private static void OnPreRequest(object sender, EventArgs e) { var app = (HttpApplication)sender; var context = app.Context; if (context.CurrentHandler == null) { return; } var tokenCookie = context.Request.Cookies[TokenParamName]; var token = tokenCookie?.Value; string login = null; if (token != null) { login = Token.TryDeserialize(token, Settings.HmacKey); context.Items.Add(LoginParamName, login); } if (token == null && !(context.CurrentHandler is Login || context.CurrentHandler is Register || context.CurrentHandler is Scores || context.CurrentHandler is BaseHandler)) { context.Response.Redirect("/login", true); } Log.InfoFormat("{0,-4} '{1}', form '{2}', ua '{3}'", context.Request.HttpMethod.SafeToLog(), context.Request.Unvalidated.RawUrl.SafeToLog(), context.Request.Unvalidated.Form.ToString().SafeToLog(), context.Request.UserAgent.SafeToLog()); if (context.CurrentHandler is System.Web.UI.Page) { AntiFlood.CheckFlood($"{context.Request.CurrentExecutionFilePath}:{login ?? context.Request.UserHostAddress}", login != null ? 10 : 50); } }
protected override AjaxResult ProcessRequestInternal(HttpContext context) { var login = AuthModule.GetAuthLogin(); AntiFlood.CheckFlood($"{context.Request.CurrentExecutionFilePath}:{login}"); var flags = DbStorage.FindFlags(login); if (ElCapitan.GameEnded(flags)) { throw new HttpException(403, "The End"); } var user = DbStorage.FindUserByLogin(login); if (user == null) { throw new HttpException(403, "Access denied"); } if (user.EndTime != DateTime.MinValue && user.EndTime < DateTime.UtcNow) { throw new HttpException(403, "The End"); } var question = context.Request.Form["question"].TrimToNull(); if (question == null) { throw new HttpException(400, "Message is empty"); } if (question.Length > Settings.MaxMsgLength) { throw new HttpException(400, "Message too large"); } Flag flag; File[] files; DateTime timer; var answer = ElCapitan.GetAnswer(question, flags, out flag, out files, out timer); var msg = new Msg { Text = answer, Time = DateTime.UtcNow, Type = MsgType.Answer }; DbStorage.AddDialog(login, new Msg { Text = question, Time = DateTime.UtcNow, Type = MsgType.Question }, new[] { msg }, flag, files); return(new AjaxResult { Messages = new[] { msg }, Files = files, Score = flag != null ? 1 : 0, Timer = timer == DateTime.MinValue ? DateTime.MinValue : (user.EndTime != DateTime.MinValue ? user.EndTime : timer) }); }
protected override AjaxResult ProcessRequestInternal(HttpContext context) { var login = AuthModule.GetAuthLogin(); AntiFlood.CheckFlood($"{context.Request.CurrentExecutionFilePath}:{login}"); /*if(DateTime.UtcNow > Settings.BombTimerEnd) * throw new HttpException(403, "Connection lost...");*/ var user = DbStorage.FindUserByLogin(login); if (user == null) { throw new HttpException(403, "Access denied"); } var revision = DbStorage.FindBroadcast(login); var flags = DbStorage.FindFlags(login); var timer = ElCapitan.HasBombTimer(flags) ? (user.EndTime != DateTime.MinValue ? user.EndTime : Settings.BombTimerEnd) : DateTime.MinValue; var answers = ElCapitan.GetBroadcastMsgs(ref revision); if (answers.Length == 0) { return new AjaxResult { Messages = null, Files = null, Score = 0, Timer = timer } } ; var msgs = answers.Select(msg => new Msg { Text = msg, Time = DateTime.UtcNow, Type = MsgType.Answer }).ToArray(); DbStorage.AddDialog(login, null, msgs, null, null, revision); return(new AjaxResult { Messages = msgs, Files = null, Score = 0, Timer = timer }); } }
protected override AjaxResult ProcessRequestInternal(HttpContext context) { AntiFlood.CheckFlood($"{context.Request.CurrentExecutionFilePath}:{context.Request.UserHostAddress}", 50); User user; if (context.Request.QueryString["signup"] != null) { throw new HttpException(403, "Registration is disabled"); var login = context.Request.Form["login"].TrimToNull(); if (login == null) { throw new HttpException(400, "Login is empty"); } if (login.Length < 4) { throw new HttpException(400, "Login too short"); } if (login.Length > Settings.MaxLoginLength) { throw new HttpException(400, "Login too long"); } try { user = new User { Login = login, Pass = RandomPass(), Avatar = RandomAvatar() }; DbStorage.AddUser(user); } catch (Exception) { throw new HttpException(400, "User already exists? Try another login"); } } else { var pass = context.Request.Form["pass"].TrimToNull(); if (pass == null) { throw new HttpException(403, "Access denied"); } user = DbStorage.FindUserByPass(pass); if (user == null) { throw new HttpException(403, "Access denied"); } var utcNow = DateTime.UtcNow; if (user.StartTime > utcNow) { throw new HttpException(403, $"Start at '{user.StartTime.ToReadable()}'"); } if (user.EndTime != DateTime.MinValue && user.EndTime < utcNow) { throw new HttpException(403, "The End"); } } AuthModule.SetAuthLoginCookie(user.Login.Trim()); return(new AjaxResult { Text = user.Pass }); }