private static IHttpResponse SignIn(IHttpHeaders query) { if (query.TryGetByName("UserName", out string userName) && query.TryGetByName("Password", out string password)) { var rows = DBHolderSQL.GetRange("Account", null, 0, 1, true, false, false, false, ("UserName", userName), ("Password", password)).Rows; if (rows.Count == 1) { return(new HttpResponse(HttpResponseCode.Ok, CreateToken(int.Parse(rows[0]["ID"].ToString()), userName, password), true)); } else if (rows.Count > 1) { DBHolderSQL.Log($"[КОНФЛИКТ] Конфликт аккаунтов {userName}.", $"Попытка входа при наличии более одного аккаунта с одинаковым именем пользователя ({userName}).\n" + $"Измените имя пользователя для одного из аккаунтов."); return(new HttpResponse(HttpResponseCode.InternalServerError, "Ошибка! Найдено более 1 аккаунта. Обратитесь к администратору.", false)); } else { DBHolderSQL.Log($"[НЕВЕРНЫЙ ВВОД] Ошибка авторизации пользователя {userName}.", $"Пользователь ввел неверные данные. Осторожно! Это может означать попытку взлома \"Грубой силой\"(BruteForce)"); return(new HttpResponse(HttpResponseCode.Forbidden, "Ошибка! Пользователь с таким именем пользователя и паролем не найден.", false)); } } else { return(new HttpResponse(HttpResponseCode.Forbidden, "Укажите 'UserName' и 'Password'!", false)); } }
static HttpResponse GetStudyResultsProcessor(IHttpHeaders query, Account account) { if (account.Approved) { if (account.AccountType == AccountType.Student) { var range = DBHolderSQL.GetRange(nameof(StatementResult), null, -1, -1, true, false, false, false, (nameof(StatementResult.StudentID), account.ID)); range.Columns.Add(nameof(StatementResult.SubjectName_STUDENT_MODE)); foreach (DataRow current in range.Rows) { current[nameof(StatementResult.SubjectName_STUDENT_MODE)] = DBHolderSQL.GetByID(nameof(Subject), (int)(long)current[nameof(StatementResult.SubjectID)])[nameof(Subject.SubjectName)]; } return(new HttpResponse(HttpResponseCode.Ok, JsonConvert.SerializeObject(range, new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore }), true)); } else { return(new HttpResponse(HttpResponseCode.BadRequest, "Увы, это доступно только для студентов.", false)); } } else { return(new HttpResponse(HttpResponseCode.Forbidden, "Аккаунт не подтвержден!", false)); } }
public Task Handle(IHttpContext context, Func <Task> next) { var request = context.Request; if (request.Method == HttpMethods.Post) { if (request.Post.Parsed.TryGetByName("token", out string tokenString)) { var validationResult = AuthorizationHandler.VerifyToken(tokenString, false); if (validationResult.valid) { if ((DateTime.Now.Subtract(validationResult.account.LastAction ?? new DateTime()).TotalSeconds) > Account.OnlineTimeoutSeconds - 1) { validationResult.account.LastAction = DateTime.Now; DBHolderSQL.Save(nameof(Account), (nameof(Account.ID), validationResult.account.ID), (nameof(Account.LastAction), validationResult.account.LastAction)); } if (request.Post.Parsed.TryGetByName("action", out string action)) { context.Response = Actions[action]?.Invoke(request.Post.Parsed, validationResult.account); } else { context.Response = new HttpResponse(HttpResponseCode.MethodNotAllowed, "Эм.. что от меня требуется???", false); } } else { DBHolderSQL.Log($"[ОШИБКА ДОСТУПА] Пользователь с поврежденным или подделанным токеном пытался войти в систему. Экземпляр токена предоставлен в описании.", $"{tokenString}"); context.Response = new HttpResponse(HttpResponseCode.Forbidden, "Доступ запрещен! Ошибка разбора токена!", false); } } else { context.Response = new HttpResponse(HttpResponseCode.Forbidden, "Доступ запрещен! Нужен токен!", false); } } else { context.Response = new HttpResponse(HttpResponseCode.MethodNotAllowed, "Метод недоступен!", false); } return(Task.Factory.GetCompleted()); }
public static (bool valid, object account) VerifyToken(string tokenString, bool deSerializeAccount, bool wipePassword) { var data = GetToken(tokenString); if (data.id == -1 || string.IsNullOrWhiteSpace(data.userName)) { return(false, null); } DataTable table = DBHolderSQL.GetRange("Account", null, 0, 1, true, false, false, false, ("ID", data.id), ("UserName", data.userName == "_default_" ? string.Empty : data.userName), ("Password", data.password == "_default_" ? string.Empty : data.password)); if (table.Rows.Count == 1) { if (wipePassword) { table.Rows[0]["Password"] = null; } return(true, deSerializeAccount ? (object)new Account { ID = (int)(long)table.Rows[0]["ID"], AccountType = (AccountType)(int)(long)table.Rows[0]["AccountType"], Approved = ((long)table.Rows[0]["Approved"] == 1), LastAction = table.Rows[0]["LastAction"] == DBNull.Value ? null : (DateTime?)table.Rows[0]["LastAction"], Password = table.Rows[0]["Password"] == DBNull.Value ? null : (string)table.Rows[0]["Password"], } : JsonConvert.SerializeObject(table, new JsonSerializerSettings() { NullValueHandling = NullValueHandling.Ignore })); } else if (table.Rows.Count > 1) { return(false, null); } else { return(false, null); } }
private static IHttpResponse SignUp(IHttpHeaders query) { if (query.TryGetByName("UserName", out string userName) && query.TryGetByName("Password", out string password) && query.TryGetByName("AccountType", out byte accountType) && query.TryGetByName("BirthDate", out string birthDateString) && DateTime.TryParseExact(birthDateString, Core.CommonVariables.DateFormatString, CultureInfo.InvariantCulture, DateTimeStyles.None, out DateTime birthDate) && query.TryGetByName("FullName", out string fullName)) { var validationResult = Account.Validate(userName, password, birthDate, fullName); if (validationResult == AccountValidationResult.OK) { var rows = DBHolderSQL.GetRange("Account", null, 0, 1, true, false, false, false, ("UserName", userName)).Rows; if (rows.Count == 0) { query.TryGetByName("ProfileImage", out byte[] profileImage); return(new HttpResponse(HttpResponseCode.Ok, CreateToken(DBHolderSQL.Save("Account", ("UserName", userName), ("Password", password), ("AccountType", accountType), ("BirthDate", birthDate), ("ProfileImage", profileImage), ("FullName", fullName), ("Approved", false), ("IsLocal", true), ("ID", -1)), userName, password), true)); } else { return(new HttpResponse(HttpResponseCode.BadRequest, "Ошибка! Регистрация невозможна, т.к. пользователь с этим именем пользователя уже зарегистирован в системе!", false)); } } else { return(new HttpResponse(HttpResponseCode.BadRequest, ErrorMessages[validationResult], false)); } } return(null); }
public static void Main() { foreach (var current in Enum.GetValues(typeof(ConsoleColor))) { PrintLogo((ConsoleColor)current); Thread.Sleep(50); Console.CursorLeft = Console.CursorTop = 0; } PrintLogo(ConsoleColor.Green); Console.WriteLine("Welcome to InCollege.Server! Don't hesitate, open http://localhost/ to see what we got!"); Console.WriteLine("Made by [CYBOR] = Muhametshin R.A."); Console.WriteLine($"Initializing SQLite DB(thanks Frank A. Krueger and other 53 team members for sqlite-net engine) in \n{CommonVariables.DBLocation}...\n"); bool createAdmin = !File.Exists(CommonVariables.DBLocation); DBHolderSQL.Init(CommonVariables.DBLocation); if (createAdmin) { DBHolderSQL.Save(nameof(Account), new Account { FullName = "Администратор", UserName = "******", AccountType = AccountType.Admin, Approved = true }.Columns.ToArray()); } Console.WriteLine($"Initializing uHttpSharp server engine(thanks Elad Zelingher and other 6 team members for uHttpSharp engine)..."); InCollegeServer.Start(); while (true) { Thread.Sleep(1000); } }