source: binary-improvements2/WebServer/src/UrlHandlers/SessionHandler.cs@ 406

Last change on this file since 406 was 404, checked in by alloc, 22 months ago

Latest state including reworking to the permissions system

File size: 5.9 KB
Line 
1using System;
2using System.Collections.Generic;
3using System.IO;
4using System.Net;
5using Platform.Steam;
6using Utf8Json;
7using Webserver.Permissions;
8
9namespace Webserver.UrlHandlers {
10 public class SessionHandler : AbsHandler {
11 private const string pageBasePath = "/app";
12 private const string pageErrorPath = "/app/error/";
13
14 private const string steamOpenIdVerifyUrl = "verifysteamopenid";
15 private const string steamLoginUrl = "loginsteam";
16 private const string steamLoginFailedPage = "SteamLoginFailed";
17
18 private const string userPassLoginUrl = "login";
19
20 private readonly ConnectionHandler connectionHandler;
21
22 public SessionHandler (ConnectionHandler _connectionHandler) : base (null) {
23 connectionHandler = _connectionHandler;
24 }
25
26 public override void HandleRequest (RequestContext _context) {
27 if (_context.Request.RemoteEndPoint == null) {
28 _context.Response.Redirect (pageErrorPath + "NoRemoteEndpoint");
29 return;
30 }
31
32 string subpath = _context.RequestPath.Remove (0, urlBasePath.Length);
33
34 string remoteEndpointString = _context.Request.RemoteEndPoint!.ToString ();
35
36 if (subpath.StartsWith (steamOpenIdVerifyUrl)) {
37 HandleSteamVerification (_context, remoteEndpointString);
38 return;
39 }
40
41 if (subpath.StartsWith ("logout")) {
42 HandleLogout (_context);
43 return;
44 }
45
46 if (subpath.StartsWith (steamLoginUrl)) {
47 HandleSteamLogin (_context);
48 return;
49 }
50
51 if (subpath.StartsWith (userPassLoginUrl)) {
52 HandleUserPassLogin (_context, remoteEndpointString);
53 return;
54 }
55
56 _context.Response.Redirect (pageErrorPath + "InvalidSessionsCommand");
57 }
58
59 private void HandleUserPassLogin (RequestContext _context, string _remoteEndpointString) {
60 if (!_context.Request.HasEntityBody) {
61 _context.Response.Redirect (pageErrorPath + "NoLoginData");
62 return;
63 }
64
65 Stream requestInputStream = _context.Request.InputStream;
66
67 byte[] jsonInputData = new byte[_context.Request.ContentLength64];
68 requestInputStream.Read (jsonInputData, 0, (int)_context.Request.ContentLength64);
69
70 IDictionary<string, object> inputJson;
71 try {
72 inputJson = JsonSerializer.Deserialize<IDictionary<string, object>> (jsonInputData);
73 } catch (Exception e) {
74 Log.Error ("Error deserializing JSON from user/password login:");
75 Log.Exception (e);
76 _context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
77 return;
78 }
79
80 if (!inputJson.TryGetValue ("username", out object fieldNode) || fieldNode is not string username) {
81 _context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
82 return;
83 }
84
85 if (!inputJson.TryGetValue ("password", out fieldNode) || fieldNode is not string password) {
86 _context.Response.Redirect (pageErrorPath + "InvalidLoginJson");
87 return;
88 }
89
90 AdminWebUsers.WebUser? webUser = AdminWebUsers.Instance.GetUser (username, password);
91
92 if (!webUser.HasValue) {
93 Log.Out ($"[Web] User/pass login failed from {_remoteEndpointString}");
94 _context.Response.Redirect (pageErrorPath + "UserPassInvalid");
95 return;
96 }
97
98 HandleUserIdLogin (_context, _remoteEndpointString, "user/pass", "UserPassLoginFailed", webUser.Value.Name, webUser.Value.PlatformUser, webUser.Value.CrossPlatformUser);
99 }
100
101 private void HandleSteamLogin (RequestContext _context) {
102 string host = $"{(WebUtils.IsSslRedirected (_context.Request) ? "https://" : "http://")}{_context.Request.UserHostName}";
103 string url = OpenID.GetOpenIdLoginUrl (host, $"{host}{urlBasePath}{steamOpenIdVerifyUrl}");
104 _context.Response.Redirect (url);
105 }
106
107 private void HandleLogout (RequestContext _context) {
108 Cookie cookie = new Cookie ("sid", "", "/") {
109 Expired = true
110 };
111 _context.Response.AppendCookie (cookie);
112
113 if (_context.Connection == null) {
114 _context.Response.Redirect (pageErrorPath + "NotLoggedIn");
115 return;
116 }
117
118 connectionHandler.LogOut (_context.Connection.SessionID);
119 _context.Response.Redirect (pageBasePath);
120 }
121
122 private void HandleSteamVerification (RequestContext _context, string _remoteEndpointString) {
123 ulong id;
124 try {
125 id = OpenID.Validate (_context.Request);
126 } catch (Exception e) {
127 Log.Error ($"[Web] Error validating Steam login from {_remoteEndpointString}:");
128 Log.Exception (e);
129 _context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
130 return;
131 }
132
133 if (id <= 0) {
134 Log.Out ($"[Web] Steam OpenID login failed (invalid ID) from {_remoteEndpointString}");
135 _context.Response.Redirect (pageErrorPath + steamLoginFailedPage);
136 return;
137 }
138
139 UserIdentifierSteam userId = new UserIdentifierSteam (id);
140 HandleUserIdLogin (_context, _remoteEndpointString, "Steam OpenID", steamLoginFailedPage, userId.ToString (), userId);
141 }
142
143 private void HandleUserIdLogin (RequestContext _context, string _remoteEndpointString, string _loginName, string _errorPage, string _username,
144 PlatformUserIdentifierAbs _userId, PlatformUserIdentifierAbs _crossUserId = null) {
145 try {
146 WebConnection con = connectionHandler.LogIn (_context.Request.RemoteEndPoint!.Address, _username, _userId, _crossUserId);
147
148 int level1 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_userId);
149 int level2 = int.MaxValue;
150 if (_crossUserId != null) {
151 level2 = GameManager.Instance.adminTools.Users.GetUserPermissionLevel (_crossUserId);
152 }
153
154 int higherLevel = Math.Min (level1, level2);
155
156 Log.Out ($"[Web] {_loginName} login from {_remoteEndpointString}, name {_username} with ID {_userId}, CID {(_crossUserId != null ? _crossUserId : "none")}, permission level {higherLevel}");
157 Cookie cookie = new Cookie ("sid", con.SessionID, "/") {
158 Expired = false,
159 Expires = DateTime.MinValue,
160 HttpOnly = true,
161 Secure = false
162 };
163 _context.Response.AppendCookie (cookie);
164 _context.Response.Redirect (pageBasePath);
165 } catch (Exception e) {
166 Log.Error ($"[Web] Error during {_loginName} login:");
167 Log.Exception (e);
168 _context.Response.Redirect (pageErrorPath + _errorPage);
169 }
170 }
171 }
172}
Note: See TracBrowser for help on using the repository browser.