private static void RetrieveCredentials(NancyContext context, JWTFactory factory)
{
var token = ExtractTokenFromHeader(context.Request);
if (token == null)
{
return;
}
try {
var user = factory.DecodeToken(token);
if (user != null)
{
var identity = new JWTUserIdentity()
{
UserID = user.UserID,
UserName = user.UserName,
Claims = user.Claims
};
context.CurrentUser = identity;
}
}catch (Exception ex) {
//Expired
}
}
public AdminUsersController(IDAFactory daFactory, JWTFactory jwt) : base("/admin")
{
JWTTokenAuthentication.Enable(this, jwt);
this.DAFactory = daFactory;
this.After.AddItemToEndOfPipeline(x =>
{
x.Response.WithHeader("Access-Control-Allow-Origin", "*");
});
//Get information about me, useful for the admin user interface to disable UI based on who you login as
this.Get["/users/current"] = _ =>
{
this.RequiresAuthentication();
JWTUserIdentity user = (JWTUserIdentity)this.Context.CurrentUser;
using (var da = daFactory.Get())
{
var userModel = da.Users.GetById(user.UserID);
if (userModel == null)
{
throw new Exception("Unable to find user");
}
return(Response.AsJson <User>(userModel));
}
};
//Get the attributes of a specific user
this.Get["/users/{id}"] = parameters =>
{
this.DemandModerator();
using (var da = daFactory.Get())
{
var userModel = da.Users.GetById((uint)parameters.id);
if (userModel == null)
{
throw new Exception("Unable to find user");
}
return(Response.AsJson <User>(userModel));
}
};
//List users
this.Get["/users"] = _ =>
{
this.DemandModerator();
using (var da = daFactory.Get())
{
var offset = this.Request.Query["offset"];
var limit = this.Request.Query["limit"];
if (offset == null)
{
offset = 0;
}
if (limit == null)
{
limit = 20;
}
if (limit > 100)
{
limit = 100;
}
var result = da.Users.All((int)offset, (int)limit);
return(Response.AsPagedList <User>(result));
}
};
//Create a new user
this.Post["/users"] = x =>
{
this.DemandModerator();
var user = this.Bind <UserCreateModel>();
if (user.is_admin)
{
//I need admin claim to do this
this.DemandAdmin();
}
using (var da = daFactory.Get())
{
var userModel = new User();
userModel.username = user.username;
userModel.email = user.email;
userModel.is_admin = user.is_admin;
userModel.is_moderator = user.is_moderator;
userModel.user_state = UserState.valid;
userModel.register_date = Epoch.Now;
userModel.is_banned = false;
var userId = da.Users.Create(userModel);
userModel = da.Users.GetById(userId);
if (userModel == null)
{
throw new Exception("Unable to find user");
}
return(Response.AsJson <User>(userModel));
}
return(null);
};
}
public AdminOAuthController(IDAFactory daFactory, JWTFactory jwt) : base("/admin/oauth")
{
Post["/token"] = _ =>
{
var grant_type = Request.Form["grant_type"];
if (grant_type == "password")
{
var username = Request.Form["username"];
var password = Request.Form["password"];
using (var da = daFactory.Get)
{
var user = da.Users.GetByUsername(username);
if (user == null || user.is_banned || !(user.is_admin || user.is_moderator))
{
return(Response.AsJson(new OAuthError
{
error = "unauthorized_client",
error_description = "user_credentials_invalid"
}));
}
var authSettings = da.Users.GetAuthenticationSettings(user.user_id);
var isPasswordCorrect = PasswordHasher.Verify(password, new PasswordHash
{
data = authSettings.data,
scheme = authSettings.scheme_class
});
if (!isPasswordCorrect)
{
return(Response.AsJson(new OAuthError
{
error = "unauthorized_client",
error_description = "user_credentials_invalid"
}));
}
var identity = new JWTUserIdentity
{
UserName = user.username
};
var claims = new List <string>();
if (user.is_admin || user.is_moderator)
{
claims.Add("moderator");
}
if (user.is_admin)
{
claims.Add("admin");
}
identity.Claims = claims;
identity.UserID = user.user_id;
var token = jwt.CreateToken(identity);
return(Response.AsJson(new OAuthSuccess
{
access_token = token.Token,
expires_in = token.ExpiresIn
}));
}
}
return(Response.AsJson(new OAuthError
{
error = "invalid_request",
error_description = "unknown grant_type"
}));
};
}
public CitySelectorController(IDAFactory DAFactory, ApiServerConfiguration config, JWTFactory jwt, IShardsDomain shardsDomain) : base("/cityselector")
{
JsonWebToken.JWTTokenAuthentication.Enable(this, jwt);
var str = GetServerVersion();
var split = str.LastIndexOf('-');
VersionName = str;
if (split != -1)
{
VersionName = str.Substring(0, split);
VersionNumber = str.Substring(split + 1);
}
try
{
using (var file = File.Open("updateUrl.txt", FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
{
var reader = new StreamReader(file);
DownloadURL = reader.ReadLine();
reader.Close();
}
} catch (Exception)
{
DownloadURL = ""; // couldn't find info from the watchdog
}
//Take the auth ticket, establish trust and then create a cookie (reusing JWT)
this.Get["/app/InitialConnectServlet"] = _ =>
{
var ticketValue = this.Request.Query["ticket"];
var version = this.Request.Query["version"];
if (ticketValue == null)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG)));
}
using (var db = DAFactory.Get())
{
var ticket = db.AuthTickets.Get((string)ticketValue);
if (ticket == null)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG)));
}
db.AuthTickets.Delete((string)ticketValue);
if (ticket.date + config.AuthTicketDuration < Epoch.Now)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_EXPIRED_TOKEN_CODE, ERROR_EXPIRED_TOKEN_MSG)));
}
/** Is it a valid account? **/
var user = db.Users.GetById(ticket.user_id);
if (user == null)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG)));
}
//Use JWT to create and sign an auth cookies
var session = new JWTUserIdentity()
{
UserID = user.user_id,
UserName = user.username
};
var token = jwt.CreateToken(session);
return(Response.AsXml(new UserAuthorized()
{
FSOBranch = VersionName,
FSOVersion = VersionNumber,
FSOUpdateUrl = DownloadURL
})
.WithCookie("fso", token.Token));
}
};
//Return a list of the users avatars
this.Get["/app/AvatarDataServlet"] = _ =>
{
this.RequiresAuthentication();
var user = (JWTUserIdentity)this.Context.CurrentUser;
var result = new XMLList <AvatarData>("The-Sims-Online");
using (var db = DAFactory.Get())
{
var avatars = db.Avatars.GetSummaryByUserId(user.UserID);
foreach (var avatar in avatars)
{
result.Add(new AvatarData {
ID = avatar.avatar_id,
Name = avatar.name,
ShardName = shardsDomain.GetById(avatar.shard_id).Name,
HeadOutfitID = avatar.head,
BodyOutfitID = avatar.body,
AppearanceType = (AvatarAppearanceType)Enum.Parse(typeof(AvatarAppearanceType), avatar.skin_tone.ToString()),
Description = avatar.description,
LotId = avatar.lot_id,
LotName = avatar.lot_name,
LotLocation = avatar.lot_location
});
}
}
return(Response.AsXml(result));
};
this.Get["/app/ShardSelectorServlet"] = _ =>
{
this.RequiresAuthentication();
var user = (JWTUserIdentity)this.Context.CurrentUser;
var shardName = this.Request.Query["shardName"];
var avatarId = this.Request.Query["avatarId"];
if (avatarId == null)
{
//Using 0 to mean no avatar for CAS
avatarId = "0";
}
using (var db = DAFactory.Get())
{
ShardStatusItem shard = shardsDomain.GetByName(shardName);
if (shard != null)
{
var tryIP = Request.Headers["X-Forwarded-For"].FirstOrDefault();
if (tryIP != null)
{
tryIP = tryIP.Substring(tryIP.LastIndexOf(',') + 1).Trim();
}
var ip = tryIP ?? this.Request.UserHostAddress;
uint avatarDBID = uint.Parse(avatarId);
if (avatarDBID != 0)
{
var avatar = db.Avatars.Get(avatarDBID);
if (avatar == null)
{
//can't join server with an avatar that doesn't exist
return(Response.AsXml(new XMLErrorMessage(ERROR_AVATAR_NOT_FOUND_CODE, ERROR_AVATAR_NOT_FOUND_MSG)));
}
if (avatar.user_id != user.UserID || avatar.shard_id != shard.Id)
{
//make sure we own the avatar we're trying to connect with
LOG.Info("SECURITY: Invalid avatar login attempt from " + ip + ", user " + user.UserID);
return(Response.AsXml(new XMLErrorMessage(ERROR_AVATAR_NOT_YOURS_CODE, ERROR_AVATAR_NOT_YOURS_MSG)));
}
}
var ban = db.Bans.GetByIP(ip);
if (ban != null || db.Users.GetById(user.UserID)?.is_banned != false)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_BANNED_CODE, ERROR_BANNED_MSG)));
}
/** Make an auth ticket **/
var ticket = new ShardTicket
{
ticket_id = Guid.NewGuid().ToString().Replace("-", ""),
user_id = user.UserID,
avatar_id = avatarDBID,
date = Epoch.Now,
ip = ip
};
db.Users.UpdateConnectIP(ticket.user_id, ip);
db.Shards.CreateTicket(ticket);
var result = new ShardSelectorServletResponse();
result.PreAlpha = false;
result.Address = shard.PublicHost;
result.PlayerID = user.UserID;
result.Ticket = ticket.ticket_id;
result.ConnectionID = ticket.ticket_id;
result.AvatarID = avatarId;
return(Response.AsXml(result));
}
else
{
return(Response.AsXml(new XMLErrorMessage(ERROR_SHARD_NOT_FOUND_CODE, ERROR_SHARD_NOT_FOUND_MSG)));
}
}
};
//Get a list of shards (cities)
this.Get["/shard-status.jsp"] = _ =>
{
var result = new XMLList <ShardStatusItem>("Shard-Status-List");
var shards = shardsDomain.All;
foreach (var shard in shards)
{
var status = Protocol.CitySelector.ShardStatus.Down;
/*switch (shard.Status)
* {
* case Database.DA.Shards.ShardStatus.Up:
* status = Protocol.CitySelector.ShardStatus.Up;
* break;
* case Database.DA.Shards.ShardStatus.Full:
* status = Protocol.CitySelector.ShardStatus.Full;
* break;
* case Database.DA.Shards.ShardStatus.Frontier:
* status = Protocol.CitySelector.ShardStatus.Frontier;
* break;
* case Database.DA.Shards.ShardStatus.Down:
* status = Protocol.CitySelector.ShardStatus.Down;
* break;
* case Database.DA.Shards.ShardStatus.Closed:
* status = Protocol.CitySelector.ShardStatus.Closed;
* break;
* case Database.DA.Shards.ShardStatus.Busy:
* status = Protocol.CitySelector.ShardStatus.Busy;
* break;
* }*/
result.Add(shard);
}
return(Response.AsXml(result));
};
}
