* Bump non-source files to net6.0
* Correct .NET 6.0 warnings
* Correct CI
* Correct linking errors
Not much I can do about them ATM
* Remove TrimmerRoots
At least runtime is no longer needed for our STD plugin, not sure about the dictionary
* Correct cc.sh
* Revert "Remove TrimmerRoots"
This reverts commit 11f603d3d6.
* First round of cat & mice game
* Update Directory.Build.props
* Update Startup.cs
* Update Startup.cs
* Update Startup.cs
* Fix new warnings
* Update SDK
* Address netf error
* Update Directory.Packages.props
* Support lol-US locale for IPC requests
* Support sr-CS as well
* Apply feedback
* Apply feedback and Rider cleanup
* Less allocations make everyone happy
* Apply feedback
* Explain why we're doing this stupidity
* Uppercase Windows/Linux compat fix
* Go back to earlier version
* Localize IPC
* Keep logs in one language
* Cleanup
* Revert changes that keep strings in one locale
* Order dependencies alphabetically
* Fix formatting (Thanks, Rider -.-)
Previously we've used one semaphore per all ongoing authentication attempts, which is suboptimal given the existence of a lot of consumers, including ongoing (D)DoS or distributed bruteforce attack. ASF should be as resistant to that as possible, therefore it makes sense to replace the global semaphore with per-IP semaphore (actually task), that can control the access just as well, without stopping other consumers from accessing the same authentication process concurrently.
We can favour bruteforcers by checking first if the client is even eligible for talking with us, this will (in a very negligible way) improve defense against common DoS.
Also rewrite Timer initialization while at it. This is internal class and we don't expect this middleware to be initialized more than once anyway.
Might result in something along:
2021-07-30 16:39:43|ArchiSteamFarm-6766|ERROR|Microsoft.AspNetCore.Server.Kestrel|Connection id "0HMAJF2E5IVHB", Request id "0HMAJF2E5IVHB:00000005": An unhandled exception was thrown by the application. System.InvalidOperationException: Synchronous operations are disallowed. Call WriteAsync or set AllowSynchronousIO to true instead.
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpResponseStream.Flush()
at Microsoft.AspNetCore.ResponseCaching.ResponseCachingStream.Flush()
at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionBody.Flush()
at System.IO.StreamWriter.Flush(Boolean flushStream, Boolean flushEncoder)
at System.IO.StreamWriter.Dispose(Boolean disposing)
at System.IO.StreamWriter.Close()
at Newtonsoft.Json.JsonTextWriter.CloseBufferAndWriter()
at Newtonsoft.Json.JsonTextWriter.Close()
at Newtonsoft.Json.JsonWriter.Dispose(Boolean disposing)
at Newtonsoft.Json.JsonWriter.System.IDisposable.Dispose()
at ArchiSteamFarm.IPC.WebUtilities.WriteJsonAsync[TValue](HttpResponse response, TValue value, JsonSerializerSettings jsonSerializerSettings)
at ArchiSteamFarm.IPC.WebUtilities.WriteJsonAsync[TValue](HttpResponse response, TValue value, JsonSerializerSettings jsonSerializerSettings)
at ArchiSteamFarm.IPC.Integration.ApiAuthenticationMiddleware.InvokeAsync(HttpContext context, IOptions`1 jsonOptions)
at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
* Closes#2371
* Change the default to no known networks
* Address @Vital7 note
* Handle both IPv4 and IPv6 when mapped
This follows ASP.NET Core logic
* Refactor forwarded headers usage
This actually does two things: client caching and server caching
Client caching considers only static files, for which we instruct the web browser to revalidate each cache usage with our server to ensure that it's up-to-date.
Server caching with those settings actually doesn't work (nothing to do), but may in the future as lack of no-store means that server is technically allowed to cache I/O read files for as long as it can guarantee they didn't change on the disk.
In theory, this is required only in specific proxy/CDN solutions accessing ASF data over http that would somehow want to transform the responses
https://github.com/JustArchiNET/ASF-ui/pull/1470
