stub out signalr sync hub

bitwarden-core.sln

@@ -49,6 +49,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "EventsProcessor", "src\Even
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Admin", "src\Admin\Admin.csproj", "{B131CEF3-89FB-4C90-ADB0-9E9C4246EB56}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Hub", "src\Hub\Hub.csproj", "{28635027-20E5-42FA-B218-B6C878DE5350}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -113,6 +115,10 @@ Global
 		{B131CEF3-89FB-4C90-ADB0-9E9C4246EB56}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{B131CEF3-89FB-4C90-ADB0-9E9C4246EB56}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{B131CEF3-89FB-4C90-ADB0-9E9C4246EB56}.Release|Any CPU.Build.0 = Release|Any CPU
+		{28635027-20E5-42FA-B218-B6C878DE5350}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{28635027-20E5-42FA-B218-B6C878DE5350}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{28635027-20E5-42FA-B218-B6C878DE5350}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{28635027-20E5-42FA-B218-B6C878DE5350}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -132,6 +138,7 @@ Global
 		{994DD611-F266-4BD3-8072-3B1B57267ED5} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84D}
 		{2235D24F-E607-47F4-81AD-BB4504ADF9C6} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84D}
 		{B131CEF3-89FB-4C90-ADB0-9E9C4246EB56} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84D}
+		{28635027-20E5-42FA-B218-B6C878DE5350} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {E01CBF68-2E20-425F-9EDB-E0A6510CA92F}

src/Core/CurrentContext.cs

@@ -6,11 +6,14 @@ using Bit.Core.Enums;
 using Microsoft.AspNetCore.Http;
 using Bit.Core.Repositories;
 using System.Threading.Tasks;
+using System.Security.Claims;
 
 namespace Bit.Core
 {
     public class CurrentContext
     {
+        private bool _builtHttpContext;
+        private bool _builtClaimsPrincipal;
         private string _ip;
         private Dictionary<Guid, ICollection<OrganizationUser>> _orgUsers =
             new Dictionary<Guid, ICollection<OrganizationUser>>();
@@ -25,6 +28,93 @@ namespace Bit.Core
             new List<CurrentContentOrganization>();
         public virtual Guid? InstallationId { get; set; }
 
+        public void Build(HttpContext httpContext)
+        {
+            if(_builtHttpContext)
+            {
+                return;
+            }
+
+            _builtHttpContext = true;
+            HttpContext = httpContext;
+            Build(httpContext.User);
+
+            if(DeviceIdentifier == null && httpContext.Request.Headers.ContainsKey("Device-Identifier"))
+            {
+                DeviceIdentifier = httpContext.Request.Headers["Device-Identifier"];
+            }
+
+            if(httpContext.Request.Headers.ContainsKey("Device-Type") &&
+                Enum.TryParse(httpContext.Request.Headers["Device-Type"].ToString(), out DeviceType dType))
+            {
+                DeviceType = dType;
+            }
+        }
+
+        public void Build(ClaimsPrincipal user)
+        {
+            if(_builtClaimsPrincipal)
+            {
+                return;
+            }
+
+            _builtClaimsPrincipal = true;
+            if(user == null || !user.Claims.Any())
+            {
+                return;
+            }
+
+            var claimsDict = user.Claims.GroupBy(c => c.Type).ToDictionary(c => c.Key, c => c.Select(v => v));
+
+            var subject = GetClaimValue(claimsDict, "sub");
+            if(Guid.TryParse(subject, out var subIdGuid))
+            {
+                UserId = subIdGuid;
+            }
+
+            var clientId = GetClaimValue(claimsDict, "client_id");
+            var clientSubject = GetClaimValue(claimsDict, "client_sub");
+            if((clientId?.StartsWith("installation.") ?? false) && clientSubject != null)
+            {
+                if(Guid.TryParse(clientSubject, out var idGuid))
+                {
+                    InstallationId = idGuid;
+                }
+            }
+
+            DeviceIdentifier = GetClaimValue(claimsDict, "device");
+
+            if(claimsDict.ContainsKey("orgowner"))
+            {
+                Organizations.AddRange(claimsDict["orgowner"].Select(c =>
+                    new CurrentContentOrganization
+                    {
+                        Id = new Guid(c.Value),
+                        Type = OrganizationUserType.Owner
+                    }));
+            }
+
+            if(claimsDict.ContainsKey("orgadmin"))
+            {
+                Organizations.AddRange(claimsDict["orgadmin"].Select(c =>
+                    new CurrentContentOrganization
+                    {
+                        Id = new Guid(c.Value),
+                        Type = OrganizationUserType.Admin
+                    }));
+            }
+
+            if(claimsDict.ContainsKey("orguser"))
+            {
+                Organizations.AddRange(claimsDict["orguser"].Select(c =>
+                    new CurrentContentOrganization
+                    {
+                        Id = new Guid(c.Value),
+                        Type = OrganizationUserType.User
+                    }));
+            }
+        }
+
         public bool OrganizationUser(Guid orgId)
         {
             return Organizations.Any(o => o.Id == orgId);
@@ -70,6 +160,16 @@ namespace Bit.Core
             return _ip;
         }
 
+        private string GetClaimValue(Dictionary<string, IEnumerable<Claim>> claims, string type)
+        {
+            if(!claims.ContainsKey(type))
+            {
+                return null;
+            }
+
+            return claims[type].FirstOrDefault()?.Value;
+        }
+
         public class CurrentContentOrganization
         {
             public Guid Id { get; set; }

src/Core/Utilities/CurrentContextMiddleware.cs

@@ -1,9 +1,4 @@
-using Bit.Core.Enums;
-using Microsoft.AspNetCore.Http;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Security.Claims;
+using Microsoft.AspNetCore.Http;
 using System.Threading.Tasks;
 
 namespace Bit.Core.Utilities
@@ -19,85 +14,8 @@ namespace Bit.Core.Utilities
 
         public async Task Invoke(HttpContext httpContext, CurrentContext currentContext)
         {
-            currentContext.HttpContext = httpContext;
-
-            if(httpContext.User != null && httpContext.User.Claims.Any())
-            {
-                var claimsDict = httpContext.User.Claims
-                    .GroupBy(c => c.Type)
-                    .ToDictionary(c => c.Key, c => c.Select(v => v));
-
-                var subject = GetClaimValue(claimsDict, "sub");
-                if(Guid.TryParse(subject, out var subIdGuid))
-                {
-                    currentContext.UserId = subIdGuid;
-                }
-
-                var clientId = GetClaimValue(claimsDict, "client_id");
-                var clientSubject = GetClaimValue(claimsDict, "client_sub");
-                if((clientId?.StartsWith("installation.") ?? false) && clientSubject != null)
-                {
-                    if(Guid.TryParse(clientSubject, out var idGuid))
-                    {
-                        currentContext.InstallationId = idGuid;
-                    }
-                }
-
-                currentContext.DeviceIdentifier = GetClaimValue(claimsDict, "device");
-
-                if(claimsDict.ContainsKey("orgowner"))
-                {
-                    currentContext.Organizations.AddRange(claimsDict["orgowner"].Select(c =>
-                        new CurrentContext.CurrentContentOrganization
-                        {
-                            Id = new Guid(c.Value),
-                            Type = OrganizationUserType.Owner
-                        }));
-                }
-
-                if(claimsDict.ContainsKey("orgadmin"))
-                {
-                    currentContext.Organizations.AddRange(claimsDict["orgadmin"].Select(c =>
-                        new CurrentContext.CurrentContentOrganization
-                        {
-                            Id = new Guid(c.Value),
-                            Type = OrganizationUserType.Admin
-                        }));
-                }
-
-                if(claimsDict.ContainsKey("orguser"))
-                {
-                    currentContext.Organizations.AddRange(claimsDict["orguser"].Select(c =>
-                        new CurrentContext.CurrentContentOrganization
-                        {
-                            Id = new Guid(c.Value),
-                            Type = OrganizationUserType.User
-                        }));
-                }
-            }
-
-            if(currentContext.DeviceIdentifier == null && httpContext.Request.Headers.ContainsKey("Device-Identifier"))
-            {
-                currentContext.DeviceIdentifier = httpContext.Request.Headers["Device-Identifier"];
-            }
-
-            if(httpContext.Request.Headers.ContainsKey("Device-Type") &&
-                Enum.TryParse(httpContext.Request.Headers["Device-Type"].ToString(), out DeviceType dType))
-            {
-                currentContext.DeviceType = dType;
-            }
-
+            currentContext.Build(httpContext);
             await _next.Invoke(httpContext);
         }
-
-        private string GetClaimValue(Dictionary<string, IEnumerable<Claim>> claims, string type)
-        {
-            if(!claims.ContainsKey(type))
-            {
-                return null;
-            }
-
-            return claims[type].FirstOrDefault()?.Value;
-        }
     }
 }

src/Hub/Controllers/EventsController.cs

@@ -0,0 +1,25 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.SignalR;
+
+namespace Bit.Hub
+{
+    [Authorize("Application")]
+    public class EventsController : Controller
+    {
+        private readonly IHubContext<SyncHub> _syncHubContext;
+
+        public EventsController(IHubContext<SyncHub> syncHubContext)
+        {
+            _syncHubContext = syncHubContext;
+        }
+
+        [HttpGet("~/events")]
+        public async Task GetTest()
+        {
+            await _syncHubContext.Clients.All.SendAsync("ReceiveMessage", "From API.");
+        }
+    }
+}

src/Hub/Hub.csproj

@@ -0,0 +1,19 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <Version>1.22.0</Version>
+    <TargetFramework>netcoreapp2.1</TargetFramework>
+    <RootNamespace>Bit.Hub</RootNamespace>
+    <UserSecretsId>bitwarden-Hub</UserSecretsId>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="2.6.0" />
+    <PackageReference Include="Microsoft.AspNetCore.App" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Core\Core.csproj" />
+  </ItemGroup>
+
+</Project>

src/Hub/Program.cs

@@ -0,0 +1,17 @@
+using Microsoft.AspNetCore;
+using Microsoft.AspNetCore.Hosting;
+
+namespace Bit.Hub
+{
+    public class Program
+    {
+        public static void Main(string[] args)
+        {
+            WebHost
+                .CreateDefaultBuilder(args)
+                .UseStartup<Startup>()
+                .Build()
+                .Run();
+        }
+    }
+}

src/Hub/Properties/launchSettings.json

@@ -0,0 +1,27 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false, 
+    "anonymousAuthentication": true, 
+    "iisExpress": {
+      "applicationUrl": "http://localhost:61840",
+      "sslPort": 0
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "Bit.Hub": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "applicationUrl": "http://localhost:5000",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

src/Hub/Startup.cs

@@ -0,0 +1,121 @@
+using System.Security.Claims;
+using Bit.Core;
+using Bit.Core.IdentityServer;
+using Bit.Core.Services;
+using Bit.Core.Utilities;
+using IdentityModel;
+using IdentityServer4.AccessTokenValidation;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.SignalR;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Microsoft.IdentityModel.Logging;
+using Serilog.Events;
+
+namespace Bit.Hub
+{
+    public class Startup
+    {
+        public Startup(IHostingEnvironment env, IConfiguration configuration)
+        {
+            Configuration = configuration;
+            Environment = env;
+        }
+
+        public IConfiguration Configuration { get; }
+        public IHostingEnvironment Environment { get; set; }
+
+        public void ConfigureServices(IServiceCollection services)
+        {
+            // Options
+            services.AddOptions();
+
+            // Settings
+            var globalSettings = services.AddGlobalSettingsServices(Configuration);
+
+            // Repositories
+            services.AddSqlServerRepositories(globalSettings);
+
+            // Context
+            services.AddScoped<CurrentContext>();
+
+            // Identity
+            services
+                .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
+                .AddIdentityServerAuthentication(options =>
+                {
+                    options.Authority = globalSettings.BaseServiceUri.InternalIdentity;
+                    options.RequireHttpsMetadata = !Environment.IsDevelopment() &&
+                        globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
+                    options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString();
+                    options.NameClaimType = ClaimTypes.Email;
+                    options.SupportedTokens = SupportedTokens.Jwt;
+                });
+
+            services.AddAuthorization(config =>
+            {
+                config.AddPolicy("Application", policy =>
+                {
+                    policy.RequireAuthenticatedUser();
+                    policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
+                });
+            });
+
+            // SignalR
+            services.AddSignalR();
+            services.AddSingleton<IUserIdProvider, SubjectUserIdProvider>();
+
+            // Mvc
+            services.AddMvc();
+
+            // Hosted Services
+            services.AddHostedService<TimedHostedService>();
+        }
+
+        public void Configure(
+            IApplicationBuilder app,
+            IHostingEnvironment env,
+            ILoggerFactory loggerFactory,
+            IApplicationLifetime appLifetime,
+            GlobalSettings globalSettings)
+        {
+            IdentityModelEventSource.ShowPII = true;
+            loggerFactory.AddSerilog(app, env, appLifetime, globalSettings, (e) =>
+            {
+                var context = e.Properties["SourceContext"].ToString();
+                if(context.Contains("IdentityServer4.Validation.TokenValidator") ||
+                    context.Contains("IdentityServer4.Validation.TokenRequestValidator"))
+                {
+                    return e.Level > LogEventLevel.Error;
+                }
+
+                return e.Level >= LogEventLevel.Error;
+            });
+
+            if(env.IsDevelopment())
+            {
+                app.UseDeveloperExceptionPage();
+            }
+
+            // Default Middleware
+            app.UseDefaultMiddleware(env);
+
+            // Add Cors
+            app.UseCors(policy => policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
+
+            // Add authentication to the request pipeline.
+            app.UseAuthentication();
+
+            // Add SignlarR
+            app.UseSignalR(routes =>
+            {
+                routes.MapHub<SyncHub>("/sync");
+            });
+
+            // Add MVC to the request pipeline.
+            app.UseMvc();
+        }
+    }
+}

src/Hub/SubjectUserIdProvider.cs

@@ -0,0 +1,13 @@
+using IdentityModel;
+using Microsoft.AspNetCore.SignalR;
+
+namespace Bit.Hub
+{
+    public class SubjectUserIdProvider : IUserIdProvider
+    {
+        public string GetUserId(HubConnectionContext connection)
+        {
+            return connection.User?.FindFirst(JwtClaimTypes.Subject)?.Value;
+        }
+    }
+}

src/Hub/SyncHub.cs

@@ -0,0 +1,33 @@
+using System;
+using System.Threading.Tasks;
+using Bit.Core;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Bit.Hub
+{
+    [Authorize("Application")]
+    public class SyncHub : Microsoft.AspNetCore.SignalR.Hub
+    {
+        public override async Task OnConnectedAsync()
+        {
+            var currentContext = new CurrentContext();
+            currentContext.Build(Context.User);
+            foreach(var org in currentContext.Organizations)
+            {
+                await Groups.AddToGroupAsync(Context.ConnectionId, $"Organization_{org.Id}");
+            }
+            await base.OnConnectedAsync();
+        }
+
+        public override async Task OnDisconnectedAsync(Exception exception)
+        {
+            var currentContext = new CurrentContext();
+            currentContext.Build(Context.User);
+            foreach(var org in currentContext.Organizations)
+            {
+                await Groups.RemoveFromGroupAsync(Context.ConnectionId, $"Organization_{org.Id}");
+            }
+            await base.OnDisconnectedAsync(exception);
+        }
+    }
+}

src/Hub/TimedHostedService.cs

@@ -0,0 +1,47 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.SignalR;
+using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
+
+namespace Bit.Hub
+{
+    public class TimedHostedService : IHostedService, IDisposable
+    {
+        private readonly ILogger _logger;
+        private readonly IHubContext<SyncHub> _hubContext;
+        private Timer _timer;
+
+        public TimedHostedService(ILogger<TimedHostedService> logger, IHubContext<SyncHub> hubContext)
+        {
+            _logger = logger;
+            _hubContext = hubContext;
+        }
+
+        public Task StartAsync(CancellationToken cancellationToken)
+        {
+            _logger.LogInformation("Timed Background Service is starting.");
+            _timer = new Timer(DoWork, null, TimeSpan.Zero, TimeSpan.FromSeconds(5));
+            return Task.CompletedTask;
+        }
+
+        private void DoWork(object state)
+        {
+            _logger.LogInformation("Timed Background Service is working.");
+            _hubContext.Clients.All.SendAsync("ReceiveMessage", "From BG!!");
+        }
+
+        public Task StopAsync(CancellationToken cancellationToken)
+        {
+            _logger.LogInformation("Timed Background Service is stopping.");
+            _timer?.Change(Timeout.Infinite, 0);
+            return Task.CompletedTask;
+        }
+
+        public void Dispose()
+        {
+            _timer?.Dispose();
+        }
+    }
+}

src/Hub/appsettings.Production.json

@@ -0,0 +1,14 @@
+{
+  "globalSettings": {
+    "baseServiceUri": {
+      "vault": "https://vault.bitwarden.com",
+      "api": "https://api.bitwarden.com",
+      "identity": "https://identity.bitwarden.com",
+      "admin": "https://admin.bitwarden.com",
+      "internalAdmin": "https://admin.bitwarden.com",
+      "internalIdentity": "https://identity.bitwarden.com",
+      "internalApi": "https://api.bitwarden.com",
+      "internalVault": "https://vault.bitwarden.com"
+    }
+  }
+}

src/Hub/appsettings.json

@@ -0,0 +1,35 @@
+{
+  "globalSettings": {
+    "selfHosted": false,
+    "projectName": "Hub",
+    "baseServiceUri": {
+      "vault": "https://localhost:8080",
+      "api": "http://localhost:4000",
+      "identity": "http://localhost:33656",
+      "admin": "http://localhost:62911",
+      "internalAdmin": "http://localhost:62911",
+      "internalIdentity": "http://localhost:33656",
+      "internalApi": "http://localhost:4000",
+      "internalVault": "http://localhost:4001"
+    },
+    "sqlServer": {
+      "connectionString": "SECRET"
+    },
+    "identityServer": {
+      "certificateThumbprint": "SECRET"
+    },
+    "storage": {
+      "connectionString": "SECRET"
+    },
+    "events": {
+      "connectionString": "SECRET"
+    },
+    "documentDb": {
+      "uri": "SECRET",
+      "key": "SECRET"
+    },
+    "sentry": {
+      "dsn": "SECRET"
+    }
+  }
+}