ResponseExtensions;
#pragma warning disable CS0472 #pragma warning disable CS0472
#pragma warning disable CS8602 #pragma warning disable CS8602
@ -59,11 +62,42 @@ public partial class Db
return Create(user); return Create(user);
} }
[UnconditionalSuppressMessage("Trimming", "IL2026:Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code", Justification = "<Pending>")]
private static Byte[] HmacSha256Digest(String message, String secret)
{
var encoding = new UTF8Encoding();
var keyBytes = encoding.GetBytes(secret);
var messageBytes = encoding.GetBytes(message);
var cryptographer = new HMACSHA256(keyBytes);
var bytes = cryptographer.ComputeHash(messageBytes);
return bytes;
}
public String BuildSignature(String method, String path, String data, Int64 time, String secret)
{
var messageToSign = "";
messageToSign += method + " /v2/" + path + "\n";
messageToSign += data + "\n";
// query strings
messageToSign += "\n";
// headers
messageToSign += "\n";
messageToSign += time;
Console.WriteLine("Message to sign:\n" + messageToSign);
var hmac = HmacSha256Digest(messageToSign, secret);
return Convert.ToBase64String(hmac);
}
public Object CreateAndSaveUserS3ApiKey(User user) public Object CreateAndSaveUserS3ApiKey(User user)
{ {
//EXOSCALE API URL //EXOSCALE API URL
const String url = "https://api-ch-dk-2.exoscale.com/v2/access-key"; const String url = "https://api-ch-dk-2.exoscale.com/v2/";
const String path = "access-key";
const String secret = "S2K1okphiCSNK4mzqr4swguFzngWAMb1OoSlZsJa9F0"; const String secret = "S2K1okphiCSNK4mzqr4swguFzngWAMb1OoSlZsJa9F0";
const String apiKey = "EXOb98ec9008e3ec16e19d7b593"; const String apiKey = "EXOb98ec9008e3ec16e19d7b593";
@ -80,27 +114,32 @@ public partial class Db
instList.Add(new JsonObject {["domain"] = "sos",["resource-name"] = installation.Name,["resource-type"] = "bucket"}); instList.Add(new JsonObject {["domain"] = "sos",["resource-name"] = installation.Name,["resource-type"] = "bucket"});
} }
var jsonPayload = new JsonObject { ["name"] = user.Email, ["operations"] = new JsonArray{ "getObject", "listBucket" }, ["content"] = instList}; var jsonPayload = new JsonObject { ["name"] = user.Email, ["operations"] = new JsonArray{ "list-sos-bucket", "get-sos-object" }, ["content"] = instList};
var expiration = DateTime.Now.AddSeconds(60); var stringPayload = jsonPayload.ToJsonString();
var signature = $"POST /v2/access-key\n{jsonPayload}\n\n\n{((DateTimeOffset)expiration).ToUnixTimeSeconds()}"; var unixExpiration = DateTimeOffset.UtcNow.ToUnixTimeSeconds()+60;
using var hmacSha256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret)); var signature = BuildSignature("POST", path, stringPayload, unixExpiration , secret);
signature = Encoding.UTF8 var authHeader = "credential="+apiKey+",expires="+unixExpiration+",signature="+signature;
.GetBytes(signature)
.Apply(hmacSha256.ComputeHash)
.Apply(Convert.ToBase64String);
var keyJson = url var client = new HttpClient();
.WithHeader("Authorization", client.DefaultRequestHeaders.Authorization =
$"EXO2-HMAC-SHA256 credential={apiKey},expires={((DateTimeOffset)expiration).ToUnixTimeSeconds()},signature={signature}"); new AuthenticationHeaderValue("EXO2-HMAC-SHA256", authHeader);
var content = new StringContent(stringPayload, Encoding.UTF8, "application/json");
var result = keyJson.PostJsonAsync(jsonPayload.ToString()) var response = client.PostAsync(url+path, content).Result;
.ReceiveJson()
.Result; if (response.StatusCode.ToString() != "OK")
return result; {
// return SetUserS3ApiKey(user, keyJson.GetValue("key")); return response;
}
var responseString = response.Content.ReadAsStringAsync().Result;
var newKey = Enumerable.Last(Regex.Match(responseString, "key\\\":\\\"([A-Z])\\w+").ToString().Split('"'));
return SetUserS3ApiKey(user, newKey);
} }
public Result SetUserS3ApiKey(User user, String key) public Result SetUserS3ApiKey(User user, String key)