From 8b53ab294547cf46afa89f950d62ef449ae1b280 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Thu, 2 Aug 2018 12:14:33 -0400 Subject: [PATCH] stub out signalr sync hub --- bitwarden-core.sln | 7 + src/Core/CurrentContext.cs | 100 +++++++++++++++ .../Utilities/CurrentContextMiddleware.cs | 86 +------------ src/Hub/Controllers/EventsController.cs | 25 ++++ src/Hub/Hub.csproj | 19 +++ src/Hub/Program.cs | 17 +++ src/Hub/Properties/launchSettings.json | 27 ++++ src/Hub/Startup.cs | 121 ++++++++++++++++++ src/Hub/SubjectUserIdProvider.cs | 13 ++ src/Hub/SyncHub.cs | 33 +++++ src/Hub/TimedHostedService.cs | 47 +++++++ src/Hub/appsettings.Production.json | 14 ++ src/Hub/appsettings.json | 35 +++++ 13 files changed, 460 insertions(+), 84 deletions(-) create mode 100644 src/Hub/Controllers/EventsController.cs create mode 100644 src/Hub/Hub.csproj create mode 100644 src/Hub/Program.cs create mode 100644 src/Hub/Properties/launchSettings.json create mode 100644 src/Hub/Startup.cs create mode 100644 src/Hub/SubjectUserIdProvider.cs create mode 100644 src/Hub/SyncHub.cs create mode 100644 src/Hub/TimedHostedService.cs create mode 100644 src/Hub/appsettings.Production.json create mode 100644 src/Hub/appsettings.json diff --git a/bitwarden-core.sln b/bitwarden-core.sln index 94560d48c5..9d4a755e63 100644 --- a/bitwarden-core.sln +++ b/bitwarden-core.sln @@ -49,6 +49,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "EventsProcessor", "src\Even EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Admin", "src\Admin\Admin.csproj", "{B131CEF3-89FB-4C90-ADB0-9E9C4246EB56}" EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Hub", "src\Hub\Hub.csproj", "{28635027-20E5-42FA-B218-B6C878DE5350}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -113,6 +115,10 @@ Global {B131CEF3-89FB-4C90-ADB0-9E9C4246EB56}.Debug|Any CPU.Build.0 = Debug|Any CPU {B131CEF3-89FB-4C90-ADB0-9E9C4246EB56}.Release|Any CPU.ActiveCfg = Release|Any CPU {B131CEF3-89FB-4C90-ADB0-9E9C4246EB56}.Release|Any CPU.Build.0 = Release|Any CPU + {28635027-20E5-42FA-B218-B6C878DE5350}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {28635027-20E5-42FA-B218-B6C878DE5350}.Debug|Any CPU.Build.0 = Debug|Any CPU + {28635027-20E5-42FA-B218-B6C878DE5350}.Release|Any CPU.ActiveCfg = Release|Any CPU + {28635027-20E5-42FA-B218-B6C878DE5350}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -132,6 +138,7 @@ Global {994DD611-F266-4BD3-8072-3B1B57267ED5} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84D} {2235D24F-E607-47F4-81AD-BB4504ADF9C6} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84D} {B131CEF3-89FB-4C90-ADB0-9E9C4246EB56} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84D} + {28635027-20E5-42FA-B218-B6C878DE5350} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84D} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {E01CBF68-2E20-425F-9EDB-E0A6510CA92F} diff --git a/src/Core/CurrentContext.cs b/src/Core/CurrentContext.cs index 4d31ff4f14..9baf55906d 100644 --- a/src/Core/CurrentContext.cs +++ b/src/Core/CurrentContext.cs @@ -6,11 +6,14 @@ using Bit.Core.Enums; using Microsoft.AspNetCore.Http; using Bit.Core.Repositories; using System.Threading.Tasks; +using System.Security.Claims; namespace Bit.Core { public class CurrentContext { + private bool _builtHttpContext; + private bool _builtClaimsPrincipal; private string _ip; private Dictionary> _orgUsers = new Dictionary>(); @@ -25,6 +28,93 @@ namespace Bit.Core new List(); public virtual Guid? InstallationId { get; set; } + public void Build(HttpContext httpContext) + { + if(_builtHttpContext) + { + return; + } + + _builtHttpContext = true; + HttpContext = httpContext; + Build(httpContext.User); + + if(DeviceIdentifier == null && httpContext.Request.Headers.ContainsKey("Device-Identifier")) + { + DeviceIdentifier = httpContext.Request.Headers["Device-Identifier"]; + } + + if(httpContext.Request.Headers.ContainsKey("Device-Type") && + Enum.TryParse(httpContext.Request.Headers["Device-Type"].ToString(), out DeviceType dType)) + { + DeviceType = dType; + } + } + + public void Build(ClaimsPrincipal user) + { + if(_builtClaimsPrincipal) + { + return; + } + + _builtClaimsPrincipal = true; + if(user == null || !user.Claims.Any()) + { + return; + } + + var claimsDict = user.Claims.GroupBy(c => c.Type).ToDictionary(c => c.Key, c => c.Select(v => v)); + + var subject = GetClaimValue(claimsDict, "sub"); + if(Guid.TryParse(subject, out var subIdGuid)) + { + UserId = subIdGuid; + } + + var clientId = GetClaimValue(claimsDict, "client_id"); + var clientSubject = GetClaimValue(claimsDict, "client_sub"); + if((clientId?.StartsWith("installation.") ?? false) && clientSubject != null) + { + if(Guid.TryParse(clientSubject, out var idGuid)) + { + InstallationId = idGuid; + } + } + + DeviceIdentifier = GetClaimValue(claimsDict, "device"); + + if(claimsDict.ContainsKey("orgowner")) + { + Organizations.AddRange(claimsDict["orgowner"].Select(c => + new CurrentContentOrganization + { + Id = new Guid(c.Value), + Type = OrganizationUserType.Owner + })); + } + + if(claimsDict.ContainsKey("orgadmin")) + { + Organizations.AddRange(claimsDict["orgadmin"].Select(c => + new CurrentContentOrganization + { + Id = new Guid(c.Value), + Type = OrganizationUserType.Admin + })); + } + + if(claimsDict.ContainsKey("orguser")) + { + Organizations.AddRange(claimsDict["orguser"].Select(c => + new CurrentContentOrganization + { + Id = new Guid(c.Value), + Type = OrganizationUserType.User + })); + } + } + public bool OrganizationUser(Guid orgId) { return Organizations.Any(o => o.Id == orgId); @@ -70,6 +160,16 @@ namespace Bit.Core return _ip; } + private string GetClaimValue(Dictionary> claims, string type) + { + if(!claims.ContainsKey(type)) + { + return null; + } + + return claims[type].FirstOrDefault()?.Value; + } + public class CurrentContentOrganization { public Guid Id { get; set; } diff --git a/src/Core/Utilities/CurrentContextMiddleware.cs b/src/Core/Utilities/CurrentContextMiddleware.cs index 4dba312582..d6a16a9844 100644 --- a/src/Core/Utilities/CurrentContextMiddleware.cs +++ b/src/Core/Utilities/CurrentContextMiddleware.cs @@ -1,9 +1,4 @@ -using Bit.Core.Enums; -using Microsoft.AspNetCore.Http; -using System; -using System.Collections.Generic; -using System.Linq; -using System.Security.Claims; +using Microsoft.AspNetCore.Http; using System.Threading.Tasks; namespace Bit.Core.Utilities @@ -19,85 +14,8 @@ namespace Bit.Core.Utilities public async Task Invoke(HttpContext httpContext, CurrentContext currentContext) { - currentContext.HttpContext = httpContext; - - if(httpContext.User != null && httpContext.User.Claims.Any()) - { - var claimsDict = httpContext.User.Claims - .GroupBy(c => c.Type) - .ToDictionary(c => c.Key, c => c.Select(v => v)); - - var subject = GetClaimValue(claimsDict, "sub"); - if(Guid.TryParse(subject, out var subIdGuid)) - { - currentContext.UserId = subIdGuid; - } - - var clientId = GetClaimValue(claimsDict, "client_id"); - var clientSubject = GetClaimValue(claimsDict, "client_sub"); - if((clientId?.StartsWith("installation.") ?? false) && clientSubject != null) - { - if(Guid.TryParse(clientSubject, out var idGuid)) - { - currentContext.InstallationId = idGuid; - } - } - - currentContext.DeviceIdentifier = GetClaimValue(claimsDict, "device"); - - if(claimsDict.ContainsKey("orgowner")) - { - currentContext.Organizations.AddRange(claimsDict["orgowner"].Select(c => - new CurrentContext.CurrentContentOrganization - { - Id = new Guid(c.Value), - Type = OrganizationUserType.Owner - })); - } - - if(claimsDict.ContainsKey("orgadmin")) - { - currentContext.Organizations.AddRange(claimsDict["orgadmin"].Select(c => - new CurrentContext.CurrentContentOrganization - { - Id = new Guid(c.Value), - Type = OrganizationUserType.Admin - })); - } - - if(claimsDict.ContainsKey("orguser")) - { - currentContext.Organizations.AddRange(claimsDict["orguser"].Select(c => - new CurrentContext.CurrentContentOrganization - { - Id = new Guid(c.Value), - Type = OrganizationUserType.User - })); - } - } - - if(currentContext.DeviceIdentifier == null && httpContext.Request.Headers.ContainsKey("Device-Identifier")) - { - currentContext.DeviceIdentifier = httpContext.Request.Headers["Device-Identifier"]; - } - - if(httpContext.Request.Headers.ContainsKey("Device-Type") && - Enum.TryParse(httpContext.Request.Headers["Device-Type"].ToString(), out DeviceType dType)) - { - currentContext.DeviceType = dType; - } - + currentContext.Build(httpContext); await _next.Invoke(httpContext); } - - private string GetClaimValue(Dictionary> claims, string type) - { - if(!claims.ContainsKey(type)) - { - return null; - } - - return claims[type].FirstOrDefault()?.Value; - } } } diff --git a/src/Hub/Controllers/EventsController.cs b/src/Hub/Controllers/EventsController.cs new file mode 100644 index 0000000000..a7f70019ed --- /dev/null +++ b/src/Hub/Controllers/EventsController.cs @@ -0,0 +1,25 @@ +using System; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.SignalR; + +namespace Bit.Hub +{ + [Authorize("Application")] + public class EventsController : Controller + { + private readonly IHubContext _syncHubContext; + + public EventsController(IHubContext syncHubContext) + { + _syncHubContext = syncHubContext; + } + + [HttpGet("~/events")] + public async Task GetTest() + { + await _syncHubContext.Clients.All.SendAsync("ReceiveMessage", "From API."); + } + } +} diff --git a/src/Hub/Hub.csproj b/src/Hub/Hub.csproj new file mode 100644 index 0000000000..eac76534fa --- /dev/null +++ b/src/Hub/Hub.csproj @@ -0,0 +1,19 @@ + + + + 1.22.0 + netcoreapp2.1 + Bit.Hub + bitwarden-Hub + + + + + + + + + + + + diff --git a/src/Hub/Program.cs b/src/Hub/Program.cs new file mode 100644 index 0000000000..16252a4b32 --- /dev/null +++ b/src/Hub/Program.cs @@ -0,0 +1,17 @@ +using Microsoft.AspNetCore; +using Microsoft.AspNetCore.Hosting; + +namespace Bit.Hub +{ + public class Program + { + public static void Main(string[] args) + { + WebHost + .CreateDefaultBuilder(args) + .UseStartup() + .Build() + .Run(); + } + } +} diff --git a/src/Hub/Properties/launchSettings.json b/src/Hub/Properties/launchSettings.json new file mode 100644 index 0000000000..c68d3d815f --- /dev/null +++ b/src/Hub/Properties/launchSettings.json @@ -0,0 +1,27 @@ +{ + "iisSettings": { + "windowsAuthentication": false, + "anonymousAuthentication": true, + "iisExpress": { + "applicationUrl": "http://localhost:61840", + "sslPort": 0 + } + }, + "profiles": { + "IIS Express": { + "commandName": "IISExpress", + "launchBrowser": true, + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + } + }, + "Bit.Hub": { + "commandName": "Project", + "launchBrowser": true, + "applicationUrl": "http://localhost:5000", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + } + } + } +} \ No newline at end of file diff --git a/src/Hub/Startup.cs b/src/Hub/Startup.cs new file mode 100644 index 0000000000..e91f692477 --- /dev/null +++ b/src/Hub/Startup.cs @@ -0,0 +1,121 @@ +using System.Security.Claims; +using Bit.Core; +using Bit.Core.IdentityServer; +using Bit.Core.Services; +using Bit.Core.Utilities; +using IdentityModel; +using IdentityServer4.AccessTokenValidation; +using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Hosting; +using Microsoft.AspNetCore.SignalR; +using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Logging; +using Microsoft.IdentityModel.Logging; +using Serilog.Events; + +namespace Bit.Hub +{ + public class Startup + { + public Startup(IHostingEnvironment env, IConfiguration configuration) + { + Configuration = configuration; + Environment = env; + } + + public IConfiguration Configuration { get; } + public IHostingEnvironment Environment { get; set; } + + public void ConfigureServices(IServiceCollection services) + { + // Options + services.AddOptions(); + + // Settings + var globalSettings = services.AddGlobalSettingsServices(Configuration); + + // Repositories + services.AddSqlServerRepositories(globalSettings); + + // Context + services.AddScoped(); + + // Identity + services + .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) + .AddIdentityServerAuthentication(options => + { + options.Authority = globalSettings.BaseServiceUri.InternalIdentity; + options.RequireHttpsMetadata = !Environment.IsDevelopment() && + globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https"); + options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString(); + options.NameClaimType = ClaimTypes.Email; + options.SupportedTokens = SupportedTokens.Jwt; + }); + + services.AddAuthorization(config => + { + config.AddPolicy("Application", policy => + { + policy.RequireAuthenticatedUser(); + policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application"); + }); + }); + + // SignalR + services.AddSignalR(); + services.AddSingleton(); + + // Mvc + services.AddMvc(); + + // Hosted Services + services.AddHostedService(); + } + + public void Configure( + IApplicationBuilder app, + IHostingEnvironment env, + ILoggerFactory loggerFactory, + IApplicationLifetime appLifetime, + GlobalSettings globalSettings) + { + IdentityModelEventSource.ShowPII = true; + loggerFactory.AddSerilog(app, env, appLifetime, globalSettings, (e) => + { + var context = e.Properties["SourceContext"].ToString(); + if(context.Contains("IdentityServer4.Validation.TokenValidator") || + context.Contains("IdentityServer4.Validation.TokenRequestValidator")) + { + return e.Level > LogEventLevel.Error; + } + + return e.Level >= LogEventLevel.Error; + }); + + if(env.IsDevelopment()) + { + app.UseDeveloperExceptionPage(); + } + + // Default Middleware + app.UseDefaultMiddleware(env); + + // Add Cors + app.UseCors(policy => policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials()); + + // Add authentication to the request pipeline. + app.UseAuthentication(); + + // Add SignlarR + app.UseSignalR(routes => + { + routes.MapHub("/sync"); + }); + + // Add MVC to the request pipeline. + app.UseMvc(); + } + } +} diff --git a/src/Hub/SubjectUserIdProvider.cs b/src/Hub/SubjectUserIdProvider.cs new file mode 100644 index 0000000000..3cd7489a35 --- /dev/null +++ b/src/Hub/SubjectUserIdProvider.cs @@ -0,0 +1,13 @@ +using IdentityModel; +using Microsoft.AspNetCore.SignalR; + +namespace Bit.Hub +{ + public class SubjectUserIdProvider : IUserIdProvider + { + public string GetUserId(HubConnectionContext connection) + { + return connection.User?.FindFirst(JwtClaimTypes.Subject)?.Value; + } + } +} diff --git a/src/Hub/SyncHub.cs b/src/Hub/SyncHub.cs new file mode 100644 index 0000000000..758821d485 --- /dev/null +++ b/src/Hub/SyncHub.cs @@ -0,0 +1,33 @@ +using System; +using System.Threading.Tasks; +using Bit.Core; +using Microsoft.AspNetCore.Authorization; + +namespace Bit.Hub +{ + [Authorize("Application")] + public class SyncHub : Microsoft.AspNetCore.SignalR.Hub + { + public override async Task OnConnectedAsync() + { + var currentContext = new CurrentContext(); + currentContext.Build(Context.User); + foreach(var org in currentContext.Organizations) + { + await Groups.AddToGroupAsync(Context.ConnectionId, $"Organization_{org.Id}"); + } + await base.OnConnectedAsync(); + } + + public override async Task OnDisconnectedAsync(Exception exception) + { + var currentContext = new CurrentContext(); + currentContext.Build(Context.User); + foreach(var org in currentContext.Organizations) + { + await Groups.RemoveFromGroupAsync(Context.ConnectionId, $"Organization_{org.Id}"); + } + await base.OnDisconnectedAsync(exception); + } + } +} diff --git a/src/Hub/TimedHostedService.cs b/src/Hub/TimedHostedService.cs new file mode 100644 index 0000000000..bb92249220 --- /dev/null +++ b/src/Hub/TimedHostedService.cs @@ -0,0 +1,47 @@ +using System; +using System.Threading; +using System.Threading.Tasks; +using Microsoft.AspNetCore.SignalR; +using Microsoft.Extensions.Hosting; +using Microsoft.Extensions.Logging; + +namespace Bit.Hub +{ + public class TimedHostedService : IHostedService, IDisposable + { + private readonly ILogger _logger; + private readonly IHubContext _hubContext; + private Timer _timer; + + public TimedHostedService(ILogger logger, IHubContext hubContext) + { + _logger = logger; + _hubContext = hubContext; + } + + public Task StartAsync(CancellationToken cancellationToken) + { + _logger.LogInformation("Timed Background Service is starting."); + _timer = new Timer(DoWork, null, TimeSpan.Zero, TimeSpan.FromSeconds(5)); + return Task.CompletedTask; + } + + private void DoWork(object state) + { + _logger.LogInformation("Timed Background Service is working."); + _hubContext.Clients.All.SendAsync("ReceiveMessage", "From BG!!"); + } + + public Task StopAsync(CancellationToken cancellationToken) + { + _logger.LogInformation("Timed Background Service is stopping."); + _timer?.Change(Timeout.Infinite, 0); + return Task.CompletedTask; + } + + public void Dispose() + { + _timer?.Dispose(); + } + } +} diff --git a/src/Hub/appsettings.Production.json b/src/Hub/appsettings.Production.json new file mode 100644 index 0000000000..8bca868fcb --- /dev/null +++ b/src/Hub/appsettings.Production.json @@ -0,0 +1,14 @@ +{ + "globalSettings": { + "baseServiceUri": { + "vault": "https://vault.bitwarden.com", + "api": "https://api.bitwarden.com", + "identity": "https://identity.bitwarden.com", + "admin": "https://admin.bitwarden.com", + "internalAdmin": "https://admin.bitwarden.com", + "internalIdentity": "https://identity.bitwarden.com", + "internalApi": "https://api.bitwarden.com", + "internalVault": "https://vault.bitwarden.com" + } + } +} diff --git a/src/Hub/appsettings.json b/src/Hub/appsettings.json new file mode 100644 index 0000000000..b34ee5a247 --- /dev/null +++ b/src/Hub/appsettings.json @@ -0,0 +1,35 @@ +{ + "globalSettings": { + "selfHosted": false, + "projectName": "Hub", + "baseServiceUri": { + "vault": "https://localhost:8080", + "api": "http://localhost:4000", + "identity": "http://localhost:33656", + "admin": "http://localhost:62911", + "internalAdmin": "http://localhost:62911", + "internalIdentity": "http://localhost:33656", + "internalApi": "http://localhost:4000", + "internalVault": "http://localhost:4001" + }, + "sqlServer": { + "connectionString": "SECRET" + }, + "identityServer": { + "certificateThumbprint": "SECRET" + }, + "storage": { + "connectionString": "SECRET" + }, + "events": { + "connectionString": "SECRET" + }, + "documentDb": { + "uri": "SECRET", + "key": "SECRET" + }, + "sentry": { + "dsn": "SECRET" + } + } +}