This commit is contained in:
@@ -95,7 +95,8 @@ todo: RAVEN new job LicenseCheck
|
||||
|
||||
|
||||
|
||||
|
||||
TODO: do I really need to not log IP addresses on login?
|
||||
check privacy stuff, this seems necessary for security
|
||||
|
||||
|
||||
TODO: restrict server so randos can't login since the client now has all the logins helpfully pre-loaded on it
|
||||
|
||||
@@ -64,8 +64,12 @@ namespace AyaNova.Api.Controllers
|
||||
{
|
||||
//a bit different as ops users can still login if the state is opsonly
|
||||
//so the only real barrier here would be a completely closed api
|
||||
if (serverState.IsClosed)
|
||||
|
||||
|
||||
if (serverState.IsClosed && AyaNova.Core.License.ActiveKey.IsLicensed)
|
||||
{
|
||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||
}
|
||||
|
||||
int nFailedAuthDelay = 3000;//should be just long enough to make brute force a hassle but short enough to not annoy people who just mistyped their creds to login
|
||||
|
||||
@@ -160,6 +164,18 @@ namespace AyaNova.Api.Controllers
|
||||
string hashed = Hasher.hash(u.Salt, creds.Password);
|
||||
if (hashed == u.Password)
|
||||
{
|
||||
//Valid password, user is effectively authorized at this point
|
||||
|
||||
//check if server closed
|
||||
//if it is it means we got here only because there is no license
|
||||
//and only *the* manager account can login now
|
||||
if(serverState.IsClosed){
|
||||
//if not manager account then boot closed
|
||||
//manager account is always ID 1
|
||||
if(u.Id!=1){
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
}
|
||||
}
|
||||
//Restrict auth due to server state?
|
||||
//If we're here the server state is not closed, but it might be ops only
|
||||
|
||||
|
||||
@@ -27,8 +27,8 @@ namespace AyaNova.Core
|
||||
{
|
||||
|
||||
//License server address
|
||||
// private const string LICENSE_SERVER_URL = "https://rockfish.ayanova.com/";
|
||||
private const string LICENSE_SERVER_URL = "http://localhost:3001/";
|
||||
// private const string LICENSE_SERVER_URL = "https://rockfish.ayanova.com/";
|
||||
private const string LICENSE_SERVER_URL = "http://localhost:3001/";
|
||||
|
||||
//Scheduleable users
|
||||
private const string SERVICE_TECHS_FEATURE_NAME = "ServiceTechs";
|
||||
@@ -130,6 +130,17 @@ namespace AyaNova.Core
|
||||
return false;
|
||||
}
|
||||
|
||||
//Has any kind of valid license that is active
|
||||
//used for auth route checking to allow for fixing this issue
|
||||
public bool IsLicensed
|
||||
{
|
||||
get
|
||||
{
|
||||
return !IsEmpty && !LicenseExpired;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public bool IsEmpty
|
||||
{
|
||||
get
|
||||
|
||||
Reference in New Issue
Block a user