WJ accepts Github PAT as author keys

2024-08-30 18:42:17 +00:00 · 2022-03-31 16:55:33 -06:00 · 2022-03-31 16:55:33 -06:00 · b65a014ff7
commit b65a014ff7
parent f21b4569a2
4 changed files with 151 additions and 12 deletions
--- a/Wabbajack.Networking.GitHub/Client.cs
+++ b/Wabbajack.Networking.GitHub/Client.cs
@ -1,12 +1,15 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Net.Http;
+using System.Net.Http.Json;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 using Octokit;
 using Wabbajack.DTOs;
 using Wabbajack.DTOs.GitHub;
 using Wabbajack.DTOs.JsonConverters;
+using Wabbajack.Networking.GitHub.DTOs;

 namespace Wabbajack.Networking.GitHub;

@ -16,9 +19,11 @@ public class Client
    private readonly DTOSerializer _dtos;
    private readonly ILogger<Client> _logger;
    private readonly GithubAuthTokenProvider _token;
+    private readonly HttpClient _httpClient;

-    public Client(ILogger<Client> logger, DTOSerializer dtos, GitHubClient client)
+    public Client(ILogger<Client> logger, DTOSerializer dtos, GitHubClient client, HttpClient httpClient)
    {
+        _httpClient = httpClient;
        _logger = logger;
        _client = client;
        _dtos = dtos;
@ -71,6 +76,16 @@ public class Client
        return (result.Sha, result.Content);
    }

+    public async Task<UserInfo?> GetUserInfoFromPAT(string pat)
+    {
+        var msg = new HttpRequestMessage(HttpMethod.Get, "https://api.github.com/user");
+        msg.Headers.Add("User-Agent", "wabbajack");
+        msg.Headers.Add("Authorization", "Token " + pat);
+        var result = await _httpClient.SendAsync(msg);
+        if (!result.IsSuccessStatusCode) return null;
+        return await result.Content.ReadFromJsonAsync<UserInfo>();
+    }
+
    public async Task PutData(string owner, string repo, string path, string message, string content, string oldSha)
    {
        await _client.Repository.Content.UpdateFile(owner, repo, path, new UpdateFileRequest(message, content, oldSha));
--- a/Wabbajack.Networking.GitHub/DTOs/UserInfo.cs
+++ b/Wabbajack.Networking.GitHub/DTOs/UserInfo.cs
@ -0,0 +1,104 @@
+using System;
+using System.Text.Json.Serialization;
+
+namespace Wabbajack.Networking.GitHub.DTOs;
+
+
+public class UserInfo
+{
+    [JsonPropertyName("login")]
+    public string Login { get; set; } = "";
+
+    [JsonPropertyName("id")]
+    public int Id { get; set; }
+
+    [JsonPropertyName("node_id")]
+    public string NodeId { get; set; }
+
+    [JsonPropertyName("avatar_url")]
+    public string AvatarUrl { get; set; }
+
+    [JsonPropertyName("gravatar_id")]
+    public string GravatarId { get; set; }
+
+    [JsonPropertyName("url")]
+    public string Url { get; set; }
+
+    [JsonPropertyName("html_url")]
+    public string HtmlUrl { get; set; }
+
+    [JsonPropertyName("followers_url")]
+    public string FollowersUrl { get; set; }
+
+    [JsonPropertyName("following_url")]
+    public string FollowingUrl { get; set; }
+
+    [JsonPropertyName("gists_url")]
+    public string GistsUrl { get; set; }
+
+    [JsonPropertyName("starred_url")]
+    public string StarredUrl { get; set; }
+
+    [JsonPropertyName("subscriptions_url")]
+    public string SubscriptionsUrl { get; set; }
+
+    [JsonPropertyName("organizations_url")]
+    public string OrganizationsUrl { get; set; }
+
+    [JsonPropertyName("repos_url")]
+    public string ReposUrl { get; set; }
+
+    [JsonPropertyName("events_url")]
+    public string EventsUrl { get; set; }
+
+    [JsonPropertyName("received_events_url")]
+    public string ReceivedEventsUrl { get; set; }
+
+    [JsonPropertyName("type")]
+    public string Type { get; set; }
+
+    [JsonPropertyName("site_admin")]
+    public bool SiteAdmin { get; set; }
+
+    [JsonPropertyName("name")]
+    public string Name { get; set; }
+
+    [JsonPropertyName("company")]
+    public object Company { get; set; }
+
+    [JsonPropertyName("blog")]
+    public string Blog { get; set; }
+
+    [JsonPropertyName("location")]
+    public string Location { get; set; }
+
+    [JsonPropertyName("email")]
+    public string Email { get; set; }
+
+    [JsonPropertyName("hireable")]
+    public object Hireable { get; set; }
+
+    [JsonPropertyName("bio")]
+    public object Bio { get; set; }
+
+    [JsonPropertyName("twitter_username")]
+    public object TwitterUsername { get; set; }
+
+    [JsonPropertyName("public_repos")]
+    public int PublicRepos { get; set; }
+
+    [JsonPropertyName("public_gists")]
+    public int PublicGists { get; set; }
+
+    [JsonPropertyName("followers")]
+    public int Followers { get; set; }
+
+    [JsonPropertyName("following")]
+    public int Following { get; set; }
+
+    [JsonPropertyName("created_at")]
+    public DateTime CreatedAt { get; set; }
+
+    [JsonPropertyName("updated_at")]
+    public DateTime UpdatedAt { get; set; }
+}
--- a/Wabbajack.Server/ApiKeyAuthorizationHandler.cs
+++ b/Wabbajack.Server/ApiKeyAuthorizationHandler.cs
@ -1,16 +1,13 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Security.Claims;
+using System.Security.Claims;
 using System.Text.Encodings.Web;
-using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Wabbajack.DTOs.JsonConverters;
-using Wabbajack.Paths;
-using Wabbajack.Paths.IO;
+using Wabbajack.Networking.GitHub;
+using Wabbajack.Networking.GitHub.DTOs;
 using Wabbajack.Server.DataModels;
 using Wabbajack.Server.DTOs;

@ -33,10 +30,13 @@ public class ApiKeyAuthenticationHandler : AuthenticationHandler<ApiKeyAuthentic
    private readonly Task<HashSet<string>> _tarKeys;
    private readonly Metrics _metricsStore;
    private readonly TarLog _tarLog;
+    private readonly Client _githubClient;
+    private readonly MemoryCache _githubCache;

    public ApiKeyAuthenticationHandler(
        IOptionsMonitor<ApiKeyAuthenticationOptions> options,
        AuthorKeys authorKeys,
+        Client githubClient,
        ILoggerFactory logger,
        UrlEncoder encoder,
        ISystemClock clock,
@ -51,6 +51,8 @@ public class ApiKeyAuthenticationHandler : AuthenticationHandler<ApiKeyAuthentic
        _dtos = dtos;
        _authorKeys = authorKeys;
        _settings = settings;
+        _githubClient = githubClient;
+        _githubCache = new MemoryCache(new MemoryCacheOptions());
    }

    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
@ -58,7 +60,6 @@ public class ApiKeyAuthenticationHandler : AuthenticationHandler<ApiKeyAuthentic
        var metricsKey = Request.Headers[_settings.MetricsKeyHeader].FirstOrDefault();
        // Never needed this, disabled for now
        //await LogRequest(metricsKey);
-        var ip = Request.HttpContext.Connection.RemoteIpAddress?.ToString() ?? "";
        if (metricsKey != default)
        {
            if (await _tarLog.Contains(metricsKey))
@ -69,7 +70,7 @@ public class ApiKeyAuthenticationHandler : AuthenticationHandler<ApiKeyAuthentic
                    Action = "tarlog",
                    MetricsKey = metricsKey,
                    UserAgent = Request.Headers.UserAgent,
-                    Ip = ip
+                    Ip = Request.HttpContext.Connection.RemoteIpAddress?.ToString() ?? ""
                });
                await Task.Delay(TimeSpan.FromSeconds(20));
                throw new Exception("Error, lipsum timeout of the cross distant cloud.");
@ -88,8 +89,15 @@ public class ApiKeyAuthenticationHandler : AuthenticationHandler<ApiKeyAuthentic
        {
            var owner = await _authorKeys.AuthorForKey(authorKey);
            if (owner == null)
+            {
+                var ghUser = await GetGithubUserInfo(authorKey);
+                
+                if (ghUser == null) 
                    return AuthenticateResult.Fail("Invalid author key");

+                owner = "github/" + ghUser.Login;
+            }
+
            var claims = new List<Claim> {new(ClaimTypes.Name, owner)};

            claims.Add(new Claim(ClaimTypes.Role, "Author"));
@ -120,6 +128,18 @@ public class ApiKeyAuthenticationHandler : AuthenticationHandler<ApiKeyAuthentic
        return AuthenticateResult.NoResult();
    }

+    protected async Task<UserInfo?> GetGithubUserInfo(string authToken)
+    {
+        if (_githubCache.TryGetValue<UserInfo>(authToken, out var value)) return value;
+
+        var info = await _githubClient.GetUserInfoFromPAT(authToken);
+        if (info != null)
+            _githubCache.Set(authToken, info,
+                new MemoryCacheEntryOptions().SetSlidingExpiration(TimeSpan.FromHours(6)));
+
+        return info;
+    }
+
    protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
    {
        Response.StatusCode = 401;
--- a/Wabbajack.Server/Controllers/Metrics.cs
+++ b/Wabbajack.Server/Controllers/Metrics.cs
@ -79,7 +79,7 @@ public class MetricsController : ControllerBase
            Subject = value, 
            MetricsKey = metricsKey,
            UserAgent = Request.Headers.UserAgent.FirstOrDefault() ?? "<unknown>",
-            Ip = Request.HttpContext.Connection.RemoteIpAddress?.ToString() ?? ""
+            Ip = Request.Headers["cf-connecting-ip"].FirstOrDefault() ?? (Request.HttpContext.Connection.RemoteIpAddress?.ToString() ?? "")
        });
        return new Result {Timestamp = date};
    }