118d12a3db
Abstractions for the Altcha-based proof-of-work module: - AltchaAttribute (AllowMobileAttestationBypass param) - IHasAltchaSolution — marker interface for request POCOs carrying the widget's solution payload over HTTP/gRPC transports - IAltchaVerifier / IAltchaChallengeProvider — transport-agnostic interfaces; default gRPC implementations ship in Svrnty.CQRS.Altcha.Grpc - IMobileAttestationProvider — Phase 3 placeholder; concrete impls stamp ctx.Items["mobile_attested"] for the Altcha check to read as a bypass when AllowMobileAttestationBypass is true - AltchaChallenge / AltchaVerifyResult DTOs Lean dependencies — only references Svrnty.CQRS.Abstractions for the auth-check pipeline types. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
29 lines
1.1 KiB
C#
29 lines
1.1 KiB
C#
namespace Svrnty.CQRS.Altcha.Abstractions;
|
|
|
|
/// <summary>
|
|
/// Server-issued Altcha challenge. Shape matches what the
|
|
/// <a href="https://altcha.org/docs/v2/widget-v3/">altcha widget v3</a>
|
|
/// expects from its <c>challengeurl</c>.
|
|
/// </summary>
|
|
public sealed class AltchaChallenge
|
|
{
|
|
/// <summary>Hashing algorithm name (e.g. <c>SHA-256</c>).</summary>
|
|
public required string Algorithm { get; init; }
|
|
|
|
/// <summary>Hex-encoded hash the client must find a preimage for.</summary>
|
|
public required string Challenge { get; init; }
|
|
|
|
/// <summary>Hex-encoded salt (embeds an expiry timestamp).</summary>
|
|
public required string Salt { get; init; }
|
|
|
|
/// <summary>
|
|
/// HMAC-SHA256 of <c>algorithm|challenge|salt|maxnumber</c> using the
|
|
/// server's signing secret. Lets the verify step trust the issued
|
|
/// challenge without keeping per-challenge state.
|
|
/// </summary>
|
|
public required string Signature { get; init; }
|
|
|
|
/// <summary>Upper bound of the PoW search space (equals the requested complexity).</summary>
|
|
public required uint MaxNumber { get; init; }
|
|
}
|