[update] Remove token from Query param, move to cookies

.idea/.idea.Abyss/.idea/workspace.xml

@@ -10,41 +10,16 @@
   </component>
   <component name="ChangeListManager">
     <list default="true" id="bf317275-3039-49bb-a475-725a800a0cce" name="Changes" comment="">
-      <change afterPath="$PROJECT_DIR$/Abyss/Components/Services/Media/ComicService.cs" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/Abyss/Components/Services/Media/VideoService.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/.idea/.idea.Abyss/.idea/sqldialects.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/.idea.Abyss/.idea/sqldialects.xml" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/.idea/.idea.Abyss/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/.idea.Abyss/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss.sln.DotSettings.user" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss.sln.DotSettings.user" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Components/Controllers/AbyssController.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Controllers/AbyssController.cs" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/Abyss/Components/Controllers/Media/ImageController.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Controllers/Media/ImageController.cs" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/Abyss/Components/Controllers/Media/LiveController.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Controllers/Media/LiveController.cs" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/Abyss/Components/Controllers/Media/VideoController.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Controllers/Media/VideoController.cs" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/Abyss/Components/Controllers/Middleware/BadRequestExceptionMiddleware.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Controllers/Middleware/BadRequestExceptionMiddleware.cs" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/Abyss/Components/Controllers/Security/RootController.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Controllers/Security/RootController.cs" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/Abyss/Components/Controllers/Security/UserController.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Controllers/Security/UserController.cs" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/Abyss/Components/Controllers/Task/TaskController.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Controllers/Task/TaskController.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Components/Services/AbyssService.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Services/Security/AbyssService.cs" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/Abyss/Components/Services/Security/UserService.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Services/Security/UserService.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Components/Services/ConfigureService.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Services/Misc/ConfigureService.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Components/Services/IndexService.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Services/Media/IndexService.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Components/Services/ResourceDatabaseService.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Services/Media/ResourceDatabaseService.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Components/Services/ResourceService.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Services/Media/ResourceService.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Components/Services/TaskService.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Services/Media/TaskService.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Components/Services/UserService.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Services/Security/UserService.cs" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/Abyss/Components/Static/ControllerExtensions.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Static/ControllerExtensions.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Components/Tools/AbyssStream.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Components/Tools/AbyssStream.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Misc/StringClusterer.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Misc/StringClusterer.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Model/Bookmark.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Model/Media/Bookmark.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Model/ChallengeResponse.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Model/Security/ChallengeResponse.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Model/Chip.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Model/Media/Chip.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Model/Comic.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Model/Media/Comic.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Model/Comment.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Model/Media/Comment.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Model/Index.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Model/Media/Index.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Model/ResourceAttribute.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Model/Media/ResourceAttribute.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Model/Task.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Model/Media/Task.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Model/TaskCreation.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Model/Media/TaskCreation.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Model/User.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Model/Security/User.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Model/UserCreating.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Model/Security/UserCreating.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Model/Video.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Model/Media/Video.cs" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/Abyss/Program.cs" beforeDir="false" afterPath="$PROJECT_DIR$/Abyss/Program.cs" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
@@ -117,30 +92,30 @@
     <option name="hideEmptyMiddlePackages" value="true" />
     <option name="showLibraryContents" value="true" />
   </component>
-  <component name="PropertiesComponent"><![CDATA[{
+  <component name="PropertiesComponent">{
-  "keyToString": {
+  &quot;keyToString&quot;: {
-    ".NET Launch Settings Profile.Abyss: http.executor": "Run",
+    &quot;.NET Launch Settings Profile.Abyss: http.executor&quot;: &quot;Run&quot;,
-    ".NET Launch Settings Profile.Abyss: https.executor": "Debug",
+    &quot;.NET Launch Settings Profile.Abyss: https.executor&quot;: &quot;Debug&quot;,
-    ".NET Project.AbyssCli.executor": "Run",
+    &quot;.NET Project.AbyssCli.executor&quot;: &quot;Run&quot;,
-    "ASKED_SHARE_PROJECT_CONFIGURATION_FILES": "true",
+    &quot;ASKED_SHARE_PROJECT_CONFIGURATION_FILES&quot;: &quot;true&quot;,
-    "ModuleVcsDetector.initialDetectionPerformed": "true",
+    &quot;ModuleVcsDetector.initialDetectionPerformed&quot;: &quot;true&quot;,
-    "Publish to folder.Publish Abyss to folder x86.executor": "Run",
+    &quot;Publish to folder.Publish Abyss to folder x86.executor&quot;: &quot;Run&quot;,
-    "Publish to folder.Publish Abyss to folder.executor": "Run",
+    &quot;Publish to folder.Publish Abyss to folder.executor&quot;: &quot;Run&quot;,
-    "RunOnceActivity.ShowReadmeOnStart": "true",
+    &quot;RunOnceActivity.ShowReadmeOnStart&quot;: &quot;true&quot;,
-    "RunOnceActivity.TerminalTabsStorage.copyFrom.TerminalArrangementManager.252": "true",
+    &quot;RunOnceActivity.TerminalTabsStorage.copyFrom.TerminalArrangementManager.252&quot;: &quot;true&quot;,
-    "RunOnceActivity.git.unshallow": "true",
+    &quot;RunOnceActivity.git.unshallow&quot;: &quot;true&quot;,
-    "XThreadsFramesViewSplitterKey": "0.55813956",
+    &quot;XThreadsFramesViewSplitterKey&quot;: &quot;0.55813956&quot;,
-    "git-widget-placeholder": "main",
+    &quot;git-widget-placeholder&quot;: &quot;main&quot;,
-    "last_opened_file_path": "/home/acite/embd/WebProjects/Abyss/README.md",
+    &quot;last_opened_file_path&quot;: &quot;/home/acite/embd/WebProjects/Abyss/README.md&quot;,
-    "node.js.detected.package.eslint": "true",
+    &quot;node.js.detected.package.eslint&quot;: &quot;true&quot;,
-    "node.js.detected.package.tslint": "true",
+    &quot;node.js.detected.package.tslint&quot;: &quot;true&quot;,
-    "node.js.selected.package.eslint": "(autodetect)",
+    &quot;node.js.selected.package.eslint&quot;: &quot;(autodetect)&quot;,
-    "node.js.selected.package.tslint": "(autodetect)",
+    &quot;node.js.selected.package.tslint&quot;: &quot;(autodetect)&quot;,
-    "nodejs_package_manager_path": "npm",
+    &quot;nodejs_package_manager_path&quot;: &quot;npm&quot;,
-    "settings.editor.selected.configurable": "com.jetbrains.python.configuration.PyActiveSdkModuleConfigurable",
+    &quot;settings.editor.selected.configurable&quot;: &quot;com.jetbrains.python.configuration.PyActiveSdkModuleConfigurable&quot;,
-    "vue.rearranger.settings.migration": "true"
+    &quot;vue.rearranger.settings.migration&quot;: &quot;true&quot;
   }
-}]]></component>
+}</component>
   <component name="RunManager" selected="Publish to folder.Publish Abyss to folder">
     <configuration name="Publish Abyss to folder x86" type="DotNetFolderPublish" factoryName="Publish to folder">
       <riderPublish configuration="Release" platform="Any CPU" produce_single_file="true" ready_to_run="true" self_contained="true" target_folder="/opt/security/https/server" target_framework="net9.0" uuid_high="3690631506471504162" uuid_low="-4858628519588143325">
@@ -279,7 +254,8 @@
       <workItem from="1758815224532" duration="430000" />
       <workItem from="1758905391249" duration="128000" />
       <workItem from="1758906781361" duration="252000" />
-      <workItem from="1759036019712" duration="20077000" />
+      <workItem from="1759036019712" duration="20642000" />
+      <workItem from="1759072866075" duration="4869000" />
     </task>
     <servers />
   </component>

Abyss/Components/Controllers/Media/ImageController.cs

@@ -13,44 +13,44 @@ public class ImageController(ComicService comicService) : BaseController
 {
     
     [HttpPost("init")]
-    public async Task<IActionResult> InitAsync(string token, string owner)
+    public async Task<IActionResult> InitAsync(string owner)
     {
-        var r = await comicService.InitAsync(token, owner, Ip);
+        var r = await comicService.InitAsync(Token, owner, Ip);
         return r ? Ok("Initialize Success") : _403;
     }
 
     [HttpGet]
-    public async Task<IActionResult> QueryCollections(string token)
+    public async Task<IActionResult> QueryCollections()
     {
-        var r = await comicService.QueryCollections(token, Ip);
+        var r = await comicService.QueryCollections(Token, Ip);
         return r != null ? Ok(r.NaturalSort(x => x)) : _403;
     }
 
     [HttpGet("{id}")]
-    public async Task<IActionResult> Query(string id, string token)
+    public async Task<IActionResult> Query(string id)
     {
-        var r =  await comicService.Query(id, token, Ip);
+        var r =  await comicService.Query(id, Token, Ip);
         return r != null ? Ok(r) : _403;
     }
     
     [HttpPost("bulkquery")]
-    public async Task<IActionResult> QueryBulk([FromQuery] string token, [FromBody] string[] id)
+    public async Task<IActionResult> QueryBulk([FromBody] string[] id)
     {
-        var r = await comicService.QueryBulk(token, id, Ip);
+        var r = await comicService.QueryBulk(Token, id, Ip);
         return Ok(JsonConvert.SerializeObject(r));
     }
 
     [HttpPost("{id}/bookmark")]
-    public async Task<IActionResult> Bookmark(string id, string token, [FromBody] Bookmark bookmark)
+    public async Task<IActionResult> Bookmark(string id, [FromBody] Bookmark bookmark)
     {
-        var r = await comicService.Bookmark(id, token, bookmark, Ip);
+        var r = await comicService.Bookmark(id, Token, bookmark, Ip);
         return r ? Ok("Success") : _403;
     }
     
     [HttpGet("{id}/{file}")]
-    public async Task<IActionResult> Get(string id, string file, string token)
+    public async Task<IActionResult> Get(string id, string file)
     {
-        var r = await comicService.Page(id, file, token, Ip);
+        var r = await comicService.Page(id, file, Token, Ip);
         return r ?? _403;
     }
 }

Abyss/Components/Controllers/Media/LiveController.cs

@@ -1,4 +1,4 @@
-using Abyss.Components.Services;
+
 using Abyss.Components.Services.Media;
 using Abyss.Components.Services.Misc;
 using Abyss.Components.Static;
@@ -13,30 +13,30 @@ public class LiveController(ResourceService rs, ConfigureService config): BaseCo
     public readonly string LiveFolder = Path.Combine(config.MediaRoot, "Live");
 
     [HttpPost("{id}")]
-    public async Task<IActionResult> AddLive(string id, string token, int owner)
+    public async Task<IActionResult> AddLive(string id, int owner)
     {
         var d = Helpers.SafePathCombine(LiveFolder, [id]);
         if (d == null) return _403;
 
-        bool r = await rs.Include(d, token, Ip, owner, "rw,--,--");
+        bool r = await rs.Include(d, Token, Ip, owner, "rw,--,--");
 
         return r ? Ok("Success") : _400;
     }
 
     [HttpDelete("{id}")]
-    public async Task<IActionResult> RemoveLive(string id, string token)
+    public async Task<IActionResult> RemoveLive(string id)
     {
         var d = Helpers.SafePathCombine(LiveFolder, [id]);
         if (d == null) 
             return _403;
 
-        bool r = await rs.Exclude(d, token, Ip);
+        bool r = await rs.Exclude(d, Token, Ip);
 
         return r ? Ok("Success") : _400;
     }
 
-    [HttpGet("{id}/{token}/{item}")]
+    [HttpGet("{id}/{item}")]
-    public async Task<IActionResult> GetLive(string id, string token, string item)
+    public async Task<IActionResult> GetLive(string id, string item)
     {
         var d = Helpers.SafePathCombine(LiveFolder, [id, item]);
         if (d == null) return _400;
@@ -46,7 +46,7 @@ public class LiveController(ResourceService rs, ConfigureService config): BaseCo
         
         // TODO: It's still not very elegant, but it's a bit better to some extent
 
-        var r = await rs.Get(d, token, Ip, Helpers.GetContentType(d));
+        var r = await rs.Get(d, Token, Ip, Helpers.GetContentType(d));
         return r ?? _404;
     }
 }

Abyss/Components/Controllers/Media/VideoController.cs

@@ -13,67 +13,67 @@ public class VideoController(VideoService videoService)
 {
     
     [HttpPost("init")]
-    public async Task<IActionResult> InitAsync(string token, string owner)
+    public async Task<IActionResult> InitAsync(string owner)
     {
-        if (await videoService.Init(token, owner, Ip))
+        if (await videoService.Init(Token, owner, Ip))
             return Ok("Initialized Successfully");
         return _403;
     }
 
     [HttpGet]
-    public async Task<IActionResult> GetClass(string token)
+    public async Task<IActionResult> GetClass()
     {
-        var r = await videoService.GetClasses(token, Ip);
+        var r = await videoService.GetClasses(Token, Ip);
         return r != null ? Ok(r) : _403; 
     }
 
     [HttpGet("{klass}")]
-    public async Task<IActionResult> QueryClass(string klass, string token)
+    public async Task<IActionResult> QueryClass(string klass)
     {
-        var r = await videoService.QueryClass(klass, token, Ip);
+        var r = await videoService.QueryClass(klass, Token, Ip);
         return r != null ? Ok(r) : _403; 
     }
 
     [HttpGet("{klass}/{id}")]
-    public async Task<IActionResult> QueryVideo(string klass, string id, string token)
+    public async Task<IActionResult> QueryVideo(string klass, string id)
     {
-        var r = await videoService.QueryVideo(klass, id, token, Ip);
+        var r = await videoService.QueryVideo(klass, id, Token, Ip);
         return r != null ? Ok(r) : _403;
     }
 
     [HttpPost("{klass}/bulkquery")]
-    public async Task<IActionResult> QueryBulk([FromQuery] string token, [FromBody] string[] id,
+    public async Task<IActionResult> QueryBulk([FromBody] string[] id,
         [FromRoute] string klass)
     {
-        var r = await videoService.QueryBulk(klass, id, token, Ip);
+        var r = await videoService.QueryBulk(klass, id, Token, Ip);
         return Ok(JsonConvert.SerializeObject(r));
     }
 
     [HttpGet("{klass}/{id}/cover")]
-    public async Task<IActionResult> Cover(string klass, string id, string token)
+    public async Task<IActionResult> Cover(string klass, string id)
     {
-        var r = await videoService.Cover(klass, id, token, Ip);
+        var r = await videoService.Cover(klass, id, Token, Ip);
         return r ?? _403;
     }
 
     [HttpGet("{klass}/{id}/gallery/{pic}")]
-    public async Task<IActionResult> Gallery(string klass, string id, string pic, string token)
+    public async Task<IActionResult> Gallery(string klass, string id, string pic)
     {
-        var r = await videoService.Gallery(klass, id, pic, token, Ip);
+        var r = await videoService.Gallery(klass, id, pic, Token, Ip);
         return r ?? _403;
     }
 
     [HttpGet("{klass}/{id}/subtitle")]
-    public async Task<IActionResult> Subtitle(string klass, string id, string token)
+    public async Task<IActionResult> Subtitle(string klass, string id)
     {
-        var r = await videoService.Subtitle(klass, id, token, Ip);
+        var r = await videoService.Subtitle(klass, id, Token, Ip);
         return r ?? _404;
     }
 
     [HttpGet("{klass}/{id}/av")]
-    public async Task<IActionResult> Av(string klass, string id, string token)
+    public async Task<IActionResult> Av(string klass, string id)
     {
-        var r = await videoService.Av(klass, id, token, Ip);
+        var r = await videoService.Av(klass, id, Token, Ip);
         return r ?? _403;
     }
 }

Abyss/Components/Controllers/Middleware/BadRequestExceptionMiddleware.cs

@@ -12,7 +12,7 @@ public class BadRequestExceptionMiddleware(RequestDelegate next, ILogger<BadRequ
         {
             logger.LogError(ex.Message);
             context.Response.StatusCode = StatusCodes.Status400BadRequest;
-            await context.Response.WriteAsync("Bad Request");
+            await context.Response.WriteAsync(ex.Message);
         }
     }
 }

Abyss/Components/Controllers/Security/RootController.cs

@@ -13,45 +13,45 @@ public class RootController(ILogger<RootController> logger, UserService userServ
     : BaseController
 {
     [HttpPost("chmod")]
-    public async Task<IActionResult> Chmod(string token, string path, string permission, string? recursive)
+    public async Task<IActionResult> Chmod(string path, string permission, string? recursive)
     {
         logger.LogInformation("Chmod method called with path: {Path}, permission: {Permission}", path, permission);
         
-        if (userService.Validate(token, Ip) != 1)
+        if (userService.Validate(Token, Ip) != 1)
         {
-            logger.LogInformation("Chmod authorization failed for token: {Token}", token);
+            logger.LogInformation("Chmod authorization failed for token: {Token}", Token);
             return _401;
         }
 
-        bool r = await resourceService.Chmod(path, token, permission, Ip, recursive == "true");
+        bool r = await resourceService.Chmod(path, Token, permission, Ip, recursive == "true");
         logger.LogInformation("Chmod operation completed with result: {Result}", r);
         return r ? Ok() : StatusCode(500);
     }
 
     [HttpPost("chown")]
-    public async Task<IActionResult> Chown(string token, string path, int owner, string? recursive)
+    public async Task<IActionResult> Chown(string path, int owner, string? recursive)
     {
         logger.LogInformation("Chown method called with path: {Path}, owner: {Owner}", path, owner);
         
-        if (userService.Validate(token, Ip) != 1)
+        if (userService.Validate(Token, Ip) != 1)
         {
-            logger.LogInformation("Chown authorization failed for token: {Token}", token);
+            logger.LogInformation("Chown authorization failed for token: {Token}", Token);
             return _401;
         }
 
-        bool r = await resourceService.Chown(path, token, owner, Ip, recursive == "true");
+        bool r = await resourceService.Chown(path, Token, owner, Ip, recursive == "true");
         logger.LogInformation("Chown operation completed with result: {Result}", r);
         return r ? Ok() : StatusCode(502);
     }
 
     [HttpGet("ls")]
-    public async Task<IActionResult> Ls(string token, string path)
+    public async Task<IActionResult> Ls(string path)
     {
         logger.LogInformation("Ls method called with path: {Path}", path);
         
-        if (userService.Validate(token, Ip) != 1)
+        if (userService.Validate(Token, Ip) != 1)
         {
-            logger.LogInformation("Ls authorization failed for token: {Token}", token);
+            logger.LogInformation("Ls authorization failed for token: {Token}", Token);
             return _401;
         }
 
@@ -112,15 +112,15 @@ public class RootController(ILogger<RootController> logger, UserService userServ
     }
 
     [HttpPost("init")]
-    public async Task<IActionResult> Init(string token, string path, int owner)
+    public async Task<IActionResult> Init(string path, int owner)
     {
-        if (userService.Validate(token, Ip) != 1)
+        if (userService.Validate(Token, Ip) != 1)
         {
-            logger.LogInformation("Init authorization failed for token: {Token}", token);
+            logger.LogInformation("Init authorization failed for token: {Token}", Token);
             return _401;
         }
         
-        var r = await resourceService.Initialize(path, token, owner, Ip);
+        var r = await resourceService.Initialize(path, Token, owner, Ip);
         if (r) return Ok(r);
         return _403;
     }

Abyss/Components/Controllers/Security/UserController.cs

@@ -33,8 +33,7 @@ public class UserController(UserService userService, ILogger<UserController> log
         if (r == null)
             return _403;
         
-        
+        Response.Cookies.Append("token", r);
-        
         return Ok(r);
     }
 

Abyss/Components/Controllers/Task/TaskController.cs

@@ -13,21 +13,21 @@ namespace Abyss.Components.Controllers.Task;
 
 [ApiController]
 [Route("api/[controller]")]
-public class TaskController(ConfigureService config, TaskService taskService) : Controller
+public class TaskController(ConfigureService config, TaskService taskService) : BaseController
 {
     public readonly string TaskFolder = Path.Combine(config.MediaRoot, "Tasks");
     
     [HttpGet]
-    public async Task<IActionResult> Query(string token)
+    public async Task<IActionResult> Query()
     {
         // If the token is invalid, an empty list will be returned, which is part of the design
-        return Json(await taskService.Query(token, Ip));
+        return Json(await taskService.Query(Token, Ip));
     }
 
     [HttpPost]
-    public async Task<IActionResult> Create(string token, [FromBody] TaskCreation creation)
+    public async Task<IActionResult> Create([FromBody] TaskCreation creation)
     {
-        var r = await taskService.Create(token, Ip, creation);
+        var r = await taskService.Create(Token, Ip, creation);
         if(r == null)
         { 
             return BadRequest();
@@ -58,6 +58,4 @@ public class TaskController(ConfigureService config, TaskService taskService) :
     {
         throw new NotImplementedException();
     }
-    
-    private string Ip => HttpContext.Connection.RemoteIpAddress?.ToString() ?? "127.0.0.1";
 }

Abyss/Components/Services/Security/UserService.cs

@@ -120,7 +120,7 @@ public class UserService
     {
         if (_cache.TryGetValue(token, out string? userAndIp))
         {
-            if (ip != userAndIp?.Split('@')[1] && ip != "127.0.0.1")
+            if (ip != userAndIp?.Split('@')[1] && ip != "127.0.0.1" && token != "abyss")
             {
                 _logger.LogError($"Token used from another Host: {token}");
                 Destroy(token);

Abyss/Components/Static/ControllerExtensions.cs

@@ -1,4 +1,5 @@
 using System.Net;
+using System.Security.Authentication;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Abyss.Components.Static;
@@ -10,6 +11,18 @@ public abstract class BaseController : Controller
     protected IActionResult _401 => StatusCode(404, new { message = "Unauthorized" });
     protected IActionResult _404 => StatusCode(404, new { message = "Not Found" });
 
+    protected string Token
+    {
+        get
+        {
+            var t = Request.Cookies["token"];
+            if (string.IsNullOrEmpty(t))
+                throw new AuthenticationException("Token is missing");
+            
+            return t;
+        }
+    }
+    
     private string? _ip;
 
     protected string Ip