ReVanced/revanced-api
1
0
Fork 0
mirror of https://github.com/revanced/revanced-api.git synced 2025-05-02 15:44:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: Expire token relative to current date time instead of just time

Browse Source
This commit is contained in:
oSumAtrIX 2024-09-27 14:15:47 +02:00
parent 84ea5e4a41
commit c26e129bda
No known key found for this signature in database
GPG Key ID: A9B3094ACDB604B4
5 changed files with 69 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/kotlin/app/revanced/api/configuration/Dependencies.kt
View File

@ -7,7 +7,7 @@ import app.revanced.api.configuration.repository.GitHubBackendRepository
import app.revanced.api.configuration.services.* import app.revanced.api.configuration.services.*
import app.revanced.api.configuration.services.AnnouncementService import app.revanced.api.configuration.services.AnnouncementService
import app.revanced.api.configuration.services.ApiService import app.revanced.api.configuration.services.ApiService
import app.revanced.api.configuration.services.AuthService import app.revanced.api.configuration.services.AuthenticationService
import app.revanced.api.configuration.services.OldApiService import app.revanced.api.configuration.services.OldApiService
import app.revanced.api.configuration.services.PatchesService import app.revanced.api.configuration.services.PatchesService
import com.akuleshov7.ktoml.Toml import com.akuleshov7.ktoml.Toml
@ -116,11 +116,11 @@ fun Application.configureDependencies(
val jwtSecret = dotenv["JWT_SECRET"] val jwtSecret = dotenv["JWT_SECRET"]
val issuer = dotenv["JWT_ISSUER"] val issuer = dotenv["JWT_ISSUER"]
val validityInMin = dotenv["JWT_VALIDITY_IN_MIN"].toInt() val validityInMin = dotenv["JWT_VALIDITY_IN_MIN"].toLong()
val authSHA256DigestString = dotenv["AUTH_SHA256_DIGEST"] val authSHA256DigestString = dotenv["AUTH_SHA256_DIGEST"]
AuthService(issuer, validityInMin, jwtSecret, authSHA256DigestString) AuthenticationService(issuer, validityInMin, jwtSecret, authSHA256DigestString)
} }
single { single {
val configuration = get<ConfigurationRepository>() val configuration = get<ConfigurationRepository>()

12
src/main/kotlin/app/revanced/api/configuration/Security.kt
View File

@ -1,9 +1,17 @@
package app.revanced.api.configuration package app.revanced.api.configuration
import app.revanced.api.configuration.services.AuthService import app.revanced.api.configuration.services.AuthenticationService
import io.ktor.server.application.* import io.ktor.server.application.*
import io.ktor.server.auth.*
import org.koin.ktor.ext.get import org.koin.ktor.ext.get
fun Application.configureSecurity() { fun Application.configureSecurity() {
get<AuthService>().configureSecurity(this) val authenticationService = get<AuthenticationService>()
install(Authentication) {
with(authenticationService) {
jwt()
digest()
}
}
} }

7
src/main/kotlin/app/revanced/api/configuration/routes/ApiRoute.kt
View File

@ -11,7 +11,7 @@ import app.revanced.api.configuration.schema.APIContributable
import app.revanced.api.configuration.schema.APIMember import app.revanced.api.configuration.schema.APIMember
import app.revanced.api.configuration.schema.APIRateLimit import app.revanced.api.configuration.schema.APIRateLimit
import app.revanced.api.configuration.services.ApiService import app.revanced.api.configuration.services.ApiService
import app.revanced.api.configuration.services.AuthService import app.revanced.api.configuration.services.AuthenticationService
import io.bkbn.kompendium.core.metadata.* import io.bkbn.kompendium.core.metadata.*
import io.bkbn.kompendium.json.schema.definition.TypeDefinition import io.bkbn.kompendium.json.schema.definition.TypeDefinition
import io.bkbn.kompendium.oas.payload.Parameter import io.bkbn.kompendium.oas.payload.Parameter
@ -21,13 +21,12 @@ import io.ktor.server.auth.*
import io.ktor.server.plugins.ratelimit.* import io.ktor.server.plugins.ratelimit.*
import io.ktor.server.response.* import io.ktor.server.response.*
import io.ktor.server.routing.* import io.ktor.server.routing.*
import kotlinx.serialization.json.Json.Default.configuration
import kotlin.time.Duration.Companion.days import kotlin.time.Duration.Companion.days
import org.koin.ktor.ext.get as koinGet import org.koin.ktor.ext.get as koinGet
internal fun Route.apiRoute() { internal fun Route.apiRoute() {
val apiService = koinGet<ApiService>() val apiService = koinGet<ApiService>()
val authService = koinGet<AuthService>() val authenticationService = koinGet<AuthenticationService>()
rateLimit(RateLimitName("strong")) { rateLimit(RateLimitName("strong")) {
authenticate("auth-digest") { authenticate("auth-digest") {
@ -35,7 +34,7 @@ internal fun Route.apiRoute() {
installTokenRouteDocumentation() installTokenRouteDocumentation()
get { get {
call.respond(authService.newToken()) call.respond(authenticationService.newToken())
} }
} }
} }

49
src/main/kotlin/app/revanced/api/configuration/services/AuthService.kt
View File

@ -1,49 +0,0 @@
package app.revanced.api.configuration.services
import com.auth0.jwt.JWT
import com.auth0.jwt.algorithms.Algorithm
import io.ktor.server.application.*
import io.ktor.server.auth.*
import io.ktor.server.auth.jwt.*
import java.util.*
import kotlin.text.HexFormat
import kotlin.time.Duration.Companion.minutes
internal class AuthService private constructor(
private val issuer: String,
private val validityInMin: Int,
private val jwtSecret: String,
private val authSHA256Digest: ByteArray,
) {
@OptIn(ExperimentalStdlibApi::class)
constructor(issuer: String, validityInMin: Int, jwtSecret: String, authSHA256DigestString: String) : this(
issuer,
validityInMin,
jwtSecret,
authSHA256DigestString.hexToByteArray(HexFormat.Default),
)
val configureSecurity: Application.() -> Unit = {
install(Authentication) {
jwt("jwt") {
realm = "ReVanced"
verifier(JWT.require(Algorithm.HMAC256(jwtSecret)).withIssuer(issuer).build())
}
digest("auth-digest") {
realm = "ReVanced"
algorithmName = "SHA-256"
digestProvider { _, _ ->
authSHA256Digest
}
}
}
}
fun newToken(): String = JWT.create()
.withIssuer(issuer)
.withExpiresAt(Date(System.currentTimeMillis() + validityInMin.minutes.inWholeMilliseconds))
.sign(Algorithm.HMAC256(jwtSecret))
}

53
src/main/kotlin/app/revanced/api/configuration/services/AuthenticationService.kt Normal file
View File

@ -0,0 +1,53 @@
package app.revanced.api.configuration.services
import com.auth0.jwt.JWT
import com.auth0.jwt.algorithms.Algorithm
import io.ktor.server.auth.*
import io.ktor.server.auth.jwt.*
import java.time.Instant
import java.time.temporal.ChronoUnit
import kotlin.text.HexFormat
internal class AuthenticationService private constructor(
private val issuer: String,
private val validityInMin: Long,
private val jwtSecret: String,
private val authSHA256Digest: ByteArray,
) {
@OptIn(ExperimentalStdlibApi::class)
constructor(issuer: String, validityInMin: Long, jwtSecret: String, authSHA256DigestString: String) : this(
issuer,
validityInMin,
jwtSecret,
authSHA256DigestString.hexToByteArray(HexFormat.Default),
)
fun AuthenticationConfig.jwt() {
jwt("jwt") {
realm = "ReVanced"
verifier(JWT.require(Algorithm.HMAC256(jwtSecret)).withIssuer(issuer).build())
}
}
fun AuthenticationConfig.digest() {
digest("auth-digest") {
realm = "ReVanced"
algorithmName = "SHA-256"
digestProvider { _, _ ->
authSHA256Digest
}
}
}
fun newToken(): String {
val issuedAt = Instant.now()
return JWT.create()
.withIssuer(issuer)
.withIssuedAt(issuedAt)
.withExpiresAt(issuedAt.plus(validityInMin, ChronoUnit.MINUTES))
.sign(Algorithm.HMAC256(jwtSecret))
}
}