more stuff

Author: hhvrc

.github/workflows/update-cloudflare-proxies.yml

@@ -5,9 +5,6 @@ on:
     - cron: '0 0 1 * *' # runs at 00:00 UTC on the 1st day of every month
   workflow_dispatch:
 
-env:
-  IP_MERGED_FILE: Common.ASPNET/cloudflare-ips.txt
-
 jobs:
   update-proxies:
     runs-on: ubuntu-latest
@@ -17,23 +14,16 @@ jobs:
         with:
           ref: ${{ github.ref }}
 
-      - name: Fetch Cloudflare IPs and Update Files
-        env:
-          IPV4_URL: https://www.cloudflare.com/ips-v4
-          IPV6_URL: https://www.cloudflare.com/ips-v6
-        run: |
-          set -euo pipefail
+      - uses: actions/setup-dotnet@v4
 
-          echo "Fetching Cloudflare IP lists and merging"
-          curl -s $IPV4_URL > $IP_MERGED_FILE
-          echo "" >> $IP_MERGED_FILE
-          curl -s $IPV6_URL >> $IP_MERGED_FILE
+      - name: Build to regenerate Cloudflare IPs
+        run: dotnet build Common/Common.csproj
 
       - name: Commit and Push Changes
         run: |
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
-          git add ${{ env.IP_MERGED_FILE }}
+          git add Common/Utils/CloudflareNetworks.g.cs
 
           if git diff --cached --quiet; then
             echo "No changes detected."

CLAUDE.md

@@ -0,0 +1,79 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+OpenShock Common .NET library — shared utilities for the OpenShock ecosystem. Contains two main libraries: **Common** (utilities, validation, crypto, geolocation) and **DynamicLinq** (dynamic LINQ query builder for PostgreSQL/EF Core).
+
+## Build Commands
+
+```bash
+# Build
+dotnet build
+
+# Run all tests
+dotnet test
+
+# Run a single test project
+dotnet test Common.Tests/Common.Tests.csproj
+dotnet test DynamicLinq.Tests/DynamicLinq.Tests.csproj
+
+# CI-style build + test
+dotnet build --configuration Release && dotnet test --configuration Release --no-build
+```
+
+No separate lint command — warnings are treated as errors in Debug configuration.
+
+## Solution Structure
+
+- **Common/** — Main utility library (NuGet package output)
+- **Common.Tests/** — Unit tests for Common
+- **DynamicLinq/** — Dynamic LINQ expression builder targeting PostgreSQL via EF Core
+- **DynamicLinq.Tests/** — Tests for DynamicLinq (uses Testcontainers with PostgreSQL)
+
+Solution file: `Common.slnx`
+
+## Build Configuration
+
+- .NET 9.0, latest C# language version
+- Nullable reference types enabled globally
+- Central package management via `Directory.Packages.props`
+- `Directory.Build.props` enables implicit usings, XML docs, and treats warnings as errors in Debug
+- GitVersion used in CI for semantic versioning (requires full git history)
+
+## Testing
+
+Uses **TUnit** (not xUnit/NUnit). Test methods use TUnit attributes and async patterns. DynamicLinq tests use **Testcontainers** for real PostgreSQL instances and **Bogus** for test data generation.
+
+## Architecture & Key Patterns
+
+### Common Library Namespaces
+- `Constants` — Domain hard limits (username/password lengths, shocker limits, durations, intensities)
+- `Utils` — `HashingUtils` (BCrypt + legacy PBKDF2, SHA-256 token hashing), `CryptoUtils` (cryptographic RNG), `MathUtils` (Haversine), `LatencyEmulator` (timing-safe operations with Gaussian noise)
+- `Geo` — `Alpha2CountryCode` (value-type struct wrapping ushort), `DistanceLookup` (pre-computed frozen dictionary of country-to-country distances)
+- `Validation` — `CharsetMatchers` for detecting emojis, zalgo text, zero-width spaces, control chars
+- `JsonSerialization` — Custom converters (Unix milliseconds, flag-guarded enum strings)
+
+### DynamicLinq Library
+- `QueryStringTokenizer` — Parses filter strings with quoted values and escape sequences
+- `DBExpressionBuilder` — Converts string filter queries into LINQ expressions (supports `eq`, `neq`, `lt`, `gt`, `lte`, `gte`, `ilike`; multiple filters joined with `and`)
+- `OrderByQueryBuilder` — Dynamic OrderBy/ThenBy from string input
+- Properties marked with `[IgnoreDataMember]` are excluded from query building for security
+
+### Performance Conventions
+- `stackalloc` / `Span<T>` for short-lived buffers
+- `ArrayPool<byte>` for temporary allocations
+- `FrozenDictionary` for immutable lookup tables
+- `CollectionsMarshal` for optimized dictionary operations
+- `GeneratedRegex` for compiled regex patterns
+
+### Security Conventions
+- Password hashing uses BCrypt with SHA-512; PBKDF2 is legacy-only
+- Token hashing uses SHA-256
+- Timing-safe verification via `LatencyEmulator` sliding window statistics
+- Expression builder hides internal structure in error messages
+
+## License
+
+AGPL-3.0-or-later

Common/Common.csproj

@@ -10,4 +10,50 @@
     <PackageReference Include="OneOf" />
     <PackageReference Include="Serilog" />
   </ItemGroup>
+
+  <!-- Fetch Cloudflare IPs at build time and generate C# source -->
+  <UsingTask TaskName="GenerateCloudflareIPsSource" TaskFactory="RoslynCodeTaskFactory" AssemblyFile="$(MSBuildToolsPath)/Microsoft.Build.Tasks.Core.dll">
+    <ParameterGroup>
+      <IPv4File ParameterType="System.String" Required="true" />
+      <IPv6File ParameterType="System.String" Required="true" />
+      <OutputFile ParameterType="System.String" Required="true" />
+    </ParameterGroup>
+    <Task>
+      <Code Type="Fragment" Language="cs"><![CDATA[
+        var lines = new List<string>();
+        lines.AddRange(File.ReadAllLines(IPv4File).Where(l => !string.IsNullOrWhiteSpace(l)));
+        lines.AddRange(File.ReadAllLines(IPv6File).Where(l => !string.IsNullOrWhiteSpace(l)));
+
+        var sb = new System.Text.StringBuilder();
+        sb.AppendLine("// <auto-generated/>");
+        sb.AppendLine("using System.Net;");
+        sb.AppendLine();
+        sb.AppendLine("namespace OpenShock.Common.Utils;");
+        sb.AppendLine();
+        sb.AppendLine("public static partial class TrustedProxiesFetcher");
+        sb.AppendLine("{");
+        sb.AppendLine("    private static readonly IPNetwork[] CloudflareNetworks =");
+        sb.AppendLine("    [");
+        foreach (var line in lines)
+            sb.AppendLine($"        IPNetwork.Parse(\"{line.Trim()}\"),");
+        sb.AppendLine("    ];");
+        sb.AppendLine("}");
+
+        File.WriteAllText(OutputFile, sb.ToString());
+      ]]></Code>
+    </Task>
+  </UsingTask>
+
+  <Target Name="FetchCloudflareIPs" BeforeTargets="PrepareForBuild">
+    <MakeDir Directories="$(IntermediateOutputPath)" />
+    <DownloadFile SourceUrl="https://www.cloudflare.com/ips-v4"
+                  DestinationFolder="$(IntermediateOutputPath)"
+                  DestinationFileName="cf-v4.txt" />
+    <DownloadFile SourceUrl="https://www.cloudflare.com/ips-v6"
+                  DestinationFolder="$(IntermediateOutputPath)"
+                  DestinationFileName="cf-v6.txt" />
+    <GenerateCloudflareIPsSource IPv4File="$(IntermediateOutputPath)cf-v4.txt"
+                                 IPv6File="$(IntermediateOutputPath)cf-v6.txt"
+                                 OutputFile="$(MSBuildProjectDirectory)/Utils/CloudflareNetworks.g.cs" />
+  </Target>
 </Project>

Common/Utils/HashingUtils.cs

@@ -1,5 +1,4 @@
-using System.Buffers;
-using System.Diagnostics;
+using System.Diagnostics;
 using System.Security.Cryptography;
 using System.Text;
 using BCrypt.Net;
@@ -19,38 +18,24 @@ public static class HashingUtils
     private static readonly VerifyHashResult VerifyHashFailureResult = new(false, false);
 
     /// <summary>
-    /// Hashes string using SHA-256 and returns the result as a uppercase string
+    /// Hashes string using SHA-256 and returns the result as a lowercase string
     /// </summary>
     /// <param name="str"></param>
     /// <returns></returns>
     public static string HashSha256(string str)
     {
         Span<byte> hashDigest = stackalloc byte[SHA256.HashSizeInBytes];
 
-        const int maxStackSize = 256; // Threshold for stack allocation
-        int byteCount = Encoding.UTF8.GetByteCount(str);
+        var nAlloc = str.Length <= 512
+            ? Encoding.UTF8.GetMaxByteCount(str.Length)
+            : Encoding.UTF8.GetByteCount(str);
+        var buffer = nAlloc <= 256
+            ? stackalloc byte[nAlloc]
+            : new byte[nAlloc];
 
-        if (byteCount > maxStackSize)
-        {
-            byte[] decodedBytes = ArrayPool<byte>.Shared.Rent(byteCount);
-
-            try
-            {
-                int decodedCount = Encoding.UTF8.GetBytes(str, decodedBytes);
-                SHA256.HashData(decodedBytes.AsSpan(0, decodedCount), hashDigest);
-            }
-            finally
-            {
-                ArrayPool<byte>.Shared.Return(decodedBytes, true);
-            }
-        }
-        else
-        {
-            Span<byte> decodedBytes = stackalloc byte[maxStackSize];
-            int decodedCount = Encoding.UTF8.GetBytes(str, decodedBytes);
-            SHA256.HashData(decodedBytes[..decodedCount], hashDigest);
-        }
+        var byteCount = Encoding.UTF8.GetBytes(str, buffer);
 
+        SHA256.HashData(buffer[..byteCount], hashDigest);
 
         return Convert.ToHexStringLower(hashDigest);
     }

Common/Utils/TrustedProxiesFetcher.cs

@@ -0,0 +1,84 @@
+using System.Net;
+
+namespace OpenShock.Common.Utils;
+
+public static partial class TrustedProxiesFetcher
+{
+    private static readonly HttpClient Client = new();
+
+    public static readonly string[] PrivateNetworks =
+    [
+        // Loopback
+        "127.0.0.0/8",
+        "::1/128",
+        "::ffff:127.0.0.0/8",
+
+        // Private IPv4
+        "10.0.0.0/8",
+        "172.16.0.0/12",
+        "192.168.0.0/16",
+
+        // Private IPv6
+        "fc00::/7",
+        "fe80::/10",
+    ];
+
+    private static readonly IPNetwork[] PrivateNetworksParsed = [.. PrivateNetworks.Select(IPNetwork.Parse)];
+
+    private static readonly char[] NewLineSeperators = ['\r', '\n', '\t'];
+
+    private static async Task<IReadOnlyList<IPNetwork>> FetchCloudflareIPs(Uri uri, CancellationToken ct)
+    {
+        using var response = await Client.GetAsync(uri, ct);
+        var stringResponse = await response.Content.ReadAsStringAsync(ct);
+
+        return ParseNetworks(stringResponse);
+    }
+
+    private static IPNetwork[] ParseNetworks(string response)
+    {
+        var lines = response.Split(NewLineSeperators, StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
+        var networks = new IPNetwork[lines.Length];
+
+        for (int i = 0; i < lines.Length; i++)
+        {
+            networks[i] = IPNetwork.Parse(lines[i]);
+        }
+
+        return networks;
+    }
+
+    private static async Task<IPNetwork[]?> FetchCloudflareIPs()
+    {
+        try
+        {
+            using CancellationTokenSource cts = new(TimeSpan.FromSeconds(5)); // Don't want to make application startup slow
+            var ct = cts.Token;
+
+            var v4Task = FetchCloudflareIPs(new Uri("https://www.cloudflare.com/ips-v4"), ct);
+            var v6Task = FetchCloudflareIPs(new Uri("https://www.cloudflare.com/ips-v6"), ct);
+
+            await Task.WhenAll(v4Task, v6Task);
+
+            return [.. v4Task.Result, .. v6Task.Result];
+        }
+        catch (Exception)
+        {
+            return null;
+        }
+    }
+
+    public static async Task<IPNetwork[]> GetTrustedNetworksAsync(bool fetch = true)
+    {
+        IPNetwork[]? cfProxies = null;
+
+        if (fetch)
+        {
+            cfProxies = await FetchCloudflareIPs();
+        }
+
+        cfProxies ??= CloudflareNetworks;
+
+        return [.. PrivateNetworksParsed, .. cfProxies];
+    }
+}

DynamicLinq/Query/DBExpressionBuilder.cs

@@ -95,7 +95,7 @@ public static Expression<Func<T, bool>> GetFilterExpression<T>(string filterQuer
 
         var completeExpr = ParseFilters(filterQuery)
             .Select(filter => CreateMemberCompareExpression(entityType, parameterExpr, filter.MemberName, filter.Operation, filter.Value))
-            .Aggregate<Expression, Expression?>(null, (prev, next) => prev == null ? next : Expression.And(prev, next));
+            .Aggregate<Expression, Expression?>(null, (prev, next) => prev is null ? next : Expression.And(prev, next));
 
         return Expression.Lambda<Func<T, bool>>(completeExpr ?? Expression.Constant(true), parameterExpr);
     }

DynamicLinq/Query/DBExpressionBuilderUtils.cs

@@ -24,7 +24,7 @@ public static class DBExpressionBuilderUtils
     public static (MemberInfo, Type) GetPropertyOrField(Type type, string propOrFieldName)
     {
         var memberInfo = type.GetMember(propOrFieldName, BindingFlags.Public | BindingFlags.Instance | BindingFlags.GetProperty | BindingFlags.GetField | BindingFlags.IgnoreCase).SingleOrDefault();
-        if (memberInfo == null)
+        if (memberInfo is null)
             throw new DBExpressionBuilderException($"'{propOrFieldName}' is not a valid property of type {type.Name}");
 
         var isIgnored = memberInfo.GetCustomAttributes(typeof(IgnoreDataMemberAttribute), true).Any();

DynamicLinq/Query/OrderByQueryBuilder.cs

@@ -58,6 +58,9 @@ private static IOrderedQueryable<T> ThenBy<T>(this IOrderedQueryable<T> source,
 
     public static IOrderedQueryable<T> ApplyOrderBy<T>(this IQueryable<T> query, string orderbyQuery) where T : class
     {
+        ArgumentNullException.ThrowIfNull(query);
+        ArgumentException.ThrowIfNullOrWhiteSpace(orderbyQuery);
+
         var parts = orderbyQuery.Split(',');
 
         var parsed = ParseOrderByPart(parts[0]);