1 | using System;
|
---|
2 | using System.Collections.Generic;
|
---|
3 | using System.Net;
|
---|
4 | using System.Text;
|
---|
5 | using System.Text.RegularExpressions;
|
---|
6 | using JetBrains.Annotations;
|
---|
7 | using Utf8Json;
|
---|
8 | using Webserver.Permissions;
|
---|
9 | using Webserver.UrlHandlers;
|
---|
10 |
|
---|
11 | namespace Webserver.WebAPI.APIs {
|
---|
12 | [UsedImplicitly]
|
---|
13 | public class RegisterUser : AbsRestApi {
|
---|
14 | private static readonly byte[] jsonPlayerNameKey = JsonWriter.GetEncodedPropertyNameWithBeginObject ("playerName");
|
---|
15 | private static readonly byte[] jsonExpirationKey = JsonWriter.GetEncodedPropertyNameWithPrefixValueSeparator ("expirationSeconds");
|
---|
16 |
|
---|
17 | // TODO: Rate-limiting
|
---|
18 |
|
---|
19 | private static readonly Regex userValidationRegex = new Regex ("^\\w{4,16}$", RegexOptions.ECMAScript | RegexOptions.Compiled);
|
---|
20 | private static readonly Regex passValidationRegex = new Regex ("^\\w{4,16}$", RegexOptions.ECMAScript | RegexOptions.Compiled);
|
---|
21 |
|
---|
22 | public RegisterUser (Web _parentWeb) : base (_parentWeb) {
|
---|
23 | }
|
---|
24 |
|
---|
25 | protected override void HandleRestGet (RequestContext _context) {
|
---|
26 | string token = _context.RequestPath;
|
---|
27 |
|
---|
28 | if (string.IsNullOrEmpty (token)) {
|
---|
29 | SendErrorResult (_context, HttpStatusCode.BadRequest, null, "NO_TOKEN");
|
---|
30 | return;
|
---|
31 | }
|
---|
32 |
|
---|
33 | if (!UserRegistrationTokens.TryValidate (token, out UserRegistrationTokens.RegistrationData regData)) {
|
---|
34 | SendErrorResult (_context, HttpStatusCode.NotFound, null, "INVALID_OR_EXPIRED_TOKEN");
|
---|
35 | return;
|
---|
36 | }
|
---|
37 |
|
---|
38 | PrepareEnvelopedResult (out JsonWriter writer);
|
---|
39 |
|
---|
40 | writer.WriteRaw (jsonPlayerNameKey);
|
---|
41 | writer.WriteString (regData.PlayerName);
|
---|
42 |
|
---|
43 | writer.WriteRaw (jsonExpirationKey);
|
---|
44 | writer.WriteDouble ((regData.ExpiryTime - DateTime.Now).TotalSeconds);
|
---|
45 |
|
---|
46 | writer.WriteEndObject ();
|
---|
47 |
|
---|
48 | SendEnvelopedResult (_context, ref writer);
|
---|
49 | }
|
---|
50 |
|
---|
51 | protected override void HandleRestPost (RequestContext _context, IDictionary<string, object> _jsonInput, byte[] _jsonInputData) {
|
---|
52 | if (!TryGetJsonField (_jsonInput, "token", out string token)) {
|
---|
53 | SendErrorResult (_context, HttpStatusCode.BadRequest, _jsonInputData, "MISSING_TOKEN");
|
---|
54 | return;
|
---|
55 | }
|
---|
56 |
|
---|
57 | if (!TryGetJsonField (_jsonInput, "username", out string username)) {
|
---|
58 | SendErrorResult (_context, HttpStatusCode.BadRequest, _jsonInputData, "MISSING_USERNAME");
|
---|
59 | return;
|
---|
60 | }
|
---|
61 |
|
---|
62 | if (!TryGetJsonField (_jsonInput, "password", out string password)) {
|
---|
63 | SendErrorResult (_context, HttpStatusCode.BadRequest, _jsonInputData, "MISSING_PASSWORD");
|
---|
64 | return;
|
---|
65 | }
|
---|
66 |
|
---|
67 | if (!UserRegistrationTokens.TryValidate (token, out UserRegistrationTokens.RegistrationData regData)) {
|
---|
68 | SendErrorResult (_context, HttpStatusCode.Unauthorized, null, "INVALID_OR_EXPIRED_TOKEN");
|
---|
69 | return;
|
---|
70 | }
|
---|
71 |
|
---|
72 | if (!userValidationRegex.IsMatch (username)) {
|
---|
73 | SendErrorResult (_context, HttpStatusCode.Unauthorized, _jsonInputData, "INVALID_USERNAME");
|
---|
74 | return;
|
---|
75 | }
|
---|
76 |
|
---|
77 | if (!passValidationRegex.IsMatch (password)) {
|
---|
78 | SendErrorResult (_context, HttpStatusCode.Unauthorized, _jsonInputData, "INVALID_PASSWORD");
|
---|
79 | return;
|
---|
80 | }
|
---|
81 |
|
---|
82 | // TODO: Check if username is already used!
|
---|
83 |
|
---|
84 | AdminWebUsers.Instance.AddUser (username, password, regData.PlatformUserId, regData.CrossPlatformUserId);
|
---|
85 |
|
---|
86 | string remoteEndpointString = _context.Request.RemoteEndPoint!.ToString ();
|
---|
87 | SessionHandler.HandleUserIdLogin (ParentWeb.ConnectionHandler, _context, remoteEndpointString, SessionHandler.userPassLoginName,
|
---|
88 | SessionHandler.userPassErrorPage, username, regData.PlatformUserId, regData.CrossPlatformUserId, false);
|
---|
89 |
|
---|
90 | _context.Response.StatusCode = (int)HttpStatusCode.Created;
|
---|
91 | _context.Response.ContentType = WebUtils.MimePlain;
|
---|
92 | _context.Response.ContentEncoding = Encoding.UTF8;
|
---|
93 | _context.Response.ContentLength64 = 0;
|
---|
94 | // _context.Response.OutputStream.Write (jsonData.Array!, 0, jsonData.Count);
|
---|
95 | }
|
---|
96 |
|
---|
97 | public override int DefaultPermissionLevel () => 2000;
|
---|
98 | }
|
---|
99 | }
|
---|