using System.Diagnostics.CodeAnalysis; using System.IdentityModel.Tokens.Jwt; using System.Text; using Google.Protobuf; using Microsoft.IdentityModel.Tokens; using ServerCore; using ServerBase; namespace ServerCommon; public static class AuthHelper { public static bool isLoginWithSsoAccountAuth(this ClientToLoginReq.Types.LoginReq loginReq) { if (0 >= loginReq.WebAuthParams.Length) { return false; } return true; } public static PlatformType toPlatformType(this string platformType) { return EnumHelper.convertEnumTypeAndValueStringToEnum(platformType, PlatformType.None); } public static Result verifySsoAccountAuthJWT( string ssoAccountAuthJWT , string sdsoAccountAuthJwtSecretKey , out string id, out AccountType accountType, out UInt64 accessToken) { id = string.Empty; accountType = AccountType.None; accessToken = 0; var result = new Result(); var err_msg = string.Empty; try { var token_handler = new JwtSecurityTokenHandler(); var validation_parameters = getValidationParameters(sdsoAccountAuthJwtSecretKey); var claim = token_handler.ValidateToken(ssoAccountAuthJWT, validation_parameters, out var validated_token); if (null == claim || false == claim.Identity?.IsAuthenticated) { err_msg = $"Failed to validate token !!!"; result.setFail(ServerErrorCode.SsoAccountAuthJwtCheckFailed, err_msg); return result; } // id Á¸Àç üũ var found_id = claim.Claims.First(x => x.Type == "id"); if (null == found_id) { err_msg = $"Not found id Key in token !!! : Key:id"; result.setFail(ServerErrorCode.UserIdKeyNotFoundInSsoAccountAuthJwt, err_msg); return result; } // id ¿¹¿Ü üũ id = found_id.Value; if (0 >= id.Length) { err_msg = $"User Id value empty in token !!! : Value:{id}"; result.setFail(ServerErrorCode.UserIdValueEmptyInSsoAccountAuthJwt, err_msg); return result; } // accountType Á¸Àç üũ var found_account_type = claim.Claims.First(x => x.Type == "accountType"); if (null == found_account_type) { err_msg = $"Not found accountType Key in token !!! : Key:accountType"; result.setFail(ServerErrorCode.AccountTypeKeyNotFoundInSsoAccountAuthJwt, err_msg); return result; } // accountType Çã¿ë üũ accountType = EnumHelper.convertEnumTypeAndValueStringToEnum(found_account_type.Value, AccountType.None); if (accountType.isAllowAccountType() == false) { err_msg = $"Not allow AccountType value in token !!! : accountType:{accountType} - accountId:{id}"; result.setFail(ServerErrorCode.AccountTypeNotAllow, err_msg); return result; } // accessToken Á¸Àç üũ var found_access_token = claim.Claims.First(x => x.Type == "accessToken"); if (null == found_access_token) { err_msg = $"Not found accessToken Key in token !!! : Key:accessToken"; result.setFail(ServerErrorCode.AccessTokenKeyNotAllowInSsoAccountAuthJwt, err_msg); return result; } accessToken = Convert.ToUInt64(found_access_token.Value); } catch (SecurityTokenExpiredException e) { var error_code = ServerErrorCode.SsoAccountAuthJwtTokenExpired; err_msg = $"SecurityTokenExpiredException !!!, Failed to perform in verifySsoAccountAuthJWT() !!! : errorCode:{error_code}, exception:{e} - ssoAccountAuthJWT:{ssoAccountAuthJWT}"; result.setFail(error_code, err_msg); } catch (SecurityTokenException e) { var error_code = ServerErrorCode.SsoAccountAuthJwtTokenExpired; err_msg = $"SecurityTokenException !!!, Failed to perform verifySsoAccountAuthJWT !!! : errorCode:{error_code}, exception:{e} - ssoAccountAuthJWT:{ssoAccountAuthJWT}"; result.setFail(error_code, err_msg); } catch (Exception e) { var error_code = ServerErrorCode.SsoAccountAuthJwtCheckFailed; err_msg = $"Exception !!!, Failed to perform verifySsoAccountAuthJWT !!! : errorCode:{error_code}, exception:{e} - ssoAccountAuthJWT:{ssoAccountAuthJWT}"; result.setFail(error_code, err_msg); } return result; } public static Result verifySsoAccountAuthJWT( this ByteString ssoAccountAuthJWT , string sdsoAccountAuthJwtSecretKey , out string id, out AccountType accountType, out UInt64 accessToken) { return verifySsoAccountAuthJWT(ssoAccountAuthJWT.ToStringUtf8(), sdsoAccountAuthJwtSecretKey, out id, out accountType, out accessToken); } private static TokenValidationParameters getValidationParameters(string sdsoAccountAuthJwtSecretKey) { return new TokenValidationParameters() { ValidateLifetime = true, // Because there is no expiration in the generated token ValidateAudience = false, // Because there is no audiance in the generated token ValidateIssuer = false, // Because there is no issuer in the generated token ValidIssuer = "", ValidAudience = "", IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(sdsoAccountAuthJwtSecretKey)) // The same key as the one that generate the token }; } public static bool isAllowAccountType(this AccountType accountType) { switch (accountType) { case AccountType.Google: case AccountType.Apple: return true; } return false; } public static Result isAllowAccountId(this string accountId) { var result = new Result(); var err_msg = string.Empty; if (false == ServerConfigHelper.getAuthRuleFlags().hasFlag(AuthRule.FlagType.TestIdAllow)) { if (true == accountId.isTestId()) { err_msg = $"Test Id not allow !!! : accountId:{accountId}"; result.setFail(ServerErrorCode.TestIdNotAllow, err_msg); return result; } } if (false == ServerConfigHelper.getAuthRuleFlags().hasFlag(AuthRule.FlagType.BotIdAllow)) { if (true == accountId.isContainsBotId()) { err_msg = $"Bot Id not allow !!! : accountId:{accountId}"; result.setFail(ServerErrorCode.BotdNotAllow, err_msg); return result; } } return result; } public static bool isTestId(this string accountId) { if (false == MetaData.Instance.m_test_user_initial_meta_datas.ContainsKey(accountId)) { return false; } return true; } public static bool isContainsBotId(this string accountId) { if (true == accountId.StartsWith(Constant.BOT_CLIENT)) { return true; } return false; } public static bool isUsableBotId(this string accountId) { if (false == accountId.isContainsBotId()) { return false; } return true; } public static LanguageType getCurrOrDefaultLanguageType(this LanguageType languageType) { return languageType == LanguageType.None ? LanguageType.Ko : languageType; } public static bool getMetaData4AutoSignUpUser(Int32 metaId, [MaybeNullWhen(false)] out MetaAssets.UserCreateMetaData? foundUserData) { foundUserData = null; if (false == MetaData.Instance.m_user_create_meta_datas.TryGetValue(metaId, out var found_user_data)) { return false; } foundUserData = found_user_data; return true; } //public static async Task registerUserOtpToTargetServer(this LoginUser entityUser, string destServerName) //{ // await Task.CompletedTask; // var result = new Result(); // var err_msg = string.Empty; // var server_logic = LoginServerApp.getServerLogic(); // var login_storage = server_logic.findCacheStorage(); // if(null == login_storage) // { // err_msg = $"Not found Cache Storage !!! : LoginStorage - {entityUser.toBasicString()}"; // result.setFail(ServerErrorCode.NotFoundCacheStorage, err_msg); // return result; // } // var make_otp = await login_storage.StartMoving(entityUser.getAccountId(), destServerName); // if (string.Empty == make_otp) // { // err_msg = $"Failed to make Otp !!! : LoginStorage - {entityUser.toBasicString()}"; // result.setFail(ServerErrorCode.MakeFailOtp, err_msg); // return result; // } // entityUser.getEntityAttrib().OtpForServerConnect = make_otp; // return result; //} }