public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertUserOnline() || server.AssertIdSet())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.OptionalAssertUserExists(server.Account.Id, true))
{
return;
}
string sanitizedId = DatabaseEssentials.Security.Sanitize(server.Account.Id);
string deleteCookies = "DELETE FROM Tbl_cookies WHERE userid = " + sanitizedId + ";";
string deleteAdmin = "DELETE FROM Tbl_admin WHERE userid = " + sanitizedId + ";";
string deleteEvent = "DELETE FROM Tbl_event WHERE userid = " + sanitizedId + ";";
string deleteLog = "DELETE FROM Tbl_log WHERE userid = " + sanitizedId + ";";
string deleteLikes = "DELETE FROM Tbl_likes WHERE sourceid = " + sanitizedId + " OR targetid = " + sanitizedId + ";";
string deleteDislikes = "DELETE FROM Tbl_dislikes WHERE sourceid = " + sanitizedId + " OR targetid = " + sanitizedId + ";";
string deleteMatches = "DELETE FROM Tbl_match WHERE userid1 = " + sanitizedId + " OR userid2 = " + sanitizedId + ";";
string query = deleteCookies + deleteAdmin + deleteEvent + deleteLog + deleteLikes + deleteDislikes + deleteMatches;
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
_ = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.DeleteAccount, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOffline())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string userid = SecurityManager.GenerateHid();
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_user (password, hid, email) VALUES (\'", server.Account.Password, "\',\'", userid, "\', \'", server.Account.AccountInfo.Email, "\');" });
SqlApiRequest sqlRequets = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequets, out bool success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to create user.");
return;
}
server.Account.AuthenticationCode = string.Empty;
server.Account.AuthenticationId = ApiRequestId.Invalid;
server.Account.AuthenticationTime = -1;
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNotNull() || server.AssertUserOnline() || server.AssertEmailSet())
{
return;
}
if (!EmailEssentials.IsValid(server.Account.AccountInfo.Email))
{
ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid.");
return;
}
server.Account.AuthenticationCode = SecurityManager.GenerateSecurityCode();
server.Account.AuthenticationId = ApiRequestId.ConfirmPasswordChange;
server.Account.AuthenticationTime = DatabaseEssentials.GetTimeStamp();
server.Account.Password = SecurityManager.ScryptHash(Password);
string name = string.IsNullOrEmpty(server.Account.AccountInfo.Name) ? "user" : server.Account.AccountInfo.Name;
EmailManager emailManager = EmailManager.Create(Subject.ChangePassword, server.Account.AccountInfo.Email, name, server.Account.AuthenticationCode);
bool success = emailManager.Send();
if (!success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email.");
return;
}
GenericSuccessResponse apiResponse = new GenericSuccessResponse(ResponseId.PasswordChange, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertHasPermission(Permission.CREATE_EVENT) || databaseManager.AssertEventExists(EventId))
{
return;
}
string query = "DELETE FROM Tbl_event WHERE hid = \'" + DatabaseEssentials.Security.Sanitize(EventId) + "\';";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to delete the requested event.");
return;
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.DeleteEventA, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline() || server.AssertEventInfoNotNull(EventInfo))
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertEventExists(EventInfo.EventId) || databaseManager.AssertHasPermission(Permission.CREATE_EVENT))
{
return;
}
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_event SET userid = ", server.Account.Id, ", title = \'", EventInfo.Title, "\', expires = ", EventInfo.ExpirationDate.ToString(), ", date = \'", EventInfo.Date, "\', time = \'", EventInfo.Time, "\', location = \'", EventInfo.Location, "\', url = \'", EventInfo.Url, "\', image = \'", EventInfo.Image, "\', description = \'", EventInfo.Description, "\' WHERE hid = \'", EventInfo.EventId, "\';" });
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update event.");
return;
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.EditEventA, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOnline() || server.AssertPasswordSet() || server.AssertIdSet())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
// Check if security token is valid.
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT u.id FROM Tbl_cookies as c, Tbl_user as u WHERE c.value = \'", SecurityToken, "\' AND u.id = c.userid;" });
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 2);
SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
if (!singleOrDefaultResponse.Success || !singleOrDefaultResponse.Result.Equals(server.Account.Id))
{
ApiError.Throw(ApiErrorCode.InvalidToken, server, "Security token was invalid.");
return;
}
// Reset security token expiration timer..
int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime;
query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_cookies SET expires = \'", expirationDate.ToString(), "\' WHERE value = \'", SecurityToken, "\';" });
sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to refresh security token.");
return;
}
// Delete all other security tokens associated with the account.
if (databaseManager.DeleteSecurityTokens(new string[] { SecurityToken }))
{
return;
}
// Update password.
if (databaseManager.UpdatePassword())
{
return;
}
server.Account.AuthenticationCode = string.Empty;
server.Account.AuthenticationId = ApiRequestId.Invalid;
server.Account.AuthenticationTime = -1;
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNull())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string query = "SELECT isOnline, name, hid, id FROM Tbl_user WHERE email = \'" + DatabaseEssentials.Security.Sanitize(Email) + "\';";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 4);
SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
string[] data = dataArrayResponse.Result;
if (!dataArrayResponse.Success || data.Length != sqlRequest.ExpectedColumns)
{
ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address.");
return;
}
string isOnline = data[0];
string encryptedName = data[1];
string userid = data[2];
server.Account = new Account(null, false, data[3]);
if (!isOnline.Equals("0"))
{
ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device.");
return;
}
AesContext aesContext = new AesContext(userid);
string name = aesContext.DecryptOrDefault(encryptedName);
server.Account = new Account
{
AuthenticationCode = SecurityManager.GenerateSecurityCode(),
AuthenticationId = ApiRequestId.ConfirmPasswordReset,
AuthenticationTime = DatabaseEssentials.GetTimeStamp()
};
EmailManager emailManager = EmailManager.Create(Subject.ResetPassword, Email, string.IsNullOrEmpty(name) ? "user" : name, server.Account.AuthenticationCode);
emailManager.Send();
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.PasswordReset, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNull())
{
return;
}
if (!EmailEssentials.IsValid(Email))
{
ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid.");
return;
}
bool success;
using (DatabaseManager databaseManager = new DatabaseManager(server))
{
if (!databaseManager.CheckEmailAvailable(Email, out success))
{
if (!success)
{
return;
}
ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address already in use.");
return;
}
}
string passwordHash = SecurityManager.ScryptHash(Password);
server.Account = new Account(new AccountInfo(null, null, null, null, null, null, null, null, null, null, null, null, null, 50, null, Email, true, true), false, string.Empty)
{
Password = passwordHash,
AuthenticationCode = SecurityManager.GenerateSecurityCode(),
AuthenticationId = ApiRequestId.ConfirmAccount,
AuthenticationTime = DatabaseEssentials.GetTimeStamp()
};
EmailManager emailManager = EmailManager.Create(Subject.CreateAccount, Email, "new user", server.Account.AuthenticationCode);
success = emailManager.Send();
if (!success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email.");
return;
}
GenericSuccessResponse apiResponse = new GenericSuccessResponse(ResponseId.CreateAccount, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOffline() || server.AssertIdSet())
{
return;
}
server.Account.Password = SecurityManager.ScryptHash(Password);
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.UpdatePassword() || databaseManager.DeleteSecurityTokens(Array.Empty <string>()))
{
return;
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmPasswordReset, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.Account = null;
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || AccountInfo == null)
{
ApiError.Throw(ApiErrorCode.InvalidArgument, server, "AccountInfo was null.");
return;
}
if (server.AssertUserOnline() || server.AssertIdSet() || server.AssertAccountInfoNotNull())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string query;
bool success;
if (string.IsNullOrEmpty(server.Account.AccountInfo.UserId))
{
query = "SELECT hid FROM Tbl_user WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id);
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out success);
if (!success)
{
return;
}
if (!singleOrDefaultResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to determine userid.");
return;
}
server.Account.AccountInfo.UserId = singleOrDefaultResponse.Result;
}
AesContext aesContext = new AesContext(server.Account.AccountInfo.UserId);
string cryptoName = aesContext.EncryptOrDefault(AccountInfo.Name);
string cryptoOccupation = aesContext.EncryptOrDefault(AccountInfo.Occupation);
StringBuilder stringBuilder = new StringBuilder();
string[] infos = new string[] { AccountInfo.Info1, AccountInfo.Info2, AccountInfo.Info3, AccountInfo.Info4, AccountInfo.Info5, AccountInfo.Info6, AccountInfo.Info7, AccountInfo.Info8, AccountInfo.Info9, AccountInfo.Info10 };
for (int i = 0; i < infos.Length; i++)
{
stringBuilder.Append(", info").Append((i + 1).ToString()).Append(" = \'").Append(aesContext.EncryptOrDefault(infos[i])).Append('\'');
}
query = "UPDATE Tbl_user SET name = \'" + cryptoName + "\', occupation = \'" + cryptoOccupation + "\'" + stringBuilder.ToString() + ", location = \'" + DatabaseEssentials.Security.Sanitize(AccountInfo.Location) + "\', radius = " + AccountInfo.Radius.ToString() + ", isVisible = " + (AccountInfo.IsVisible ? "1" : "0") + ", showLog = " + (AccountInfo.ShowLog ? "1" : "0") + " WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id) + ";";
SqlApiRequest sqlApiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlApiRequest, out success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update account info.");
return;
}
GenericSuccessResponse successResponse = new GenericSuccessResponse(ResponseId.UpdateAccountInfo, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(successResponse);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertUserOnline())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertHasPermission(Permission.ADJUST_PRIVILEGES))
{
return;
}
bool userExists = databaseManager.CheckUserExists(TargetUserId, out bool success);
if (!success)
{
return;
}
if (!userExists)
{
ApiError.Throw(ApiErrorCode.NotFound, server, "User not found.");
return;
}
bool targetIsRoot = databaseManager.UserIsRoot(TargetUserId, out success);
if (!success)
{
return;
}
if (targetIsRoot)
{
ApiError.Throw(ApiErrorCode.InsufficientPermissions, server, "Cannot adjust permissions of root: is fixed to " + Permission.ALL_ACCESS.ToString());
return;
}
Permission currentPermissions = databaseManager.GetUserPermission(TargetUserId, out success);
if (!success)
{
return;
}
if (currentPermissions != Permissions)
{
string targetId = databaseManager.UserIdToId(TargetUserId, out success);
if (!success)
{
return;
}
string query;
if (Permissions == Permission.NONE)
{
query = "DELETE FROM Tbl_admin WHERE userid = " + targetId + ";";
}
else if (currentPermissions == Permission.NONE)
{
query = "INSERT INTO Tbl_admin (userid, permissions) VALUES (" + targetId + ", " + ((int)Permissions).ToString() + ");";
}
else
{
query = "UPDATE Tbl_admin SET permissions = " + ((int)Permissions).ToString() + " WHERE userid = " + targetId + ";";
}
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success);
if (!success)
{
return;
}
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ChangeUserPermissionsA, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
return;
}
