Store data protection keys in database

Iceshrimp.Backend/Core/Database/DatabaseContext.cs

@@ -1,6 +1,7 @@
 using System.Diagnostics.CodeAnalysis;
 using Iceshrimp.Backend.Core.Configuration;
 using Iceshrimp.Backend.Core.Database.Tables;
+using Microsoft.AspNetCore.DataProtection.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore;
 using Npgsql;
 
@@ -8,7 +9,8 @@ namespace Iceshrimp.Backend.Core.Database;
 
 [SuppressMessage("ReSharper", "StringLiteralTypo")]
 [SuppressMessage("ReSharper", "IdentifierTypo")]
-public class DatabaseContext(DbContextOptions<DatabaseContext> options) : DbContext(options) {
+public class DatabaseContext(DbContextOptions<DatabaseContext> options)
+	: DbContext(options), IDataProtectionKeyContext {
 	public virtual DbSet<AbuseUserReport>      AbuseUserReports      { get; init; } = null!;
 	public virtual DbSet<AccessToken>          AccessTokens          { get; init; } = null!;
 	public virtual DbSet<Announcement>         Announcements         { get; init; } = null!;
@@ -76,6 +78,7 @@ public class DatabaseContext(DbContextOptions<DatabaseContext> options) : DbCont
 	public virtual DbSet<UserPublickey>        UserPublickeys        { get; init; } = null!;
 	public virtual DbSet<UserSecurityKey>      UserSecurityKeys      { get; init; } = null!;
 	public virtual DbSet<Webhook>              Webhooks              { get; init; } = null!;
+	public virtual DbSet<DataProtectionKey>    DataProtectionKeys    { get; init; } = null!;
 
 	public static NpgsqlDataSource GetDataSource(Config.DatabaseSection? config) {
 		var dataSourceBuilder = new NpgsqlDataSourceBuilder();

Iceshrimp.Backend/Core/Database/Migrations/20240127190613_AddDataProtectionKeyTable.cs

@@ -0,0 +1,36 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+
+#nullable disable
+
+namespace Iceshrimp.Backend.Core.Database.Migrations
+{
+    /// <inheritdoc />
+    public partial class AddDataProtectionKeyTable : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.CreateTable(
+                name: "DataProtectionKeys",
+                columns: table => new
+                {
+                    Id = table.Column<int>(type: "integer", nullable: false)
+                        .Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
+                    FriendlyName = table.Column<string>(type: "text", nullable: true),
+                    Xml = table.Column<string>(type: "text", nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_DataProtectionKeys", x => x.Id);
+                });
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "DataProtectionKeys");
+        }
+    }
+}

Iceshrimp.Backend/Core/Database/Migrations/DatabaseContextModelSnapshot.cs

@@ -19,7 +19,7 @@ namespace Iceshrimp.Backend.Core.Database.Migrations
         {
 #pragma warning disable 612, 618
             modelBuilder
-                .HasAnnotation("ProductVersion", "8.0.0")
+                .HasAnnotation("ProductVersion", "8.0.1")
                 .HasAnnotation("Relational:MaxIdentifierLength", 63);
 
             NpgsqlModelBuilderExtensions.HasPostgresEnum(modelBuilder, "antenna_src_enum", new[] { "home", "all", "users", "list", "group", "instances" });
@@ -2082,7 +2082,7 @@ namespace Iceshrimp.Backend.Core.Database.Migrations
                         .HasColumnType("character varying(512)")
                         .HasColumnName("objectStorageRegion");
 
-                    b.Property<bool>("ObjectStorageS3forcePathStyle")
+                    b.Property<bool>("ObjectStorageS3ForcePathStyle")
                         .ValueGeneratedOnAdd()
                         .HasColumnType("boolean")
                         .HasDefaultValue(true)
@@ -4686,6 +4686,25 @@ namespace Iceshrimp.Backend.Core.Database.Migrations
                     b.ToTable("webhook");
                 });
 
+            modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<string>("FriendlyName")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Xml")
+                        .HasColumnType("text");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("DataProtectionKeys");
+                });
+
             modelBuilder.Entity("Iceshrimp.Backend.Core.Database.Tables.AbuseUserReport", b =>
                 {
                     b.HasOne("Iceshrimp.Backend.Core.Database.Tables.User", "Assignee")

Iceshrimp.Backend/Core/Extensions/ServiceExtensions.cs

@@ -4,6 +4,9 @@ using Iceshrimp.Backend.Core.Federation.ActivityPub;
 using Iceshrimp.Backend.Core.Federation.WebFinger;
 using Iceshrimp.Backend.Core.Middleware;
 using Iceshrimp.Backend.Core.Services;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
+using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel;
 
 namespace Iceshrimp.Backend.Core.Extensions;
 
@@ -49,5 +52,11 @@ public static class ServiceExtensions {
 		var config     = configuration.GetSection("Database").Get<Config.DatabaseSection>();
 		var dataSource = DatabaseContext.GetDataSource(config);
 		services.AddDbContext<DatabaseContext>(options => { DatabaseContext.Configure(options, dataSource); });
+		services.AddDataProtection()
+		        .PersistKeysToDbContext<DatabaseContext>()
+		        .UseCryptographicAlgorithms(new AuthenticatedEncryptorConfiguration {
+			        EncryptionAlgorithm = EncryptionAlgorithm.AES_256_CBC,
+			        ValidationAlgorithm = ValidationAlgorithm.HMACSHA256
+		        });
 	}
 }

Iceshrimp.Backend/Iceshrimp.Backend.csproj

@@ -19,6 +19,7 @@
         <PackageReference Include="cuid.net" Version="5.0.2"/>
         <PackageReference Include="dotNetRdf.Core" Version="3.2.1-dev"/>
         <PackageReference Include="Isopoh.Cryptography.Argon2" Version="2.0.0"/>
+        <PackageReference Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="8.0.1"/>
         <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="8.0.0"/>
         <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.0"/>
         <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.0">

Iceshrimp.Backend/Pages/Shared/_ValidationScriptsPartial.cshtml

@@ -1,2 +0,0 @@
-<script src="~/lib/jquery-validation/dist/jquery.validate.min.js"></script>
-<script src="~/lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.min.js"></script>