remember me

2025-06-21 11:41:53 +02:00 · 2025-06-21 11:41:53 +02:00 · 8629883f88
commit 8629883f88
parent dac3acfecf
10 changed files with 278 additions and 96 deletions
--- a/Femto.Modules.Auth/Models/LongTermSession.cs
+++ b/Femto.Modules.Auth/Models/LongTermSession.cs
@ -1,3 +1,4 @@
+using System.ComponentModel.DataAnnotations.Schema;
 using System.Text;
 using static System.Security.Cryptography.RandomNumberGenerator;

@ -6,22 +7,30 @@ namespace Femto.Modules.Auth.Models;
 public class LongTermSession
 {
    private static TimeSpan TokenTimeout { get; } = TimeSpan.FromDays(90);
-    
+    private static TimeSpan RefreshBuffer { get; } = TimeSpan.FromDays(5);
+
    public int Id { get; private set; }
-    
+
    public string Selector { get; private set; }
-    
+
    public byte[] HashedVerifier { get; private set; }
-    
+
    public DateTimeOffset Expires { get; private set; }
-    
+
    public Guid UserId { get; private set; }
-    
-    private LongTermSession() {}
-    
+
+    [NotMapped]
+    public bool ExpiresSoon => this.Expires < DateTimeOffset.UtcNow + RefreshBuffer;
+
+    private LongTermSession() { }
+
    public static (LongTermSession, string) Create(Guid userId)
    {
-        var selector = GetString("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", 12);
+        var selector = GetString(
+            "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",
+            12
+        );
+     
        var verifier = GetString("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", 32);

        using var sha256 = System.Security.Cryptography.SHA256.Create();
@ -29,23 +38,26 @@ public class LongTermSession
        var longTermSession = new LongTermSession
        {
            Selector = selector,
-            HashedVerifier = sha256.ComputeHash(Encoding.UTF8.GetBytes(verifier)),
+            HashedVerifier = ComputeHash(verifier),
            UserId = userId,
-            Expires = DateTimeOffset.UtcNow + TokenTimeout
+            Expires = DateTimeOffset.UtcNow + TokenTimeout,
        };
-        
-        var rememberMeToken = $"{selector}.{verifier}";

-        return (longTermSession, rememberMeToken);
+        return (longTermSession, verifier);
    }

    public bool Validate(string verifier)
    {
        if (this.Expires < DateTimeOffset.UtcNow)
            return false;
-        
+
+        return ComputeHash(verifier).SequenceEqual(this.HashedVerifier);
+    }
+
+    private static byte[] ComputeHash(string verifier)
+    {
        using var sha256 = System.Security.Cryptography.SHA256.Create();
        var hashedVerifier = sha256.ComputeHash(Encoding.UTF8.GetBytes(verifier));
-        return hashedVerifier.SequenceEqual(this.HashedVerifier);
+        return hashedVerifier;
    }
-}
+}