private static void RetrieveCredentials(NancyContext context, JWTFactory factory) { var token = ExtractTokenFromHeader(context.Request); if (token == null) { return; } try { var user = factory.DecodeToken(token); if (user != null) { var identity = new JWTUserIdentity() { UserID = user.UserID, UserName = user.UserName, Claims = user.Claims }; context.CurrentUser = identity; } }catch (Exception ex) { //Expired } }
public AdminUsersController(IDAFactory daFactory, JWTFactory jwt) : base("/admin") { JWTTokenAuthentication.Enable(this, jwt); this.DAFactory = daFactory; this.After.AddItemToEndOfPipeline(x => { x.Response.WithHeader("Access-Control-Allow-Origin", "*"); }); //Get information about me, useful for the admin user interface to disable UI based on who you login as this.Get["/users/current"] = _ => { this.RequiresAuthentication(); JWTUserIdentity user = (JWTUserIdentity)this.Context.CurrentUser; using (var da = daFactory.Get()) { var userModel = da.Users.GetById(user.UserID); if (userModel == null) { throw new Exception("Unable to find user"); } return(Response.AsJson <User>(userModel)); } }; //Get the attributes of a specific user this.Get["/users/{id}"] = parameters => { this.DemandModerator(); using (var da = daFactory.Get()) { var userModel = da.Users.GetById((uint)parameters.id); if (userModel == null) { throw new Exception("Unable to find user"); } return(Response.AsJson <User>(userModel)); } }; //List users this.Get["/users"] = _ => { this.DemandModerator(); using (var da = daFactory.Get()) { var offset = this.Request.Query["offset"]; var limit = this.Request.Query["limit"]; if (offset == null) { offset = 0; } if (limit == null) { limit = 20; } if (limit > 100) { limit = 100; } var result = da.Users.All((int)offset, (int)limit); return(Response.AsPagedList <User>(result)); } }; //Create a new user this.Post["/users"] = x => { this.DemandModerator(); var user = this.Bind <UserCreateModel>(); if (user.is_admin) { //I need admin claim to do this this.DemandAdmin(); } using (var da = daFactory.Get()) { var userModel = new User(); userModel.username = user.username; userModel.email = user.email; userModel.is_admin = user.is_admin; userModel.is_moderator = user.is_moderator; userModel.user_state = UserState.valid; userModel.register_date = Epoch.Now; userModel.is_banned = false; var userId = da.Users.Create(userModel); userModel = da.Users.GetById(userId); if (userModel == null) { throw new Exception("Unable to find user"); } return(Response.AsJson <User>(userModel)); } return(null); }; }
public AdminOAuthController(IDAFactory daFactory, JWTFactory jwt) : base("/admin/oauth") { Post["/token"] = _ => { var grant_type = Request.Form["grant_type"]; if (grant_type == "password") { var username = Request.Form["username"]; var password = Request.Form["password"]; using (var da = daFactory.Get) { var user = da.Users.GetByUsername(username); if (user == null || user.is_banned || !(user.is_admin || user.is_moderator)) { return(Response.AsJson(new OAuthError { error = "unauthorized_client", error_description = "user_credentials_invalid" })); } var authSettings = da.Users.GetAuthenticationSettings(user.user_id); var isPasswordCorrect = PasswordHasher.Verify(password, new PasswordHash { data = authSettings.data, scheme = authSettings.scheme_class }); if (!isPasswordCorrect) { return(Response.AsJson(new OAuthError { error = "unauthorized_client", error_description = "user_credentials_invalid" })); } var identity = new JWTUserIdentity { UserName = user.username }; var claims = new List <string>(); if (user.is_admin || user.is_moderator) { claims.Add("moderator"); } if (user.is_admin) { claims.Add("admin"); } identity.Claims = claims; identity.UserID = user.user_id; var token = jwt.CreateToken(identity); return(Response.AsJson(new OAuthSuccess { access_token = token.Token, expires_in = token.ExpiresIn })); } } return(Response.AsJson(new OAuthError { error = "invalid_request", error_description = "unknown grant_type" })); }; }
public CitySelectorController(IDAFactory DAFactory, ApiServerConfiguration config, JWTFactory jwt, IShardsDomain shardsDomain) : base("/cityselector") { JsonWebToken.JWTTokenAuthentication.Enable(this, jwt); var str = GetServerVersion(); var split = str.LastIndexOf('-'); VersionName = str; if (split != -1) { VersionName = str.Substring(0, split); VersionNumber = str.Substring(split + 1); } try { using (var file = File.Open("updateUrl.txt", FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) { var reader = new StreamReader(file); DownloadURL = reader.ReadLine(); reader.Close(); } } catch (Exception) { DownloadURL = ""; // couldn't find info from the watchdog } //Take the auth ticket, establish trust and then create a cookie (reusing JWT) this.Get["/app/InitialConnectServlet"] = _ => { var ticketValue = this.Request.Query["ticket"]; var version = this.Request.Query["version"]; if (ticketValue == null) { return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG))); } using (var db = DAFactory.Get()) { var ticket = db.AuthTickets.Get((string)ticketValue); if (ticket == null) { return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG))); } db.AuthTickets.Delete((string)ticketValue); if (ticket.date + config.AuthTicketDuration < Epoch.Now) { return(Response.AsXml(new XMLErrorMessage(ERROR_EXPIRED_TOKEN_CODE, ERROR_EXPIRED_TOKEN_MSG))); } /** Is it a valid account? **/ var user = db.Users.GetById(ticket.user_id); if (user == null) { return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG))); } //Use JWT to create and sign an auth cookies var session = new JWTUserIdentity() { UserID = user.user_id, UserName = user.username }; var token = jwt.CreateToken(session); return(Response.AsXml(new UserAuthorized() { FSOBranch = VersionName, FSOVersion = VersionNumber, FSOUpdateUrl = DownloadURL }) .WithCookie("fso", token.Token)); } }; //Return a list of the users avatars this.Get["/app/AvatarDataServlet"] = _ => { this.RequiresAuthentication(); var user = (JWTUserIdentity)this.Context.CurrentUser; var result = new XMLList <AvatarData>("The-Sims-Online"); using (var db = DAFactory.Get()) { var avatars = db.Avatars.GetSummaryByUserId(user.UserID); foreach (var avatar in avatars) { result.Add(new AvatarData { ID = avatar.avatar_id, Name = avatar.name, ShardName = shardsDomain.GetById(avatar.shard_id).Name, HeadOutfitID = avatar.head, BodyOutfitID = avatar.body, AppearanceType = (AvatarAppearanceType)Enum.Parse(typeof(AvatarAppearanceType), avatar.skin_tone.ToString()), Description = avatar.description, LotId = avatar.lot_id, LotName = avatar.lot_name, LotLocation = avatar.lot_location }); } } return(Response.AsXml(result)); }; this.Get["/app/ShardSelectorServlet"] = _ => { this.RequiresAuthentication(); var user = (JWTUserIdentity)this.Context.CurrentUser; var shardName = this.Request.Query["shardName"]; var avatarId = this.Request.Query["avatarId"]; if (avatarId == null) { //Using 0 to mean no avatar for CAS avatarId = "0"; } using (var db = DAFactory.Get()) { ShardStatusItem shard = shardsDomain.GetByName(shardName); if (shard != null) { var tryIP = Request.Headers["X-Forwarded-For"].FirstOrDefault(); if (tryIP != null) { tryIP = tryIP.Substring(tryIP.LastIndexOf(',') + 1).Trim(); } var ip = tryIP ?? this.Request.UserHostAddress; uint avatarDBID = uint.Parse(avatarId); if (avatarDBID != 0) { var avatar = db.Avatars.Get(avatarDBID); if (avatar == null) { //can't join server with an avatar that doesn't exist return(Response.AsXml(new XMLErrorMessage(ERROR_AVATAR_NOT_FOUND_CODE, ERROR_AVATAR_NOT_FOUND_MSG))); } if (avatar.user_id != user.UserID || avatar.shard_id != shard.Id) { //make sure we own the avatar we're trying to connect with LOG.Info("SECURITY: Invalid avatar login attempt from " + ip + ", user " + user.UserID); return(Response.AsXml(new XMLErrorMessage(ERROR_AVATAR_NOT_YOURS_CODE, ERROR_AVATAR_NOT_YOURS_MSG))); } } var ban = db.Bans.GetByIP(ip); if (ban != null || db.Users.GetById(user.UserID)?.is_banned != false) { return(Response.AsXml(new XMLErrorMessage(ERROR_BANNED_CODE, ERROR_BANNED_MSG))); } /** Make an auth ticket **/ var ticket = new ShardTicket { ticket_id = Guid.NewGuid().ToString().Replace("-", ""), user_id = user.UserID, avatar_id = avatarDBID, date = Epoch.Now, ip = ip }; db.Users.UpdateConnectIP(ticket.user_id, ip); db.Shards.CreateTicket(ticket); var result = new ShardSelectorServletResponse(); result.PreAlpha = false; result.Address = shard.PublicHost; result.PlayerID = user.UserID; result.Ticket = ticket.ticket_id; result.ConnectionID = ticket.ticket_id; result.AvatarID = avatarId; return(Response.AsXml(result)); } else { return(Response.AsXml(new XMLErrorMessage(ERROR_SHARD_NOT_FOUND_CODE, ERROR_SHARD_NOT_FOUND_MSG))); } } }; //Get a list of shards (cities) this.Get["/shard-status.jsp"] = _ => { var result = new XMLList <ShardStatusItem>("Shard-Status-List"); var shards = shardsDomain.All; foreach (var shard in shards) { var status = Protocol.CitySelector.ShardStatus.Down; /*switch (shard.Status) * { * case Database.DA.Shards.ShardStatus.Up: * status = Protocol.CitySelector.ShardStatus.Up; * break; * case Database.DA.Shards.ShardStatus.Full: * status = Protocol.CitySelector.ShardStatus.Full; * break; * case Database.DA.Shards.ShardStatus.Frontier: * status = Protocol.CitySelector.ShardStatus.Frontier; * break; * case Database.DA.Shards.ShardStatus.Down: * status = Protocol.CitySelector.ShardStatus.Down; * break; * case Database.DA.Shards.ShardStatus.Closed: * status = Protocol.CitySelector.ShardStatus.Closed; * break; * case Database.DA.Shards.ShardStatus.Busy: * status = Protocol.CitySelector.ShardStatus.Busy; * break; * }*/ result.Add(shard); } return(Response.AsXml(result)); }; }