This commit is contained in:
@@ -95,7 +95,8 @@ todo: RAVEN new job LicenseCheck
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
TODO: do I really need to not log IP addresses on login?
|
||||||
|
check privacy stuff, this seems necessary for security
|
||||||
|
|
||||||
|
|
||||||
TODO: restrict server so randos can't login since the client now has all the logins helpfully pre-loaded on it
|
TODO: restrict server so randos can't login since the client now has all the logins helpfully pre-loaded on it
|
||||||
|
|||||||
@@ -64,8 +64,12 @@ namespace AyaNova.Api.Controllers
|
|||||||
{
|
{
|
||||||
//a bit different as ops users can still login if the state is opsonly
|
//a bit different as ops users can still login if the state is opsonly
|
||||||
//so the only real barrier here would be a completely closed api
|
//so the only real barrier here would be a completely closed api
|
||||||
if (serverState.IsClosed)
|
|
||||||
|
|
||||||
|
if (serverState.IsClosed && AyaNova.Core.License.ActiveKey.IsLicensed)
|
||||||
|
{
|
||||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||||
|
}
|
||||||
|
|
||||||
int nFailedAuthDelay = 3000;//should be just long enough to make brute force a hassle but short enough to not annoy people who just mistyped their creds to login
|
int nFailedAuthDelay = 3000;//should be just long enough to make brute force a hassle but short enough to not annoy people who just mistyped their creds to login
|
||||||
|
|
||||||
@@ -160,6 +164,18 @@ namespace AyaNova.Api.Controllers
|
|||||||
string hashed = Hasher.hash(u.Salt, creds.Password);
|
string hashed = Hasher.hash(u.Salt, creds.Password);
|
||||||
if (hashed == u.Password)
|
if (hashed == u.Password)
|
||||||
{
|
{
|
||||||
|
//Valid password, user is effectively authorized at this point
|
||||||
|
|
||||||
|
//check if server closed
|
||||||
|
//if it is it means we got here only because there is no license
|
||||||
|
//and only *the* manager account can login now
|
||||||
|
if(serverState.IsClosed){
|
||||||
|
//if not manager account then boot closed
|
||||||
|
//manager account is always ID 1
|
||||||
|
if(u.Id!=1){
|
||||||
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||||
|
}
|
||||||
|
}
|
||||||
//Restrict auth due to server state?
|
//Restrict auth due to server state?
|
||||||
//If we're here the server state is not closed, but it might be ops only
|
//If we're here the server state is not closed, but it might be ops only
|
||||||
|
|
||||||
|
|||||||
@@ -27,8 +27,8 @@ namespace AyaNova.Core
|
|||||||
{
|
{
|
||||||
|
|
||||||
//License server address
|
//License server address
|
||||||
// private const string LICENSE_SERVER_URL = "https://rockfish.ayanova.com/";
|
// private const string LICENSE_SERVER_URL = "https://rockfish.ayanova.com/";
|
||||||
private const string LICENSE_SERVER_URL = "http://localhost:3001/";
|
private const string LICENSE_SERVER_URL = "http://localhost:3001/";
|
||||||
|
|
||||||
//Scheduleable users
|
//Scheduleable users
|
||||||
private const string SERVICE_TECHS_FEATURE_NAME = "ServiceTechs";
|
private const string SERVICE_TECHS_FEATURE_NAME = "ServiceTechs";
|
||||||
@@ -130,6 +130,17 @@ namespace AyaNova.Core
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//Has any kind of valid license that is active
|
||||||
|
//used for auth route checking to allow for fixing this issue
|
||||||
|
public bool IsLicensed
|
||||||
|
{
|
||||||
|
get
|
||||||
|
{
|
||||||
|
return !IsEmpty && !LicenseExpired;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
public bool IsEmpty
|
public bool IsEmpty
|
||||||
{
|
{
|
||||||
get
|
get
|
||||||
|
|||||||
Reference in New Issue
Block a user