Fix login

fixes to auth info

.github/workflows/release.yaml

@@ -34,4 +34,4 @@ jobs:
           context: .
           push: true
           tags: git.kaisei.app/amatsugu/aoba:${{ env.VERSION }}
-          build-args: VERSION=${ env.VERSION }
+          build-args: VERSION=${{ env.VERSION }}

AobaClient/.env

@@ -0,0 +1 @@
+APP_VERSION=Debug

AobaClient/Cargo.lock

@@ -37,6 +37,7 @@ name = "aoba-client"
 version = "0.1.0"
 dependencies = [
  "dioxus",
+ "dotenv",
  "prost",
  "serde",
  "serde_repr",
@@ -673,6 +674,12 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "dotenv"
+version = "0.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77c90badedccf4105eca100756a0b1289e191f6fcbdadd3cee1d2f614f97da8f"
+
 [[package]]
 name = "dunce"
 version = "1.0.5"

AobaClient/Cargo.toml

@@ -19,6 +19,7 @@ web-sys = { version = "0.3.77", features = ["Storage", "Window"] }
 
 [build-dependencies]
 tonic-build = { version = "*", default-features = false, features = ["prost"] }
+dotenv = "0.15.0"
 
 [features]
 default = ["web"]

AobaClient/build.rs

@@ -1,11 +1,41 @@
+use dotenv::dotenv;
+use std::env;
+use std::fs::File;
+use std::io::Write;
+
 fn main() -> Result<(), Box<dyn std::error::Error>> {
 	tonic_build::configure()
 		.build_server(false)
 		.build_client(true)
 		.compile_protos(
-			&["../AobaServer/Proto/Aoba.proto", "../AobaServer/Proto/Auth.proto"],
+			&[
-			&["../AobaServer/Proto/"],
+				"../AobaServer/Proto/Aoba.proto",
+				"../AobaServer/Proto/Auth.proto",
+				"../AobaServer/Proto/Metrics.proto",
+				"../AobaServer/Proto/Types.proto",
+			],
+			&["../AobaServer/"],
 		)?;
-
+	forward_env();
 	Ok(())
 }
+
+fn forward_env() {
+	let dest_path = "./src/env.rs";
+	let mut f = File::create(&dest_path).unwrap();
+	f.write_all(b"// This file is automatically generated by build.rs\n\n")
+		.unwrap();
+
+	dotenv().ok();
+	for (key, value) in env::vars() {
+		if key.starts_with("APP_") {
+			f.write_all("#[allow(dead_code)]\n".as_bytes()).unwrap();
+			let line = format!(
+				"pub const {}: &'static str = \"{}\";\n",
+				key,
+				value.replace("\"", "\\\"")
+			);
+			f.write_all(line.as_bytes()).unwrap();
+		}
+	}
+}

AobaClient/src/components/metrics_token.rs

@@ -0,0 +1,25 @@
+use dioxus::prelude::*;
+
+use crate::rpc::get_metrics_rpc_client;
+
+#[component]
+pub fn MetricsToken() -> Element {
+	let token = use_resource(async move || {
+		let response = get_metrics_rpc_client().get_token(()).await;
+
+		if let Ok(d) = response {
+			let jwt = d.into_inner();
+			return jwt.token;
+		}
+		return "".to_string();
+	});
+
+	let token_value = token.cloned().unwrap_or("".to_string());
+
+	return rsx! {
+		pre {
+			class: "codeSelect",
+			"{token_value}"
+		}
+	};
+}

AobaClient/src/components/mod.rs

@@ -1,11 +1,13 @@
 pub mod basic;
 mod media_grid;
 mod media_item;
+mod metrics_token;
 mod navbar;
 mod notif;
 mod search;
 pub use media_grid::*;
 pub use media_item::*;
+pub use metrics_token::*;
 pub use navbar::*;
 pub use notif::*;
 pub use search::*;

AobaClient/src/components/navbar.rs

@@ -1,8 +1,6 @@
-use std::env;
-
 use dioxus::prelude::*;
 
-use crate::{Route, contexts::AuthContext};
+use crate::{Route, contexts::AuthContext, env::APP_VERSION};
 
 const NAV_CSS: Asset = asset!("/assets/style/nav.scss");
 const NAV_ICON: Asset = asset!("/assets/favicon.ico");
@@ -49,7 +47,7 @@ pub fn Widgets() -> Element {
 #[component]
 pub fn Utils() -> Element {
 	let mut auth_context = use_context::<AuthContext>();
-	let version = env::var("APP_VERSION").unwrap_or("DEBUG".into());
+	let version = APP_VERSION;
 	rsx! {
 		div { class: "utils",
 			div { "{version}" }

AobaClient/src/env.rs

@@ -0,0 +1,4 @@
+// This file is automatically generated by build.rs
+
+#[allow(dead_code)]
+pub const APP_VERSION: &'static str = "Debug";

AobaClient/src/main.rs

@@ -1,5 +1,6 @@
 pub mod components;
 pub mod contexts;
+mod env;
 mod layouts;
 pub mod models;
 pub mod route;

AobaClient/src/rpc.rs

@@ -1,19 +1,22 @@
 use std::sync::RwLock;
 
-use aoba::{aoba_rpc_client::AobaRpcClient, auth_rpc_client::AuthRpcClient};
+use aoba::aoba_rpc_client::AobaRpcClient;
 use tonic::service::{Interceptor, interceptor::InterceptedService};
 use tonic_web_wasm_client::Client;
 
-use crate::RPC_HOST;
+use crate::{
+	RPC_HOST,
+	rpc::aoba::{auth_rpc_client::AuthRpcClient, metrics_rpc_client::MetricsRpcClient},
+};
 
 pub mod aoba {
 	tonic::include_proto!("aoba");
-	tonic::include_proto!("aoba.auth");
 }
 
 static RPC_CLIENT: RpcConnection = RpcConnection {
 	aoba: RwLock::new(None),
 	auth: RwLock::new(None),
+	metrics: RwLock::new(None),
 	jwt: RwLock::new(None),
 };
 
@@ -21,6 +24,7 @@ static RPC_CLIENT: RpcConnection = RpcConnection {
 pub struct RpcConnection {
 	aoba: RwLock<Option<AobaRpcClient<InterceptedService<Client, AuthInterceptor>>>>,
 	auth: RwLock<Option<AuthRpcClient<Client>>>,
+	metrics: RwLock<Option<MetricsRpcClient<InterceptedService<Client, AuthInterceptor>>>>,
 	jwt: RwLock<Option<String>>,
 }
 
@@ -35,12 +39,19 @@ impl RpcConnection {
 		return self.auth.read().unwrap().clone().unwrap();
 	}
 
+	pub fn get_metrics_client(&self) -> MetricsRpcClient<InterceptedService<Client, AuthInterceptor>> {
+		self.ensure_client();
+		return self.metrics.read().unwrap().clone().unwrap();
+	}
+
 	fn ensure_client(&self) {
 		if self.aoba.read().unwrap().is_none() {
 			let wasm_client = Client::new(RPC_HOST.into());
 			let aoba_client = AobaRpcClient::with_interceptor(wasm_client.clone(), AuthInterceptor);
 			*self.aoba.write().unwrap() = Some(aoba_client);
 			*self.auth.write().unwrap() = Some(AuthRpcClient::new(wasm_client.clone()));
+			*self.metrics.write().unwrap() =
+				Some(MetricsRpcClient::with_interceptor(wasm_client.clone(), AuthInterceptor));
 		}
 	}
 }
@@ -66,6 +77,9 @@ pub fn get_auth_rpc_client() -> AuthRpcClient<Client> {
 	return RPC_CLIENT.get_auth_client();
 }
 
+pub fn get_metrics_rpc_client() -> MetricsRpcClient<InterceptedService<Client, AuthInterceptor>> {
+	return RPC_CLIENT.get_metrics_client();
+}
 pub fn login(jwt: String) {
 	*RPC_CLIENT.jwt.write().unwrap() = Some(jwt);
 }

AobaClient/src/views/settings.rs

@@ -1,6 +1,6 @@
 use dioxus::prelude::*;
 
-use crate::rpc::get_rpc_client;
+use crate::{components::MetricsToken, rpc::get_rpc_client};
 
 #[component]
 pub fn Settings() -> Element {
@@ -27,5 +27,6 @@ pub fn Settings() -> Element {
 		div {
 			pre { class: "codeSelect", "{d}" }
 		}
+		MetricsToken {  }
 	}
 }

AobaCore/Extensions.cs

@@ -16,15 +16,9 @@ using System.Threading.Tasks;
 namespace AobaCore;
 public static class Extensions
 {
-	public static IServiceCollection AddAoba(this IServiceCollection services, string dbString)
+	public static IServiceCollection AddAoba(this IServiceCollection services)
 	{
-		var settings = MongoClientSettings.FromConnectionString(dbString);
-		settings.ClusterConfigurator = cb => cb.Subscribe(new DiagnosticsActivityEventSubscriber());
-		var dbClient = new MongoClient(settings);
-		var db = dbClient.GetDatabase("Aoba");
 		
-		services.AddSingleton(dbClient);
-		services.AddSingleton<IMongoDatabase>(db);
 		services.AddSingleton<AobaService>();
         services.AddSingleton<ThumbnailService>();
 		services.AddSingleton<AccountsService>();

AobaCore/Services/ThumbnailService.cs

@@ -132,6 +132,11 @@ public class ThumbnailService(IMongoDatabase db, AobaService aobaService)
 		{
 			opt.WithCustomArgument($"-vf \"crop='min(in_w,in_h)':'min(in_w,in_h)',scale={w}:{w}\" -loop 0 -r 15")
 			.ForceFormat("webp");
+		}).Configure(cfg =>
+		{
+#if !DEBUG
+			cfg.BinaryFolder = "/usr/bin";
+#endif
 		}).ProcessSynchronously();
 		output.Position = 0;
 		return output;

AobaServer/AobaServer.csproj

@@ -34,6 +34,8 @@
   <ItemGroup>
 	  <Protobuf Include="Proto\Aoba.proto"></Protobuf>
 	  <Protobuf Include="Proto\Auth.proto"></Protobuf>
+	  <Protobuf Include="Proto\Metrics.proto"></Protobuf>
+	  <Protobuf Include="Proto\Types.proto"></Protobuf>
   </ItemGroup>
 
 </Project>

AobaServer/Controllers/AuthController.cs

@@ -1,6 +1,7 @@
 using AobaCore.Services;
 
 using AobaServer.Models;
+using AobaServer.Services;
 using AobaServer.Utils;
 
 using Microsoft.AspNetCore.Authorization;
@@ -16,7 +17,7 @@ namespace AobaServer.Controllers;
 #if DEBUG
 [AllowAnonymous]
 [Route("auth")]
-public class AuthController(AccountsService accountsService, AuthInfo authInfo) : Controller
+public class AuthController(AccountsService accountsService, AuthConfigService authConfig) : Controller
 {
 	[HttpPost("login")]
 	public async Task<IActionResult> Login([FromForm] string username, [FromForm] string password, CancellationToken cancellationToken)
@@ -25,6 +26,7 @@ public class AuthController(AccountsService accountsService, AuthInfo authInfo)
 
 		if (user == null)
 			return Problem("Invalid login Credentials", statusCode: StatusCodes.Status400BadRequest);
+		var authInfo = await authConfig.GetDefaultAuthInfoAsync();
 		Response.Cookies.Append("token", user.GetToken(authInfo), new CookieOptions
 		{
 			IsEssential = true,

AobaServer/Dockerfile

@@ -60,4 +60,5 @@ WORKDIR /app
 
 COPY --from=publish /app/publish .
 COPY --from=client-builder /bin/ffmpeg /bin/ffprobe /bin/ffplay /usr/bin/
+ENV APP_VERSION=$VERSION
 ENTRYPOINT ["dotnet", "AobaServer.dll"]

AobaServer/Models/AuthInfo.cs

@@ -1,4 +1,6 @@
-using MongoDB.Bson.IO;
+using MongoDB.Bson;
+using MongoDB.Bson.IO;
+using MongoDB.Bson.Serialization.Attributes;
 
 using System.Security.Cryptography;
 using System.Text.Json;
@@ -7,6 +9,8 @@ namespace AobaServer.Models;
 
 public class AuthInfo
 {
+	[BsonId]
+	public ObjectId Id { get; set; }
 	public required string Issuer { get; set; }
 	public required string Audience { get; set; }
 	public required byte[] SecureKey { get; set; }

AobaServer/Program.cs

@@ -10,6 +10,9 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.IdentityModel.Tokens;
 
+using MongoDB.Driver;
+using MongoDB.Driver.Core.Extensions.DiagnosticSources;
+
 var builder = WebApplication.CreateBuilder(args);
 
 builder.WebHost.ConfigureKestrel(o =>
@@ -33,8 +36,21 @@ builder.Services.AddControllers(opt => opt.ModelBinderProviders.Add(new BsonIdMo
 builder.Services.AddObersability(builder.Configuration);
 builder.Services.AddGrpc();
 
-var authInfo = AuthInfo.LoadOrCreate("Auth.json", "aobaV2", "aoba");
+//DB
-builder.Services.AddSingleton(authInfo);
+var dbString = config["DB_STRING"];
+var settings = MongoClientSettings.FromConnectionString(dbString);
+settings.ClusterConfigurator = cb => cb.Subscribe(new DiagnosticsActivityEventSubscriber());
+var dbClient = new MongoClient(settings);
+var db = dbClient.GetDatabase("Aoba");
+
+builder.Services.AddSingleton(dbClient);
+builder.Services.AddSingleton<IMongoDatabase>(db);
+
+var authCfg = new AuthConfigService(db);
+builder.Services.AddSingleton(authCfg);
+
+
+var authInfo = authCfg.GetDefaultAuthInfoAsync().GetAwaiter().GetResult();
 var signingKey = new SymmetricSecurityKey(authInfo.SecureKey);
 
 var validationParams = new TokenValidationParameters
@@ -66,6 +82,7 @@ builder.Services.AddCors(o =>
 	});
 });
 
+var metricsAuthInfo = authCfg.GetAuthInfoAsync("aoba", "metrics").GetAwaiter().GetResult();
 builder.Services.AddAuthentication(options =>
 {
 	options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
@@ -73,7 +90,7 @@ builder.Services.AddAuthentication(options =>
 }).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => //Bearer auth
 {
 	options.TokenValidationParameters = validationParams;
-	options.TokenHandlers.Add(new MetricsTokenValidator(authInfo));
+	options.TokenHandlers.Add(new MetricsTokenValidator(metricsAuthInfo));
 	options.Events = new JwtBearerEvents
 	{
 		OnMessageReceived = ctx => //Retreive token from cookie if not found in headers
@@ -102,8 +119,8 @@ builder.Services.AddAuthentication(options =>
 	};
 }).AddScheme<AuthenticationSchemeOptions, AobaAuthenticationHandler>("Aoba", null);
 
-var dbString = config["DB_STRING"];
+
-builder.Services.AddAoba(dbString ?? "mongodb://localhost:27017");
+builder.Services.AddAoba();
 builder.Services.Configure<FormOptions>(opt =>
 {
 	opt.ValueLengthLimit = int.MaxValue;
@@ -136,6 +153,9 @@ app.MapObserability();
 app.MapGrpcService<AobaRpcService>()
 	.RequireAuthorization()
 	.RequireCors("RPC");
+app.MapGrpcService<MetricsRpcService>()
+	.RequireAuthorization()
+	.RequireCors("RPC");
 app.MapGrpcService<AobaAuthService>()
 	.AllowAnonymous()
 	.RequireCors("RPC");

AobaServer/Proto/Aoba.proto

@@ -3,6 +3,7 @@ import "google/protobuf/empty.proto";
 
 option csharp_namespace = "Aoba.RPC";
 package aoba;
+import "Proto/Types.proto";
 
 service AobaRpc {
   rpc GetMedia (Id) returns (MediaResponse);
@@ -13,73 +14,3 @@ service AobaRpc {
   rpc GetShareXDestination(google.protobuf.Empty) returns (ShareXResponse);
 }
 
-message PageFilter {
-	optional int32 page = 1;
-	optional int32 pageSize = 2;
-	optional string query = 3;
-}
-
-message Id {
-	string value = 1;
-}
-
-message MediaResponse {
-	oneof result {
-		MediaModel value = 1;
-		google.protobuf.Empty empty = 2;
-	}
-}
-
-message ListResponse {
-	repeated MediaModel items = 1;
-	Pagination pagination = 2;
-}
-
-message Pagination {
-	int32 page = 1;
-	int32 pageSize = 2;
-	int64 totalPages = 3;
-	int64 totalItems = 4;
-	optional string query = 5;
-}
-
-message UserResponse {
-	oneof userResult {
-		UserModel user = 1;
-		google.protobuf.Empty empty = 2;
-	}
-}
-
-message UserModel {
-	Id id = 1;
-	string username = 2;
-	string email = 3;
-	bool isAdmin = 4;
-}
-
-
-message MediaModel {
-	Id id = 1;
-	string fileName = 2;
-	MediaType mediaType = 3;
-	string ext = 4;
-	int32 viewCount = 5;
-	Id owner = 6;
-	string thumbUrl = 7;
-}
-
-enum MediaType {
-	Image = 0;
-	Audio = 1;
-	Video = 2;
-	Text = 3;
-	Code = 4;
-	Raw = 5;
-}
-
-message ShareXResponse {
-	oneof dstResult {
-		string destination = 1;
-		string error = 2;
-	}
-}

AobaServer/Proto/Auth.proto

@@ -1,33 +1,12 @@
 syntax = "proto3";
 
 option csharp_namespace = "Aoba.RPC.Auth";
-package aoba.Auth;
+package aoba;
+
+import "Proto/Types.proto";
 
 service AuthRpc {
 	rpc Login(Credentials) returns (LoginResponse);
 	rpc LoginPasskey(PassKeyPayload) returns (LoginResponse);
 }
 
-message Credentials{
-	string user = 1;
-	string password = 2;
-}
-
-message PassKeyPayload {
-
-}
-
-message Jwt{
-	string token = 1;
-}
-
-message LoginResponse{
-	oneof result {
-		Jwt jwt = 1;
-		LoginError error = 2;
-	}
-}
-
-message LoginError{
-	string message = 1;
-}

AobaServer/Proto/Metrics.proto

@@ -0,0 +1,12 @@
+syntax = "proto3";
+
+option csharp_namespace = "Aoba.RPC.Metrics";
+package aoba;
+
+import "google/protobuf/empty.proto";
+import "Proto/Types.proto";
+
+
+service MetricsRpc {
+	rpc GetToken(google.protobuf.Empty) returns (Jwt);
+}

AobaServer/Proto/Types.proto

@@ -0,0 +1,101 @@
+syntax = "proto3";
+
+option csharp_namespace = "Aoba.RPC";
+package aoba;
+import "google/protobuf/empty.proto";
+
+message Credentials{
+	string user = 1;
+	string password = 2;
+}
+
+message PassKeyPayload {
+
+}
+
+
+message Jwt{
+	string token = 1;
+}
+
+message LoginResponse{
+	oneof result {
+		Jwt jwt = 1;
+		LoginError error = 2;
+	}
+}
+
+message LoginError{
+	string message = 1;
+}
+
+message PageFilter {
+	optional int32 page = 1;
+	optional int32 pageSize = 2;
+	optional string query = 3;
+}
+
+message Id {
+	string value = 1;
+}
+
+message MediaResponse {
+	oneof result {
+		MediaModel value = 1;
+		google.protobuf.Empty empty = 2;
+	}
+}
+
+message ListResponse {
+	repeated MediaModel items = 1;
+	Pagination pagination = 2;
+}
+
+message Pagination {
+	int32 page = 1;
+	int32 pageSize = 2;
+	int64 totalPages = 3;
+	int64 totalItems = 4;
+	optional string query = 5;
+}
+
+message UserResponse {
+	oneof userResult {
+		UserModel user = 1;
+		google.protobuf.Empty empty = 2;
+	}
+}
+
+message UserModel {
+	Id id = 1;
+	string username = 2;
+	string email = 3;
+	bool isAdmin = 4;
+}
+
+
+message MediaModel {
+	Id id = 1;
+	string fileName = 2;
+	MediaType mediaType = 3;
+	string ext = 4;
+	int32 viewCount = 5;
+	Id owner = 6;
+	string thumbUrl = 7;
+}
+
+enum MediaType {
+	Image = 0;
+	Audio = 1;
+	Video = 2;
+	Text = 3;
+	Code = 4;
+	Raw = 5;
+}
+
+message ShareXResponse {
+	oneof dstResult {
+		string destination = 1;
+		string error = 2;
+	}
+}

AobaServer/Services/AobaAuthService.cs

@@ -9,13 +9,12 @@ using AobaServer.Utils;
 using Grpc.Core;
 
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.IdentityModel.Tokens;
+using Aoba.RPC;
 
-using System.IdentityModel.Tokens.Jwt;
 
 namespace AobaServer.Services;
 
-public class AobaAuthService(AccountsService accountsService, AuthInfo authInfo) : Aoba.RPC.Auth.AuthRpc.AuthRpcBase
+public class AobaAuthService(AccountsService accountsService, AuthConfigService authConfig) : AuthRpc.AuthRpcBase
 {
 	[AllowAnonymous]
 	public override async Task<LoginResponse> Login(Credentials request, ServerCallContext context)
@@ -29,10 +28,11 @@ public class AobaAuthService(AccountsService accountsService, AuthInfo authInfo)
 					Message = "Invalid login credentials"
 				}
 			};
+		var authInfo = await authConfig.GetDefaultAuthInfoAsync();
 		var token = user.GetToken(authInfo);
 		return new LoginResponse
 		{
-			Jwt = new Jwt
+			Jwt = new ()
 			{
 				Token = token
 			}

AobaServer/Services/AuthConfigService.cs

@@ -0,0 +1,26 @@
+using AobaServer.Models;
+
+using MongoDB.Driver;
+
+namespace AobaServer.Services;
+
+public class AuthConfigService(IMongoDatabase db)
+{
+	public IMongoCollection<AuthInfo> _authInfo = db.GetCollection<AuthInfo>("auth_config");
+
+	public async Task<AuthInfo> GetAuthInfoAsync(string issuer, string audience)
+	{
+		var info = await _authInfo.Find("{}").FirstOrDefaultAsync();
+		if(info != null)
+			return info;
+
+		info = AuthInfo.Create(issuer, audience);
+		await _authInfo.InsertOneAsync(info);
+		return info;
+	}
+
+	public Task<AuthInfo> GetDefaultAuthInfoAsync()
+	{
+		return GetAuthInfoAsync("aobaV2", "aoba");
+	}
+}

AobaServer/Services/MetricsRpcService.cs

@@ -0,0 +1,32 @@
+using Aoba.RPC;
+using Aoba.RPC.Auth;
+
+using Google.Protobuf.WellKnownTypes;
+
+using Grpc.Core;
+
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.IdentityModel.Tokens;
+
+using System.IdentityModel.Tokens.Jwt;
+
+namespace AobaServer.Services;
+
+public class MetricsRpcService(AuthConfigService authConfig): Aoba.RPC.Metrics.MetricsRpc.MetricsRpcBase
+{
+	public override async Task<Jwt> GetToken(Empty request, ServerCallContext context)
+	{
+		var authInfo = await authConfig.GetAuthInfoAsync("aoba", "metrics");
+		var handler = new JwtSecurityTokenHandler();
+
+		var jwt = handler.CreateEncodedJwt(new SecurityTokenDescriptor
+		{
+			Audience = authInfo.Audience,
+			Issuer = authInfo.Issuer,
+			IssuedAt = DateTime.UtcNow,
+			SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(authInfo.SecureKey), SecurityAlgorithms.HmacSha256)
+		});
+
+		return new Jwt { Token = jwt };
+	}
+}