source: binary-improvements2/WebServer/src/WebAPI/APIs/RegisterUser.cs@ 418

Last change on this file since 418 was 416, checked in by alloc, 21 months ago

RegisterUser no longer uses a redirect on successful user creation
File size: 3.7 KB
Line 
1using System;
2using System.Collections.Generic;
3using System.Net;
4using System.Text;
5using System.Text.RegularExpressions;
6using JetBrains.Annotations;
7using Utf8Json;
8using Webserver.Permissions;
9using Webserver.UrlHandlers;
10
11namespace Webserver.WebAPI.APIs {
12 [UsedImplicitly]
13 public class RegisterUser : AbsRestApi {
14 private static readonly byte[] jsonPlayerNameKey = JsonWriter.GetEncodedPropertyNameWithBeginObject ("playerName");
15 private static readonly byte[] jsonExpirationKey = JsonWriter.GetEncodedPropertyNameWithPrefixValueSeparator ("expirationSeconds");
16
17 // TODO: Rate-limiting
18
19 private static readonly Regex userValidationRegex = new Regex ("^\\w{4,16}$", RegexOptions.ECMAScript | RegexOptions.Compiled);
20 private static readonly Regex passValidationRegex = new Regex ("^\\w{4,16}$", RegexOptions.ECMAScript | RegexOptions.Compiled);
21
22 public RegisterUser (Web _parentWeb) : base (_parentWeb) {
23 }
24
25 protected override void HandleRestGet (RequestContext _context) {
26 string token = _context.RequestPath;
27
28 if (string.IsNullOrEmpty (token)) {
29 SendErrorResult (_context, HttpStatusCode.BadRequest, null, "NO_TOKEN");
30 return;
31 }
32
33 if (!UserRegistrationTokens.TryValidate (token, out UserRegistrationTokens.RegistrationData regData)) {
34 SendErrorResult (_context, HttpStatusCode.NotFound, null, "INVALID_OR_EXPIRED_TOKEN");
35 return;
36 }
37
38 PrepareEnvelopedResult (out JsonWriter writer);
39
40 writer.WriteRaw (jsonPlayerNameKey);
41 writer.WriteString (regData.PlayerName);
42
43 writer.WriteRaw (jsonExpirationKey);
44 writer.WriteDouble ((regData.ExpiryTime - DateTime.Now).TotalSeconds);
45
46 writer.WriteEndObject ();
47
48 SendEnvelopedResult (_context, ref writer);
49 }
50
51 protected override void HandleRestPost (RequestContext _context, IDictionary<string, object> _jsonInput, byte[] _jsonInputData) {
52 if (!TryGetJsonField (_jsonInput, "token", out string token)) {
53 SendErrorResult (_context, HttpStatusCode.BadRequest, _jsonInputData, "MISSING_TOKEN");
54 return;
55 }
56
57 if (!TryGetJsonField (_jsonInput, "username", out string username)) {
58 SendErrorResult (_context, HttpStatusCode.BadRequest, _jsonInputData, "MISSING_USERNAME");
59 return;
60 }
61
62 if (!TryGetJsonField (_jsonInput, "password", out string password)) {
63 SendErrorResult (_context, HttpStatusCode.BadRequest, _jsonInputData, "MISSING_PASSWORD");
64 return;
65 }
66
67 if (!UserRegistrationTokens.TryValidate (token, out UserRegistrationTokens.RegistrationData regData)) {
68 SendErrorResult (_context, HttpStatusCode.Unauthorized, null, "INVALID_OR_EXPIRED_TOKEN");
69 return;
70 }
71
72 if (!userValidationRegex.IsMatch (username)) {
73 SendErrorResult (_context, HttpStatusCode.Unauthorized, _jsonInputData, "INVALID_USERNAME");
74 return;
75 }
76
77 if (!passValidationRegex.IsMatch (password)) {
78 SendErrorResult (_context, HttpStatusCode.Unauthorized, _jsonInputData, "INVALID_PASSWORD");
79 return;
80 }
81
82 // TODO: Check if username is already used!
83
84 AdminWebUsers.Instance.AddUser (username, password, regData.PlatformUserId, regData.CrossPlatformUserId);
85
86 string remoteEndpointString = _context.Request.RemoteEndPoint!.ToString ();
87 SessionHandler.HandleUserIdLogin (ParentWeb.ConnectionHandler, _context, remoteEndpointString, SessionHandler.userPassLoginName,
88 SessionHandler.userPassErrorPage, username, regData.PlatformUserId, regData.CrossPlatformUserId, false);
89
90 _context.Response.StatusCode = (int)HttpStatusCode.Created;
91 _context.Response.ContentType = WebUtils.MimePlain;
92 _context.Response.ContentEncoding = Encoding.UTF8;
93 _context.Response.ContentLength64 = 0;
94 // _context.Response.OutputStream.Write (jsonData.Array!, 0, jsonData.Count);
95 }
96
97 public override int DefaultPermissionLevel () => 2000;
98 }
99}
Note: See TracBrowser for help on using the repository browser.