client console can now submit a did key, changed a bunch of unload s over

Author: dooly123

Basis Server/BasisNetworkClientConsole/BasisNetworkClientConsole/BasisNetworkClientConsole.csproj

@@ -13,6 +13,8 @@
 	<ItemGroup>
 	  <ProjectReference Include="..\..\BasisNetworkClient\BasisNetworkClient.csproj" />
 	  <ProjectReference Include="..\..\BasisNetworkCore\BasisNetworkCore.csproj" />
+	  <ProjectReference Include="..\..\Contrib\Auth\Did\Did.csproj" />
+	  <ProjectReference Include="..\..\Contrib\Crypto\Crypto.csproj" />
 	  <ProjectReference Include="..\..\LiteNetLib\LiteNetLib.csproj" />
 	</ItemGroup>
 </Project>

Basis Server/BasisNetworkClientConsole/BasisNetworkClientConsole/ClientManager.cs

@@ -1,11 +1,15 @@
 using Basis.Config;
+using Basis.Contrib.Auth.DecentralizedIds.Newtypes;
+using Basis.Contrib.Crypto;
 using Basis.Network.Core;
 using Basis.Network.Core.Compression;
 using Basis.Scripts.BasisSdk.Players;
 using Basis.Utilities;
+using BasisNetworkClient;
 using System.Text;
 using System.Threading;
 using static Basis.Network.Core.Compression.BasisAvatarBitPacking;
+using static Basis.Network.Core.Serializable.SerializableBasis;
 using static SerializableBasis;
 
 namespace Basis.Network
@@ -40,14 +44,14 @@ public async Task StartClientsAsync()
             for (int Index = 0; Index < ClientCount; Index++)
             {
                 var name = NameGenerator.GenerateRandomPlayerName();
-                var uuid = Guid.NewGuid().ToString();
+                var identity = new ConsoleClientIdentity();
 
                 var readyMessage = new ReadyMessage
                 {
                     playerMetaDataMessage = new ClientMetaDataMessage
                     {
                         playerDisplayName = name,
-                        playerUUID = uuid,
+                        playerUUID = identity.Did,
                         playerPlatform = "Headless",
                     },
                     clientAvatarChangeMessage = new ClientAvatarChangeMessage
@@ -71,13 +75,13 @@ public async Task StartClientsAsync()
 
                 if (peer != null)
                 {
-                    netClient.listener.NetworkReceiveEvent += MessageHandler.OnReceive;
+                    netClient.listener.NetworkReceiveEvent += (p, r, ch, m) => MessageHandler.OnReceive(identity, p, r, ch, m);
                     netClient.listener.PeerDisconnectedEvent += MessageHandler.OnDisconnect;
 
                     lock (clients) clients.Add(netClient);
                     lock (peers) peers.Add(peer);
 
-                    BNL.Log($"Connected: {name} ({uuid})");
+                    BNL.Log($"Connected: {name} ({identity.Did})");
                 }
 
                 await Task.Delay(1, cts.Token);
@@ -91,20 +95,24 @@ public async Task ReconnectClientAsync(int index)
 
             var oldClient = clients[index];
 
+            if (oldClient?.listener != null)
+            {
+                oldClient.listener.PeerDisconnectedEvent -= MessageHandler.OnDisconnect;
+            }
             oldClient?.Disconnect();
             BNL.Log($"Disconnected client at index {index}");
 
             await Task.Delay(3000); // wait before reconnecting
 
             var name = NameGenerator.GenerateRandomPlayerName();
-            var uuid = Guid.NewGuid().ToString();
+            var identity = new ConsoleClientIdentity();
 
             var readyMessage = new ReadyMessage
             {
                 playerMetaDataMessage = new ClientMetaDataMessage
                 {
                     playerDisplayName = name,
-                    playerUUID = uuid,
+                    playerUUID = identity.Did,
                     playerPlatform = "Headless",
                 },
                 clientAvatarChangeMessage = new ClientAvatarChangeMessage
@@ -127,14 +135,14 @@ public async Task ReconnectClientAsync(int index)
 
             if (peer != null)
             {
-                netClient.listener.NetworkReceiveEvent += MessageHandler.OnReceive;
+                netClient.listener.NetworkReceiveEvent += (p, r, ch, m) => MessageHandler.OnReceive(identity, p, r, ch, m);
                 netClient.listener.PeerDisconnectedEvent += MessageHandler.OnDisconnect;
 
                 lock (clients) clients[index] = netClient;
                 Interlocked.Exchange(ref FinalClients[index], netClient);
                 Interlocked.Exchange(ref FinalPeers[index], peer);
 
-                BNL.Log($"Reconnected: {name} ({uuid}) at index {index}");
+                BNL.Log($"Reconnected: {name} ({identity.Did}) at index {index}");
             }
         }
         public Task StopClientsAsync()
@@ -147,10 +155,47 @@ public Configuration CreateConfig()
             Configuration Configuration = new Configuration();
             Basis.Network.Core.BasisTransportConfigStore.Get<Basis.Network.Core.LNLTransportConfig>(
                 Basis.Network.Core.BasisNetworkStackRegistry.LiteNetLibId).UseNativeSockets = true;
-            ///we dont use auth identity as we are fake client system
-            Configuration.UseAuthIdentity = false;
+            Configuration.UseAuthIdentity = true;
 
             return Configuration;
         }
     }
+
+    public sealed class ConsoleClientIdentity
+    {
+        private readonly PrivKey _privateKey;
+
+        public string Did { get; }
+
+        public ConsoleClientIdentity()
+        {
+            BasisDIDAuthIdentityClient.ClientKeyCreation(out (PubKey, PrivKey) keys, out Did did);
+            _privateKey = keys.Item2;
+            Did = did.V;
+        }
+
+        public bool TryRespondToChallenge(NetPacketReader reader, out NetDataWriter writer)
+        {
+            writer = new NetDataWriter();
+
+            BytesMessage challenge = new BytesMessage();
+            if (!challenge.Deserialize(reader, out byte[] nonce))
+            {
+                BNL.LogError("Malformed auth challenge from server");
+                return false;
+            }
+
+            if (!Ed25519.Sign(_privateKey, new Payload(nonce), out Signature? signature) || signature == null)
+            {
+                BNL.LogError("Unable to sign auth challenge");
+                return false;
+            }
+
+            BytesMessage signatureBytes = new BytesMessage();
+            BytesMessage fragmentBytes = new BytesMessage();
+            signatureBytes.Serialize(writer, signature.V);
+            fragmentBytes.Serialize(writer, Encoding.UTF8.GetBytes("N/A"));
+            return true;
+        }
+    }
 }

Basis Server/BasisNetworkClientConsole/BasisNetworkClientConsole/MessageHandler.cs

@@ -1,5 +1,4 @@
 using Basis.Network.Core;
-using BasisNetworkClient;
 using static SerializableBasis;
 
 namespace Basis.Network
@@ -11,14 +10,14 @@ public static void OnDisconnect(NetPeer peer, DisconnectInfo info)
             BNL.LogError($"Peer {peer.Id} disconnected.");
         }
 
-        public static void OnReceive(NetPeer peer, NetPacketReader reader, byte channel, DeliveryMethod method)
+        public static void OnReceive(ConsoleClientIdentity identity, NetPeer peer, NetPacketReader reader, byte channel, DeliveryMethod method)
         {
             if (peer.Id != 0) return;
 
             switch (channel)
             {
                 case BasisNetworkCommons.AuthIdentityChannel:
-                    AuthIdentityMessage(peer, reader, channel);
+                    AuthIdentityMessage(identity, peer, reader);
                     return; // already recycled inside
                 case BasisNetworkCommons.metaDataChannel:
                     break;
@@ -43,21 +42,17 @@ public static void OnReceive(NetPeer peer, NetPacketReader reader, byte channel,
             reader.Recycle();
         }
 
-        public static void AuthIdentityMessage(NetPeer peer, NetPacketReader Reader, byte channel)
+        public static void AuthIdentityMessage(ConsoleClientIdentity identity, NetPeer peer, NetPacketReader reader)
         {
-            BNL.Log("Validated Size " + Reader.AvailableBytes);
-            if (BasisDIDAuthIdentityClient.IdentityMessage(peer, Reader, out NetDataWriter Writer))
+            if (identity != null && identity.TryRespondToChallenge(reader, out NetDataWriter writer))
             {
-                BNL.Log("Sent Identity To Server!");
-                peer.Send(Writer, BasisNetworkCommons.AuthIdentityChannel, DeliveryMethod.ReliableOrdered);
-                Reader.Recycle();
+                peer.Send(writer, BasisNetworkCommons.AuthIdentityChannel, DeliveryMethod.ReliableOrdered);
             }
             else
             {
-                BNL.LogError("Failed Identity Message!");
-                Reader.Recycle();
+                BNL.LogError("Failed to respond to auth challenge!");
             }
-            BNL.Log("Completed");
+            reader.Recycle();
         }
     }
 }

Basis Server/BasisNetworkCore/BasisConfigXmlDocs.cs

@@ -165,7 +165,7 @@ private static void RegisterServerConfig()
             t.Fields.Add(new FieldDoc("IPv6Address", " IPv6 address to bind. ::1 = loopback, :: = all IPv6 interfaces. string. "));
             t.Fields.Add(new FieldDoc("Password", " Password clients must present to join. Change this for any non-local server! string. ", " ===== Authentication ===== "));
             t.Fields.Add(new FieldDoc("UseAuth", " Require the join password (above) to be correct. true|false. "));
-            t.Fields.Add(new FieldDoc("UseAuthIdentity", " Require cryptographic player-identity (DID) verification in addition to the password. true|false. Headless/load-test fake clients require this to be false. "));
+            t.Fields.Add(new FieldDoc("UseAuthIdentity", " Require cryptographic player-identity (DID) verification in addition to the password. true|false. The headless load-test client console supports this, so it can stay enabled. "));
             t.Fields.Add(new FieldDoc("NetworkStackId", " Transport stack id. Empty = the default ('litenetlib'); only 'litenetlib' is registered and unknown ids fall back to it. Per-stack tuning lives in config/transports/<id>.xml. string. "));
             t.Fields.Add(new FieldDoc("BasisUserRestrictionMode", " Player join restriction mode. Allowed values: Normal | BlackList | WhiteList. "));
             t.Fields.Add(new FieldDoc("HowManyDuplicateAuthCanExist", " How many connections sharing the same auth identity may exist at once. int. "));

Basis Server/BasisNetworkServer/BasisNetworkHandleErrorReport.cs

@@ -30,6 +30,12 @@ public static class BasisNetworkHandleErrorReport
             new ConcurrentDictionary<string, HashSet<string>>();
         private static readonly object FileLock = new object();
 
+        public static void RemoveUser(string uuid)
+        {
+            if (string.IsNullOrEmpty(uuid)) return;
+            SeenPerUser.TryRemove(uuid, out _);
+        }
+
         public static void HandleEvent(NetPacketReader reader, NetPeer peer, byte eventType)
         {
             try

Basis Server/BasisNetworkServer/BasisNetworkPIPCamera.cs

@@ -239,6 +239,11 @@ public static void RemovePlayer(int peerId)
 
                 BNL.Log($"PIP camera auto-destroyed for disconnected player {peerId}");
             }
+
+            foreach (var kvp in PIPStates)
+            {
+                kvp.Value.LastSentTimes.Remove(peerId);
+            }
         }
 
         public static void Reset()

Basis Server/BasisNetworkServer/BasisNetworkResourceManagement.cs

@@ -42,6 +42,35 @@ public static void Reset()
             }
         }
     }
+    public static void RemovePeerResources(string uuid)
+    {
+        if (string.IsNullOrEmpty(uuid)) return;
+        LocalLoadResource[] resourceArray = UshortNetworkDatabase.Values.ToArray();
+        int length = resourceArray.Length;
+        for (int index = 0; index < length; index++)
+        {
+            LocalLoadResource llr = resourceArray[index];
+            if (llr.Persist || llr.UUIDOfCreator != uuid)
+            {
+                continue;
+            }
+            UnLoadResource unloadResource = new UnLoadResource
+            {
+                Mode = llr.Mode,
+                LoadedNetID = llr.LoadedNetID
+            };
+            NetDataWriter writer = NetworkServer.RentWriter();
+            unloadResource.Serialize(writer);
+            NetworkServer.BroadcastMessageToClients(
+                writer,
+                BasisNetworkCommons.UnloadResourceChannel,
+                NetworkServer.PeerSnapshot,
+                DeliveryMethod.ReliableOrdered
+            );
+            NetworkServer.ReturnWriter(writer);
+            UshortNetworkDatabase.Remove(llr.LoadedNetID, out LocalLoadResource Resource);
+        }
+    }
     public static void SendOutAllResources(NetPeer NewConnection)
     {
         LocalLoadResource[] Resource = UshortNetworkDatabase.Values.ToArray();

Basis Server/BasisNetworkServer/BasisServerHandleEvents.cs

@@ -72,6 +72,9 @@ private static bool CleanupPeerSubsystems(NetPeer peer, int id)
             if (NetworkServer.AuthIdentity.NetIDToUUID(peer, out string uuid))
             {
                 PermissionIntegration.RemovePlayerMeta(uuid);
+                PermissionIntegration.EvictPermissionCache(uuid);
+                BasisNetworkHandleErrorReport.RemoveUser(uuid);
+                BasisNetworkResourceManagement.RemovePeerResources(uuid);
             }
 
             NetworkServer.AuthIdentity.RemoveConnection(id);
@@ -83,6 +86,7 @@ private static bool CleanupPeerSubsystems(NetPeer peer, int id)
             BasisNetworkPreloadResourceManagement.RemovePeer(id);
             BasisNetworkServer.Security.BasisUserOpusBitrateStateManager.ClearForPeer(id);
             BasisServerP2PBroker.RemovePeer(id);
+            BasisNetworkMessageProcessor.ClearPeerErrors(id);
 
             return NetworkServer.AuthenticatedPeers.TryRemove(id, out _);
         }

Basis Server/BasisNetworkServer/Security/BasisDIDAuthIdentity.cs

@@ -26,7 +26,7 @@ public class BasisDIDAuthIdentity : IAuthIdentity
     {
         internal readonly DidAuthentication DidAuth;
         public ConcurrentDictionary<int, OnAuth> AuthIdentity = new ConcurrentDictionary<int, OnAuth>();
-        private readonly ConcurrentDictionary<NetPeer, CancellationTokenSource> _timeouts = new ConcurrentDictionary<NetPeer, CancellationTokenSource>();
+        private readonly ConcurrentDictionary<int, CancellationTokenSource> _timeouts = new ConcurrentDictionary<int, CancellationTokenSource>();
         public ConcurrentDictionary<string, byte> Admins = new ConcurrentDictionary<string, byte>();
         public static readonly string FilePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, Configuration.ConfigFolderName, "admins.xml");
         public BasisDIDAuthIdentity()
@@ -130,7 +130,7 @@ public void ProcessConnection(Configuration Configuration, ConnectionRequest Con
                         NetworkServer.ReturnWriter(Writer);
 
                         CancellationTokenSource cts = new CancellationTokenSource();
-                        _timeouts[newPeer] = cts;
+                        _timeouts[newPeer.Id] = cts;
                         Task.Run(async () =>
                         {
                             await TimeOut(newPeer, UUID, cts);
@@ -158,9 +158,10 @@ public async Task TimeOut(NetPeer newPeer, string UUID, CancellationTokenSource
             try
             {
                 await Task.Delay(NetworkServer.Configuration.AuthValidationTimeOutMiliseconds, cts.Token);
-                if (!_timeouts.ContainsKey(newPeer)) return;
+                if (!_timeouts.ContainsKey(newPeer.Id)) return;
                 AuthIdentity.TryRemove(newPeer.Id, out _);
-                _timeouts.TryRemove(newPeer, out _);
+                _timeouts.TryRemove(newPeer.Id, out _);
+                cts.Dispose();
                 BNL.Log($"Authentication timeout for {UUID}.");
                 BasisServerHandleEvents.RejectWithReason(newPeer, "Authentication timeout");
                 newPeer.Disconnect();
@@ -173,9 +174,10 @@ private async void OnAuthReceived(NetPacketReader reader, NetPeer newPeer)
             try
             {
                 //     BNL.Log($"Authentication response received from {newPeer.Id}.");
-                if (_timeouts.TryRemove(newPeer, out var cts))
+                if (_timeouts.TryRemove(newPeer.Id, out var cts))
                 {
                     cts.Cancel();
+                    cts.Dispose();
                 }
 
                 BytesMessage SignatureBytes = new BytesMessage();
@@ -243,6 +245,11 @@ public async Task<bool> RecvChallengeResponse(Response response, Challenge Chall
         public void RemoveConnection(int NetPeer)
         {
             AuthIdentity.TryRemove(NetPeer, out var authIdentity);
+            if (_timeouts.TryRemove(NetPeer, out var cts))
+            {
+                try { cts.Cancel(); } catch { }
+                cts.Dispose();
+            }
         }
         public bool IsNetPeerAdmin(string UUID)
         {

Basis Server/BasisNetworkServer/Security/PermissionManager.cs

@@ -601,6 +601,20 @@ private void TouchAll()
             _dirty = true;
         }
 
+        public void EvictUserCache(string uuid)
+        {
+            if (string.IsNullOrEmpty(uuid)) return;
+            _lock.EnterWriteLock();
+            try
+            {
+                _cache.Remove(uuid);
+            }
+            finally
+            {
+                _lock.ExitWriteLock();
+            }
+        }
+
         private EffectivePermissions GetEffective(string uuid)
         {
             _lock.EnterUpgradeableReadLock();
@@ -1071,6 +1085,11 @@ public static void RemovePlayerMeta(string uuid)
                 _playerMeta.TryRemove(uuid, out _);
             }
 
+            public static void EvictPermissionCache(string uuid)
+            {
+                Manager.EvictUserCache(uuid);
+            }
+
             public static bool HasValidRequirement(string uuid, string permNode)
             {
                 bool hasPermission = Manager.Has(uuid, permNode);