added dynamic s3 key generation
This commit is contained in:
parent
69fed10f69
commit
65624cf1aa
|
@ -1,14 +1,17 @@
|
||||||
using System.Diagnostics.CodeAnalysis;
|
using System.Diagnostics.CodeAnalysis;
|
||||||
|
using System.Net.Http.Headers;
|
||||||
using System.Net.Mail;
|
using System.Net.Mail;
|
||||||
using System.Security.Cryptography;
|
using System.Security.Cryptography;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
using System.Text.Json;
|
using System.Text.Json;
|
||||||
using System.Text.Json.Nodes;
|
using System.Text.Json.Nodes;
|
||||||
|
using System.Text.RegularExpressions;
|
||||||
using Flurl.Http;
|
using Flurl.Http;
|
||||||
using Innovenergy.Backend.Model;
|
using Innovenergy.Backend.Model;
|
||||||
using Innovenergy.Backend.Utils;
|
using Innovenergy.Backend.Utils;
|
||||||
using InnovEnergy.Lib.Utils;
|
using InnovEnergy.Lib.Utils;
|
||||||
using SQLite;
|
using SQLite;
|
||||||
|
using ResponseExtensions = Flurl.Http.ResponseExtensions;
|
||||||
|
|
||||||
#pragma warning disable CS0472
|
#pragma warning disable CS0472
|
||||||
#pragma warning disable CS8602
|
#pragma warning disable CS8602
|
||||||
|
@ -59,11 +62,42 @@ public partial class Db
|
||||||
return Create(user);
|
return Create(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
[UnconditionalSuppressMessage("Trimming", "IL2026:Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code", Justification = "<Pending>")]
|
|
||||||
|
private static Byte[] HmacSha256Digest(String message, String secret)
|
||||||
|
{
|
||||||
|
var encoding = new UTF8Encoding();
|
||||||
|
var keyBytes = encoding.GetBytes(secret);
|
||||||
|
var messageBytes = encoding.GetBytes(message);
|
||||||
|
var cryptographer = new HMACSHA256(keyBytes);
|
||||||
|
|
||||||
|
var bytes = cryptographer.ComputeHash(messageBytes);
|
||||||
|
return bytes;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String BuildSignature(String method, String path, String data, Int64 time, String secret)
|
||||||
|
{
|
||||||
|
var messageToSign = "";
|
||||||
|
messageToSign += method + " /v2/" + path + "\n";
|
||||||
|
messageToSign += data + "\n";
|
||||||
|
|
||||||
|
// query strings
|
||||||
|
messageToSign += "\n";
|
||||||
|
// headers
|
||||||
|
messageToSign += "\n";
|
||||||
|
|
||||||
|
messageToSign += time;
|
||||||
|
|
||||||
|
Console.WriteLine("Message to sign:\n" + messageToSign);
|
||||||
|
|
||||||
|
|
||||||
|
var hmac = HmacSha256Digest(messageToSign, secret);
|
||||||
|
return Convert.ToBase64String(hmac);
|
||||||
|
}
|
||||||
public Object CreateAndSaveUserS3ApiKey(User user)
|
public Object CreateAndSaveUserS3ApiKey(User user)
|
||||||
{
|
{
|
||||||
//EXOSCALE API URL
|
//EXOSCALE API URL
|
||||||
const String url = "https://api-ch-dk-2.exoscale.com/v2/access-key";
|
const String url = "https://api-ch-dk-2.exoscale.com/v2/";
|
||||||
|
const String path = "access-key";
|
||||||
const String secret = "S2K1okphiCSNK4mzqr4swguFzngWAMb1OoSlZsJa9F0";
|
const String secret = "S2K1okphiCSNK4mzqr4swguFzngWAMb1OoSlZsJa9F0";
|
||||||
const String apiKey = "EXOb98ec9008e3ec16e19d7b593";
|
const String apiKey = "EXOb98ec9008e3ec16e19d7b593";
|
||||||
|
|
||||||
|
@ -80,27 +114,32 @@ public partial class Db
|
||||||
instList.Add(new JsonObject {["domain"] = "sos",["resource-name"] = installation.Name,["resource-type"] = "bucket"});
|
instList.Add(new JsonObject {["domain"] = "sos",["resource-name"] = installation.Name,["resource-type"] = "bucket"});
|
||||||
}
|
}
|
||||||
|
|
||||||
var jsonPayload = new JsonObject { ["name"] = user.Email, ["operations"] = new JsonArray{ "getObject", "listBucket" }, ["content"] = instList};
|
var jsonPayload = new JsonObject { ["name"] = user.Email, ["operations"] = new JsonArray{ "list-sos-bucket", "get-sos-object" }, ["content"] = instList};
|
||||||
var expiration = DateTime.Now.AddSeconds(60);
|
var stringPayload = jsonPayload.ToJsonString();
|
||||||
|
|
||||||
var signature = $"POST /v2/access-key\n{jsonPayload}\n\n\n{((DateTimeOffset)expiration).ToUnixTimeSeconds()}";
|
var unixExpiration = DateTimeOffset.UtcNow.ToUnixTimeSeconds()+60;
|
||||||
using var hmacSha256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret));
|
var signature = BuildSignature("POST", path, stringPayload, unixExpiration , secret);
|
||||||
|
|
||||||
signature = Encoding.UTF8
|
var authHeader = "credential="+apiKey+",expires="+unixExpiration+",signature="+signature;
|
||||||
.GetBytes(signature)
|
|
||||||
.Apply(hmacSha256.ComputeHash)
|
|
||||||
.Apply(Convert.ToBase64String);
|
|
||||||
|
|
||||||
var keyJson = url
|
var client = new HttpClient();
|
||||||
.WithHeader("Authorization",
|
client.DefaultRequestHeaders.Authorization =
|
||||||
$"EXO2-HMAC-SHA256 credential={apiKey},expires={((DateTimeOffset)expiration).ToUnixTimeSeconds()},signature={signature}");
|
new AuthenticationHeaderValue("EXO2-HMAC-SHA256", authHeader);
|
||||||
|
|
||||||
|
var content = new StringContent(stringPayload, Encoding.UTF8, "application/json");
|
||||||
|
|
||||||
|
|
||||||
var result = keyJson.PostJsonAsync(jsonPayload.ToString())
|
var response = client.PostAsync(url+path, content).Result;
|
||||||
.ReceiveJson()
|
|
||||||
.Result;
|
if (response.StatusCode.ToString() != "OK")
|
||||||
return result;
|
{
|
||||||
// return SetUserS3ApiKey(user, keyJson.GetValue("key"));
|
return response;
|
||||||
|
}
|
||||||
|
|
||||||
|
var responseString = response.Content.ReadAsStringAsync().Result;
|
||||||
|
var newKey = Enumerable.Last(Regex.Match(responseString, "key\\\":\\\"([A-Z])\\w+").ToString().Split('"'));
|
||||||
|
return SetUserS3ApiKey(user, newKey);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public Result SetUserS3ApiKey(User user, String key)
|
public Result SetUserS3ApiKey(User user, String key)
|
||||||
|
|
Loading…
Reference in New Issue