public static void SendErrorPage(HttpListenerResponse response, string message, bool isError, HttpStatusCode status)
{
int statusCode = -1;
string html = Encoding.UTF8.GetString(WebsiteRequestProcessor.OnRequest("/errorPage.html", out string contentType, ref statusCode));
response.StatusCode = (int)status;
response.ContentType = "text/html";
html = Utils.FormatString(html, message, isError ? "" : "display: none;", isError ? "display: none;" : "");
HttpStream stream = new HttpStream(response);
stream.Send(html);
stream.Close();
}
static void processRequest(HttpListenerContext context)
{
HttpListenerRequest request = context.Request;
string sessionID = GetCookie(request, "SessionID");
string clientIP = context.Request.RemoteEndPoint.Address.ToString();
Authentication authentication;
if (SessionsManager.Instance.VerifyKey(sessionID, out Session session))
{
authentication = new Authentication(session.AuthenticationLevel, session.OwnerUserID, sessionID, clientIP);
}
else
{
authentication = new Authentication(AuthenticationLevel.None, "", "", clientIP);
}
string operation = request.QueryString.Get("operation");
string absolutePath = request.Url.AbsolutePath;
if (absolutePath == "/api/" || absolutePath == "/api")
{
if (operation != null && Operations.TryGetValue(operation, out OperationBase selectedOperation))
{
try
{
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
bool isAllowedToCall = authentication.HasAtLeastAuthenticationLevel(selectedOperation.MinimumAuthenticationLevelToCall);
if (authentication.IsBanned)
{
if (selectedOperation.AllowedForBannedUsers == OperationBase.BannedUserCallability.Never)
{
isAllowedToCall = false;
}
if (selectedOperation.AllowedForBannedUsers == OperationBase.BannedUserCallability.Default)
{
if (selectedOperation.MinimumAuthenticationLevelToCall != AuthenticationLevel.None)
{
isAllowedToCall = false;
}
}
}
if (isAllowedToCall)
{
selectedOperation.OnOperation(context, authentication);
}
else
{
byte[] data = selectedOperation.OnUnauthorized(authentication, out string contentType);
context.Response.ContentType = contentType;
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Response.ContentLength64 += data.Length;
context.Response.OutputStream.Write(data, 0, data.Length);
context.Response.Close();
}
stopwatch.Stop();
}
catch (Exception e)
{
try
{
byte[] data = selectedOperation.GetResponseForError(e, out string contentType);
context.Response.ContentType = contentType;
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
context.Response.ContentLength64 += data.Length;
context.Response.OutputStream.Write(data, 0, data.Length);
context.Response.Close();
}
catch
{
// At this point just forget it and move on
context.Response.Abort();
return;
}
}
}
else
{
if (operation == null)
{
operation = "null";
}
Utils.SendErrorPage(context.Response, "invalid operation \"" + operation + "\"", true, HttpStatusCode.BadRequest);
}
}
else
{
try
{
WebsiteRequestProcessor.OnRequest(context);
}
catch (Exception e)
{
#if DEBUG
//OutputConsole.WriteLine("\n" + e.ToString());
#endif
}
}
}
