mirror of
https://github.com/btcpayserver/btcpayserver.git
synced 2024-11-19 18:11:36 +01:00
d5d0be5824
* Editorconfig: Add space_before_self_closing setting This was a difference between the way dotnet-format and Rider format code. See https://www.jetbrains.com/help/rider/EditorConfig_Index.html * Editorconfig: Keep 4 spaces indentation for Swagger JSON files They are all formatted that way, let's keep it like that. * Apply dotnet-format, mostly white-space related changes
158 lines
6.1 KiB
C#
158 lines
6.1 KiB
C#
using System;
|
|
using System.Collections.Concurrent;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Threading.Tasks;
|
|
using BTCPayServer.Data;
|
|
using BTCPayServer.Fido2;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using Microsoft.Extensions.Logging;
|
|
using NBitcoin;
|
|
using NBitcoin.Crypto;
|
|
|
|
namespace BTCPayServer
|
|
{
|
|
public class LoginWithLNURLAuthViewModel
|
|
{
|
|
public string UserId { get; set; }
|
|
public Uri LNURLEndpoint { get; set; }
|
|
public bool RememberMe { get; set; }
|
|
}
|
|
|
|
public class LnurlAuthService
|
|
{
|
|
public readonly ConcurrentDictionary<string, byte[]> CreationStore =
|
|
new ConcurrentDictionary<string, byte[]>();
|
|
public readonly ConcurrentDictionary<string, byte[]> LoginStore =
|
|
new ConcurrentDictionary<string, byte[]>();
|
|
public readonly ConcurrentDictionary<string, byte[]> FinalLoginStore =
|
|
new ConcurrentDictionary<string, byte[]>();
|
|
private readonly ApplicationDbContextFactory _contextFactory;
|
|
private readonly ILogger<LnurlAuthService> _logger;
|
|
|
|
public LnurlAuthService(ApplicationDbContextFactory contextFactory, ILogger<LnurlAuthService> logger)
|
|
{
|
|
_contextFactory = contextFactory;
|
|
_logger = logger;
|
|
}
|
|
|
|
public async Task<byte[]> RequestCreation(string userId)
|
|
{
|
|
await using var dbContext = _contextFactory.CreateContext();
|
|
var user = await dbContext.Users.Include(applicationUser => applicationUser.Fido2Credentials)
|
|
.FirstOrDefaultAsync(applicationUser => applicationUser.Id == userId);
|
|
if (user == null)
|
|
{
|
|
return null;
|
|
}
|
|
var k1 = RandomUtils.GetBytes(32);
|
|
CreationStore.AddOrReplace(userId, k1);
|
|
return k1;
|
|
}
|
|
|
|
public async Task<bool> CompleteCreation(string name, string userId, ECDSASignature sig, PubKey pubKey)
|
|
{
|
|
try
|
|
{
|
|
await using var dbContext = _contextFactory.CreateContext();
|
|
var user = await dbContext.Users.Include(applicationUser => applicationUser.Fido2Credentials)
|
|
.FirstOrDefaultAsync(applicationUser => applicationUser.Id == userId);
|
|
var pubkeyBytes = pubKey.ToBytes();
|
|
if (!CreationStore.TryGetValue(userId.ToLowerInvariant(), out var k1) || user == null || await dbContext.Fido2Credentials.AnyAsync(credential => credential.Type == Fido2Credential.CredentialType.LNURLAuth && credential.Blob == pubkeyBytes))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
if (!LNURL.LNAuthRequest.VerifyChallenge(sig, pubKey, k1))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
var newCredential = new Fido2Credential() { Name = name, ApplicationUserId = userId, Type = Fido2Credential.CredentialType.LNURLAuth, Blob = pubkeyBytes };
|
|
await dbContext.Fido2Credentials.AddAsync(newCredential);
|
|
await dbContext.SaveChangesAsync();
|
|
CreationStore.Remove(userId, out _);
|
|
return true;
|
|
}
|
|
catch (Exception)
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
public async Task Remove(string id, string userId)
|
|
{
|
|
await using var context = _contextFactory.CreateContext();
|
|
var device = await context.Fido2Credentials.FindAsync(id);
|
|
if (device == null || !device.ApplicationUserId.Equals(userId, StringComparison.InvariantCulture))
|
|
{
|
|
return;
|
|
}
|
|
|
|
context.Fido2Credentials.Remove(device);
|
|
await context.SaveChangesAsync();
|
|
}
|
|
|
|
|
|
public async Task<byte[]> RequestLogin(string userId)
|
|
{
|
|
await using var dbContext = _contextFactory.CreateContext();
|
|
var user = await dbContext.Users.Include(applicationUser => applicationUser.Fido2Credentials)
|
|
.FirstOrDefaultAsync(applicationUser => applicationUser.Id == userId);
|
|
if (!(user?.Fido2Credentials?.Any(credential => credential.Type == Fido2Credential.CredentialType.LNURLAuth) is true))
|
|
{
|
|
return null;
|
|
}
|
|
|
|
var k1 = RandomUtils.GetBytes(32);
|
|
|
|
FinalLoginStore.TryRemove(userId, out _);
|
|
LoginStore.AddOrReplace(userId, k1);
|
|
return k1;
|
|
}
|
|
|
|
public async Task<bool> CompleteLogin(string userId, ECDSASignature sig, PubKey pubKey)
|
|
{
|
|
await using var dbContext = _contextFactory.CreateContext();
|
|
userId = userId.ToLowerInvariant();
|
|
var user = await dbContext.Users.Include(applicationUser => applicationUser.Fido2Credentials)
|
|
.FirstOrDefaultAsync(applicationUser => applicationUser.Id == userId);
|
|
if (user == null || !LoginStore.TryGetValue(userId, out var k1))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
var pubKeyBytes = pubKey.ToBytes();
|
|
var credential = user.Fido2Credentials
|
|
.Where(fido2Credential => fido2Credential.Type is Fido2Credential.CredentialType.LNURLAuth)
|
|
.FirstOrDefault(fido2Credential => fido2Credential.Blob.SequenceEqual(pubKeyBytes));
|
|
if (credential is null)
|
|
{
|
|
return false;
|
|
}
|
|
if (!LNURL.LNAuthRequest.VerifyChallenge(sig, pubKey, k1))
|
|
{
|
|
return false;
|
|
}
|
|
LoginStore.Remove(userId, out _);
|
|
|
|
FinalLoginStore.AddOrReplace(userId, k1);
|
|
// 7. return OK to client
|
|
return true;
|
|
}
|
|
|
|
public async Task<bool> HasCredentials(string userId)
|
|
{
|
|
await using var context = _contextFactory.CreateContext();
|
|
return await context.Fido2Credentials.Where(fDevice => fDevice.ApplicationUserId == userId && fDevice.Type == Fido2Credential.CredentialType.LNURLAuth).AnyAsync();
|
|
}
|
|
}
|
|
|
|
public class LightningAddressQuery
|
|
{
|
|
public string[] StoreIds { get; set; }
|
|
public string[] Usernames { get; set; }
|
|
|
|
}
|
|
}
|