public static ValidateInfo FromTaggingRestrictions(Scaffold.User user, Scaffold.UserUploadHistory history) { return(new ValidateInfo { User = user, History = history, MaxCommandsAge = TimeSpan.FromDays(Configuration.Behavior.Tagging.MaxDaysSinceCommandUpload), MaxIncomingsAge = TimeSpan.FromDays(Configuration.Behavior.Tagging.MaxDaysSinceIncomingsUpload), MaxReportsAge = TimeSpan.FromDays(Configuration.Behavior.Tagging.MaxDaysSinceReportUpload), MaxTroopsAge = TimeSpan.FromDays(Configuration.Behavior.Tagging.MaxDaysSinceTroopUpload) }); }
public IActionResult CreateAccessGroup(String systemToken, [FromBody] AccessGroupRequest groupRequest) { var token = Guid.Parse(systemToken); var user = context.User.Where(u => u.AuthToken == token).FirstOrDefault(); if (user == null || user.PermissionsLevel < (short)PermissionLevel.System) { return(NotFound()); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } if (groupRequest.FirstPlayerId == null && groupRequest.FirstPlayerName == null) { return(BadRequest("Need to define at least either firstPlayerId or firstPlayerName")); } var escapedName = groupRequest.FirstPlayerName?.UrlEncode(); var playerId = groupRequest.FirstPlayerId ?? context.Player.FromWorld(CurrentWorldId).Where(p => p.PlayerName == escapedName).First().PlayerId; var newGroup = new Scaffold.AccessGroup(); newGroup.WorldId = CurrentWorldId; context.Add(newGroup); context.SaveChanges(); var newUser = new Scaffold.User(); newUser.TransactionTime = DateTime.UtcNow; newUser.AccessGroupId = newGroup.Id; newUser.AuthToken = Guid.NewGuid(); newUser.PlayerId = playerId; newUser.PermissionsLevel = groupRequest.PermissionsLevel; newUser.Enabled = true; newUser.IsReadOnly = false; newUser.WorldId = CurrentWorldId; context.Add(newUser); context.SaveChanges(); return(Ok(new { AuthToken = newUser.AuthToken, Script = $"javascript:window.vaultToken='{newUser.AuthToken}';$.getScript('https://v.tylercamp.me/script/main.js')" })); }
public static JSON.User ModelToJson(Scaffold.User user, String playerName = null, String tribeName = null) { var result = new JSON.User(); result.PlayerId = user.PlayerId; result.IsAdmin = user.PermissionsLevel >= (short)Security.PermissionLevel.Admin; result.PlayerName = playerName; result.TribeName = tribeName; if (user.PermissionsLevel < (short)Security.PermissionLevel.System) { result.Key = user.AuthToken.ToString(); } return(result); }
public async Task <IActionResult> MakeVaultKey([FromBody] JSON.VaultKeyRequest keyRequest) { if (!CurrentUserIsAdmin) { var authRecord = MakeFailedAuthRecord("User is not admin"); context.Add(authRecord); await context.SaveChangesAsync(); return(Unauthorized()); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } Scaffold.Player player; if (keyRequest.PlayerId.HasValue) { long playerId = keyRequest.PlayerId.Value; var possiblePlayer = await( from p in CurrentSets.Player where p.PlayerId == playerId select p ).FirstOrDefaultAsync(); if (possiblePlayer == null) { return(BadRequest(new { error = Translate("ADMIN_PLAYER_NOT_FOUND_ID") })); } player = possiblePlayer; } else if (keyRequest.PlayerName != null) { var formattedPlayerName = keyRequest.PlayerName.UrlEncode(); var possiblePlayer = await( from p in CurrentSets.Player where p.PlayerName == formattedPlayerName select p ).FirstOrDefaultAsync(); if (possiblePlayer == null) { return(BadRequest(new { error = Translate("ADMIN_PLAYER_NOT_FOUND_NAME") })); } player = possiblePlayer; } else { return(BadRequest(new { error = Translate("ADMIN_PLAYER_NAME_NOT_SET") })); } if (!CurrentUserIsSystem && player.TribeId != CurrentTribeId && Configuration.Security.RestrictAccessWithinTribes) { return(BadRequest(new { error = Translate("ADMIN_PLAYER_NOT_IN_TRIBE") })); } bool userExists = await( from user in CurrentSets.User where user.PlayerId == player.PlayerId where user.WorldId == null || user.WorldId == CurrentWorldId where user.Enabled select user ).AnyAsync(); if (userExists) { return(BadRequest(new { error = Translate("ADMIN_PLAYER_HAS_KEY") })); } var newAuthUser = new Scaffold.User(); newAuthUser.WorldId = CurrentWorldId; newAuthUser.PlayerId = player.PlayerId; newAuthUser.AccessGroupId = CurrentAccessGroupId; newAuthUser.AuthToken = Guid.NewGuid(); newAuthUser.Enabled = true; newAuthUser.TransactionTime = DateTime.UtcNow; newAuthUser.AdminAuthToken = CurrentAuthToken; newAuthUser.AdminPlayerId = CurrentPlayerId; newAuthUser.KeySource = CurrentUserId; newAuthUser.Label = player.PlayerName; newAuthUser.Tx = BuildTransaction(); if (keyRequest.NewUserIsAdmin) { newAuthUser.PermissionsLevel = (short)Security.PermissionLevel.Admin; } else { newAuthUser.PermissionsLevel = (short)Security.PermissionLevel.Default; } context.User.Add(newAuthUser); await context.SaveChangesAsync(); var jsonUser = UserConvert.ModelToJson(newAuthUser); jsonUser.PlayerName = player.PlayerName.UrlDecode(); var playerTribe = await( from tribe in CurrentSets.Ally where tribe.TribeId == player.TribeId select tribe ).FirstOrDefaultAsync(); jsonUser.TribeName = playerTribe?.TribeName?.UrlDecode(); return(Ok(jsonUser)); }
public ActionResult Post([FromBody] UserInfo userInfo) { var world = context.World.Where(w => w.Id == userInfo.WorldId).SingleOrDefault(); if (world == null) { return(Ok(new { error = "No world exists with that id" })); } var encodedPlayerName = userInfo.Name.UrlEncode(); var player = context.Player.Where(p => p.WorldId == userInfo.WorldId && p.PlayerName == encodedPlayerName).SingleOrDefault(); if (player == null) { return(Ok(new { error = $"No user exists with that name on world {world.Hostname} (Name is Case-Sensitive).\n\nIf you just registered, you'll need to wait up to 60 minutes for the world data to refresh." })); } var remoteIp = HttpContext.Connection.RemoteIpAddress; try { var captchaPrivateKey = Configuration.Instance["CaptchaSecretKey"]; var captchaUrl = $"https://www.google.com/recaptcha/api/siteverify?secret={captchaPrivateKey}&response={userInfo.CaptchaToken}&remoteip={remoteIp}"; var captchaRequest = (HttpWebRequest)WebRequest.Create(captchaUrl); using (var response = captchaRequest.GetResponse()) using (var stream = new StreamReader(response.GetResponseStream())) { var responseObject = JObject.Parse(stream.ReadToEnd()); var success = responseObject.Value <bool>("success"); if (!success) { var errorCodes = responseObject.GetValue("error-codes").Values <string>(); logger.LogWarning("Got error codes from captcha when verifying for remote IP {0}: [{1}]", remoteIp, string.Join(", ", errorCodes)); return(Ok(new { error = "Captcha verification failed" })); } } } catch (Exception e) { logger.LogError("Captcha error occured: {ex}", e); return(Ok(new { error = "An error occurred while verifying captcha" })); } var tx = new Scaffold.Transaction { OccurredAt = DateTime.UtcNow, WorldId = world.Id, Ip = remoteIp }; context.Add(tx); var accessGroup = new Scaffold.AccessGroup(); accessGroup.WorldId = userInfo.WorldId; accessGroup.Label = userInfo.Name; context.AccessGroup.Add(accessGroup); context.SaveChanges(); var authToken = Guid.NewGuid(); var user = new Scaffold.User { AccessGroupId = accessGroup.Id, WorldId = (short)userInfo.WorldId, PlayerId = player.PlayerId, Enabled = true, PermissionsLevel = 2, AuthToken = authToken, TransactionTime = DateTime.UtcNow, Label = $"{world.Name} - {userInfo.Name}", Tx = tx }; context.User.Add(user); context.SaveChanges(); logger.LogInformation("Creating user for {0} on world {1} from {2}", player.PlayerName, world.Hostname, remoteIp); return(Ok(new { token = authToken.ToString() })); }