mirror of
https://github.com/ElectronNET/Electron.NET.git
synced 2026-07-08 17:56:51 +00:00
Adds dynamic OS-selected socket port handling and secured Electron/.NET communication. The dotnet-first startup flow now generates the auth token on the .NET side and passes it to Electron through an environment variable. Electron reports the selected socket port through a temporary startup-info file, avoiding any dependency on parsing Electron console output. Also avoids logging backend startup parameters because they include the auth token.
53 lines
1.5 KiB
C#
53 lines
1.5 KiB
C#
namespace ElectronNET.AspNet.Services
|
|
{
|
|
/// <summary>
|
|
/// Implementation of authentication service for Electron clients.
|
|
/// Stores and validates the authentication token to ensure only the spawned Electron process can connect.
|
|
/// </summary>
|
|
public class ElectronAuthenticationService : IElectronAuthenticationService
|
|
{
|
|
private string _expectedToken;
|
|
private readonly object _lock = new object();
|
|
|
|
/// <inheritdoc />
|
|
public void SetExpectedToken(string token)
|
|
{
|
|
lock (_lock)
|
|
{
|
|
_expectedToken = token;
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public bool ValidateToken(string token)
|
|
{
|
|
if (string.IsNullOrEmpty(token))
|
|
return false;
|
|
|
|
lock (_lock)
|
|
{
|
|
if (string.IsNullOrEmpty(_expectedToken))
|
|
return false;
|
|
|
|
// Constant-time comparison to prevent timing attacks
|
|
return ConstantTimeEquals(token, _expectedToken);
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// Performs constant-time string comparison to prevent timing attacks.
|
|
/// </summary>
|
|
private static bool ConstantTimeEquals(string a, string b)
|
|
{
|
|
if (a == null || b == null || a.Length != b.Length)
|
|
return false;
|
|
|
|
var result = 0;
|
|
for (int i = 0; i < a.Length; i++)
|
|
{
|
|
result |= a[i] ^ b[i];
|
|
}
|
|
return result == 0;
|
|
}
|
|
}
|
|
} |