source: TFP-WebServer/WebServer/src/UrlHandlers/SessionHandler.cs@ 491

Last change on this file since 491 was 487, checked in by alloc, 5 months ago

1.1.0.1 Release for V 1.0

File size: 6.5 KB
RevLine 
[391]1using System;
[402]2using System.Collections.Generic;
3using System.IO;
[391]4using System.Net;
[402]5using Platform.Steam;
6using Utf8Json;
[404]7using Webserver.Permissions;
[391]8
9namespace Webserver.UrlHandlers {
10 public class SessionHandler : AbsHandler {
[453]11
[394]12 private const string pageBasePath = "/app";
13 private const string pageErrorPath = "/app/error/";
[404]14
[391]15 private const string steamOpenIdVerifyUrl = "verifysteamopenid";
16 private const string steamLoginUrl = "loginsteam";
[453]17 private const string steamLoginName = "Steam OpenID";
[404]18 private const string steamLoginFailedPage = "SteamLoginFailed";
19
[402]20 private const string userPassLoginUrl = "login";
[417]21 public const string userPassLoginName = "User/pass";
[391]22
[453]23 public SessionHandler () : base (null) {
[391]24 }
25 public override void HandleRequest (RequestContext _context) {
[394]26 if (_context.Request.RemoteEndPoint == null) {
[453]27 WebUtils.WriteText (_context.Response, "NoRemoteEndpoint", HttpStatusCode.BadRequest);
[391]28 return;
29 }
30
31 string subpath = _context.RequestPath.Remove (0, urlBasePath.Length);
32
[404]33 string remoteEndpointString = _context.Request.RemoteEndPoint!.ToString ();
34
[391]35 if (subpath.StartsWith (steamOpenIdVerifyUrl)) {
[453]36 if (HandleSteamVerification (parent.ConnectionHandler, _context, remoteEndpointString)) {
37 _context.Response.Redirect (pageBasePath);
38 } else {
39 _context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
40 }
[394]41 return;
42 }
[391]43
[394]44 if (subpath.StartsWith ("logout")) {
[453]45 HandleLogout (parent.ConnectionHandler, _context, pageBasePath);
[394]46 return;
47 }
[391]48
[394]49 if (subpath.StartsWith (steamLoginUrl)) {
[453]50 HandleSteamLogin (_context, $"{urlBasePath}{steamOpenIdVerifyUrl}");
[394]51 return;
52 }
[404]53
[402]54 if (subpath.StartsWith (userPassLoginUrl)) {
[453]55 HandleUserPassLogin (parent.ConnectionHandler, _context, remoteEndpointString);
[402]56 return;
57 }
[391]58
[453]59 WebUtils.WriteText (_context.Response, "InvalidSessionsCommand", HttpStatusCode.BadRequest);
[394]60 }
61
[453]62 public static bool HandleUserPassLogin (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString) {
[402]63 if (!_context.Request.HasEntityBody) {
[422]64 WebUtils.WriteText (_context.Response, "NoLoginData", HttpStatusCode.BadRequest);
[453]65 return false;
[402]66 }
67
68 Stream requestInputStream = _context.Request.InputStream;
69
70 byte[] jsonInputData = new byte[_context.Request.ContentLength64];
71 requestInputStream.Read (jsonInputData, 0, (int)_context.Request.ContentLength64);
72
73 IDictionary<string, object> inputJson;
74 try {
75 inputJson = JsonSerializer.Deserialize<IDictionary<string, object>> (jsonInputData);
76 } catch (Exception e) {
77 Log.Error ("Error deserializing JSON from user/password login:");
78 Log.Exception (e);
[422]79 WebUtils.WriteText (_context.Response, "InvalidLoginJson", HttpStatusCode.BadRequest);
[453]80 return false;
[402]81 }
82
83 if (!inputJson.TryGetValue ("username", out object fieldNode) || fieldNode is not string username) {
[422]84 WebUtils.WriteText (_context.Response, "InvalidLoginJson", HttpStatusCode.BadRequest);
[453]85 return false;
[402]86 }
87
88 if (!inputJson.TryGetValue ("password", out fieldNode) || fieldNode is not string password) {
[422]89 WebUtils.WriteText (_context.Response, "InvalidLoginJson", HttpStatusCode.BadRequest);
[453]90 return false;
[402]91 }
92
[433]93 if (!AdminWebUsers.Instance.TryGetUser (username, password, out AdminWebUsers.WebUser webUser)) {
[453]94 WebUtils.WriteText (_context.Response, "UserPassInvalid", HttpStatusCode.Unauthorized);
[404]95 Log.Out ($"[Web] User/pass login failed from {_remoteEndpointString}");
[453]96 return false;
[402]97 }
98
[457]99 bool loginResult = HandleUserIdLogin (_connectionHandler, _context, _remoteEndpointString, userPassLoginName, webUser.Name, webUser.PlatformUser, webUser.CrossPlatformUser);
[453]100 if (loginResult) {
101 WebUtils.WriteText (_context.Response, "");
102 } else {
103 WebUtils.WriteText (_context.Response, "LoginError", HttpStatusCode.InternalServerError);
104 }
105
106 return loginResult;
[402]107 }
108
[453]109 public static void HandleSteamLogin (RequestContext _context, string _verificationCallbackUrl) {
[402]110 string host = $"{(WebUtils.IsSslRedirected (_context.Request) ? "https://" : "http://")}{_context.Request.UserHostName}";
[453]111 string url = OpenID.GetOpenIdLoginUrl (host, $"{host}{_verificationCallbackUrl}");
[394]112 _context.Response.Redirect (url);
113 }
114
[453]115 public static bool HandleLogout (ConnectionHandler _connectionHandler, RequestContext _context, string _pageBase) {
[394]116 Cookie cookie = new Cookie ("sid", "", "/") {
117 Expired = true
118 };
119 _context.Response.AppendCookie (cookie);
120
121 if (_context.Connection == null) {
[453]122 _context.Response.Redirect (_pageBase);
123 return false;
[394]124 }
125
[453]126 _connectionHandler.LogOut (_context.Connection.SessionID);
127 _context.Response.Redirect (_pageBase);
128 return true;
[394]129 }
130
[453]131 public static bool HandleSteamVerification (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString) {
[404]132 ulong id;
133 try {
134 id = OpenID.Validate (_context.Request);
135 } catch (Exception e) {
136 Log.Error ($"[Web] Error validating Steam login from {_remoteEndpointString}:");
137 Log.Exception (e);
[453]138 return false;
[404]139 }
[394]140
[404]141 if (id <= 0) {
142 Log.Out ($"[Web] Steam OpenID login failed (invalid ID) from {_remoteEndpointString}");
[453]143 return false;
[404]144 }
145
146 UserIdentifierSteam userId = new UserIdentifierSteam (id);
[453]147 return HandleUserIdLogin (_connectionHandler, _context, _remoteEndpointString, steamLoginName, userId.ToString (), userId);
[404]148 }
149
[453]150 public static bool HandleUserIdLogin (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString,
151 string _loginName, string _username, PlatformUserIdentifierAbs _userId, PlatformUserIdentifierAbs _crossUserId = null) {
[394]152 try {
[411]153 WebConnection con = _connectionHandler.LogIn (_context.Request.RemoteEndPoint!.Address, _username, _userId, _crossUserId);
[394]154
[404]155 int level1 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_userId);
156 int level2 = int.MaxValue;
157 if (_crossUserId != null) {
158 level2 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_crossUserId);
159 }
[394]160
[404]161 int higherLevel = Math.Min (level1, level2);
162
[453]163 Log.Out ($"[Web] {_loginName} login from {_remoteEndpointString}, name {_username} with ID {_userId}, CID {(_crossUserId != null ? _crossUserId.ToString () : "none")}, permission level {higherLevel}");
[404]164 Cookie cookie = new Cookie ("sid", con.SessionID, "/") {
165 Expired = false,
166 Expires = DateTime.MinValue,
167 HttpOnly = true,
168 Secure = false
169 };
170 _context.Response.AppendCookie (cookie);
[417]171
[453]172 return true;
[394]173 } catch (Exception e) {
[404]174 Log.Error ($"[Web] Error during {_loginName} login:");
[394]175 Log.Exception (e);
[391]176 }
[453]177
178 return false;
[394]179 }
[453]180
[391]181 }
182}
Note: See TracBrowser for help on using the repository browser.