public RegistrationController(IDAFactory daFactory, JWTFactory jwt, ApiServerConfiguration config) : base("/userapi/registration") { JWTTokenAuthentication.Enable(this, jwt); DAFactory = daFactory; After.AddItemToEndOfPipeline(x => { x.Response.WithHeader("Access-Control-Allow-Origin", "*"); }); //Create a new user Post["/"] = x => { var user = this.Bind <RegistrationModel>(); var tryIP = Request.Headers["X-Forwarded-For"].FirstOrDefault(); if (tryIP != null) { tryIP = tryIP.Substring(tryIP.LastIndexOf(',') + 1).Trim(); } var ip = tryIP ?? Request.UserHostAddress; user.username = user.username ?? ""; user.username = user.username.ToLowerInvariant(); user.email = user.email ?? ""; user.key = user.key ?? ""; string failReason = null; if (user.username.Length < 3) { failReason = "user_short"; } else if (user.username.Length > 24) { failReason = "user_long"; } else if (!USERNAME_VALIDATION.IsMatch(user.username ?? "")) { failReason = "user_invalid"; } else if ((user.password?.Length ?? 0) == 0) { failReason = "pass_required"; } if (failReason != null) { return(Response.AsJson(new RegistrationError() { error = "bad_request", error_description = failReason })); } bool isAdmin = false; if (config.Regkey != null && config.Regkey != user.key) { return(Response.AsJson(new RegistrationError() { error = "key_wrong", error_description = failReason })); } var passhash = PasswordHasher.Hash(user.password); using (var da = daFactory.Get) { //has this ip been banned? var ban = da.Bans.GetByIP(ip); if (ban != null) { return(Response.AsJson(new RegistrationError() { error = "registration_failed", error_description = "ip_banned" })); } //has this user registered a new account too soon after their last? var now = Epoch.Now; var prev = da.Users.GetByRegisterIP(ip); if (now - (prev.FirstOrDefault()?.register_date ?? 0) < REGISTER_THROTTLE_SECS) { //cannot create a new account this soon. return(Response.AsJson(new RegistrationError() { error = "registration_failed", error_description = "registrations_too_frequent" })); } //TODO: is this ip banned? var userModel = new User { username = user.username, email = user.email, is_admin = isAdmin, is_moderator = isAdmin, user_state = UserState.valid, register_date = now, is_banned = false, register_ip = ip, last_ip = ip }; var authSettings = new UserAuthenticate { scheme_class = passhash.scheme, data = passhash.data }; try { var userId = da.Users.Create(userModel); authSettings.user_id = userId; da.Users.CreateAuth(authSettings); userModel = da.Users.GetById(userId); if (userModel == null) { throw new Exception("Unable to find user"); } return(Response.AsJson(userModel)); } catch (Exception) { return(Response.AsJson(new RegistrationError() { error = "registration_failed", error_description = "user_exists" })); } } }; }
public AuthController(IDAFactory daFactory, ApiServerConfiguration config) { this.DAFactory = daFactory; Config = config; this.Get["/AuthLogin"] = _ => { var username = this.Request.Query["username"]; var password = this.Request.Query["password"]; var version = this.Request.Query["version"]; var clientid = (string)this.Request.Query["clientid"]; if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password)) { return(Response.AsText(printError(ERROR_020_CODE, ERROR_020_MSG))); } AuthTicket ticket = null; using (var db = DAFactory.Get()) { var user = db.Users.GetByUsername(username); if (user == null || user.is_banned) { return(Response.AsText(printError(ERROR_110_CODE, ERROR_110_MSG))); } if (config.Maintainance && !(user.is_admin || user.is_moderator)) { return(Response.AsText(printError(ERROR_160_CODE, ERROR_160_MSG))); } var authSettings = db.Users.GetAuthenticationSettings(user.user_id); var isPasswordCorrect = PasswordHasher.Verify(password, new PasswordHash { data = authSettings.data, scheme = authSettings.scheme_class }); if (!isPasswordCorrect) { return(Response.AsText(printError(ERROR_110_CODE, ERROR_110_MSG))); } var tryIP = Request.Headers["X-Forwarded-For"].FirstOrDefault(); if (tryIP != null) { tryIP = tryIP.Substring(tryIP.LastIndexOf(',') + 1).Trim(); } var ip = tryIP ?? this.Request.UserHostAddress; var ban = db.Bans.GetByIP(ip); if (ban != null) { return(Response.AsText(printError(ERROR_110_CODE, ERROR_110_MSG))); } db.Users.UpdateClientID(user.user_id, clientid ?? "0"); /** Make a ticket **/ ticket = new AuthTicket(); ticket.ticket_id = Guid.NewGuid().ToString().Replace("-", ""); ticket.user_id = user.user_id; ticket.date = Epoch.Now; ticket.ip = ip; db.AuthTickets.Create(ticket); } return(Response.AsText("Valid=TRUE\r\nTicket=" + ticket.ticket_id.ToString() + "\r\n")); }; }
public CitySelectorController(IDAFactory DAFactory, ApiServerConfiguration config, JWTFactory jwt, IShardsDomain shardsDomain) : base("/cityselector") { JsonWebToken.JWTTokenAuthentication.Enable(this, jwt); var str = GetServerVersion(); var split = str.LastIndexOf('-'); VersionName = str; if (split != -1) { VersionName = str.Substring(0, split); VersionNumber = str.Substring(split + 1); } try { using (var file = File.Open("updateUrl.txt", FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) { var reader = new StreamReader(file); DownloadURL = reader.ReadLine(); reader.Close(); } } catch (Exception) { DownloadURL = ""; // couldn't find info from the watchdog } //Take the auth ticket, establish trust and then create a cookie (reusing JWT) this.Get["/app/InitialConnectServlet"] = _ => { var ticketValue = this.Request.Query["ticket"]; var version = this.Request.Query["version"]; if (ticketValue == null) { return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG))); } using (var db = DAFactory.Get()) { var ticket = db.AuthTickets.Get((string)ticketValue); if (ticket == null) { return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG))); } db.AuthTickets.Delete((string)ticketValue); if (ticket.date + config.AuthTicketDuration < Epoch.Now) { return(Response.AsXml(new XMLErrorMessage(ERROR_EXPIRED_TOKEN_CODE, ERROR_EXPIRED_TOKEN_MSG))); } /** Is it a valid account? **/ var user = db.Users.GetById(ticket.user_id); if (user == null) { return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG))); } //Use JWT to create and sign an auth cookies var session = new JWTUserIdentity() { UserID = user.user_id, UserName = user.username }; var token = jwt.CreateToken(session); return(Response.AsXml(new UserAuthorized() { FSOBranch = VersionName, FSOVersion = VersionNumber, FSOUpdateUrl = DownloadURL }) .WithCookie("fso", token.Token)); } }; //Return a list of the users avatars this.Get["/app/AvatarDataServlet"] = _ => { this.RequiresAuthentication(); var user = (JWTUserIdentity)this.Context.CurrentUser; var result = new XMLList <AvatarData>("The-Sims-Online"); using (var db = DAFactory.Get()) { var avatars = db.Avatars.GetSummaryByUserId(user.UserID); foreach (var avatar in avatars) { result.Add(new AvatarData { ID = avatar.avatar_id, Name = avatar.name, ShardName = shardsDomain.GetById(avatar.shard_id).Name, HeadOutfitID = avatar.head, BodyOutfitID = avatar.body, AppearanceType = (AvatarAppearanceType)Enum.Parse(typeof(AvatarAppearanceType), avatar.skin_tone.ToString()), Description = avatar.description, LotId = avatar.lot_id, LotName = avatar.lot_name, LotLocation = avatar.lot_location }); } } return(Response.AsXml(result)); }; this.Get["/app/ShardSelectorServlet"] = _ => { this.RequiresAuthentication(); var user = (JWTUserIdentity)this.Context.CurrentUser; var shardName = this.Request.Query["shardName"]; var avatarId = this.Request.Query["avatarId"]; if (avatarId == null) { //Using 0 to mean no avatar for CAS avatarId = "0"; } using (var db = DAFactory.Get()) { ShardStatusItem shard = shardsDomain.GetByName(shardName); if (shard != null) { var tryIP = Request.Headers["X-Forwarded-For"].FirstOrDefault(); if (tryIP != null) { tryIP = tryIP.Substring(tryIP.LastIndexOf(',') + 1).Trim(); } var ip = tryIP ?? this.Request.UserHostAddress; uint avatarDBID = uint.Parse(avatarId); if (avatarDBID != 0) { var avatar = db.Avatars.Get(avatarDBID); if (avatar == null) { //can't join server with an avatar that doesn't exist return(Response.AsXml(new XMLErrorMessage(ERROR_AVATAR_NOT_FOUND_CODE, ERROR_AVATAR_NOT_FOUND_MSG))); } if (avatar.user_id != user.UserID || avatar.shard_id != shard.Id) { //make sure we own the avatar we're trying to connect with LOG.Info("SECURITY: Invalid avatar login attempt from " + ip + ", user " + user.UserID); return(Response.AsXml(new XMLErrorMessage(ERROR_AVATAR_NOT_YOURS_CODE, ERROR_AVATAR_NOT_YOURS_MSG))); } } var ban = db.Bans.GetByIP(ip); if (ban != null || db.Users.GetById(user.UserID)?.is_banned != false) { return(Response.AsXml(new XMLErrorMessage(ERROR_BANNED_CODE, ERROR_BANNED_MSG))); } /** Make an auth ticket **/ var ticket = new ShardTicket { ticket_id = Guid.NewGuid().ToString().Replace("-", ""), user_id = user.UserID, avatar_id = avatarDBID, date = Epoch.Now, ip = ip }; db.Users.UpdateConnectIP(ticket.user_id, ip); db.Shards.CreateTicket(ticket); var result = new ShardSelectorServletResponse(); result.PreAlpha = false; result.Address = shard.PublicHost; result.PlayerID = user.UserID; result.Ticket = ticket.ticket_id; result.ConnectionID = ticket.ticket_id; result.AvatarID = avatarId; return(Response.AsXml(result)); } else { return(Response.AsXml(new XMLErrorMessage(ERROR_SHARD_NOT_FOUND_CODE, ERROR_SHARD_NOT_FOUND_MSG))); } } }; //Get a list of shards (cities) this.Get["/shard-status.jsp"] = _ => { var result = new XMLList <ShardStatusItem>("Shard-Status-List"); var shards = shardsDomain.All; foreach (var shard in shards) { var status = Protocol.CitySelector.ShardStatus.Down; /*switch (shard.Status) * { * case Database.DA.Shards.ShardStatus.Up: * status = Protocol.CitySelector.ShardStatus.Up; * break; * case Database.DA.Shards.ShardStatus.Full: * status = Protocol.CitySelector.ShardStatus.Full; * break; * case Database.DA.Shards.ShardStatus.Frontier: * status = Protocol.CitySelector.ShardStatus.Frontier; * break; * case Database.DA.Shards.ShardStatus.Down: * status = Protocol.CitySelector.ShardStatus.Down; * break; * case Database.DA.Shards.ShardStatus.Closed: * status = Protocol.CitySelector.ShardStatus.Closed; * break; * case Database.DA.Shards.ShardStatus.Busy: * status = Protocol.CitySelector.ShardStatus.Busy; * break; * }*/ result.Add(shard); } return(Response.AsXml(result)); }; }