- update password storage to hash

AlcatrazDTO/AlcatrazDTO.projitems

@@ -11,6 +11,7 @@
   <ItemGroup>
     <Compile Include="$(MSBuildThisFileDirectory)Constants.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)Helpers\SecurePasswordHasher.cs" />
+    <Compile Include="$(MSBuildThisFileDirectory)Helpers\StringHasher.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)Models\AlcatrazClientConfig.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)Models\AuthenticateRequest.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)Models\AuthenticateResponse.cs" />
@@ -20,7 +21,4 @@
     <Compile Include="$(MSBuildThisFileDirectory)Models\UserModel.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)Models\UserRegisterModel.cs" />
   </ItemGroup>
-  <ItemGroup>
-    <Folder Include="$(MSBuildThisFileDirectory)Helpers\" />
-  </ItemGroup>
 </Project>

AlcatrazDTO/Helpers/StringHasher.cs

@@ -0,0 +1,32 @@
+using System.Text;
+using System;
+
+public static class StringHasher
+{
+	public static uint StringId(string str)
+	{
+		// Uses FNV-1a 32 as the base hash function
+		const uint prime = 0x1000193;
+		uint hash = 0x811C9DC5;
+
+		// Convert the string to bytes in UTF-16 (each char is 2 bytes)
+		byte[] data = Encoding.Unicode.GetBytes(str);
+		int len = data.Length;
+
+		for (int i = 0; i < len; i += 4)
+		{
+			uint value = 0;
+			int end = Math.Min(i + 4, len);
+
+			for (int j = i; j < end; ++j)
+			{
+				uint chr = data[j];
+				value |= chr << ((j - i) * 8);
+			}
+
+			hash = (hash ^ value) * prime;
+		}
+
+		return hash;
+	}
+}

AlcatrazDbContext/AlcatrazContext.csproj

@@ -20,4 +20,6 @@
     <PackageReference Include="Pomelo.EntityFrameworkCore.MySql" Version="7.0.0" />
   </ItemGroup>
 
+  <Import Project="..\AlcatrazDTO\AlcatrazDTO.projitems" Label="Shared" />
+
 </Project>

AlcatrazDbContext/MainDbContext.cs

@@ -1,7 +1,13 @@
 using Alcatraz.Context.Entities;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Diagnostics;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations.Internal;
+using Microsoft.EntityFrameworkCore.Migrations;
 using System;
+using System.Reflection;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Options;
 
 namespace Alcatraz.Context
 {
@@ -18,7 +24,9 @@ public class MainDbContext : DbContext
 	{
 		public static DbContextOptionsBuilder OnContextBuilding(DbContextOptionsBuilder opt, DBType type, string connectionString)
 		{
-			if(type == DBType.SQLite)
+			opt.ReplaceService<IMigrationsAssembly, ContextAwareMigrationsAssembly>();
+
+			if (type == DBType.SQLite)
 			{
 				return opt.UseSqlite(connectionString);
 			}
@@ -28,7 +36,6 @@ public static DbContextOptionsBuilder OnContextBuilding(DbContextOptionsBuilder
 				var serverVersion = new MySqlServerVersion(new Version(8, 0, 25));
 				return opt.UseMySql(connectionString, serverVersion, conf => conf.CommandTimeout(60));
 			}
-
 			return opt;
 		}
 		public MainDbContext()
@@ -72,4 +79,41 @@ protected override void OnModelCreating(ModelBuilder builder)
 		public DbSet<PlayerStatisticsBoard> PlayerStatisticBoards { get; set; }
 		public DbSet<PlayerStatisticsBoardValue> PlayerStatisticBoardValues { get; set; }
 	}
+
+	public class ContextAwareMigrationsAssembly : MigrationsAssembly
+	{
+		private readonly MainDbContext context;
+
+		public ContextAwareMigrationsAssembly(
+			ICurrentDbContext currentContext,
+			IDbContextOptions options,
+			IMigrationsIdGenerator idGenerator,
+			IDiagnosticsLogger<DbLoggerCategory.Migrations> logger)
+			: base(currentContext, options, idGenerator, logger)
+		{
+			context = (MainDbContext)currentContext.Context;
+		}
+
+		/// <summary>
+		/// Modified from http://weblogs.thinktecture.com/pawel/2018/06/entity-framework-core-changing-db-migration-schema-at-runtime.html
+		/// </summary>
+		/// <param name="migrationClass"></param>
+		/// <param name="activeProvider"></param>
+		/// <returns></returns>
+		public override Migration CreateMigration(TypeInfo migrationClass, string activeProvider)
+		{
+			var hasCtorWithDbContext = migrationClass
+					.GetConstructor(new[] { typeof(MainDbContext) }) != null;
+
+			if (hasCtorWithDbContext)
+			{
+				var instance = (Migration)Activator.CreateInstance(migrationClass.AsType(), context);
+				instance.ActiveProvider = activeProvider;
+				return instance;
+			}
+
+			return base.CreateMigration(migrationClass, activeProvider);
+		}
+	}
+
 }

AlcatrazDbContext/Migrations/20241031073735_UpdatePasswordStorage.cs

@@ -0,0 +1,35 @@
+using Alcatraz.DTO.Helpers;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Migrations;
+using System;
+
+
+#nullable disable
+
+namespace Alcatraz.Context.Migrations
+{
+    /// <inheritdoc />
+    public partial class UpdatePasswordStorage : Migration
+    {
+        MainDbContext _dbContext;
+		public UpdatePasswordStorage(MainDbContext context)
+		{
+            _dbContext = context;
+		}
+
+		/// <inheritdoc />
+		protected override void Up(MigrationBuilder migrationBuilder)
+        {
+			foreach (var user in _dbContext.Users)
+            {
+				user.Password = SecurePasswordHasher.Hash($"{user.Id}-{user.Password}");
+			}
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+        }
+    }
+
+}

AlcatrazGameServices/Controllers/UsersController.cs

@@ -32,7 +32,7 @@ public UsersController(IUserService userService, IOptions<QConfiguration> server
 		[HttpPost("Authenticate")]
 		public IActionResult Authenticate([FromBody] AuthenticateRequest model)
 		{
-			var response = _userService.Authenticate(model, true);
+			var response = _userService.Authenticate(model);
 
 			if (response == null)
 			{

AlcatrazGameServices/Pages/Account/SignIn.cshtml.cs

@@ -41,7 +41,7 @@ public async Task<IActionResult> OnPost()
 				return Page();
 			}
 
-			var response = _userService.Authenticate(AuthModel, true);
+			var response = _userService.Authenticate(AuthModel);
 			if (response != null)
 			{
 				var user = _userService.GetById(response.Id);