New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add Bilibili provider #1044

Open

Loongle wants to merge 1 commit into aspnet-contrib:dev from Loongle:add-bilibili

Contributor

Loongle commented Mar 21, 2025

Add Bilibili provider

Screenshots translated by Microsoft

https://openhome.bilibili.com/doc/4/aac73b2e-4ff2-b75c-4c96-35ced865797b#h2-u63A5u5165u6D41u7A0Bu8BE6u7EC6u4ECBu7ECD


          Add Bilibili provider

fb46e21

martincostello added the new provider label

martincostello reviewed

View reviewed changes

src/AspNet.Security.OAuth.Bilibili/AspNet.Security.OAuth.Bilibili.csproj

    
              <Project Sdk="Microsoft.NET.Sdk">

                <PropertyGroup>

                  <TargetFrameworks>$(DefaultNetCoreTargetFramework)</TargetFrameworks>

Member

martincostello Mar 22, 2025

Suggested change

      
                <TargetFrameworks>$(DefaultNetCoreTargetFramework)</TargetFrameworks>
          
                <PackageValidationBaselineVersion>9.2.0</PackageValidationBaselineVersion>
          
                <!-- TODO Remove once published to NuGet.org -->
          
                <DisablePackageBaselineValidation>true</DisablePackageBaselineValidation>
          
                <TargetFrameworks>$(DefaultNetCoreTargetFramework)</TargetFrameworks>

test/AspNet.Security.OAuth.Providers.Tests/Bilibili/BilibiliTests.cs

+                      builder.AddBilibili(options =>
+                      {
+                          ConfigureDefaults(builder, options);
+                          options.ClientSecret = "ee9ee51ee0ceabdeeeb9459168eeeef7";

Member

martincostello Mar 22, 2025

Is the need to specify this rather than use the defaults related to all the hashing?

src/AspNet.Security.OAuth.Bilibili/BilibiliAuthenticationHandler.cs

Comment on lines +85 to +86

		using var hmacsha256 = new System.Security.Cryptography.HMACSHA256(System.Text.Encoding.UTF8.GetBytes(key));
		var hash = hmacsha256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(data));

Member

martincostello Mar 22, 2025

Suggested change

      
                    using var hmacsha256 = new System.Security.Cryptography.HMACSHA256(System.Text.Encoding.UTF8.GetBytes(key));
          
                    var hash = hmacsha256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(data));
          
                    var keyBytes = Encoding.UTF8.GetBytes(key);
          
                    var dataBytes = Encoding.UTF8.GetBytes(data);
          
                    var hash = HMACSHA256.HashData(keyBytes, dataBytes);

src/AspNet.Security.OAuth.Bilibili/BilibiliAuthenticationHandler.cs

+              using System.Globalization;
+              using System.Net;
+              using System.Net.Http.Headers;
+              using System.Security.Claims;

Member

martincostello Mar 22, 2025

Suggested change

      
            using System.Security.Claims;
          
            using System.Security.Claims;
          
            using System.Security.Cryptography

src/AspNet.Security.OAuth.Bilibili/BilibiliAuthenticationHandler.cs

+                  private static string ComputeMd5(string input)
+                  {
+                      var inputBytes = Encoding.ASCII.GetBytes(input);
+                      var hashBytes = System.Security.Cryptography.MD5.HashData(inputBytes);

Member

martincostello Mar 22, 2025

Suggested change

      
                    var hashBytes = System.Security.Cryptography.MD5.HashData(inputBytes);
          
                    var hashBytes = MD5.HashData(inputBytes);

src/AspNet.Security.OAuth.Bilibili/BilibiliAuthenticationHandler.cs

+                  {
+                      var inputBytes = Encoding.ASCII.GetBytes(input);
+                      var hashBytes = System.Security.Cryptography.MD5.HashData(inputBytes);
+                      return Convert.ToHexStringLower(hashBytes).Replace("-", string.Empty, StringComparison.OrdinalIgnoreCase).ToLower(CultureInfo.InvariantCulture);

Member

martincostello Mar 22, 2025

ToLower() is redundant as you're already using ToHexStringLower(), and IIRC, that won't return any dashes either, so the Replace() is also redundant.

src/AspNet.Security.OAuth.Bilibili/BilibiliAuthenticationHandler.cs

Comment on lines +108 to +110

		var signature = ComputeHmacSHA256(appSecret, signatureString);

		return signature;

Member

martincostello Mar 22, 2025

Suggested change

      
                    var signature = ComputeHmacSHA256(appSecret, signatureString);
          
                    return signature;
          
                    return ComputeHmacSHA256(appSecret, signatureString);

src/AspNet.Security.OAuth.Bilibili/BilibiliAuthenticationHandler.cs

+                          .Select(h => $"{h.Key}:{string.Join(",", h.Value)}")
+                          .ToList();
+                      var signatureString = string.Join("\n", headers);

Member

martincostello Mar 22, 2025

Can just call this signature - it's evident it's a string.

src/AspNet.Security.OAuth.Bilibili/BilibiliAuthenticationHandler.cs

Comment on lines +118 to +127

+                      using var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
+                      request.Headers.Add("Access-Token", tokens.AccessToken);
+                      request.Headers.Add("x-bili-accesskeyid", Options.ClientId);
+                      request.Headers.Add("x-bili-content-md5", ComputeMd5(string.Empty));
+                      request.Headers.Add("x-bili-signature-method", "HMAC-SHA256");
+                      request.Headers.Add("x-bili-signature-nonce", DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString(CultureInfo.InvariantCulture));
+                      request.Headers.Add("x-bili-signature-version", "2.0");
+                      request.Headers.Add("x-bili-timestamp", DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(CultureInfo.InvariantCulture));
+                      request.Headers.Add("Host", "member.bilibili.com");
+                      request.Headers.Add("Connection", "keep-alive");

Member

martincostello Mar 22, 2025

Suggested change

      
                    using var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
          
                    request.Headers.Add("Access-Token", tokens.AccessToken);
          
                    request.Headers.Add("x-bili-accesskeyid", Options.ClientId);
          
                    request.Headers.Add("x-bili-content-md5", ComputeMd5(string.Empty));
          
                    request.Headers.Add("x-bili-signature-method", "HMAC-SHA256");
          
                    request.Headers.Add("x-bili-signature-nonce", DateTimeOffset.UtcNow.ToUnixTimeMilliseconds().ToString(CultureInfo.InvariantCulture));
          
                    request.Headers.Add("x-bili-signature-version", "2.0");
          
                    request.Headers.Add("x-bili-timestamp", DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(CultureInfo.InvariantCulture));
          
                    request.Headers.Add("Host", "member.bilibili.com");
          
                    request.Headers.Add("Connection", "keep-alive");
          
                    var utcNow = TimeProvider.GetUtcNow();
          
                    using var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
          
                    request.Headers.Add("Access-Token", tokens.AccessToken);
          
                    request.Headers.Add("x-bili-accesskeyid", Options.ClientId);
          
                    request.Headers.Add("x-bili-content-md5", ComputeMd5(string.Empty));
          
                    request.Headers.Add("x-bili-signature-method", "HMAC-SHA256");
          
                    request.Headers.Add("x-bili-signature-nonce", utcNow.ToUnixTimeMilliseconds().ToString(CultureInfo.InvariantCulture));
          
                    request.Headers.Add("x-bili-signature-version", "2.0");
          
                    request.Headers.Add("x-bili-timestamp", utcNow.ToUnixTimeSeconds().ToString(CultureInfo.InvariantCulture));
          
                    request.Headers.Add("Host", "member.bilibili.com");
          
                    request.Headers.Add("Connection", "keep-alive");

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels