tgstation · Cyberboss · Sep 13, 2024 · Sep 12, 2024 · Sep 12, 2024 · Sep 12, 2024
@@ -12,6 +12,7 @@
     <TgsDmapiVersion>7.3.0</TgsDmapiVersion>
     <TgsInteropVersion>5.10.0</TgsInteropVersion>
     <TgsHostWatchdogVersion>1.5.0</TgsHostWatchdogVersion>
+    <TgsSwarmProtocolVersion>7.0.0</TgsSwarmProtocolVersion>
     <TgsContainerScriptVersion>1.2.1</TgsContainerScriptVersion>
     <TgsMigratorVersion>2.0.0</TgsMigratorVersion>
     <TgsNugetNetFramework>netstandard2.0</TgsNugetNetFramework>

@@ -14,8 +14,8 @@
 
 using Tgstation.Server.Host.Configuration;
 using Tgstation.Server.Host.Extensions;
+using Tgstation.Server.Host.Properties;
 using Tgstation.Server.Host.Swarm;
-using Tgstation.Server.Host.System;
 using Tgstation.Server.Host.Transfer;
 using Tgstation.Server.Host.Utils;
 
@@ -44,11 +44,6 @@ public sealed class SwarmController : ApiControllerBase
 		/// </summary>
 		readonly IFileTransferStreamHandler transferService;
 
-		/// <summary>
-		/// The <see cref="IAssemblyInformationProvider"/> for the <see cref="SwarmController"/>.
-		/// </summary>
-		readonly IAssemblyInformationProvider assemblyInformationProvider;
-
 		/// <summary>
 		/// The <see cref="ILogger"/> for the <see cref="SwarmController"/>.
 		/// </summary>
@@ -63,19 +58,16 @@ public sealed class SwarmController : ApiControllerBase
 		/// Initializes a new instance of the <see cref="SwarmController"/> class.
 		/// </summary>
 		/// <param name="swarmOperations">The value of <see cref="swarmOperations"/>.</param>
-		/// <param name="assemblyInformationProvider">The value of <see cref="assemblyInformationProvider"/>.</param>
 		/// <param name="transferService">The value of <see cref="transferService"/>.</param>
 		/// <param name="swarmConfigurationOptions">The <see cref="IOptions{TOptions}"/> containing the value of <see cref="swarmConfiguration"/>.</param>
 		/// <param name="logger">The value of <see cref="logger"/>.</param>
 		public SwarmController(
 			ISwarmOperations swarmOperations,
-			IAssemblyInformationProvider assemblyInformationProvider,
 			IFileTransferStreamHandler transferService,
 			IOptions<SwarmConfiguration> swarmConfigurationOptions,
 			ILogger<SwarmController> logger)
 		{
 			this.swarmOperations = swarmOperations ?? throw new ArgumentNullException(nameof(swarmOperations));
-			this.assemblyInformationProvider = assemblyInformationProvider ?? throw new ArgumentNullException(nameof(assemblyInformationProvider));
 			this.transferService = transferService ?? throw new ArgumentNullException(nameof(transferService));
 			swarmConfiguration = swarmConfigurationOptions?.Value ?? throw new ArgumentNullException(nameof(swarmConfigurationOptions));
 			this.logger = logger;
@@ -92,13 +84,18 @@ public async ValueTask<IActionResult> Register([FromBody] SwarmRegistrationReque
 		{
 			ArgumentNullException.ThrowIfNull(registrationRequest);
 
-			if (registrationRequest.ServerVersion != assemblyInformationProvider.Version)
+			var swarmProtocolVersion = Version.Parse(MasterVersionsAttribute.Instance.RawSwarmProtocolVersion);
+			if (registrationRequest.ServerVersion?.Major != swarmProtocolVersion.Major)
 				return StatusCode((int)HttpStatusCode.UpgradeRequired);
 
 			var registrationResult = await swarmOperations.RegisterNode(registrationRequest, RequestRegistrationId, cancellationToken);
-			if (!registrationResult)
+			if (registrationResult == null)
 				return Conflict();
-			return NoContent();
+
+			if (registrationRequest.ServerVersion != swarmProtocolVersion)
+				logger.LogWarning("Allowed node {identifier} to register despite having a slightly different swarm protocol version!", registrationRequest.Identifier);
+
+			return Json(registrationResult);
 		}
 
 		/// <summary>

@@ -445,6 +445,7 @@ protected override void OnModelCreating(ModelBuilder modelBuilder)
 		// HEY YOU
 		// IF YOU HAVE A TEST THAT'S CREATING ERRORS BECAUSE THESE VALUES AREN'T SET CORRECTLY THERE'S MORE TO FIXING IT THAN JUST UPDATING THEM
 		// IN THE FUNCTION BELOW YOU ALSO NEED TO CORRECTLY SET THE RIGHT MIGRATION TO DOWNGRADE TO FOR THE LAST TGS VERSION
+		// YOU ALSO NEED TO UPDATE THE SWARM PROTOCOL MAJOR VERSION
 		// IF THIS BREAKS AGAIN I WILL PERSONALLY HAUNT YOUR ASS WHEN I DIE
 
 		/// <summary>
@@ -480,6 +481,7 @@ protected override void OnModelCreating(ModelBuilder modelBuilder)
 
 			string BadDatabaseType() => throw new ArgumentException($"Invalid DatabaseType: {currentDatabaseType}", nameof(currentDatabaseType));
 
+			// !!! DON'T FORGET TO UPDATE THE SWARM PROTOCOL MAJOR VERSION !!!
 			if (targetVersion < new Version(6, 7, 0))
 				targetMigration = currentDatabaseType switch
 				{

@@ -41,6 +41,11 @@ sealed class MasterVersionsAttribute : Attribute
 		/// </summary>
 		public string RawMariaDBRedistVersion { get; }
 
+		/// <summary>
+		/// The <see cref="Version"/> <see cref="string"/> of the MariaDB server bundled with TGS installs.
+		/// </summary>
+		public string RawSwarmProtocolVersion { get; }
+
 		/// <summary>
 		/// Initializes a new instance of the <see cref="MasterVersionsAttribute"/> class.
 		/// </summary>
@@ -49,18 +54,21 @@ sealed class MasterVersionsAttribute : Attribute
 		/// <param name="rawWebpanelVersion">The value of <see cref="RawWebpanelVersion"/>.</param>
 		/// <param name="rawHostWatchdogVersion">The value of <see cref="RawHostWatchdogVersion"/>.</param>
 		/// <param name="rawMariaDBRedistVersion">The value of <see cref="RawMariaDBRedistVersion"/>.</param>
+		/// <param name="rawSwarmProtocolVersion">The value of <see cref="RawSwarmProtocolVersion"/>.</param>
 		public MasterVersionsAttribute(
 			string rawConfigurationVersion,
 			string rawInteropVersion,
 			string rawWebpanelVersion,
 			string rawHostWatchdogVersion,
-			string rawMariaDBRedistVersion)
+			string rawMariaDBRedistVersion,
+			string rawSwarmProtocolVersion)
 		{
 			RawConfigurationVersion = rawConfigurationVersion ?? throw new ArgumentNullException(nameof(rawConfigurationVersion));
 			RawInteropVersion = rawInteropVersion ?? throw new ArgumentNullException(nameof(rawInteropVersion));
 			RawWebpanelVersion = rawWebpanelVersion ?? throw new ArgumentNullException(nameof(rawWebpanelVersion));
 			RawHostWatchdogVersion = rawHostWatchdogVersion ?? throw new ArgumentNullException(nameof(rawHostWatchdogVersion));
 			RawMariaDBRedistVersion = rawMariaDBRedistVersion ?? throw new ArgumentNullException(nameof(rawMariaDBRedistVersion));
+			RawSwarmProtocolVersion = rawSwarmProtocolVersion ?? throw new ArgumentNullException(nameof(rawSwarmProtocolVersion));
 		}
 	}
 }
@@ -1,4 +1,6 @@
-using Microsoft.IdentityModel.Tokens;
+using System;
+
+using Microsoft.IdentityModel.Tokens;
 
 using Tgstation.Server.Api.Models.Response;
 
@@ -9,6 +11,11 @@ namespace Tgstation.Server.Host.Security
 	/// </summary>
 	public interface ITokenFactory
 	{
+		/// <summary>
+		/// Gets or sets the <see cref="ITokenFactory"/>'s signing key <see cref="byte"/>s.
+		/// </summary>
+		ReadOnlySpan<byte> SigningKeyBytes { get; set; }
+
 		/// <summary>
 		/// The <see cref="TokenValidationParameters"/> for the <see cref="ITokenFactory"/>.
 		/// </summary>

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
@@ -21,20 +22,41 @@ sealed class TokenFactory : ITokenFactory
 		/// <inheritdoc />
 		public TokenValidationParameters ValidationParameters { get; }
 
+		/// <inheritdoc />
+		public ReadOnlySpan<byte> SigningKeyBytes
+		{
+			get => signingKey.Key;
+			[MemberNotNull(nameof(signingKey))]
+			[MemberNotNull(nameof(tokenHeader))]
+			set
+			{
+				signingKey = new SymmetricSecurityKey(value.ToArray());
+				tokenHeader = new JwtHeader(
+				new SigningCredentials(
+					signingKey,
+					SecurityAlgorithms.HmacSha256));
+			}
+		}
+
 		/// <summary>
 		/// The <see cref="SecurityConfiguration"/> for the <see cref="TokenFactory"/>.
 		/// </summary>
 		readonly SecurityConfiguration securityConfiguration;
 
 		/// <summary>
-		/// The <see cref="JwtHeader"/> for generating tokens.
+		/// The <see cref="JwtSecurityTokenHandler"/> used to generate <see cref="TokenResponse.Bearer"/> <see cref="string"/>s.
 		/// </summary>
-		readonly JwtHeader tokenHeader;
+		readonly JwtSecurityTokenHandler tokenHandler;
 
 		/// <summary>
-		/// The <see cref="JwtSecurityTokenHandler"/> used to generate <see cref="TokenResponse.Bearer"/> <see cref="string"/>s.
+		/// Backing field for <see cref="SigningKeyBytes"/>.
 		/// </summary>
-		readonly JwtSecurityTokenHandler tokenHandler;
+		SymmetricSecurityKey signingKey;
+
+		/// <summary>
+		/// The <see cref="JwtHeader"/> for generating tokens.
+		/// </summary>
+		JwtHeader tokenHeader;
 
 		/// <summary>
 		/// Initializes a new instance of the <see cref="TokenFactory"/> class.
@@ -52,14 +74,14 @@ public TokenFactory(
 
 			securityConfiguration = securityConfigurationOptions?.Value ?? throw new ArgumentNullException(nameof(securityConfigurationOptions));
 
-			var signingKeyBytes = String.IsNullOrWhiteSpace(securityConfiguration.CustomTokenSigningKeyBase64)
+			SigningKeyBytes = String.IsNullOrWhiteSpace(securityConfiguration.CustomTokenSigningKeyBase64)
 				? cryptographySuite.GetSecureBytes(securityConfiguration.TokenSigningKeyByteCount)
 				: Convert.FromBase64String(securityConfiguration.CustomTokenSigningKeyBase64);
 
 			ValidationParameters = new TokenValidationParameters
 			{
 				ValidateIssuerSigningKey = true,
-				IssuerSigningKey = new SymmetricSecurityKey(signingKeyBytes),
+				IssuerSigningKeyResolver = (_, _, _, _) => Enumerable.Repeat(signingKey, 1),
 
 				ValidateIssuer = true,
 				ValidIssuer = assemblyInformationProvider.AssemblyName.Name,
@@ -75,10 +97,6 @@ public TokenFactory(
 				RequireExpirationTime = true,
 			};
 
-			tokenHeader = new JwtHeader(
-				new SigningCredentials(
-					ValidationParameters.IssuerSigningKey,
-					SecurityAlgorithms.HmacSha256));
 			tokenHandler = new JwtSecurityTokenHandler();
 		}
 

@@ -39,8 +39,8 @@ public interface ISwarmOperations : ISwarmUpdateAborter
 		/// <param name="node">The <see cref="SwarmServer"/> that is registering.</param>
 		/// <param name="registrationId">The registration <see cref="Guid"/>.</param>
 		/// <param name="cancellationToken">The <see cref="CancellationToken"/> for the operation.</param>
-		/// <returns>A <see cref="ValueTask{TResult}"/> resulting in <see langword="true"/> if the registration was successful, <see langword="false"/> otherwise.</returns>
-		ValueTask<bool> RegisterNode(SwarmServer node, Guid registrationId, CancellationToken cancellationToken);
+		/// <returns>A <see cref="ValueTask{TResult}"/> resulting in a <see cref="SwarmRegistrationResponse"/> if the registration was successful, <see langword="null"/> otherwise.</returns>
+		ValueTask<SwarmRegistrationResponse?> RegisterNode(SwarmServer node, Guid registrationId, CancellationToken cancellationToken);
 
 		/// <summary>
 		/// Attempt to unregister a node with a given <paramref name="registrationId"/> with the controller.

@@ -11,7 +11,7 @@ namespace Tgstation.Server.Host.Swarm
 	public sealed class SwarmRegistrationRequest : SwarmServer
 	{
 		/// <summary>
-		/// The TGS <see cref="Version"/> of the sending server.
+		/// The swarm protocol <see cref="Version"/> of the sending server. Named this way due to legacy reasons.
 		/// </summary>
 		[Required]
 		public Version ServerVersion { get; }

@@ -0,0 +1,13 @@
+namespace Tgstation.Server.Host.Swarm
+{
+	/// <summary>
+	/// Response for a <see cref="SwarmRegistrationRequest"/>.
+	/// </summary>
+	public sealed class SwarmRegistrationResponse
+	{
+		/// <summary>
+		/// The base64 encoded token signing key.
+		/// </summary>
+		public required string TokenSigningKeyBase64 { get; init; }
+	}
+}
@@ -24,5 +24,10 @@ public enum SwarmRegistrationResult
 		/// A communication error occurred.
 		/// </summary>
 		CommunicationFailure,
+
+		/// <summary>
+		/// Response could not be deserialized.
+		/// </summary>
+		PayloadFailure,
 	}
 }