admin/CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
masoodafar-web
2025-11-12 23:17:56 +03:30
parent 2fac0f4922
commit 0adb0713f3
7 changed files with 3205 additions and 2812 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/CMSMicroservice.Application/OtpTokenCQ/Commands/VerifyOtpToken/VerifyOtpTokenCommandHandler.cs
View File

@@ -1,17 +1,17 @@
using CMSMicroservice.Domain.Events;
using Microsoft.Extensions.Configuration;
using System.Security.Cryptography;
using System.Text;
namespace CMSMicroservice.Application.OtpTokenCQ.Commands.VerifyOtpToken;
public class VerifyOtpTokenCommandHandler : IRequestHandler<VerifyOtpTokenCommand, VerifyOtpTokenResponseDto>
{
private readonly IApplicationDbContext _context;
private readonly IConfiguration _cfg;
private readonly IHashService _hashService;
public VerifyOtpTokenCommandHandler(IApplicationDbContext context, IConfiguration cfg)
public VerifyOtpTokenCommandHandler(IApplicationDbContext context, IConfiguration cfg, IHashService hashService)
{
_context = context;
_cfg = cfg;
_hashService = hashService;
}
const int MaxAttempts = 5; // محدودیت تلاش
@@ -21,7 +21,6 @@ public class VerifyOtpTokenCommandHandler : IRequestHandler<VerifyOtpTokenComman
var purpose = request.Purpose?.ToLowerInvariant() ?? "signup";
var now = DateTime.Now;
var otp = await _context.OtpTokens
.Where(o => o.Mobile == mobile && o.Purpose == purpose && !o.IsUsed && o.ExpiresAt > now)
.OrderByDescending(o => o.Created)
@@ -33,7 +32,8 @@ public class VerifyOtpTokenCommandHandler : IRequestHandler<VerifyOtpTokenComman
otp.Attempts++;
if (!VerifyHash(request.Code, otp.CodeHash))
var secret = _cfg["Otp:Secret"] ?? throw new InvalidOperationException("Otp:Secret not set");
if (!_hashService.VerifyHmacSha256Hex(request.Code, otp.CodeHash, secret))
{
await _context.SaveChangesAsync(cancellationToken);
return new VerifyOtpTokenResponseDto() { Success = false, Message = "کد نادرست است." };
@@ -96,15 +96,4 @@ public class VerifyOtpTokenCommandHandler : IRequestHandler<VerifyOtpTokenComman
RemainingSeconds = (otp.ExpiresAt - now).Seconds
};
}
private string Hash(string code)
{
// HMAC با secret اپ (نیازی به ذخیره salt جدا نیست)
var secret = _cfg["Otp:Secret"] ?? throw new InvalidOperationException("Otp:Secret not set");
using var h = new HMACSHA256(Encoding.UTF8.GetBytes(secret));
var hash = h.ComputeHash(Encoding.UTF8.GetBytes(code));
return Convert.ToHexString(hash);
}
private bool VerifyHash(string code, string hexHash) => Hash(code).Equals(hexHash, StringComparison.OrdinalIgnoreCase);
}