Added XForwardedFor

prearrangedchaos · prearrangedchaos · commit a578eb59353e · 2019-06-20T06:53:02.000+02:00
diff --git a/QueueIT.QueueToken.Tests/EnqueueTokenTest.cs b/QueueIT.QueueToken.Tests/EnqueueTokenTest.cs
@@ -83,13 +83,14 @@ public void Factory_WithEventId()
         public void Factory_WithIPAddress()
         {
             string expectedIpAddress = "1.5.8.9";
-
+            string expectedXForwardedFor = "45.67.2.4,34.56.3.2";
             IEnqueueToken token = Token
                 .Enqueue("ticketania")
-                .WithIpAddress(expectedIpAddress)
+                .WithIpAddress(expectedIpAddress, expectedXForwardedFor)
                 .Generate("5ebbf794-1665-4d48-80d6-21ac34be7faedf9e10b3-551a-4682-bb77-fee59d6355d6");
 
             Assert.Equal(expectedIpAddress, token.IpAddress);
+            Assert.Equal(expectedXForwardedFor, token.XForwardedFor);
         }
 
         [Fact]
@@ -151,6 +152,7 @@ public void GenerateToken_WithPayload()
                 new DateTime(2018, 08, 20, 0, 0, 0, DateTimeKind.Utc),
                 new DateTime(2018, 10, 10, 0, 0, 0, DateTimeKind.Utc),
                 null,
+                null,
                 payload);
             token.Generate("5ebbf794-1665-4d48-80d6-21ac34be7faedf9e10b3-551a-4682-bb77-fee59d6355d6", false);
 
@@ -163,7 +165,7 @@ public void GenerateToken_WithPayload()
         public void GenerateToken_WithoutPayload()
         {
             string expectedSignedToken =
-                "eyJ0eXAiOiJRVDEiLCJlbmMiOiJBRVMyNTYiLCJpc3MiOjE1MzQ3MjMyMDAwMDAsImV4cCI6MTUzOTEyOTYwMDAwMCwidGkiOiJhMjFkNDIzYS00M2ZkLTQ4MjEtODRmYS00MzkwZjZhMmZkM2UiLCJjIjoidGlja2V0YW5pYSIsImUiOiJteWV2ZW50IiwiaXAiOiI1LjcuOC42In0..rqQznIDybri70GrsJ-hd_Hzp98HUqcsBGnWaiyqjlvY";
+                "eyJ0eXAiOiJRVDEiLCJlbmMiOiJBRVMyNTYiLCJpc3MiOjE1MzQ3MjMyMDAwMDAsImV4cCI6MTUzOTEyOTYwMDAwMCwidGkiOiJhMjFkNDIzYS00M2ZkLTQ4MjEtODRmYS00MzkwZjZhMmZkM2UiLCJjIjoidGlja2V0YW5pYSIsImUiOiJteWV2ZW50IiwiaXAiOiI1LjcuOC42IiwieGZmIjoiNDUuNjcuMi40LDM0LjU2LjMuMiJ9..wUOdVDIKlrIqumpU33bShDPdvTkicRk3q4Z-Vs8epFc";
 
             EnqueueToken token = new EnqueueToken(
                 "a21d423a-43fd-4821-84fa-4390f6a2fd3e",
@@ -172,6 +174,7 @@ public void GenerateToken_WithoutPayload()
                 new DateTime(2018, 08, 20, 0, 0, 0, DateTimeKind.Utc),
                 new DateTime(2018, 10, 10, 0, 0, 0, DateTimeKind.Utc),
                 "5.7.8.6",
+                "45.67.2.4,34.56.3.2",
                 null);
             token.Generate("5ebbf794-1665-4d48-80d6-21ac34be7faedf9e10b3-551a-4682-bb77-fee59d6355d6", false);
 
@@ -193,6 +196,7 @@ public void GenerateToken_MinimalHeader()
                 new DateTime(2018, 08, 20, 0, 0, 0, DateTimeKind.Utc),
                 null,
                 null,
+                null,
                 null);
             token.Generate("5ebbf794-1665-4d48-80d6-21ac34be7faedf9e10b3-551a-4682-bb77-fee59d6355d6", false);
 
@@ -204,9 +208,9 @@ public void GenerateToken_MinimalHeader()
         [Fact]
         public void Parse_WithoutPayload()
         {
-            string hash = "rqQznIDybri70GrsJ-hd_Hzp98HUqcsBGnWaiyqjlvY";
+            string hash = "wUOdVDIKlrIqumpU33bShDPdvTkicRk3q4Z-Vs8epFc";
             string token =
-                "eyJ0eXAiOiJRVDEiLCJlbmMiOiJBRVMyNTYiLCJpc3MiOjE1MzQ3MjMyMDAwMDAsImV4cCI6MTUzOTEyOTYwMDAwMCwidGkiOiJhMjFkNDIzYS00M2ZkLTQ4MjEtODRmYS00MzkwZjZhMmZkM2UiLCJjIjoidGlja2V0YW5pYSIsImUiOiJteWV2ZW50IiwiaXAiOiI1LjcuOC42In0.";
+                "eyJ0eXAiOiJRVDEiLCJlbmMiOiJBRVMyNTYiLCJpc3MiOjE1MzQ3MjMyMDAwMDAsImV4cCI6MTUzOTEyOTYwMDAwMCwidGkiOiJhMjFkNDIzYS00M2ZkLTQ4MjEtODRmYS00MzkwZjZhMmZkM2UiLCJjIjoidGlja2V0YW5pYSIsImUiOiJteWV2ZW50IiwiaXAiOiI1LjcuOC42IiwieGZmIjoiNDUuNjcuMi40LDM0LjU2LjMuMiJ9.";
             string tokenString = token + "." + hash;
 
             var enqueueToken = Token.Parse(tokenString, "5ebbf794-1665-4d48-80d6-21ac34be7faedf9e10b3-551a-4682-bb77-fee59d6355d6");
@@ -215,6 +219,7 @@ public void Parse_WithoutPayload()
             Assert.Equal("ticketania", enqueueToken.CustomerId);
             Assert.Equal("myevent", enqueueToken.EventId);
             Assert.Equal("5.7.8.6", enqueueToken.IpAddress);
+            Assert.Equal("45.67.2.4,34.56.3.2", enqueueToken.XForwardedFor);
             Assert.Equal(new DateTime(2018, 10, 10, 0, 0, 0, DateTimeKind.Utc), enqueueToken.Expires);
             Assert.Equal(new DateTime(2018, 08, 20, 0, 0, 0, DateTimeKind.Utc), enqueueToken.Issued);
             Assert.Equal(hash, enqueueToken.HashCode);
diff --git a/QueueIT.QueueToken/Model/HeaderDto.cs b/QueueIT.QueueToken/Model/HeaderDto.cs
@@ -24,6 +24,8 @@ public class HeaderDto
         public string EventId { get; set; }
         [DataMember(Name = "ip", Order = 8, EmitDefaultValue = false)]
         public string IpAddress { get; set; }
+        [DataMember(Name = "xff", Order = 9, EmitDefaultValue = false)]
+        public string XForwardedFor { get; set; }
 
         internal static HeaderDto DeserializeHeader(string input)
         {
diff --git a/QueueIT.QueueToken/Token.cs b/QueueIT.QueueToken/Token.cs
@@ -61,9 +61,9 @@ public IEnqueueToken Generate(string secretKey)
             return _token;
         }
 
-        public EnqueueTokenGenerator WithIpAddress(string ipAddress)
+        public EnqueueTokenGenerator WithIpAddress(string ipAddress, string xForwardedFor)
         {
-            this._token = EnqueueToken.AddIPAddress(this._token, ipAddress);
+            this._token = EnqueueToken.AddIPAddress(this._token, ipAddress, xForwardedFor);
 
             return this;
         }
@@ -79,6 +79,7 @@ public interface IEnqueueToken
         string CustomerId { get; }
         string EventId { get; }
         string IpAddress { get; }
+        string XForwardedFor { get; }
         IEnqueueTokenPayload Payload { get; }
         string TokenWithoutHash { get; }
         string Token { get; }
@@ -91,6 +92,7 @@ internal class EnqueueToken : IEnqueueToken
         public string CustomerId { get; }
         public string EventId { get; }
         public string IpAddress { get; }
+        public string XForwardedFor { get; }
         public DateTime Issued { get; }
         public string TokenIdentifier { get; private set; }
         public TokenVersion TokenVersion => TokenVersion.QT1;
@@ -117,7 +119,7 @@ private static string GetTokenIdentifier(string tokenIdentifierPrefix)
                 : $"{tokenIdentifierPrefix}~{Guid.NewGuid()}";
         }
 
-        internal EnqueueToken(string tokenIdentifier, string customerId, string eventId, DateTime issued, DateTime? expires, string ipAddress, IEnqueueTokenPayload payload)
+        internal EnqueueToken(string tokenIdentifier, string customerId, string eventId, DateTime issued, DateTime? expires, string ipAddress, string xForwardedFor, IEnqueueTokenPayload payload)
         {
             TokenIdentifier = tokenIdentifier;
             CustomerId = customerId;
@@ -126,6 +128,7 @@ internal EnqueueToken(string tokenIdentifier, string customerId, string eventId,
             Expires = expires ?? DateTime.MaxValue;
             Payload = payload;
             IpAddress = ipAddress;
+            XForwardedFor = xForwardedFor;
         }
 
         internal void Generate(string secretKey, bool resetTokenIdentifier = true)
@@ -144,7 +147,8 @@ internal void Generate(string secretKey, bool resetTokenIdentifier = true)
                     Expires = Expires == DateTime.MaxValue ? null : (long?)(new DateTimeOffset(Expires)).ToUnixTimeMilliseconds(),
                     Encryption = EncryptionType.AES256.ToString(),
                     TokenVersion = TokenVersion.QT1.ToString(),
-                    IpAddress = IpAddress
+                    IpAddress = IpAddress,
+                    XForwardedFor = XForwardedFor
                 };
 
                 string serialized = dto.Serialize() + ".";
@@ -206,6 +210,7 @@ public static IEnqueueToken Parse(string tokenString, string secretKey)
                         ? new DateTime?(DateTimeOffset.FromUnixTimeMilliseconds(headerModel.Expires.Value).DateTime)
                         : null,
                     headerModel.IpAddress,
+                    headerModel.XForwardedFor,
                     payload)
                 {
                     TokenWithoutHash = token,
@@ -218,21 +223,21 @@ public static IEnqueueToken Parse(string tokenString, string secretKey)
             }
         }
 
-        internal static EnqueueToken AddIPAddress(EnqueueToken token, string ipAddress)
+        internal static EnqueueToken AddIPAddress(EnqueueToken token, string ipAddress, string xForwardedFor)
         {
-            return new EnqueueToken(token.TokenIdentifier, token.CustomerId, token.EventId, token.Issued, token.Expires, ipAddress, token.Payload);
+            return new EnqueueToken(token.TokenIdentifier, token.CustomerId, token.EventId, token.Issued, token.Expires, ipAddress, xForwardedFor, token.Payload);
         }
         internal static EnqueueToken AddEventId(EnqueueToken token, string eventId)
         {
-            return new EnqueueToken(token.TokenIdentifier, token.CustomerId, eventId, token.Issued, token.Expires, token.IpAddress, token.Payload);
+            return new EnqueueToken(token.TokenIdentifier, token.CustomerId, eventId, token.Issued, token.Expires, token.IpAddress, token.XForwardedFor, token.Payload);
         }
         internal static EnqueueToken AddExpires(EnqueueToken token, DateTime expires)
         {
-            return new EnqueueToken(token.TokenIdentifier, token.CustomerId, token.EventId, token.Issued, expires, token.IpAddress, token.Payload);
+            return new EnqueueToken(token.TokenIdentifier, token.CustomerId, token.EventId, token.Issued, expires, token.IpAddress, token.XForwardedFor, token.Payload);
         }
         internal static EnqueueToken AddPayload(EnqueueToken token, IEnqueueTokenPayload payload)
         {
-            return new EnqueueToken(token.TokenIdentifier, token.CustomerId, token.EventId, token.Issued, token.Expires, token.IpAddress, payload);
+            return new EnqueueToken(token.TokenIdentifier, token.CustomerId, token.EventId, token.Issued, token.Expires, token.IpAddress, token.XForwardedFor, payload);
         }
     }
 
diff --git a/README.md b/README.md
@@ -13,7 +13,8 @@ The token consists of two parts. Firstly, a header containing non-sensitive meta
   "ti": "159aba3e-55e1-4f54-b6ee-e5b943d7e885�,
   "c": "ticketania", 
   "e": "demoevent�,
-  "ip": "75.86.129.4"
+  "ip": "75.86.129.4",
+  "xff": "45.67.2.4,34.56.3.2"
 }
 ```
 - `typ`: The type of the token. Value must be �QFT1�. Required.
@@ -23,7 +24,8 @@ The token consists of two parts. Firstly, a header containing non-sensitive meta
 - `ti`: Unique Token ID (e.g. uuid). Used to uniquely identify tokens and restrict replay attacks. Required.
 - `c`: The Customer ID of the issuer. Token will only be valid on events on this account. Required.
 - `e`: The Event ID. If provided, token will only be valid on this event. Optional.
-- `ip`: The IP address the user the token is issued to. If provided, token will only be valid for this IP address. Optional.
+- `ip`: The IP address the user the token is issued to. If provided, the IP address is validated before issuing the token. Optional.
+- `xff`: The X-Forwarded-For headerof the request when the token is issued. If provided, the X-Forwarded-For header is validated before issuing the token. Optional.
 
 ### Token Payload
 ```

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,8 @@ public class HeaderDto`
`24`	`24`	`public string EventId { get; set; }`
`25`	`25`	`[DataMember(Name = "ip", Order = 8, EmitDefaultValue = false)]`
`26`	`26`	`public string IpAddress { get; set; }`
	`27`	`+ [DataMember(Name = "xff", Order = 9, EmitDefaultValue = false)]`
	`28`	`+ public string XForwardedFor { get; set; }`
`27`	`29`
`28`	`30`	`internal static HeaderDto DeserializeHeader(string input)`
`29`	`31`	`{`
Original file line number	Diff line number	Diff line change
`@@ -61,9 +61,9 @@ public IEnqueueToken Generate(string secretKey)`
`61`	`61`	`return _token;`
`62`	`62`	`}`
`63`	`63`
`64`		`- public EnqueueTokenGenerator WithIpAddress(string ipAddress)`
	`64`	`+ public EnqueueTokenGenerator WithIpAddress(string ipAddress, string xForwardedFor)`
`65`	`65`	`{`
`66`		`- this._token = EnqueueToken.AddIPAddress(this._token, ipAddress);`
	`66`	`+ this._token = EnqueueToken.AddIPAddress(this._token, ipAddress, xForwardedFor);`
`67`	`67`
`68`	`68`	`return this;`
`69`	`69`	`}`
`@@ -79,6 +79,7 @@ public interface IEnqueueToken`
`79`	`79`	`string CustomerId { get; }`
`80`	`80`	`string EventId { get; }`
`81`	`81`	`string IpAddress { get; }`
	`82`	`+ string XForwardedFor { get; }`
`82`	`83`	`IEnqueueTokenPayload Payload { get; }`
`83`	`84`	`string TokenWithoutHash { get; }`
`84`	`85`	`string Token { get; }`
`@@ -91,6 +92,7 @@ internal class EnqueueToken : IEnqueueToken`
`91`	`92`	`public string CustomerId { get; }`
`92`	`93`	`public string EventId { get; }`
`93`	`94`	`public string IpAddress { get; }`
	`95`	`+ public string XForwardedFor { get; }`
`94`	`96`	`public DateTime Issued { get; }`
`95`	`97`	`public string TokenIdentifier { get; private set; }`
`96`	`98`	`public TokenVersion TokenVersion => TokenVersion.QT1;`
`@@ -117,7 +119,7 @@ private static string GetTokenIdentifier(string tokenIdentifierPrefix)`
`117`	`119`	`: $"{tokenIdentifierPrefix}~{Guid.NewGuid()}";`
`118`	`120`	`}`
`119`	`121`
`120`		`- internal EnqueueToken(string tokenIdentifier, string customerId, string eventId, DateTime issued, DateTime? expires, string ipAddress, IEnqueueTokenPayload payload)`
	`122`	`+ internal EnqueueToken(string tokenIdentifier, string customerId, string eventId, DateTime issued, DateTime? expires, string ipAddress, string xForwardedFor, IEnqueueTokenPayload payload)`
`121`	`123`	`{`
`122`	`124`	`TokenIdentifier = tokenIdentifier;`
`123`	`125`	`CustomerId = customerId;`
`@@ -126,6 +128,7 @@ internal EnqueueToken(string tokenIdentifier, string customerId, string eventId,`
`126`	`128`	`Expires = expires ?? DateTime.MaxValue;`
`127`	`129`	`Payload = payload;`
`128`	`130`	`IpAddress = ipAddress;`
	`131`	`+ XForwardedFor = xForwardedFor;`
`129`	`132`	`}`
`130`	`133`
`131`	`134`	`internal void Generate(string secretKey, bool resetTokenIdentifier = true)`
`@@ -144,7 +147,8 @@ internal void Generate(string secretKey, bool resetTokenIdentifier = true)`
`144`	`147`	`Expires = Expires == DateTime.MaxValue ? null : (long?)(new DateTimeOffset(Expires)).ToUnixTimeMilliseconds(),`
`145`	`148`	`Encryption = EncryptionType.AES256.ToString(),`
`146`	`149`	`TokenVersion = TokenVersion.QT1.ToString(),`
`147`		`- IpAddress = IpAddress`
	`150`	`+ IpAddress = IpAddress,`
	`151`	`+ XForwardedFor = XForwardedFor`
`148`	`152`	`};`
`149`	`153`
`150`	`154`	`string serialized = dto.Serialize() + ".";`
`@@ -206,6 +210,7 @@ public static IEnqueueToken Parse(string tokenString, string secretKey)`
`206`	`210`	`? new DateTime?(DateTimeOffset.FromUnixTimeMilliseconds(headerModel.Expires.Value).DateTime)`
`207`	`211`	`: null,`
`208`	`212`	`headerModel.IpAddress,`
	`213`	`+ headerModel.XForwardedFor,`
`209`	`214`	`payload)`
`210`	`215`	`{`
`211`	`216`	`TokenWithoutHash = token,`
`@@ -218,21 +223,21 @@ public static IEnqueueToken Parse(string tokenString, string secretKey)`
`218`	`223`	`}`
`219`	`224`	`}`
`220`	`225`
`221`		`- internal static EnqueueToken AddIPAddress(EnqueueToken token, string ipAddress)`
	`226`	`+ internal static EnqueueToken AddIPAddress(EnqueueToken token, string ipAddress, string xForwardedFor)`
`222`	`227`	`{`
`223`		`- return new EnqueueToken(token.TokenIdentifier, token.CustomerId, token.EventId, token.Issued, token.Expires, ipAddress, token.Payload);`
	`228`	`+ return new EnqueueToken(token.TokenIdentifier, token.CustomerId, token.EventId, token.Issued, token.Expires, ipAddress, xForwardedFor, token.Payload);`
`224`	`229`	`}`
`225`	`230`	`internal static EnqueueToken AddEventId(EnqueueToken token, string eventId)`
`226`	`231`	`{`
`227`		`- return new EnqueueToken(token.TokenIdentifier, token.CustomerId, eventId, token.Issued, token.Expires, token.IpAddress, token.Payload);`
	`232`	`+ return new EnqueueToken(token.TokenIdentifier, token.CustomerId, eventId, token.Issued, token.Expires, token.IpAddress, token.XForwardedFor, token.Payload);`
`228`	`233`	`}`
`229`	`234`	`internal static EnqueueToken AddExpires(EnqueueToken token, DateTime expires)`
`230`	`235`	`{`
`231`		`- return new EnqueueToken(token.TokenIdentifier, token.CustomerId, token.EventId, token.Issued, expires, token.IpAddress, token.Payload);`
	`236`	`+ return new EnqueueToken(token.TokenIdentifier, token.CustomerId, token.EventId, token.Issued, expires, token.IpAddress, token.XForwardedFor, token.Payload);`
`232`	`237`	`}`
`233`	`238`	`internal static EnqueueToken AddPayload(EnqueueToken token, IEnqueueTokenPayload payload)`
`234`	`239`	`{`
`235`		`- return new EnqueueToken(token.TokenIdentifier, token.CustomerId, token.EventId, token.Issued, token.Expires, token.IpAddress, payload);`
	`240`	`+ return new EnqueueToken(token.TokenIdentifier, token.CustomerId, token.EventId, token.Issued, token.Expires, token.IpAddress, token.XForwardedFor, payload);`
`236`	`241`	`}`
`237`	`242`	`}`
`238`	`243`