internal async Task <SessionInfoWithError> VerifyTokenAsync(string token, bool force = false) { WebCache_Session s = await _db.Sessions.FirstOrDefaultAsync(a => a.Token == token); if (s == null) { return new SessionInfoWithError { Error = StatusCode(403, "Invalid Token") } } ; if (s.Expiration < DateTime.UtcNow) { //Lets reuse this call to kill em all, and do some database cleaning. _db.RemoveRange(_db.Sessions.Where(a => a.Expiration < DateTime.UtcNow)); await _db.SaveChangesAsync(); return(new SessionInfoWithError { Error = StatusCode(403, "Invalid Token") }); } if (s.Expiration.AddHours(-8) < DateTime.UtcNow || force) //Refresh Expiration if we have less than 8 hours left { s.Expiration = DateTime.UtcNow.AddHours(GetTokenExpirationInHours()); await _db.SaveChangesAsync(); } WebCache_Ban b = GetBan(s.AniDBUserId); if (b != null) { return new SessionInfoWithError { Error = StatusCode(403, "Banned: " + b.Reason + " Expiration:" + b.ExpirationUTC.ToLongDateString()) } } ; SessionInfoWithError si = new SessionInfoWithError { AniDBUserId = s.AniDBUserId, AniDBUserName = s.AniDBUserName, Expiration = s.Expiration, Token = s.Token }; si.Role = GetRole(s.AniDBUserId); si.Error = null; return(si); }
public async Task <IActionResult> Verify(WebCache_AniDBLoggedInfo data) { try { CookieContainer cookieContainer = new CookieContainer(); using (var handler = new HttpClientHandler { CookieContainer = cookieContainer }) using (var client = new HttpClient(handler)) { string curi = GetAniDBUserVerificationUri(); string regex = GetAniDBUserVerificationRegEx(); client.DefaultRequestHeaders.TryAddWithoutValidation("User-Agent", User_Agent); Uri uri = new Uri(curi); Regex rn = new Regex(regex, RegexOptions.Singleline); foreach (string k in data.Cookies.Keys) { cookieContainer.Add(new Cookie(k, data.Cookies[k], "/", uri.Host)); } HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri); HttpResponseMessage response = await client.SendAsync(request, HttpCompletionOption.ResponseContentRead); if (response.IsSuccessStatusCode) { string str = await response.Content.ReadAsStringAsync(); response.Dispose(); Match m = rn.Match(str); if (m.Success) { if (m.Groups.Count > 1) { string val = m.Groups["username"]?.Value; string id = m.Groups["id"]?.Value; int aniid; if (val != null && id != null && int.TryParse(id, out aniid)) { if (string.Compare(val, data.UserName, StringComparison.InvariantCultureIgnoreCase) == 0) { uri = new Uri(GetAniDBLogoutUri()); try { request = new HttpRequestMessage(HttpMethod.Get, uri); response = await client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead); response.Dispose(); } catch (Exception) { //ignore } WebCache_User u = await _db.Users.FirstOrDefaultAsync(a => a.AniDBUserId == aniid); if (u == null) { u = new WebCache_User(); u.AniDBUserId = aniid; u.AniDBUserName = val; _db.Add(u); } else if (u.AniDBUserName != val) { u.AniDBUserName = val; } WebCache_Session s = new WebCache_Session(); s.Token = Guid.NewGuid().ToString().Replace("-", string.Empty); s.Expiration = DateTime.UtcNow.AddHours(GetTokenExpirationInHours()); s.AniDBUserName = val; s.AniDBUserId = aniid; _db.Add(s); await _db.SaveChangesAsync(); SessionInfoWithError si = new SessionInfoWithError { AniDBUserId = s.AniDBUserId, AniDBUserName = s.AniDBUserName, Expiration = s.Expiration, Token = s.Token }; si.Role = GetRole(s.AniDBUserId); si.Error = null; return(new JsonResult(s)); } } } } } } return(StatusCode(403, "Invalid credentials")); } catch (Exception e) { _logger.LogError(e, $"VERIFY with UserName={data.UserName}"); return(StatusCode(500)); } }