Context Navigation

SessionHandler.cs@ 497

Last change on this file since 497 was 487, checked in by alloc, 5 months ago
1.1.0.1 Release for V 1.0
File size: 6.5 KB

Rev	Line
[391]	1	using System;
[402]	2	using System.Collections.Generic;
	3	using System.IO;
[391]	4	using System.Net;
[402]	5	using Platform.Steam;
	6	using Utf8Json;
[404]	7	using Webserver.Permissions;
[391]	8
	9	namespace Webserver.UrlHandlers {
	10	public class SessionHandler : AbsHandler {
[453]	11
[394]	12	private const string pageBasePath = "/app";
	13	private const string pageErrorPath = "/app/error/";
[404]	14
[391]	15	private const string steamOpenIdVerifyUrl = "verifysteamopenid";
	16	private const string steamLoginUrl = "loginsteam";
[453]	17	private const string steamLoginName = "Steam OpenID";
[404]	18	private const string steamLoginFailedPage = "SteamLoginFailed";
	19
[402]	20	private const string userPassLoginUrl = "login";
[417]	21	public const string userPassLoginName = "User/pass";
[391]	22
[453]	23	public SessionHandler () : base (null) {
[391]	24	}
	25	public override void HandleRequest (RequestContext _context) {
[394]	26	if (_context.Request.RemoteEndPoint == null) {
[453]	27	WebUtils.WriteText (_context.Response, "NoRemoteEndpoint", HttpStatusCode.BadRequest);
[391]	28	return;
	29	}
	30
	31	string subpath = _context.RequestPath.Remove (0, urlBasePath.Length);
	32
[404]	33	string remoteEndpointString = _context.Request.RemoteEndPoint!.ToString ();
	34
[391]	35	if (subpath.StartsWith (steamOpenIdVerifyUrl)) {
[453]	36	if (HandleSteamVerification (parent.ConnectionHandler, _context, remoteEndpointString)) {
	37	_context.Response.Redirect (pageBasePath);
	38	} else {
	39	_context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
	40	}
[394]	41	return;
	42	}
[391]	43
[394]	44	if (subpath.StartsWith ("logout")) {
[453]	45	HandleLogout (parent.ConnectionHandler, _context, pageBasePath);
[394]	46	return;
	47	}
[391]	48
[394]	49	if (subpath.StartsWith (steamLoginUrl)) {
[453]	50	HandleSteamLogin (_context, $"{urlBasePath}{steamOpenIdVerifyUrl}");
[394]	51	return;
	52	}
[404]	53
[402]	54	if (subpath.StartsWith (userPassLoginUrl)) {
[453]	55	HandleUserPassLogin (parent.ConnectionHandler, _context, remoteEndpointString);
[402]	56	return;
	57	}
[391]	58
[453]	59	WebUtils.WriteText (_context.Response, "InvalidSessionsCommand", HttpStatusCode.BadRequest);
[394]	60	}
	61
[453]	62	public static bool HandleUserPassLogin (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString) {
[402]	63	if (!_context.Request.HasEntityBody) {
[422]	64	WebUtils.WriteText (_context.Response, "NoLoginData", HttpStatusCode.BadRequest);
[453]	65	return false;
[402]	66	}
	67
	68	Stream requestInputStream = _context.Request.InputStream;
	69
	70	byte[] jsonInputData = new byte[_context.Request.ContentLength64];
	71	requestInputStream.Read (jsonInputData, 0, (int)_context.Request.ContentLength64);
	72
	73	IDictionary<string, object> inputJson;
	74	try {
	75	inputJson = JsonSerializer.Deserialize<IDictionary<string, object>> (jsonInputData);
	76	} catch (Exception e) {
	77	Log.Error ("Error deserializing JSON from user/password login:");
	78	Log.Exception (e);
[422]	79	WebUtils.WriteText (_context.Response, "InvalidLoginJson", HttpStatusCode.BadRequest);
[453]	80	return false;
[402]	81	}
	82
	83	if (!inputJson.TryGetValue ("username", out object fieldNode) \|\| fieldNode is not string username) {
[422]	84	WebUtils.WriteText (_context.Response, "InvalidLoginJson", HttpStatusCode.BadRequest);
[453]	85	return false;
[402]	86	}
	87
	88	if (!inputJson.TryGetValue ("password", out fieldNode) \|\| fieldNode is not string password) {
[422]	89	WebUtils.WriteText (_context.Response, "InvalidLoginJson", HttpStatusCode.BadRequest);
[453]	90	return false;
[402]	91	}
	92
[433]	93	if (!AdminWebUsers.Instance.TryGetUser (username, password, out AdminWebUsers.WebUser webUser)) {
[453]	94	WebUtils.WriteText (_context.Response, "UserPassInvalid", HttpStatusCode.Unauthorized);
[404]	95	Log.Out ($"[Web] User/pass login failed from {_remoteEndpointString}");
[453]	96	return false;
[402]	97	}
	98
[457]	99	bool loginResult = HandleUserIdLogin (_connectionHandler, _context, _remoteEndpointString, userPassLoginName, webUser.Name, webUser.PlatformUser, webUser.CrossPlatformUser);
[453]	100	if (loginResult) {
	101	WebUtils.WriteText (_context.Response, "");
	102	} else {
	103	WebUtils.WriteText (_context.Response, "LoginError", HttpStatusCode.InternalServerError);
	104	}
	105
	106	return loginResult;
[402]	107	}
	108
[453]	109	public static void HandleSteamLogin (RequestContext _context, string _verificationCallbackUrl) {
[402]	110	string host = $"{(WebUtils.IsSslRedirected (_context.Request) ? "https://" : "http://")}{_context.Request.UserHostName}";
[453]	111	string url = OpenID.GetOpenIdLoginUrl (host, $"{host}{_verificationCallbackUrl}");
[394]	112	_context.Response.Redirect (url);
	113	}
	114
[453]	115	public static bool HandleLogout (ConnectionHandler _connectionHandler, RequestContext _context, string _pageBase) {
[394]	116	Cookie cookie = new Cookie ("sid", "", "/") {
	117	Expired = true
	118	};
	119	_context.Response.AppendCookie (cookie);
	120
	121	if (_context.Connection == null) {
[453]	122	_context.Response.Redirect (_pageBase);
	123	return false;
[394]	124	}
	125
[453]	126	_connectionHandler.LogOut (_context.Connection.SessionID);
	127	_context.Response.Redirect (_pageBase);
	128	return true;
[394]	129	}
	130
[453]	131	public static bool HandleSteamVerification (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString) {
[404]	132	ulong id;
	133	try {
	134	id = OpenID.Validate (_context.Request);
	135	} catch (Exception e) {
	136	Log.Error ($"[Web] Error validating Steam login from {_remoteEndpointString}:");
	137	Log.Exception (e);
[453]	138	return false;
[404]	139	}
[394]	140
[404]	141	if (id <= 0) {
	142	Log.Out ($"[Web] Steam OpenID login failed (invalid ID) from {_remoteEndpointString}");
[453]	143	return false;
[404]	144	}
	145
	146	UserIdentifierSteam userId = new UserIdentifierSteam (id);
[453]	147	return HandleUserIdLogin (_connectionHandler, _context, _remoteEndpointString, steamLoginName, userId.ToString (), userId);
[404]	148	}
	149
[453]	150	public static bool HandleUserIdLogin (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString,
	151	string _loginName, string _username, PlatformUserIdentifierAbs _userId, PlatformUserIdentifierAbs _crossUserId = null) {
[394]	152	try {
[411]	153	WebConnection con = _connectionHandler.LogIn (_context.Request.RemoteEndPoint!.Address, _username, _userId, _crossUserId);
[394]	154
[404]	155	int level1 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_userId);
	156	int level2 = int.MaxValue;
	157	if (_crossUserId != null) {
	158	level2 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_crossUserId);
	159	}
[394]	160
[404]	161	int higherLevel = Math.Min (level1, level2);
	162
[453]	163	Log.Out ($"[Web] {_loginName} login from {_remoteEndpointString}, name {_username} with ID {_userId}, CID {(_crossUserId != null ? _crossUserId.ToString () : "none")}, permission level {higherLevel}");
[404]	164	Cookie cookie = new Cookie ("sid", con.SessionID, "/") {
	165	Expired = false,
	166	Expires = DateTime.MinValue,
	167	HttpOnly = true,
	168	Secure = false
	169	};
	170	_context.Response.AppendCookie (cookie);
[417]	171
[453]	172	return true;
[394]	173	} catch (Exception e) {
[404]	174	Log.Error ($"[Web] Error during {_loginName} login:");
[394]	175	Log.Exception (e);
[391]	176	}
[453]	177
	178	return false;
[394]	179	}
[453]	180
[391]	181	}
	182	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: TFP-WebServer/WebServer/src/UrlHandlers/SessionHandler.cs@ 497

Download in other formats: