Add AuthLifetimeService

Refactor AuthManager

Akari.Prototype.Server/Services/FingerprintManager.cs

@@ -1,12 +1,15 @@
 using Akari.Prototype.Server.Options;
 using Akari.Prototype.Server.Utils;
+using Isopoh.Cryptography.Argon2;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Runtime.InteropServices;
 using System.Text.Json;
+using System.Threading;
 using System.Threading.Tasks;
 
 namespace Akari.Prototype.Server.Services
@@ -16,56 +19,70 @@ namespace Akari.Prototype.Server.Services
         public const string FingerprintsPath = "fingerprints.json";
 
         private readonly ILogger<FingerprintManager> _logger;
-        private readonly IOptions<AkariOptions> _akariOptions;
         private readonly IAuthManager _authManager;
+        private readonly AkariPath _akariPath;
 
-        /// <summary>
-        /// Map token hash to user-friendly name
-        /// </summary>
-        private IDictionary<string, string> _fingerprintNames;
+        private IDictionary<string, string> _tokensHash;
 
-        public FingerprintManager(ILogger<FingerprintManager> logger, IOptions<AkariOptions> akariOptions,
-                                    IAuthManager authManager)
+        public FingerprintManager(ILogger<FingerprintManager> logger, IAuthManager authManager, AkariPath akariPath)
         {
             _logger = logger;
-            _akariOptions = akariOptions;
             _authManager = authManager;
+            _akariPath = akariPath;
 
             LoadFingerprints();
         }
 
         private void LoadFingerprints()
         {
-            var path = AkariPath.GetPath(FingerprintsPath);
+            var path = _akariPath.GetPath(FingerprintsPath);
 
             // Create new
             if (!File.Exists(path))
             {
-                _fingerprintNames = new Dictionary<string, string>();
+                _tokensHash = new Dictionary<string, string>();
 
-                File.WriteAllText(path, JsonSerializer.Serialize(_fingerprintNames));
+                File.WriteAllText(path, JsonSerializer.Serialize(_tokensHash));
             }
             // Load
             else
             {
-                _fingerprintNames = JsonSerializer.Deserialize<IDictionary<string, string>>(File.ReadAllText(path));
+                _tokensHash = JsonSerializer.Deserialize<IDictionary<string, string>>(File.ReadAllText(path));
             }
         }
 
-        public async Task VerifyToken(byte[] token)
+        public void VerifyFingerprint(string name, string token)
         {
-            var hash = Security.Argon2idHash(token);
+            _logger.LogDebug($"Verifying hash for {name}");
 
-            _logger.LogDebug($"Verifying hash: {hash}");
+            var handle = GCHandle.Alloc(token, GCHandleType.Pinned);
 
-            if (!_fingerprintNames.TryGetValue(hash, out var name))
+            if (!_tokensHash.TryGetValue(name, out var hash))
             {
-                _logger.LogDebug($"Unknown hash, aborting: {hash}");
+                _logger.LogDebug($"No fingerprint exist with the name: {name}");
+
+                handle.Free();
 
                 return;
             }
 
-            _authManager.Auth(token, name);
+            if (!Argon2.Verify(hash, token))
+            {
+                _logger.LogDebug($"Token doesn't match stored hash: {name}");
+
+                handle.Free();
+
+                return;
+            }
+
+            try
+            {
+                _authManager.Auth(name, token);
+            }
+            finally
+            {
+                handle.Free();
+            }
         }
     }
 }