public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNotNull() || server.AssertUserOnline())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string id = databaseManager.UserIdToId(UserId, out bool success);
if (!success)
{
return;
}
Account account = databaseManager.GetAccount(id, out success);
if (!success)
{
return;
}
account.AccountInfo.Radius = -1;
GetAccountInfoResponse response = new GetAccountInfoResponse(ResponseId.GetAccountInfo, account.AccountInfo);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertHasPermission(Permission.CREATE_EVENT) || databaseManager.AssertEventExists(EventId))
{
return;
}
string query = "DELETE FROM Tbl_event WHERE hid = \'" + DatabaseEssentials.Security.Sanitize(EventId) + "\';";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to delete the requested event.");
return;
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.DeleteEventA, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertUserOnline() || server.AssertIdSet())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.OptionalAssertUserExists(server.Account.Id, true))
{
return;
}
string sanitizedId = DatabaseEssentials.Security.Sanitize(server.Account.Id);
string deleteCookies = "DELETE FROM Tbl_cookies WHERE userid = " + sanitizedId + ";";
string deleteAdmin = "DELETE FROM Tbl_admin WHERE userid = " + sanitizedId + ";";
string deleteEvent = "DELETE FROM Tbl_event WHERE userid = " + sanitizedId + ";";
string deleteLog = "DELETE FROM Tbl_log WHERE userid = " + sanitizedId + ";";
string deleteLikes = "DELETE FROM Tbl_likes WHERE sourceid = " + sanitizedId + " OR targetid = " + sanitizedId + ";";
string deleteDislikes = "DELETE FROM Tbl_dislikes WHERE sourceid = " + sanitizedId + " OR targetid = " + sanitizedId + ";";
string deleteMatches = "DELETE FROM Tbl_match WHERE userid1 = " + sanitizedId + " OR userid2 = " + sanitizedId + ";";
string query = deleteCookies + deleteAdmin + deleteEvent + deleteLog + deleteLikes + deleteDislikes + deleteMatches;
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
_ = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.DeleteAccount, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOffline())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string userid = SecurityManager.GenerateHid();
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_user (password, hid, email) VALUES (\'", server.Account.Password, "\',\'", userid, "\', \'", server.Account.AccountInfo.Email, "\');" });
SqlApiRequest sqlRequets = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequets, out bool success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to create user.");
return;
}
server.Account.AuthenticationCode = string.Empty;
server.Account.AuthenticationId = ApiRequestId.Invalid;
server.Account.AuthenticationTime = -1;
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline() || server.AssertEventInfoNotNull(EventInfo))
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertEventExists(EventInfo.EventId) || databaseManager.AssertHasPermission(Permission.CREATE_EVENT))
{
return;
}
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_event SET userid = ", server.Account.Id, ", title = \'", EventInfo.Title, "\', expires = ", EventInfo.ExpirationDate.ToString(), ", date = \'", EventInfo.Date, "\', time = \'", EventInfo.Time, "\', location = \'", EventInfo.Location, "\', url = \'", EventInfo.Url, "\', image = \'", EventInfo.Image, "\', description = \'", EventInfo.Description, "\' WHERE hid = \'", EventInfo.EventId, "\';" });
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update event.");
return;
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.EditEventA, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNotNull() || server.AssertUserOnline() || server.AssertEmailSet())
{
return;
}
if (!EmailEssentials.IsValid(server.Account.AccountInfo.Email))
{
ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid.");
return;
}
server.Account.AuthenticationCode = SecurityManager.GenerateSecurityCode();
server.Account.AuthenticationId = ApiRequestId.ConfirmPasswordChange;
server.Account.AuthenticationTime = DatabaseEssentials.GetTimeStamp();
server.Account.Password = SecurityManager.ScryptHash(Password);
string name = string.IsNullOrEmpty(server.Account.AccountInfo.Name) ? "user" : server.Account.AccountInfo.Name;
EmailManager emailManager = EmailManager.Create(Subject.ChangePassword, server.Account.AccountInfo.Email, name, server.Account.AuthenticationCode);
bool success = emailManager.Send();
if (!success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email.");
return;
}
GenericSuccessResponse apiResponse = new GenericSuccessResponse(ResponseId.PasswordChange, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline() || server.AssertEventInfoNotNull(EventInfo))
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertHasPermission(Permission.CREATE_EVENT))
{
return;
}
string eventId = SecurityManager.GenerateHid();
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_event (userid, title, expires, date, time, location, url, image, description, hid) VALUES (", server.Account.Id, ", \'", EventInfo.Title, "\', ", EventInfo.ExpirationDate.ToString(), ", \'", EventInfo.Date, "\', \'", EventInfo.Time, "\', \'", EventInfo.Location, "\', \'", EventInfo.Url, "\', \'", EventInfo.Image, "\', \'", EventInfo.Description, "\', \'", eventId, "\');" });
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to create event.");
return;
}
CreateEventResponseA response = new CreateEventResponseA(ResponseId.CreateEvent, eventId);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOnline() || server.AssertPasswordSet() || server.AssertIdSet())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
// Check if security token is valid.
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT u.id FROM Tbl_cookies as c, Tbl_user as u WHERE c.value = \'", SecurityToken, "\' AND u.id = c.userid;" });
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 2);
SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
if (!singleOrDefaultResponse.Success || !singleOrDefaultResponse.Result.Equals(server.Account.Id))
{
ApiError.Throw(ApiErrorCode.InvalidToken, server, "Security token was invalid.");
return;
}
// Reset security token expiration timer..
int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime;
query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_cookies SET expires = \'", expirationDate.ToString(), "\' WHERE value = \'", SecurityToken, "\';" });
sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to refresh security token.");
return;
}
// Delete all other security tokens associated with the account.
if (databaseManager.DeleteSecurityTokens(new string[] { SecurityToken }))
{
return;
}
// Update password.
if (databaseManager.UpdatePassword())
{
return;
}
server.Account.AuthenticationCode = string.Empty;
server.Account.AuthenticationId = ApiRequestId.Invalid;
server.Account.AuthenticationTime = -1;
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNull())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string query = "SELECT isOnline, name, hid, id FROM Tbl_user WHERE email = \'" + DatabaseEssentials.Security.Sanitize(Email) + "\';";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 4);
SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
string[] data = dataArrayResponse.Result;
if (!dataArrayResponse.Success || data.Length != sqlRequest.ExpectedColumns)
{
ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address.");
return;
}
string isOnline = data[0];
string encryptedName = data[1];
string userid = data[2];
server.Account = new Account(null, false, data[3]);
if (!isOnline.Equals("0"))
{
ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device.");
return;
}
AesContext aesContext = new AesContext(userid);
string name = aesContext.DecryptOrDefault(encryptedName);
server.Account = new Account
{
AuthenticationCode = SecurityManager.GenerateSecurityCode(),
AuthenticationId = ApiRequestId.ConfirmPasswordReset,
AuthenticationTime = DatabaseEssentials.GetTimeStamp()
};
EmailManager emailManager = EmailManager.Create(Subject.ResetPassword, Email, string.IsNullOrEmpty(name) ? "user" : name, server.Account.AuthenticationCode);
emailManager.Send();
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.PasswordReset, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNull())
{
return;
}
if (!EmailEssentials.IsValid(Email))
{
ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address is invalid.");
return;
}
bool success;
using (DatabaseManager databaseManager = new DatabaseManager(server))
{
if (!databaseManager.CheckEmailAvailable(Email, out success))
{
if (!success)
{
return;
}
ApiError.Throw(ApiErrorCode.InvalidEmailAddress, server, "Email address already in use.");
return;
}
}
string passwordHash = SecurityManager.ScryptHash(Password);
server.Account = new Account(new AccountInfo(null, null, null, null, null, null, null, null, null, null, null, null, null, 50, null, Email, true, true), false, string.Empty)
{
Password = passwordHash,
AuthenticationCode = SecurityManager.GenerateSecurityCode(),
AuthenticationId = ApiRequestId.ConfirmAccount,
AuthenticationTime = DatabaseEssentials.GetTimeStamp()
};
EmailManager emailManager = EmailManager.Create(Subject.CreateAccount, Email, "new user", server.Account.AuthenticationCode);
success = emailManager.Send();
if (!success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Failed to send confirmation email.");
return;
}
GenericSuccessResponse apiResponse = new GenericSuccessResponse(ResponseId.CreateAccount, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOffline() || server.AssertIdSet())
{
return;
}
server.Account.Password = SecurityManager.ScryptHash(Password);
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.UpdatePassword() || databaseManager.DeleteSecurityTokens(Array.Empty <string>()))
{
return;
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmPasswordReset, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.Account = null;
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertUserOnline())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string query = "SELECT hid FROM Tbl_event" + (IncludeExpired ? string.Empty : " WHERE expires > " + DatabaseEssentials.GetTimeStamp().ToString()) + ";";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.Get2DArray, query, 1);
Sql2DArrayResponse sql2DArrayResponse = databaseManager.Await2DArrayResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
GetAllEventsResponse response = new GetAllEventsResponse(ResponseId.GetAllEvents, sql2DArrayResponse.Result);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertUserOnline())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertEventExists(EventId) || databaseManager.AssertHasPermission(Permission.QUERY_EVENT_INFO))
{
return;
}
EventInfo eventInfo = databaseManager.GetEventInfo(EventId, out bool success);
if (!success)
{
return;
}
string query = "SELECT u.hid FROM Tbl_event as e, Tbl_user as u WHERE e.hid = \'" + DatabaseEssentials.Security.Sanitize(EventId) + "\' AND e.userid = u.id LIMIT 1;";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out success);
if (!success)
{
return;
}
if (!singleOrDefaultResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to fetch event.");
return;
}
GetEventResponseA response = new GetEventResponseA(ResponseId.GetEventA, new Event(eventInfo, singleOrDefaultResponse.Result));
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertUserOnline())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertEventExists(EventId))
{
return;
}
EventInfo eventInfo = databaseManager.GetEventInfo(EventId, out bool success);
if (!success)
{
return;
}
GetEventInfoResponse response = new GetEventInfoResponse(ResponseId.GetEventInfo, eventInfo);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || AccountInfo == null)
{
ApiError.Throw(ApiErrorCode.InvalidArgument, server, "AccountInfo was null.");
return;
}
if (server.AssertUserOnline() || server.AssertIdSet() || server.AssertAccountInfoNotNull())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string query;
bool success;
if (string.IsNullOrEmpty(server.Account.AccountInfo.UserId))
{
query = "SELECT hid FROM Tbl_user WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id);
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out success);
if (!success)
{
return;
}
if (!singleOrDefaultResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to determine userid.");
return;
}
server.Account.AccountInfo.UserId = singleOrDefaultResponse.Result;
}
AesContext aesContext = new AesContext(server.Account.AccountInfo.UserId);
string cryptoName = aesContext.EncryptOrDefault(AccountInfo.Name);
string cryptoOccupation = aesContext.EncryptOrDefault(AccountInfo.Occupation);
StringBuilder stringBuilder = new StringBuilder();
string[] infos = new string[] { AccountInfo.Info1, AccountInfo.Info2, AccountInfo.Info3, AccountInfo.Info4, AccountInfo.Info5, AccountInfo.Info6, AccountInfo.Info7, AccountInfo.Info8, AccountInfo.Info9, AccountInfo.Info10 };
for (int i = 0; i < infos.Length; i++)
{
stringBuilder.Append(", info").Append((i + 1).ToString()).Append(" = \'").Append(aesContext.EncryptOrDefault(infos[i])).Append('\'');
}
query = "UPDATE Tbl_user SET name = \'" + cryptoName + "\', occupation = \'" + cryptoOccupation + "\'" + stringBuilder.ToString() + ", location = \'" + DatabaseEssentials.Security.Sanitize(AccountInfo.Location) + "\', radius = " + AccountInfo.Radius.ToString() + ", isVisible = " + (AccountInfo.IsVisible ? "1" : "0") + ", showLog = " + (AccountInfo.ShowLog ? "1" : "0") + " WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id) + ";";
SqlApiRequest sqlApiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlApiRequest, out success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update account info.");
return;
}
GenericSuccessResponse successResponse = new GenericSuccessResponse(ResponseId.UpdateAccountInfo, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(successResponse);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAccountNull())
{
server.UnitTesting.MethodSuccess = false;
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT id, password, isOnline FROM Tbl_user WHERE email = \'", Email, "\' LIMIT 1;" });
SqlApiRequest apiRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 3);
SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(apiRequest, out bool success);
string[] data = dataArrayResponse.Result;
if (!success)
{
return;
}
if (!dataArrayResponse.Success || data.Length != 3)
{
ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address.");
return;
}
string id = data[0];
string hash = data[1];
if (Convert.ToInt32(data[2]) == 1)
{
ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device.");
return;
}
bool authenticationSuccessful = SecurityManager.ScryptCheck(Password, hash);
if (!authenticationSuccessful)
{
ApiError.Throw(ApiErrorCode.InvalidCredentials, server, "Incorrect password.");
return;
}
string securityToken = SecurityManager.GenerateSecurityToken();
// Token should expire every month.
int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime;
query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_cookies (userid, value, expires, info) VALUES (", id, ",\'", securityToken, "\',", expirationDate.ToString(), ",\'", Info, "\');" });
apiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(apiRequest, out success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to generate security token.");
return;
}
if (!databaseManager.SetupAccount(id))
{
return;
}
Permission permissions = databaseManager.GetUserPermission(server.Account.AccountInfo.UserId, out success);
if (!success)
{
return;
}
CreateCookieResponse apiResponse = new CreateCookieResponse(ResponseId.CreateCookie, securityToken, permissions);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertUserOnline())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertHasPermission(Permission.ADJUST_PRIVILEGES))
{
return;
}
bool userExists = databaseManager.CheckUserExists(TargetUserId, out bool success);
if (!success)
{
return;
}
if (!userExists)
{
ApiError.Throw(ApiErrorCode.NotFound, server, "User not found.");
return;
}
bool targetIsRoot = databaseManager.UserIsRoot(TargetUserId, out success);
if (!success)
{
return;
}
if (targetIsRoot)
{
ApiError.Throw(ApiErrorCode.InsufficientPermissions, server, "Cannot adjust permissions of root: is fixed to " + Permission.ALL_ACCESS.ToString());
return;
}
Permission currentPermissions = databaseManager.GetUserPermission(TargetUserId, out success);
if (!success)
{
return;
}
if (currentPermissions != Permissions)
{
string targetId = databaseManager.UserIdToId(TargetUserId, out success);
if (!success)
{
return;
}
string query;
if (Permissions == Permission.NONE)
{
query = "DELETE FROM Tbl_admin WHERE userid = " + targetId + ";";
}
else if (currentPermissions == Permission.NONE)
{
query = "INSERT INTO Tbl_admin (userid, permissions) VALUES (" + targetId + ", " + ((int)Permissions).ToString() + ");";
}
else
{
query = "UPDATE Tbl_admin SET permissions = " + ((int)Permissions).ToString() + " WHERE userid = " + targetId + ";";
}
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success);
if (!success)
{
return;
}
}
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ChangeUserPermissionsA, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
return;
}
