[391] | 1 | using System;
|
---|
[402] | 2 | using System.Collections.Generic;
|
---|
| 3 | using System.IO;
|
---|
[391] | 4 | using System.Net;
|
---|
[402] | 5 | using Platform.Steam;
|
---|
| 6 | using Utf8Json;
|
---|
[404] | 7 | using Webserver.Permissions;
|
---|
[391] | 8 |
|
---|
| 9 | namespace Webserver.UrlHandlers {
|
---|
| 10 | public class SessionHandler : AbsHandler {
|
---|
[394] | 11 | private const string pageBasePath = "/app";
|
---|
| 12 | private const string pageErrorPath = "/app/error/";
|
---|
[404] | 13 |
|
---|
[391] | 14 | private const string steamOpenIdVerifyUrl = "verifysteamopenid";
|
---|
| 15 | private const string steamLoginUrl = "loginsteam";
|
---|
[404] | 16 | private const string steamLoginFailedPage = "SteamLoginFailed";
|
---|
| 17 |
|
---|
[402] | 18 | private const string userPassLoginUrl = "login";
|
---|
[391] | 19 |
|
---|
| 20 | private readonly ConnectionHandler connectionHandler;
|
---|
| 21 |
|
---|
[394] | 22 | public SessionHandler (ConnectionHandler _connectionHandler) : base (null) {
|
---|
[391] | 23 | connectionHandler = _connectionHandler;
|
---|
| 24 | }
|
---|
| 25 |
|
---|
| 26 | public override void HandleRequest (RequestContext _context) {
|
---|
[394] | 27 | if (_context.Request.RemoteEndPoint == null) {
|
---|
| 28 | _context.Response.Redirect (pageErrorPath + "NoRemoteEndpoint");
|
---|
[391] | 29 | return;
|
---|
| 30 | }
|
---|
| 31 |
|
---|
| 32 | string subpath = _context.RequestPath.Remove (0, urlBasePath.Length);
|
---|
| 33 |
|
---|
[404] | 34 | string remoteEndpointString = _context.Request.RemoteEndPoint!.ToString ();
|
---|
| 35 |
|
---|
[391] | 36 | if (subpath.StartsWith (steamOpenIdVerifyUrl)) {
|
---|
[404] | 37 | HandleSteamVerification (_context, remoteEndpointString);
|
---|
[394] | 38 | return;
|
---|
| 39 | }
|
---|
[391] | 40 |
|
---|
[394] | 41 | if (subpath.StartsWith ("logout")) {
|
---|
| 42 | HandleLogout (_context);
|
---|
| 43 | return;
|
---|
| 44 | }
|
---|
[391] | 45 |
|
---|
[394] | 46 | if (subpath.StartsWith (steamLoginUrl)) {
|
---|
| 47 | HandleSteamLogin (_context);
|
---|
| 48 | return;
|
---|
| 49 | }
|
---|
[404] | 50 |
|
---|
[402] | 51 | if (subpath.StartsWith (userPassLoginUrl)) {
|
---|
[404] | 52 | HandleUserPassLogin (_context, remoteEndpointString);
|
---|
[402] | 53 | return;
|
---|
| 54 | }
|
---|
[391] | 55 |
|
---|
[394] | 56 | _context.Response.Redirect (pageErrorPath + "InvalidSessionsCommand");
|
---|
| 57 | }
|
---|
| 58 |
|
---|
[404] | 59 | private void HandleUserPassLogin (RequestContext _context, string _remoteEndpointString) {
|
---|
[402] | 60 | if (!_context.Request.HasEntityBody) {
|
---|
| 61 | _context.Response.Redirect (pageErrorPath + "NoLoginData");
|
---|
| 62 | return;
|
---|
| 63 | }
|
---|
| 64 |
|
---|
| 65 | Stream requestInputStream = _context.Request.InputStream;
|
---|
| 66 |
|
---|
| 67 | byte[] jsonInputData = new byte[_context.Request.ContentLength64];
|
---|
| 68 | requestInputStream.Read (jsonInputData, 0, (int)_context.Request.ContentLength64);
|
---|
| 69 |
|
---|
| 70 | IDictionary<string, object> inputJson;
|
---|
| 71 | try {
|
---|
| 72 | inputJson = JsonSerializer.Deserialize<IDictionary<string, object>> (jsonInputData);
|
---|
| 73 | } catch (Exception e) {
|
---|
| 74 | Log.Error ("Error deserializing JSON from user/password login:");
|
---|
| 75 | Log.Exception (e);
|
---|
| 76 | _context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
|
---|
| 77 | return;
|
---|
| 78 | }
|
---|
| 79 |
|
---|
| 80 | if (!inputJson.TryGetValue ("username", out object fieldNode) || fieldNode is not string username) {
|
---|
| 81 | _context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
|
---|
| 82 | return;
|
---|
| 83 | }
|
---|
| 84 |
|
---|
| 85 | if (!inputJson.TryGetValue ("password", out fieldNode) || fieldNode is not string password) {
|
---|
| 86 | _context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
|
---|
| 87 | return;
|
---|
| 88 | }
|
---|
| 89 |
|
---|
[404] | 90 | AdminWebUsers.WebUser? webUser = AdminWebUsers.Instance.GetUser (username, password);
|
---|
[402] | 91 |
|
---|
[404] | 92 | if (!webUser.HasValue) {
|
---|
| 93 | Log.Out ($"[Web] User/pass login failed from {_remoteEndpointString}");
|
---|
[402] | 94 | _context.Response.Redirect (pageErrorPath + "UserPassInvalid");
|
---|
| 95 | return;
|
---|
| 96 | }
|
---|
| 97 |
|
---|
[404] | 98 | HandleUserIdLogin (_context, _remoteEndpointString, "user/pass", "UserPassLoginFailed", webUser.Value.Name, webUser.Value.PlatformUser, webUser.Value.CrossPlatformUser);
|
---|
[402] | 99 | }
|
---|
| 100 |
|
---|
[394] | 101 | private void HandleSteamLogin (RequestContext _context) {
|
---|
[402] | 102 | string host = $"{(WebUtils.IsSslRedirected (_context.Request) ? "https://" : "http://")}{_context.Request.UserHostName}";
|
---|
| 103 | string url = OpenID.GetOpenIdLoginUrl (host, $"{host}{urlBasePath}{steamOpenIdVerifyUrl}");
|
---|
[394] | 104 | _context.Response.Redirect (url);
|
---|
| 105 | }
|
---|
| 106 |
|
---|
| 107 | private void HandleLogout (RequestContext _context) {
|
---|
| 108 | Cookie cookie = new Cookie ("sid", "", "/") {
|
---|
| 109 | Expired = true
|
---|
| 110 | };
|
---|
| 111 | _context.Response.AppendCookie (cookie);
|
---|
| 112 |
|
---|
| 113 | if (_context.Connection == null) {
|
---|
| 114 | _context.Response.Redirect (pageErrorPath + "NotLoggedIn");
|
---|
| 115 | return;
|
---|
| 116 | }
|
---|
| 117 |
|
---|
| 118 | connectionHandler.LogOut (_context.Connection.SessionID);
|
---|
| 119 | _context.Response.Redirect (pageBasePath);
|
---|
| 120 | }
|
---|
| 121 |
|
---|
[404] | 122 | private void HandleSteamVerification (RequestContext _context, string _remoteEndpointString) {
|
---|
| 123 | ulong id;
|
---|
| 124 | try {
|
---|
| 125 | id = OpenID.Validate (_context.Request);
|
---|
| 126 | } catch (Exception e) {
|
---|
| 127 | Log.Error ($"[Web] Error validating Steam login from {_remoteEndpointString}:");
|
---|
| 128 | Log.Exception (e);
|
---|
| 129 | _context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
|
---|
| 130 | return;
|
---|
| 131 | }
|
---|
[394] | 132 |
|
---|
[404] | 133 | if (id <= 0) {
|
---|
| 134 | Log.Out ($"[Web] Steam OpenID login failed (invalid ID) from {_remoteEndpointString}");
|
---|
| 135 | _context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
|
---|
| 136 | return;
|
---|
| 137 | }
|
---|
| 138 |
|
---|
| 139 | UserIdentifierSteam userId = new UserIdentifierSteam (id);
|
---|
| 140 | HandleUserIdLogin (_context, _remoteEndpointString, "Steam OpenID", steamLoginFailedPage, userId.ToString (), userId);
|
---|
| 141 | }
|
---|
| 142 |
|
---|
| 143 | private void HandleUserIdLogin (RequestContext _context, string _remoteEndpointString, string _loginName, string _errorPage, string _username,
|
---|
| 144 | PlatformUserIdentifierAbs _userId, PlatformUserIdentifierAbs _crossUserId = null) {
|
---|
[394] | 145 | try {
|
---|
[404] | 146 | WebConnection con = connectionHandler.LogIn (_context.Request.RemoteEndPoint!.Address, _username, _userId, _crossUserId);
|
---|
[394] | 147 |
|
---|
[404] | 148 | int level1 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_userId);
|
---|
| 149 | int level2 = int.MaxValue;
|
---|
| 150 | if (_crossUserId != null) {
|
---|
| 151 | level2 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_crossUserId);
|
---|
| 152 | }
|
---|
[394] | 153 |
|
---|
[404] | 154 | int higherLevel = Math.Min (level1, level2);
|
---|
| 155 |
|
---|
| 156 | Log.Out ($"[Web] {_loginName} login from {_remoteEndpointString}, name {_username} with ID {_userId}, CID {(_crossUserId != null ? _crossUserId : "none")}, permission level {higherLevel}");
|
---|
| 157 | Cookie cookie = new Cookie ("sid", con.SessionID, "/") {
|
---|
| 158 | Expired = false,
|
---|
| 159 | Expires = DateTime.MinValue,
|
---|
| 160 | HttpOnly = true,
|
---|
| 161 | Secure = false
|
---|
| 162 | };
|
---|
| 163 | _context.Response.AppendCookie (cookie);
|
---|
| 164 | _context.Response.Redirect (pageBasePath);
|
---|
[394] | 165 | } catch (Exception e) {
|
---|
[404] | 166 | Log.Error ($"[Web] Error during {_loginName} login:");
|
---|
[394] | 167 | Log.Exception (e);
|
---|
[404] | 168 | _context.Response.Redirect (pageErrorPath + _errorPage);
|
---|
[391] | 169 | }
|
---|
[394] | 170 | }
|
---|
[391] | 171 | }
|
---|
| 172 | }
|
---|