source: binary-improvements2/WebServer/src/UrlHandlers/SessionHandler.cs@ 408

Last change on this file since 408 was 404, checked in by alloc, 21 months ago

Latest state including reworking to the permissions system

File size: 5.9 KB
RevLine 
[391]1using System;
[402]2using System.Collections.Generic;
3using System.IO;
[391]4using System.Net;
[402]5using Platform.Steam;
6using Utf8Json;
[404]7using Webserver.Permissions;
[391]8
9namespace Webserver.UrlHandlers {
10 public class SessionHandler : AbsHandler {
[394]11 private const string pageBasePath = "/app";
12 private const string pageErrorPath = "/app/error/";
[404]13
[391]14 private const string steamOpenIdVerifyUrl = "verifysteamopenid";
15 private const string steamLoginUrl = "loginsteam";
[404]16 private const string steamLoginFailedPage = "SteamLoginFailed";
17
[402]18 private const string userPassLoginUrl = "login";
[391]19
20 private readonly ConnectionHandler connectionHandler;
21
[394]22 public SessionHandler (ConnectionHandler _connectionHandler) : base (null) {
[391]23 connectionHandler = _connectionHandler;
24 }
25
26 public override void HandleRequest (RequestContext _context) {
[394]27 if (_context.Request.RemoteEndPoint == null) {
28 _context.Response.Redirect (pageErrorPath + "NoRemoteEndpoint");
[391]29 return;
30 }
31
32 string subpath = _context.RequestPath.Remove (0, urlBasePath.Length);
33
[404]34 string remoteEndpointString = _context.Request.RemoteEndPoint!.ToString ();
35
[391]36 if (subpath.StartsWith (steamOpenIdVerifyUrl)) {
[404]37 HandleSteamVerification (_context, remoteEndpointString);
[394]38 return;
39 }
[391]40
[394]41 if (subpath.StartsWith ("logout")) {
42 HandleLogout (_context);
43 return;
44 }
[391]45
[394]46 if (subpath.StartsWith (steamLoginUrl)) {
47 HandleSteamLogin (_context);
48 return;
49 }
[404]50
[402]51 if (subpath.StartsWith (userPassLoginUrl)) {
[404]52 HandleUserPassLogin (_context, remoteEndpointString);
[402]53 return;
54 }
[391]55
[394]56 _context.Response.Redirect (pageErrorPath + "InvalidSessionsCommand");
57 }
58
[404]59 private void HandleUserPassLogin (RequestContext _context, string _remoteEndpointString) {
[402]60 if (!_context.Request.HasEntityBody) {
61 _context.Response.Redirect (pageErrorPath + "NoLoginData");
62 return;
63 }
64
65 Stream requestInputStream = _context.Request.InputStream;
66
67 byte[] jsonInputData = new byte[_context.Request.ContentLength64];
68 requestInputStream.Read (jsonInputData, 0, (int)_context.Request.ContentLength64);
69
70 IDictionary<string, object> inputJson;
71 try {
72 inputJson = JsonSerializer.Deserialize<IDictionary<string, object>> (jsonInputData);
73 } catch (Exception e) {
74 Log.Error ("Error deserializing JSON from user/password login:");
75 Log.Exception (e);
76 _context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
77 return;
78 }
79
80 if (!inputJson.TryGetValue ("username", out object fieldNode) || fieldNode is not string username) {
81 _context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
82 return;
83 }
84
85 if (!inputJson.TryGetValue ("password", out fieldNode) || fieldNode is not string password) {
86 _context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
87 return;
88 }
89
[404]90 AdminWebUsers.WebUser? webUser = AdminWebUsers.Instance.GetUser (username, password);
[402]91
[404]92 if (!webUser.HasValue) {
93 Log.Out ($"[Web] User/pass login failed from {_remoteEndpointString}");
[402]94 _context.Response.Redirect (pageErrorPath + "UserPassInvalid");
95 return;
96 }
97
[404]98 HandleUserIdLogin (_context, _remoteEndpointString, "user/pass", "UserPassLoginFailed", webUser.Value.Name, webUser.Value.PlatformUser, webUser.Value.CrossPlatformUser);
[402]99 }
100
[394]101 private void HandleSteamLogin (RequestContext _context) {
[402]102 string host = $"{(WebUtils.IsSslRedirected (_context.Request) ? "https://" : "http://")}{_context.Request.UserHostName}";
103 string url = OpenID.GetOpenIdLoginUrl (host, $"{host}{urlBasePath}{steamOpenIdVerifyUrl}");
[394]104 _context.Response.Redirect (url);
105 }
106
107 private void HandleLogout (RequestContext _context) {
108 Cookie cookie = new Cookie ("sid", "", "/") {
109 Expired = true
110 };
111 _context.Response.AppendCookie (cookie);
112
113 if (_context.Connection == null) {
114 _context.Response.Redirect (pageErrorPath + "NotLoggedIn");
115 return;
116 }
117
118 connectionHandler.LogOut (_context.Connection.SessionID);
119 _context.Response.Redirect (pageBasePath);
120 }
121
[404]122 private void HandleSteamVerification (RequestContext _context, string _remoteEndpointString) {
123 ulong id;
124 try {
125 id = OpenID.Validate (_context.Request);
126 } catch (Exception e) {
127 Log.Error ($"[Web] Error validating Steam login from {_remoteEndpointString}:");
128 Log.Exception (e);
129 _context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
130 return;
131 }
[394]132
[404]133 if (id <= 0) {
134 Log.Out ($"[Web] Steam OpenID login failed (invalid ID) from {_remoteEndpointString}");
135 _context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
136 return;
137 }
138
139 UserIdentifierSteam userId = new UserIdentifierSteam (id);
140 HandleUserIdLogin (_context, _remoteEndpointString, "Steam OpenID", steamLoginFailedPage, userId.ToString (), userId);
141 }
142
143 private void HandleUserIdLogin (RequestContext _context, string _remoteEndpointString, string _loginName, string _errorPage, string _username,
144 PlatformUserIdentifierAbs _userId, PlatformUserIdentifierAbs _crossUserId = null) {
[394]145 try {
[404]146 WebConnection con = connectionHandler.LogIn (_context.Request.RemoteEndPoint!.Address, _username, _userId, _crossUserId);
[394]147
[404]148 int level1 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_userId);
149 int level2 = int.MaxValue;
150 if (_crossUserId != null) {
151 level2 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_crossUserId);
152 }
[394]153
[404]154 int higherLevel = Math.Min (level1, level2);
155
156 Log.Out ($"[Web] {_loginName} login from {_remoteEndpointString}, name {_username} with ID {_userId}, CID {(_crossUserId != null ? _crossUserId : "none")}, permission level {higherLevel}");
157 Cookie cookie = new Cookie ("sid", con.SessionID, "/") {
158 Expired = false,
159 Expires = DateTime.MinValue,
160 HttpOnly = true,
161 Secure = false
162 };
163 _context.Response.AppendCookie (cookie);
164 _context.Response.Redirect (pageBasePath);
[394]165 } catch (Exception e) {
[404]166 Log.Error ($"[Web] Error during {_loginName} login:");
[394]167 Log.Exception (e);
[404]168 _context.Response.Redirect (pageErrorPath + _errorPage);
[391]169 }
[394]170 }
[391]171 }
172}
Note: See TracBrowser for help on using the repository browser.