4446288bb6
The default transport for IAltchaVerifier / IAltchaChallengeProvider —
calls a self-hosted altcha service over gRPC.
Wire contract
- Protos/altcha.proto defines svrnty.cqrs.altcha.v1.AltchaService with
CreateChallenge + VerifyChallenge RPCs. Shipped in this package as
source-of-truth; Go (and other) implementations vendor a copy.
- Challenge.challenge_hash is named (not "challenge") to avoid a C#
property/class name collision; the MinimalApi widget JSON remaps.
Runtime
- AltchaGrpcVerifier maps RpcException → AltchaVerifyResult.Fail with
a diagnostic reason ("verify-timeout", "service-unavailable", etc.)
so the auth check surfaces a clean Unauthorized without leaking
transport detail.
- AltchaGrpcChallengeProvider lets create-challenge failures bubble
(challenge endpoint should 5xx if altcha is down — clients retry).
- AltchaGrpcOptions.TokenProvider hook for consumer-supplied HMAC
service-token minting (plan-b will plug in ServiceTokenIssuer).
- AddGrpcClient<AltchaServiceClient> registered with HttpClientFactory.
AddSvrntyAltchaGrpcVerifier(Action<...>) and overload binding from
IConfiguration cover both wiring styles.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
59 lines
2.0 KiB
C#
59 lines
2.0 KiB
C#
using Grpc.Core;
|
|
using Microsoft.Extensions.Logging;
|
|
using Microsoft.Extensions.Options;
|
|
using Svrnty.CQRS.Altcha.Abstractions;
|
|
|
|
namespace Svrnty.CQRS.Altcha.Grpc;
|
|
|
|
/// <summary>
|
|
/// Default <see cref="IAltchaChallengeProvider"/> backed by gRPC. Calls
|
|
/// <c>AltchaService.CreateChallenge</c> on the configured endpoint and
|
|
/// projects the response onto <see cref="AltchaChallenge"/>.
|
|
/// </summary>
|
|
public sealed class AltchaGrpcChallengeProvider : IAltchaChallengeProvider
|
|
{
|
|
private readonly AltchaService.AltchaServiceClient _client;
|
|
private readonly IOptions<AltchaGrpcOptions> _options;
|
|
private readonly ILogger<AltchaGrpcChallengeProvider> _logger;
|
|
|
|
public AltchaGrpcChallengeProvider(
|
|
AltchaService.AltchaServiceClient client,
|
|
IOptions<AltchaGrpcOptions> options,
|
|
ILogger<AltchaGrpcChallengeProvider> logger)
|
|
{
|
|
_client = client;
|
|
_options = options;
|
|
_logger = logger;
|
|
}
|
|
|
|
public async Task<AltchaChallenge> CreateAsync(CancellationToken cancellationToken = default)
|
|
{
|
|
var opts = _options.Value;
|
|
var metadata = await AltchaCallCredentials.BuildMetadataAsync(opts, cancellationToken);
|
|
var deadline = DateTime.UtcNow.Add(opts.CallTimeout);
|
|
|
|
try
|
|
{
|
|
var response = await _client.CreateChallengeAsync(
|
|
new CreateChallengeRequest(),
|
|
headers: metadata,
|
|
deadline: deadline,
|
|
cancellationToken: cancellationToken);
|
|
|
|
return new AltchaChallenge
|
|
{
|
|
Algorithm = response.Algorithm,
|
|
Challenge = response.ChallengeHash,
|
|
Salt = response.Salt,
|
|
Signature = response.Signature,
|
|
MaxNumber = response.Maxnumber
|
|
};
|
|
}
|
|
catch (RpcException ex)
|
|
{
|
|
_logger.LogError(ex, "Altcha create-challenge failed against {Endpoint}: {Status}", opts.Endpoint, ex.StatusCode);
|
|
throw;
|
|
}
|
|
}
|
|
}
|