Context Navigation

source: binary-improvements2/WebServer/src/UrlHandlers/SessionHandler.cs@ 421

Last change on this file since 421 was 417, checked in by alloc, 21 months ago
RegisterUser no longer uses a redirect on successful user creation (part 2)
File size: 6.2 KB

Rev	Line
[391]	1	using System;
[402]	2	using System.Collections.Generic;
	3	using System.IO;
[391]	4	using System.Net;
[402]	5	using Platform.Steam;
	6	using Utf8Json;
[404]	7	using Webserver.Permissions;
[391]	8
	9	namespace Webserver.UrlHandlers {
	10	public class SessionHandler : AbsHandler {
[394]	11	private const string pageBasePath = "/app";
	12	private const string pageErrorPath = "/app/error/";
[404]	13
[391]	14	private const string steamOpenIdVerifyUrl = "verifysteamopenid";
	15	private const string steamLoginUrl = "loginsteam";
[404]	16	private const string steamLoginFailedPage = "SteamLoginFailed";
	17
[402]	18	private const string userPassLoginUrl = "login";
[417]	19	public const string userPassLoginName = "User/pass";
[411]	20	public const string userPassErrorPage = "UserPassLoginFailed";
[391]	21
	22	private readonly ConnectionHandler connectionHandler;
	23
[394]	24	public SessionHandler (ConnectionHandler _connectionHandler) : base (null) {
[391]	25	connectionHandler = _connectionHandler;
	26	}
	27
	28	public override void HandleRequest (RequestContext _context) {
[394]	29	if (_context.Request.RemoteEndPoint == null) {
	30	_context.Response.Redirect (pageErrorPath + "NoRemoteEndpoint");
[391]	31	return;
	32	}
	33
	34	string subpath = _context.RequestPath.Remove (0, urlBasePath.Length);
	35
[404]	36	string remoteEndpointString = _context.Request.RemoteEndPoint!.ToString ();
	37
[391]	38	if (subpath.StartsWith (steamOpenIdVerifyUrl)) {
[404]	39	HandleSteamVerification (_context, remoteEndpointString);
[394]	40	return;
	41	}
[391]	42
[394]	43	if (subpath.StartsWith ("logout")) {
	44	HandleLogout (_context);
	45	return;
	46	}
[391]	47
[394]	48	if (subpath.StartsWith (steamLoginUrl)) {
	49	HandleSteamLogin (_context);
	50	return;
	51	}
[404]	52
[402]	53	if (subpath.StartsWith (userPassLoginUrl)) {
[404]	54	HandleUserPassLogin (_context, remoteEndpointString);
[402]	55	return;
	56	}
[391]	57
[394]	58	_context.Response.Redirect (pageErrorPath + "InvalidSessionsCommand");
	59	}
	60
[404]	61	private void HandleUserPassLogin (RequestContext _context, string _remoteEndpointString) {
[402]	62	if (!_context.Request.HasEntityBody) {
	63	_context.Response.Redirect (pageErrorPath + "NoLoginData");
	64	return;
	65	}
	66
	67	Stream requestInputStream = _context.Request.InputStream;
	68
	69	byte[] jsonInputData = new byte[_context.Request.ContentLength64];
	70	requestInputStream.Read (jsonInputData, 0, (int)_context.Request.ContentLength64);
	71
	72	IDictionary<string, object> inputJson;
	73	try {
	74	inputJson = JsonSerializer.Deserialize<IDictionary<string, object>> (jsonInputData);
	75	} catch (Exception e) {
	76	Log.Error ("Error deserializing JSON from user/password login:");
	77	Log.Exception (e);
	78	_context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
	79	return;
	80	}
	81
	82	if (!inputJson.TryGetValue ("username", out object fieldNode) \|\| fieldNode is not string username) {
	83	_context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
	84	return;
	85	}
	86
	87	if (!inputJson.TryGetValue ("password", out fieldNode) \|\| fieldNode is not string password) {
	88	_context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
	89	return;
	90	}
	91
[404]	92	AdminWebUsers.WebUser? webUser = AdminWebUsers.Instance.GetUser (username, password);
[402]	93
[404]	94	if (!webUser.HasValue) {
	95	Log.Out ($"[Web] User/pass login failed from {_remoteEndpointString}");
[402]	96	_context.Response.Redirect (pageErrorPath + "UserPassInvalid");
	97	return;
	98	}
	99
[411]	100	HandleUserIdLogin (connectionHandler, _context, _remoteEndpointString, userPassLoginName, userPassErrorPage, webUser.Value.Name, webUser.Value.PlatformUser, webUser.Value.CrossPlatformUser);
[402]	101	}
	102
[394]	103	private void HandleSteamLogin (RequestContext _context) {
[402]	104	string host = $"{(WebUtils.IsSslRedirected (_context.Request) ? "https://" : "http://")}{_context.Request.UserHostName}";
	105	string url = OpenID.GetOpenIdLoginUrl (host, $"{host}{urlBasePath}{steamOpenIdVerifyUrl}");
[394]	106	_context.Response.Redirect (url);
	107	}
	108
	109	private void HandleLogout (RequestContext _context) {
	110	Cookie cookie = new Cookie ("sid", "", "/") {
	111	Expired = true
	112	};
	113	_context.Response.AppendCookie (cookie);
	114
	115	if (_context.Connection == null) {
	116	_context.Response.Redirect (pageErrorPath + "NotLoggedIn");
	117	return;
	118	}
	119
	120	connectionHandler.LogOut (_context.Connection.SessionID);
	121	_context.Response.Redirect (pageBasePath);
	122	}
	123
[404]	124	private void HandleSteamVerification (RequestContext _context, string _remoteEndpointString) {
	125	ulong id;
	126	try {
	127	id = OpenID.Validate (_context.Request);
	128	} catch (Exception e) {
	129	Log.Error ($"[Web] Error validating Steam login from {_remoteEndpointString}:");
	130	Log.Exception (e);
	131	_context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
	132	return;
	133	}
[394]	134
[404]	135	if (id <= 0) {
	136	Log.Out ($"[Web] Steam OpenID login failed (invalid ID) from {_remoteEndpointString}");
	137	_context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
	138	return;
	139	}
	140
	141	UserIdentifierSteam userId = new UserIdentifierSteam (id);
[411]	142	HandleUserIdLogin (connectionHandler, _context, _remoteEndpointString, "Steam OpenID", steamLoginFailedPage, userId.ToString (), userId);
[404]	143	}
	144
[411]	145	public static void HandleUserIdLogin (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString,
[417]	146	string _loginName, string _errorPage, string _username, PlatformUserIdentifierAbs _userId, PlatformUserIdentifierAbs _crossUserId = null, bool _redirect = true) {
[394]	147	try {
[411]	148	WebConnection con = _connectionHandler.LogIn (_context.Request.RemoteEndPoint!.Address, _username, _userId, _crossUserId);
[394]	149
[404]	150	int level1 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_userId);
	151	int level2 = int.MaxValue;
	152	if (_crossUserId != null) {
	153	level2 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_crossUserId);
	154	}
[394]	155
[404]	156	int higherLevel = Math.Min (level1, level2);
	157
	158	Log.Out ($"[Web] {_loginName} login from {_remoteEndpointString}, name {_username} with ID {_userId}, CID {(_crossUserId != null ? _crossUserId : "none")}, permission level {higherLevel}");
	159	Cookie cookie = new Cookie ("sid", con.SessionID, "/") {
	160	Expired = false,
	161	Expires = DateTime.MinValue,
	162	HttpOnly = true,
	163	Secure = false
	164	};
	165	_context.Response.AppendCookie (cookie);
[417]	166
	167	if (_redirect) {
	168	_context.Response.Redirect (pageBasePath);
	169	}
[394]	170	} catch (Exception e) {
[404]	171	Log.Error ($"[Web] Error during {_loginName} login:");
[394]	172	Log.Exception (e);
[417]	173	if (_redirect) {
	174	_context.Response.Redirect (pageErrorPath + _errorPage);
	175	}
[391]	176	}
[394]	177	}
[391]	178	}
	179	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: