![(please configure the [header_logo] section in trac.ini)](/chrome/site/your_project_logo.png){kind=logo}
Changeset 453 for TFP-WebServer/WebServer/src/UrlHandlers/SessionHandler.cs
- Timestamp:
- Jul 28, 2023, 8:11:39 PM (16 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
TFP-WebServer/WebServer/src/UrlHandlers/SessionHandler.cs
r433 r453 9 9 namespace Webserver.UrlHandlers { 10 10 public class SessionHandler : AbsHandler { 11 11 12 private const string pageBasePath = "/app"; 12 13 private const string pageErrorPath = "/app/error/"; … … 14 15 private const string steamOpenIdVerifyUrl = "verifysteamopenid"; 15 16 private const string steamLoginUrl = "loginsteam"; 17 private const string steamLoginName = "Steam OpenID"; 16 18 private const string steamLoginFailedPage = "SteamLoginFailed"; 17 19 18 20 private const string userPassLoginUrl = "login"; 19 21 public const string userPassLoginName = "User/pass"; 20 p ublicconst string userPassErrorPage = "UserPassLoginFailed";22 private const string userPassErrorPage = "UserPassLoginFailed"; 21 23 22 private readonly ConnectionHandler connectionHandler; 23 24 public SessionHandler (ConnectionHandler _connectionHandler) : base (null) { 25 connectionHandler = _connectionHandler; 24 public SessionHandler () : base (null) { 26 25 } 27 28 26 public override void HandleRequest (RequestContext _context) { 29 27 if (_context.Request.RemoteEndPoint == null) { 30 _context.Response.Redirect (pageErrorPath + "NoRemoteEndpoint");28 WebUtils.WriteText (_context.Response, "NoRemoteEndpoint", HttpStatusCode.BadRequest); 31 29 return; 32 30 } … … 37 35 38 36 if (subpath.StartsWith (steamOpenIdVerifyUrl)) { 39 HandleSteamVerification (_context, remoteEndpointString); 37 if (HandleSteamVerification (parent.ConnectionHandler, _context, remoteEndpointString)) { 38 _context.Response.Redirect (pageBasePath); 39 } else { 40 _context.Response.Redirect (pageErrorPath + steamLoginFailedPage); 41 } 40 42 return; 41 43 } 42 44 43 45 if (subpath.StartsWith ("logout")) { 44 HandleLogout ( _context);46 HandleLogout (parent.ConnectionHandler, _context, pageBasePath); 45 47 return; 46 48 } 47 49 48 50 if (subpath.StartsWith (steamLoginUrl)) { 49 HandleSteamLogin (_context );51 HandleSteamLogin (_context, $"{urlBasePath}{steamOpenIdVerifyUrl}"); 50 52 return; 51 53 } 52 54 53 55 if (subpath.StartsWith (userPassLoginUrl)) { 54 HandleUserPassLogin ( _context, remoteEndpointString);56 HandleUserPassLogin (parent.ConnectionHandler, _context, remoteEndpointString); 55 57 return; 56 58 } 57 59 58 _context.Response.Redirect (pageErrorPath + "InvalidSessionsCommand");60 WebUtils.WriteText (_context.Response, "InvalidSessionsCommand", HttpStatusCode.BadRequest); 59 61 } 60 62 61 p rivate void HandleUserPassLogin (RequestContext _context, string _remoteEndpointString) {63 public static bool HandleUserPassLogin (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString) { 62 64 if (!_context.Request.HasEntityBody) { 63 65 WebUtils.WriteText (_context.Response, "NoLoginData", HttpStatusCode.BadRequest); 64 return ;66 return false; 65 67 } 66 68 … … 77 79 Log.Exception (e); 78 80 WebUtils.WriteText (_context.Response, "InvalidLoginJson", HttpStatusCode.BadRequest); 79 return ;81 return false; 80 82 } 81 83 82 84 if (!inputJson.TryGetValue ("username", out object fieldNode) || fieldNode is not string username) { 83 85 WebUtils.WriteText (_context.Response, "InvalidLoginJson", HttpStatusCode.BadRequest); 84 return ;86 return false; 85 87 } 86 88 87 89 if (!inputJson.TryGetValue ("password", out fieldNode) || fieldNode is not string password) { 88 90 WebUtils.WriteText (_context.Response, "InvalidLoginJson", HttpStatusCode.BadRequest); 89 return ;91 return false; 90 92 } 91 93 92 94 if (!AdminWebUsers.Instance.TryGetUser (username, password, out AdminWebUsers.WebUser webUser)) { 95 WebUtils.WriteText (_context.Response, "UserPassInvalid", HttpStatusCode.Unauthorized); 93 96 Log.Out ($"[Web] User/pass login failed from {_remoteEndpointString}"); 94 WebUtils.WriteText (_context.Response, "UserPassInvalid", HttpStatusCode.Unauthorized); 95 return; 97 return false; 96 98 } 97 99 98 HandleUserIdLogin (connectionHandler, _context, _remoteEndpointString, userPassLoginName, userPassErrorPage, webUser.Name, webUser.PlatformUser, webUser.CrossPlatformUser); 100 var loginResult = HandleUserIdLogin (_connectionHandler, _context, _remoteEndpointString, userPassLoginName, webUser.Name, webUser.PlatformUser, webUser.CrossPlatformUser); 101 if (loginResult) { 102 WebUtils.WriteText (_context.Response, ""); 103 } else { 104 WebUtils.WriteText (_context.Response, "LoginError", HttpStatusCode.InternalServerError); 105 } 106 107 return loginResult; 99 108 } 100 109 101 p rivate void HandleSteamLogin (RequestContext _context) {110 public static void HandleSteamLogin (RequestContext _context, string _verificationCallbackUrl) { 102 111 string host = $"{(WebUtils.IsSslRedirected (_context.Request) ? "https://" : "http://")}{_context.Request.UserHostName}"; 103 string url = OpenID.GetOpenIdLoginUrl (host, $"{host}{ urlBasePath}{steamOpenIdVerifyUrl}");112 string url = OpenID.GetOpenIdLoginUrl (host, $"{host}{_verificationCallbackUrl}"); 104 113 _context.Response.Redirect (url); 105 114 } 106 115 107 p rivate void HandleLogout (RequestContext _context) {116 public static bool HandleLogout (ConnectionHandler _connectionHandler, RequestContext _context, string _pageBase) { 108 117 Cookie cookie = new Cookie ("sid", "", "/") { 109 118 Expired = true … … 112 121 113 122 if (_context.Connection == null) { 114 _context.Response.Redirect ( pageErrorPath + "NotLoggedIn");115 return ;123 _context.Response.Redirect (_pageBase); 124 return false; 116 125 } 117 126 118 connectionHandler.LogOut (_context.Connection.SessionID); 119 _context.Response.Redirect (pageBasePath); 127 _connectionHandler.LogOut (_context.Connection.SessionID); 128 _context.Response.Redirect (_pageBase); 129 return true; 120 130 } 121 131 122 p rivate void HandleSteamVerification (RequestContext _context, string _remoteEndpointString) {132 public static bool HandleSteamVerification (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString) { 123 133 ulong id; 124 134 try { … … 127 137 Log.Error ($"[Web] Error validating Steam login from {_remoteEndpointString}:"); 128 138 Log.Exception (e); 129 _context.Response.Redirect (pageErrorPath + steamLoginFailedPage); 130 return; 139 return false; 131 140 } 132 141 133 142 if (id <= 0) { 134 143 Log.Out ($"[Web] Steam OpenID login failed (invalid ID) from {_remoteEndpointString}"); 135 _context.Response.Redirect (pageErrorPath + steamLoginFailedPage); 136 return; 144 return false; 137 145 } 138 146 139 147 UserIdentifierSteam userId = new UserIdentifierSteam (id); 140 HandleUserIdLogin (connectionHandler, _context, _remoteEndpointString, "Steam OpenID", steamLoginFailedPage, userId.ToString (), userId);148 return HandleUserIdLogin (_connectionHandler, _context, _remoteEndpointString, steamLoginName, userId.ToString (), userId); 141 149 } 142 150 143 public static voidHandleUserIdLogin (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString,144 string _loginName, string _ errorPage, string _username, PlatformUserIdentifierAbs _userId, PlatformUserIdentifierAbs _crossUserId = null, bool _sendResponse = true) {151 public static bool HandleUserIdLogin (ConnectionHandler _connectionHandler, RequestContext _context, string _remoteEndpointString, 152 string _loginName, string _username, PlatformUserIdentifierAbs _userId, PlatformUserIdentifierAbs _crossUserId = null) { 145 153 try { 146 154 WebConnection con = _connectionHandler.LogIn (_context.Request.RemoteEndPoint!.Address, _username, _userId, _crossUserId); … … 154 162 int higherLevel = Math.Min (level1, level2); 155 163 156 Log.Out ($"[Web] {_loginName} login from {_remoteEndpointString}, name {_username} with ID {_userId}, CID {(_crossUserId != null ? _crossUserId : "none")}, permission level {higherLevel}");164 Log.Out ($"[Web] {_loginName} login from {_remoteEndpointString}, name {_username} with ID {_userId}, CID {(_crossUserId != null ? _crossUserId.ToString () : "none")}, permission level {higherLevel}"); 157 165 Cookie cookie = new Cookie ("sid", con.SessionID, "/") { 158 166 Expired = false, … … 163 171 _context.Response.AppendCookie (cookie); 164 172 165 if (_sendResponse) { 166 WebUtils.WriteText (_context.Response, ""); 167 } 173 return true; 168 174 } catch (Exception e) { 169 175 Log.Error ($"[Web] Error during {_loginName} login:"); 170 176 Log.Exception (e); 171 if (_sendResponse) {172 WebUtils.WriteText (_context.Response, "LoginError", HttpStatusCode.InternalServerError);173 }174 177 } 178 179 return false; 175 180 } 181 176 182 } 177 183 }
Note:
See TracChangeset
for help on using the changeset viewer.
