public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertUserOnline() || server.AssertIdSet())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.OptionalAssertUserExists(server.Account.Id, true))
{
return;
}
string sanitizedId = DatabaseEssentials.Security.Sanitize(server.Account.Id);
string deleteCookies = "DELETE FROM Tbl_cookies WHERE userid = " + sanitizedId + ";";
string deleteAdmin = "DELETE FROM Tbl_admin WHERE userid = " + sanitizedId + ";";
string deleteEvent = "DELETE FROM Tbl_event WHERE userid = " + sanitizedId + ";";
string deleteLog = "DELETE FROM Tbl_log WHERE userid = " + sanitizedId + ";";
string deleteLikes = "DELETE FROM Tbl_likes WHERE sourceid = " + sanitizedId + " OR targetid = " + sanitizedId + ";";
string deleteDislikes = "DELETE FROM Tbl_dislikes WHERE sourceid = " + sanitizedId + " OR targetid = " + sanitizedId + ";";
string deleteMatches = "DELETE FROM Tbl_match WHERE userid1 = " + sanitizedId + " OR userid2 = " + sanitizedId + ";";
string query = deleteCookies + deleteAdmin + deleteEvent + deleteLog + deleteLikes + deleteDislikes + deleteMatches;
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
_ = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.DeleteAccount, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline() || server.AssertEventInfoNotNull(EventInfo))
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertHasPermission(Permission.CREATE_EVENT))
{
return;
}
string eventId = SecurityManager.GenerateHid();
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_event (userid, title, expires, date, time, location, url, image, description, hid) VALUES (", server.Account.Id, ", \'", EventInfo.Title, "\', ", EventInfo.ExpirationDate.ToString(), ", \'", EventInfo.Date, "\', \'", EventInfo.Time, "\', \'", EventInfo.Location, "\', \'", EventInfo.Url, "\', \'", EventInfo.Image, "\', \'", EventInfo.Description, "\', \'", eventId, "\');" });
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to create event.");
return;
}
CreateEventResponseA response = new CreateEventResponseA(ResponseId.CreateEvent, eventId);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertHasPermission(Permission.CREATE_EVENT) || databaseManager.AssertEventExists(EventId))
{
return;
}
string query = "DELETE FROM Tbl_event WHERE hid = \'" + DatabaseEssentials.Security.Sanitize(EventId) + "\';";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to delete the requested event.");
return;
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.DeleteEventA, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline() || server.AssertEventInfoNotNull(EventInfo))
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertEventExists(EventInfo.EventId) || databaseManager.AssertHasPermission(Permission.CREATE_EVENT))
{
return;
}
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_event SET userid = ", server.Account.Id, ", title = \'", EventInfo.Title, "\', expires = ", EventInfo.ExpirationDate.ToString(), ", date = \'", EventInfo.Date, "\', time = \'", EventInfo.Time, "\', location = \'", EventInfo.Location, "\', url = \'", EventInfo.Url, "\', image = \'", EventInfo.Image, "\', description = \'", EventInfo.Description, "\' WHERE hid = \'", EventInfo.EventId, "\';" });
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update event.");
return;
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.EditEventA, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOnline() || server.AssertPasswordSet() || server.AssertIdSet())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
// Check if security token is valid.
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT u.id FROM Tbl_cookies as c, Tbl_user as u WHERE c.value = \'", SecurityToken, "\' AND u.id = c.userid;" });
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 2);
SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
if (!singleOrDefaultResponse.Success || !singleOrDefaultResponse.Result.Equals(server.Account.Id))
{
ApiError.Throw(ApiErrorCode.InvalidToken, server, "Security token was invalid.");
return;
}
// Reset security token expiration timer..
int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime;
query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_cookies SET expires = \'", expirationDate.ToString(), "\' WHERE value = \'", SecurityToken, "\';" });
sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to refresh security token.");
return;
}
// Delete all other security tokens associated with the account.
if (databaseManager.DeleteSecurityTokens(new string[] { SecurityToken }))
{
return;
}
// Update password.
if (databaseManager.UpdatePassword())
{
return;
}
server.Account.AuthenticationCode = string.Empty;
server.Account.AuthenticationId = ApiRequestId.Invalid;
server.Account.AuthenticationTime = -1;
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || AccountInfo == null)
{
ApiError.Throw(ApiErrorCode.InvalidArgument, server, "AccountInfo was null.");
return;
}
if (server.AssertUserOnline() || server.AssertIdSet() || server.AssertAccountInfoNotNull())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string query;
bool success;
if (string.IsNullOrEmpty(server.Account.AccountInfo.UserId))
{
query = "SELECT hid FROM Tbl_user WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id);
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out success);
if (!success)
{
return;
}
if (!singleOrDefaultResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to determine userid.");
return;
}
server.Account.AccountInfo.UserId = singleOrDefaultResponse.Result;
}
AesContext aesContext = new AesContext(server.Account.AccountInfo.UserId);
string cryptoName = aesContext.EncryptOrDefault(AccountInfo.Name);
string cryptoOccupation = aesContext.EncryptOrDefault(AccountInfo.Occupation);
StringBuilder stringBuilder = new StringBuilder();
string[] infos = new string[] { AccountInfo.Info1, AccountInfo.Info2, AccountInfo.Info3, AccountInfo.Info4, AccountInfo.Info5, AccountInfo.Info6, AccountInfo.Info7, AccountInfo.Info8, AccountInfo.Info9, AccountInfo.Info10 };
for (int i = 0; i < infos.Length; i++)
{
stringBuilder.Append(", info").Append((i + 1).ToString()).Append(" = \'").Append(aesContext.EncryptOrDefault(infos[i])).Append('\'');
}
query = "UPDATE Tbl_user SET name = \'" + cryptoName + "\', occupation = \'" + cryptoOccupation + "\'" + stringBuilder.ToString() + ", location = \'" + DatabaseEssentials.Security.Sanitize(AccountInfo.Location) + "\', radius = " + AccountInfo.Radius.ToString() + ", isVisible = " + (AccountInfo.IsVisible ? "1" : "0") + ", showLog = " + (AccountInfo.ShowLog ? "1" : "0") + " WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id) + ";";
SqlApiRequest sqlApiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlApiRequest, out success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update account info.");
return;
}
GenericSuccessResponse successResponse = new GenericSuccessResponse(ResponseId.UpdateAccountInfo, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(successResponse);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOffline() || server.AssertIdSet())
{
return;
}
server.Account.Password = SecurityManager.ScryptHash(Password);
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.UpdatePassword() || databaseManager.DeleteSecurityTokens(Array.Empty <string>()))
{
return;
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmPasswordReset, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.Account = null;
server.UnitTesting.MethodSuccess = true;
}