[391] | 1 | using System;
|
---|
[402] | 2 | using System.Collections.Generic;
|
---|
| 3 | using System.IO;
|
---|
[391] | 4 | using System.Net;
|
---|
[402] | 5 | using Platform.Steam;
|
---|
| 6 | using Utf8Json;
|
---|
[404] | 7 | using Webserver.Permissions;
|
---|
[391] | 8 |
|
---|
| 9 | namespace Webserver.UrlHandlers {
|
---|
| 10 | public class SessionHandler : AbsHandler {
|
---|
[394] | 11 | private const string pageBasePath = "/app";
|
---|
| 12 | private const string pageErrorPath = "/app/error/";
|
---|
[404] | 13 |
|
---|
[391] | 14 | private const string steamOpenIdVerifyUrl = "verifysteamopenid";
|
---|
| 15 | private const string steamLoginUrl = "loginsteam";
|
---|
[404] | 16 | private const string steamLoginFailedPage = "SteamLoginFailed";
|
---|
| 17 |
|
---|
[402] | 18 | private const string userPassLoginUrl = "login";
|
---|
[417] | 19 | public const string userPassLoginName = "User/pass";
|
---|
[411] | 20 | public const string userPassErrorPage = "UserPassLoginFailed";
|
---|
[391] | 21 |
|
---|
| 22 | private readonly ConnectionHandler connectionHandler;
|
---|
| 23 |
|
---|
[394] | 24 | public SessionHandler (ConnectionHandler _connectionHandler) : base (null) {
|
---|
[391] | 25 | connectionHandler = _connectionHandler;
|
---|
| 26 | }
|
---|
| 27 |
|
---|
| 28 | public override void HandleRequest (RequestContext _context) {
|
---|
[394] | 29 | if (_context.Request.RemoteEndPoint == null) {
|
---|
| 30 | _context.Response.Redirect (pageErrorPath + "NoRemoteEndpoint");
|
---|
[391] | 31 | return;
|
---|
| 32 | }
|
---|
| 33 |
|
---|
| 34 | string subpath = _context.RequestPath.Remove (0, urlBasePath.Length);
|
---|
| 35 |
|
---|
[404] | 36 | string remoteEndpointString = _context.Request.RemoteEndPoint!.ToString ();
|
---|
| 37 |
|
---|
[391] | 38 | if (subpath.StartsWith (steamOpenIdVerifyUrl)) {
|
---|
[404] | 39 | HandleSteamVerification (_context, remoteEndpointString);
|
---|
[394] | 40 | return;
|
---|
| 41 | }
|
---|
[391] | 42 |
|
---|
[394] | 43 | if (subpath.StartsWith ("logout")) {
|
---|
| 44 | HandleLogout (_context);
|
---|
| 45 | return;
|
---|
| 46 | }
|
---|
[391] | 47 |
|
---|
[394] | 48 | if (subpath.StartsWith (steamLoginUrl)) {
|
---|
| 49 | HandleSteamLogin (_context);
|
---|
| 50 | return;
|
---|
| 51 | }
|
---|
[404] | 52 |
|
---|
[402] | 53 | if (subpath.StartsWith (userPassLoginUrl)) {
|
---|
[404] | 54 | HandleUserPassLogin (_context, remoteEndpointString);
|
---|
[402] | 55 | return;
|
---|
| 56 | }
|
---|
[391] | 57 |
|
---|
[394] | 58 | _context.Response.Redirect (pageErrorPath + "InvalidSessionsCommand");
|
---|
| 59 | }
|
---|
| 60 |
|
---|
[404] | 61 | private void HandleUserPassLogin (RequestContext _context, string _remoteEndpointString) {
|
---|
[402] | 62 | if (!_context.Request.HasEntityBody) {
|
---|
[422] | 63 | WebUtils.WriteText (_context.Response, "NoLoginData", HttpStatusCode.BadRequest);
|
---|
[402] | 64 | return;
|
---|
| 65 | }
|
---|
| 66 |
|
---|
| 67 | Stream requestInputStream = _context.Request.InputStream;
|
---|
| 68 |
|
---|
| 69 | byte[] jsonInputData = new byte[_context.Request.ContentLength64];
|
---|
| 70 | requestInputStream.Read (jsonInputData, 0, (int)_context.Request.ContentLength64);
|
---|
| 71 |
|
---|
| 72 | IDictionary<string, object> inputJson;
|
---|
| 73 | try {
|
---|
| 74 | inputJson = JsonSerializer.Deserialize<IDictionary<string, object>> (jsonInputData);
|
---|
| 75 | } catch (Exception e) {
|
---|
| 76 | Log.Error ("Error deserializing JSON from user/password login:");
|
---|
| 77 | Log.Exception (e);
|
---|
[422] | 78 | WebUtils.WriteText (_context.Response, "InvalidLoginJson", HttpStatusCode.BadRequest);
|
---|
[402] | 79 | return;
|
---|
| 80 | }
|
---|
| 81 |
|
---|
| 82 | if (!inputJson.TryGetValue ("username", out object fieldNode) || fieldNode is not string username) {
|
---|
[422] | 83 | WebUtils.WriteText (_context.Response, "InvalidLoginJson", HttpStatusCode.BadRequest);
|
---|
[402] | 84 | return;
|
---|
| 85 | }
|
---|
| 86 |
|
---|
| 87 | if (!inputJson.TryGetValue ("password", out fieldNode) || fieldNode is not string password) {
|
---|
[422] | 88 | WebUtils.WriteText (_context.Response, "InvalidLoginJson", HttpStatusCode.BadRequest);
|
---|
[402] | 89 | return;
|
---|
| 90 | }
|
---|
| 91 |
|
---|
[433] | 92 | if (!AdminWebUsers.Instance.TryGetUser (username, password, out AdminWebUsers.WebUser webUser)) {
|
---|
[404] | 93 | Log.Out ($"[Web] User/pass login failed from {_remoteEndpointString}");
|
---|
[422] | 94 | WebUtils.WriteText (_context.Response, "UserPassInvalid", HttpStatusCode.Unauthorized);
|
---|
[402] | 95 | return;
|
---|
| 96 | }
|
---|
| 97 |
|
---|
[433] | 98 | HandleUserIdLogin (connectionHandler, _context, _remoteEndpointString, userPassLoginName, userPassErrorPage, webUser.Name, webUser.PlatformUser, webUser.CrossPlatformUser);
|
---|
[402] | 99 | }
|
---|
| 100 |
|
---|
[394] | 101 | private void HandleSteamLogin (RequestContext _context) {
|
---|
[402] | 102 | string host = $"{(WebUtils.IsSslRedirected (_context.Request) ? "https://" : "http://")}{_context.Request.UserHostName}";
|
---|
| 103 | string url = OpenID.GetOpenIdLoginUrl (host, $"{host}{urlBasePath}{steamOpenIdVerifyUrl}");
|
---|
[394] | 104 | _context.Response.Redirect (url);
|
---|
| 105 | }
|
---|
| 106 |
|
---|
| 107 | private void HandleLogout (RequestContext _context) {
|
---|
| 108 | Cookie cookie = new Cookie ("sid", "", "/") {
|
---|
| 109 | Expired = true
|
---|
| 110 | };
|
---|
| 111 | _context.Response.AppendCookie (cookie);
|
---|
| 112 |
|
---|
| 113 | if (_context.Connection == null) {
|
---|
| 114 | _context.Response.Redirect (pageErrorPath + "NotLoggedIn");
|
---|
| 115 | return;
|
---|
| 116 | }
|
---|
| 117 |
|
---|
| 118 | connectionHandler.LogOut (_context.Connection.SessionID);
|
---|
| 119 | _context.Response.Redirect (pageBasePath);
|
---|
| 120 | }
|
---|
| 121 |
|
---|
[404] | 122 | private void HandleSteamVerification (RequestContext _context, string _remoteEndpointString) {
|
---|
| 123 | ulong id;
|
---|
| 124 | try {
|
---|
| 125 | id = OpenID.Validate (_context.Request);
|
---|
| 126 | } catch (Exception e) {
|
---|
| 127 | Log.Error ($"[Web] Error validating Steam login from {_remoteEndpointString}:");
|
---|
| 128 | Log.Exception (e);
|
---|
| 129 | _context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
|
---|
| 130 | return;
|
---|
| 131 | }
|
---|
[394] | 132 |
|
---|
[404] | 133 | if (id <= 0) {
|
---|
| 134 | Log.Out ($"[Web] Steam OpenID login failed (invalid ID) from {_remoteEndpointString}");
|
---|
| 135 | _context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
|
---|
| 136 | return;
|
---|
| 137 | }
|
---|
| 138 |
|
---|
| 139 | UserIdentifierSteam userId = new UserIdentifierSteam (id);
|
---|
[411] | 140 | HandleUserIdLogin (connectionHandler, _context, _remoteEndpointString, "Steam OpenID", steamLoginFailedPage, userId.ToString (), userId);
|
---|
[404] | 141 | }
|
---|
| 142 |
|
---|
[411] | 143 | public static void HandleUserIdLogin (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString,
|
---|
[422] | 144 | string _loginName, string _errorPage, string _username, PlatformUserIdentifierAbs _userId, PlatformUserIdentifierAbs _crossUserId = null, bool _sendResponse = true) {
|
---|
[394] | 145 | try {
|
---|
[411] | 146 | WebConnection con = _connectionHandler.LogIn (_context.Request.RemoteEndPoint!.Address, _username, _userId, _crossUserId);
|
---|
[394] | 147 |
|
---|
[404] | 148 | int level1 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_userId);
|
---|
| 149 | int level2 = int.MaxValue;
|
---|
| 150 | if (_crossUserId != null) {
|
---|
| 151 | level2 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_crossUserId);
|
---|
| 152 | }
|
---|
[394] | 153 |
|
---|
[404] | 154 | int higherLevel = Math.Min (level1, level2);
|
---|
| 155 |
|
---|
| 156 | Log.Out ($"[Web] {_loginName} login from {_remoteEndpointString}, name {_username} with ID {_userId}, CID {(_crossUserId != null ? _crossUserId : "none")}, permission level {higherLevel}");
|
---|
| 157 | Cookie cookie = new Cookie ("sid", con.SessionID, "/") {
|
---|
| 158 | Expired = false,
|
---|
| 159 | Expires = DateTime.MinValue,
|
---|
| 160 | HttpOnly = true,
|
---|
| 161 | Secure = false
|
---|
| 162 | };
|
---|
| 163 | _context.Response.AppendCookie (cookie);
|
---|
[417] | 164 |
|
---|
[422] | 165 | if (_sendResponse) {
|
---|
| 166 | WebUtils.WriteText (_context.Response, "");
|
---|
[417] | 167 | }
|
---|
[394] | 168 | } catch (Exception e) {
|
---|
[404] | 169 | Log.Error ($"[Web] Error during {_loginName} login:");
|
---|
[394] | 170 | Log.Exception (e);
|
---|
[422] | 171 | if (_sendResponse) {
|
---|
| 172 | WebUtils.WriteText (_context.Response, "LoginError", HttpStatusCode.InternalServerError);
|
---|
[417] | 173 | }
|
---|
[391] | 174 | }
|
---|
[394] | 175 | }
|
---|
[391] | 176 | }
|
---|
| 177 | }
|
---|