[391] | 1 | using System;
|
---|
[402] | 2 | using System.Collections.Generic;
|
---|
| 3 | using System.IO;
|
---|
[391] | 4 | using System.Net;
|
---|
[402] | 5 | using Platform.Steam;
|
---|
| 6 | using Utf8Json;
|
---|
[404] | 7 | using Webserver.Permissions;
|
---|
[391] | 8 |
|
---|
| 9 | namespace Webserver.UrlHandlers {
|
---|
| 10 | public class SessionHandler : AbsHandler {
|
---|
[394] | 11 | private const string pageBasePath = "/app";
|
---|
| 12 | private const string pageErrorPath = "/app/error/";
|
---|
[404] | 13 |
|
---|
[391] | 14 | private const string steamOpenIdVerifyUrl = "verifysteamopenid";
|
---|
| 15 | private const string steamLoginUrl = "loginsteam";
|
---|
[404] | 16 | private const string steamLoginFailedPage = "SteamLoginFailed";
|
---|
| 17 |
|
---|
[402] | 18 | private const string userPassLoginUrl = "login";
|
---|
[411] | 19 | public const string userPassLoginName = "user/pass";
|
---|
| 20 | public const string userPassErrorPage = "UserPassLoginFailed";
|
---|
[391] | 21 |
|
---|
| 22 | private readonly ConnectionHandler connectionHandler;
|
---|
| 23 |
|
---|
[394] | 24 | public SessionHandler (ConnectionHandler _connectionHandler) : base (null) {
|
---|
[391] | 25 | connectionHandler = _connectionHandler;
|
---|
| 26 | }
|
---|
| 27 |
|
---|
| 28 | public override void HandleRequest (RequestContext _context) {
|
---|
[394] | 29 | if (_context.Request.RemoteEndPoint == null) {
|
---|
| 30 | _context.Response.Redirect (pageErrorPath + "NoRemoteEndpoint");
|
---|
[391] | 31 | return;
|
---|
| 32 | }
|
---|
| 33 |
|
---|
| 34 | string subpath = _context.RequestPath.Remove (0, urlBasePath.Length);
|
---|
| 35 |
|
---|
[404] | 36 | string remoteEndpointString = _context.Request.RemoteEndPoint!.ToString ();
|
---|
| 37 |
|
---|
[391] | 38 | if (subpath.StartsWith (steamOpenIdVerifyUrl)) {
|
---|
[404] | 39 | HandleSteamVerification (_context, remoteEndpointString);
|
---|
[394] | 40 | return;
|
---|
| 41 | }
|
---|
[391] | 42 |
|
---|
[394] | 43 | if (subpath.StartsWith ("logout")) {
|
---|
| 44 | HandleLogout (_context);
|
---|
| 45 | return;
|
---|
| 46 | }
|
---|
[391] | 47 |
|
---|
[394] | 48 | if (subpath.StartsWith (steamLoginUrl)) {
|
---|
| 49 | HandleSteamLogin (_context);
|
---|
| 50 | return;
|
---|
| 51 | }
|
---|
[404] | 52 |
|
---|
[402] | 53 | if (subpath.StartsWith (userPassLoginUrl)) {
|
---|
[404] | 54 | HandleUserPassLogin (_context, remoteEndpointString);
|
---|
[402] | 55 | return;
|
---|
| 56 | }
|
---|
[391] | 57 |
|
---|
[394] | 58 | _context.Response.Redirect (pageErrorPath + "InvalidSessionsCommand");
|
---|
| 59 | }
|
---|
| 60 |
|
---|
[404] | 61 | private void HandleUserPassLogin (RequestContext _context, string _remoteEndpointString) {
|
---|
[402] | 62 | if (!_context.Request.HasEntityBody) {
|
---|
| 63 | _context.Response.Redirect (pageErrorPath + "NoLoginData");
|
---|
| 64 | return;
|
---|
| 65 | }
|
---|
| 66 |
|
---|
| 67 | Stream requestInputStream = _context.Request.InputStream;
|
---|
| 68 |
|
---|
| 69 | byte[] jsonInputData = new byte[_context.Request.ContentLength64];
|
---|
| 70 | requestInputStream.Read (jsonInputData, 0, (int)_context.Request.ContentLength64);
|
---|
| 71 |
|
---|
| 72 | IDictionary<string, object> inputJson;
|
---|
| 73 | try {
|
---|
| 74 | inputJson = JsonSerializer.Deserialize<IDictionary<string, object>> (jsonInputData);
|
---|
| 75 | } catch (Exception e) {
|
---|
| 76 | Log.Error ("Error deserializing JSON from user/password login:");
|
---|
| 77 | Log.Exception (e);
|
---|
| 78 | _context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
|
---|
| 79 | return;
|
---|
| 80 | }
|
---|
| 81 |
|
---|
| 82 | if (!inputJson.TryGetValue ("username", out object fieldNode) || fieldNode is not string username) {
|
---|
| 83 | _context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
|
---|
| 84 | return;
|
---|
| 85 | }
|
---|
| 86 |
|
---|
| 87 | if (!inputJson.TryGetValue ("password", out fieldNode) || fieldNode is not string password) {
|
---|
| 88 | _context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
|
---|
| 89 | return;
|
---|
| 90 | }
|
---|
| 91 |
|
---|
[404] | 92 | AdminWebUsers.WebUser? webUser = AdminWebUsers.Instance.GetUser (username, password);
|
---|
[402] | 93 |
|
---|
[404] | 94 | if (!webUser.HasValue) {
|
---|
| 95 | Log.Out ($"[Web] User/pass login failed from {_remoteEndpointString}");
|
---|
[402] | 96 | _context.Response.Redirect (pageErrorPath + "UserPassInvalid");
|
---|
| 97 | return;
|
---|
| 98 | }
|
---|
| 99 |
|
---|
[411] | 100 | HandleUserIdLogin (connectionHandler, _context, _remoteEndpointString, userPassLoginName, userPassErrorPage, webUser.Value.Name, webUser.Value.PlatformUser, webUser.Value.CrossPlatformUser);
|
---|
[402] | 101 | }
|
---|
| 102 |
|
---|
[394] | 103 | private void HandleSteamLogin (RequestContext _context) {
|
---|
[402] | 104 | string host = $"{(WebUtils.IsSslRedirected (_context.Request) ? "https://" : "http://")}{_context.Request.UserHostName}";
|
---|
| 105 | string url = OpenID.GetOpenIdLoginUrl (host, $"{host}{urlBasePath}{steamOpenIdVerifyUrl}");
|
---|
[394] | 106 | _context.Response.Redirect (url);
|
---|
| 107 | }
|
---|
| 108 |
|
---|
| 109 | private void HandleLogout (RequestContext _context) {
|
---|
| 110 | Cookie cookie = new Cookie ("sid", "", "/") {
|
---|
| 111 | Expired = true
|
---|
| 112 | };
|
---|
| 113 | _context.Response.AppendCookie (cookie);
|
---|
| 114 |
|
---|
| 115 | if (_context.Connection == null) {
|
---|
| 116 | _context.Response.Redirect (pageErrorPath + "NotLoggedIn");
|
---|
| 117 | return;
|
---|
| 118 | }
|
---|
| 119 |
|
---|
| 120 | connectionHandler.LogOut (_context.Connection.SessionID);
|
---|
| 121 | _context.Response.Redirect (pageBasePath);
|
---|
| 122 | }
|
---|
| 123 |
|
---|
[404] | 124 | private void HandleSteamVerification (RequestContext _context, string _remoteEndpointString) {
|
---|
| 125 | ulong id;
|
---|
| 126 | try {
|
---|
| 127 | id = OpenID.Validate (_context.Request);
|
---|
| 128 | } catch (Exception e) {
|
---|
| 129 | Log.Error ($"[Web] Error validating Steam login from {_remoteEndpointString}:");
|
---|
| 130 | Log.Exception (e);
|
---|
| 131 | _context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
|
---|
| 132 | return;
|
---|
| 133 | }
|
---|
[394] | 134 |
|
---|
[404] | 135 | if (id <= 0) {
|
---|
| 136 | Log.Out ($"[Web] Steam OpenID login failed (invalid ID) from {_remoteEndpointString}");
|
---|
| 137 | _context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
|
---|
| 138 | return;
|
---|
| 139 | }
|
---|
| 140 |
|
---|
| 141 | UserIdentifierSteam userId = new UserIdentifierSteam (id);
|
---|
[411] | 142 | HandleUserIdLogin (connectionHandler, _context, _remoteEndpointString, "Steam OpenID", steamLoginFailedPage, userId.ToString (), userId);
|
---|
[404] | 143 | }
|
---|
| 144 |
|
---|
[411] | 145 | public static void HandleUserIdLogin (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString,
|
---|
| 146 | string _loginName, string _errorPage, string _username, PlatformUserIdentifierAbs _userId, PlatformUserIdentifierAbs _crossUserId = null) {
|
---|
[394] | 147 | try {
|
---|
[411] | 148 | WebConnection con = _connectionHandler.LogIn (_context.Request.RemoteEndPoint!.Address, _username, _userId, _crossUserId);
|
---|
[394] | 149 |
|
---|
[404] | 150 | int level1 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_userId);
|
---|
| 151 | int level2 = int.MaxValue;
|
---|
| 152 | if (_crossUserId != null) {
|
---|
| 153 | level2 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_crossUserId);
|
---|
| 154 | }
|
---|
[394] | 155 |
|
---|
[404] | 156 | int higherLevel = Math.Min (level1, level2);
|
---|
| 157 |
|
---|
| 158 | Log.Out ($"[Web] {_loginName} login from {_remoteEndpointString}, name {_username} with ID {_userId}, CID {(_crossUserId != null ? _crossUserId : "none")}, permission level {higherLevel}");
|
---|
| 159 | Cookie cookie = new Cookie ("sid", con.SessionID, "/") {
|
---|
| 160 | Expired = false,
|
---|
| 161 | Expires = DateTime.MinValue,
|
---|
| 162 | HttpOnly = true,
|
---|
| 163 | Secure = false
|
---|
| 164 | };
|
---|
| 165 | _context.Response.AppendCookie (cookie);
|
---|
| 166 | _context.Response.Redirect (pageBasePath);
|
---|
[394] | 167 | } catch (Exception e) {
|
---|
[404] | 168 | Log.Error ($"[Web] Error during {_loginName} login:");
|
---|
[394] | 169 | Log.Exception (e);
|
---|
[404] | 170 | _context.Response.Redirect (pageErrorPath + _errorPage);
|
---|
[391] | 171 | }
|
---|
[394] | 172 | }
|
---|
[391] | 173 | }
|
---|
| 174 | }
|
---|