public RegistrationController(IDAFactory daFactory, JWTFactory jwt, ApiServerConfiguration config) : base("/userapi/registration")
{
JWTTokenAuthentication.Enable(this, jwt);
DAFactory = daFactory;
After.AddItemToEndOfPipeline(x =>
{
x.Response.WithHeader("Access-Control-Allow-Origin", "*");
});
//Create a new user
Post["/"] = x =>
{
var user = this.Bind <RegistrationModel>();
var tryIP = Request.Headers["X-Forwarded-For"].FirstOrDefault();
if (tryIP != null)
{
tryIP = tryIP.Substring(tryIP.LastIndexOf(',') + 1).Trim();
}
var ip = tryIP ?? Request.UserHostAddress;
user.username = user.username ?? "";
user.username = user.username.ToLowerInvariant();
user.email = user.email ?? "";
user.key = user.key ?? "";
string failReason = null;
if (user.username.Length < 3)
{
failReason = "user_short";
}
else if (user.username.Length > 24)
{
failReason = "user_long";
}
else if (!USERNAME_VALIDATION.IsMatch(user.username ?? ""))
{
failReason = "user_invalid";
}
else if ((user.password?.Length ?? 0) == 0)
{
failReason = "pass_required";
}
if (failReason != null)
{
return(Response.AsJson(new RegistrationError()
{
error = "bad_request",
error_description = failReason
}));
}
bool isAdmin = false;
if (config.Regkey != null && config.Regkey != user.key)
{
return(Response.AsJson(new RegistrationError()
{
error = "key_wrong",
error_description = failReason
}));
}
var passhash = PasswordHasher.Hash(user.password);
using (var da = daFactory.Get)
{
//has this ip been banned?
var ban = da.Bans.GetByIP(ip);
if (ban != null)
{
return(Response.AsJson(new RegistrationError()
{
error = "registration_failed",
error_description = "ip_banned"
}));
}
//has this user registered a new account too soon after their last?
var now = Epoch.Now;
var prev = da.Users.GetByRegisterIP(ip);
if (now - (prev.FirstOrDefault()?.register_date ?? 0) < REGISTER_THROTTLE_SECS)
{
//cannot create a new account this soon.
return(Response.AsJson(new RegistrationError()
{
error = "registration_failed",
error_description = "registrations_too_frequent"
}));
}
//TODO: is this ip banned?
var userModel = new User
{
username = user.username,
email = user.email,
is_admin = isAdmin,
is_moderator = isAdmin,
user_state = UserState.valid,
register_date = now,
is_banned = false,
register_ip = ip,
last_ip = ip
};
var authSettings = new UserAuthenticate
{
scheme_class = passhash.scheme,
data = passhash.data
};
try
{
var userId = da.Users.Create(userModel);
authSettings.user_id = userId;
da.Users.CreateAuth(authSettings);
userModel = da.Users.GetById(userId);
if (userModel == null)
{
throw new Exception("Unable to find user");
}
return(Response.AsJson(userModel));
} catch (Exception)
{
return(Response.AsJson(new RegistrationError()
{
error = "registration_failed",
error_description = "user_exists"
}));
}
}
};
}
public AuthController(IDAFactory daFactory, ApiServerConfiguration config)
{
this.DAFactory = daFactory;
Config = config;
this.Get["/AuthLogin"] = _ =>
{
var username = this.Request.Query["username"];
var password = this.Request.Query["password"];
var version = this.Request.Query["version"];
var clientid = (string)this.Request.Query["clientid"];
if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
{
return(Response.AsText(printError(ERROR_020_CODE, ERROR_020_MSG)));
}
AuthTicket ticket = null;
using (var db = DAFactory.Get())
{
var user = db.Users.GetByUsername(username);
if (user == null || user.is_banned)
{
return(Response.AsText(printError(ERROR_110_CODE, ERROR_110_MSG)));
}
if (config.Maintainance && !(user.is_admin || user.is_moderator))
{
return(Response.AsText(printError(ERROR_160_CODE, ERROR_160_MSG)));
}
var authSettings = db.Users.GetAuthenticationSettings(user.user_id);
var isPasswordCorrect = PasswordHasher.Verify(password, new PasswordHash
{
data = authSettings.data,
scheme = authSettings.scheme_class
});
if (!isPasswordCorrect)
{
return(Response.AsText(printError(ERROR_110_CODE, ERROR_110_MSG)));
}
var tryIP = Request.Headers["X-Forwarded-For"].FirstOrDefault();
if (tryIP != null)
{
tryIP = tryIP.Substring(tryIP.LastIndexOf(',') + 1).Trim();
}
var ip = tryIP ?? this.Request.UserHostAddress;
var ban = db.Bans.GetByIP(ip);
if (ban != null)
{
return(Response.AsText(printError(ERROR_110_CODE, ERROR_110_MSG)));
}
db.Users.UpdateClientID(user.user_id, clientid ?? "0");
/** Make a ticket **/
ticket = new AuthTicket();
ticket.ticket_id = Guid.NewGuid().ToString().Replace("-", "");
ticket.user_id = user.user_id;
ticket.date = Epoch.Now;
ticket.ip = ip;
db.AuthTickets.Create(ticket);
}
return(Response.AsText("Valid=TRUE\r\nTicket=" + ticket.ticket_id.ToString() + "\r\n"));
};
}
public CitySelectorController(IDAFactory DAFactory, ApiServerConfiguration config, JWTFactory jwt, IShardsDomain shardsDomain) : base("/cityselector")
{
JsonWebToken.JWTTokenAuthentication.Enable(this, jwt);
var str = GetServerVersion();
var split = str.LastIndexOf('-');
VersionName = str;
if (split != -1)
{
VersionName = str.Substring(0, split);
VersionNumber = str.Substring(split + 1);
}
try
{
using (var file = File.Open("updateUrl.txt", FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
{
var reader = new StreamReader(file);
DownloadURL = reader.ReadLine();
reader.Close();
}
} catch (Exception)
{
DownloadURL = ""; // couldn't find info from the watchdog
}
//Take the auth ticket, establish trust and then create a cookie (reusing JWT)
this.Get["/app/InitialConnectServlet"] = _ =>
{
var ticketValue = this.Request.Query["ticket"];
var version = this.Request.Query["version"];
if (ticketValue == null)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG)));
}
using (var db = DAFactory.Get())
{
var ticket = db.AuthTickets.Get((string)ticketValue);
if (ticket == null)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG)));
}
db.AuthTickets.Delete((string)ticketValue);
if (ticket.date + config.AuthTicketDuration < Epoch.Now)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_EXPIRED_TOKEN_CODE, ERROR_EXPIRED_TOKEN_MSG)));
}
/** Is it a valid account? **/
var user = db.Users.GetById(ticket.user_id);
if (user == null)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG)));
}
//Use JWT to create and sign an auth cookies
var session = new JWTUserIdentity()
{
UserID = user.user_id,
UserName = user.username
};
var token = jwt.CreateToken(session);
return(Response.AsXml(new UserAuthorized()
{
FSOBranch = VersionName,
FSOVersion = VersionNumber,
FSOUpdateUrl = DownloadURL
})
.WithCookie("fso", token.Token));
}
};
//Return a list of the users avatars
this.Get["/app/AvatarDataServlet"] = _ =>
{
this.RequiresAuthentication();
var user = (JWTUserIdentity)this.Context.CurrentUser;
var result = new XMLList <AvatarData>("The-Sims-Online");
using (var db = DAFactory.Get())
{
var avatars = db.Avatars.GetSummaryByUserId(user.UserID);
foreach (var avatar in avatars)
{
result.Add(new AvatarData {
ID = avatar.avatar_id,
Name = avatar.name,
ShardName = shardsDomain.GetById(avatar.shard_id).Name,
HeadOutfitID = avatar.head,
BodyOutfitID = avatar.body,
AppearanceType = (AvatarAppearanceType)Enum.Parse(typeof(AvatarAppearanceType), avatar.skin_tone.ToString()),
Description = avatar.description,
LotId = avatar.lot_id,
LotName = avatar.lot_name,
LotLocation = avatar.lot_location
});
}
}
return(Response.AsXml(result));
};
this.Get["/app/ShardSelectorServlet"] = _ =>
{
this.RequiresAuthentication();
var user = (JWTUserIdentity)this.Context.CurrentUser;
var shardName = this.Request.Query["shardName"];
var avatarId = this.Request.Query["avatarId"];
if (avatarId == null)
{
//Using 0 to mean no avatar for CAS
avatarId = "0";
}
using (var db = DAFactory.Get())
{
ShardStatusItem shard = shardsDomain.GetByName(shardName);
if (shard != null)
{
var tryIP = Request.Headers["X-Forwarded-For"].FirstOrDefault();
if (tryIP != null)
{
tryIP = tryIP.Substring(tryIP.LastIndexOf(',') + 1).Trim();
}
var ip = tryIP ?? this.Request.UserHostAddress;
uint avatarDBID = uint.Parse(avatarId);
if (avatarDBID != 0)
{
var avatar = db.Avatars.Get(avatarDBID);
if (avatar == null)
{
//can't join server with an avatar that doesn't exist
return(Response.AsXml(new XMLErrorMessage(ERROR_AVATAR_NOT_FOUND_CODE, ERROR_AVATAR_NOT_FOUND_MSG)));
}
if (avatar.user_id != user.UserID || avatar.shard_id != shard.Id)
{
//make sure we own the avatar we're trying to connect with
LOG.Info("SECURITY: Invalid avatar login attempt from " + ip + ", user " + user.UserID);
return(Response.AsXml(new XMLErrorMessage(ERROR_AVATAR_NOT_YOURS_CODE, ERROR_AVATAR_NOT_YOURS_MSG)));
}
}
var ban = db.Bans.GetByIP(ip);
if (ban != null || db.Users.GetById(user.UserID)?.is_banned != false)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_BANNED_CODE, ERROR_BANNED_MSG)));
}
/** Make an auth ticket **/
var ticket = new ShardTicket
{
ticket_id = Guid.NewGuid().ToString().Replace("-", ""),
user_id = user.UserID,
avatar_id = avatarDBID,
date = Epoch.Now,
ip = ip
};
db.Users.UpdateConnectIP(ticket.user_id, ip);
db.Shards.CreateTicket(ticket);
var result = new ShardSelectorServletResponse();
result.PreAlpha = false;
result.Address = shard.PublicHost;
result.PlayerID = user.UserID;
result.Ticket = ticket.ticket_id;
result.ConnectionID = ticket.ticket_id;
result.AvatarID = avatarId;
return(Response.AsXml(result));
}
else
{
return(Response.AsXml(new XMLErrorMessage(ERROR_SHARD_NOT_FOUND_CODE, ERROR_SHARD_NOT_FOUND_MSG)));
}
}
};
//Get a list of shards (cities)
this.Get["/shard-status.jsp"] = _ =>
{
var result = new XMLList <ShardStatusItem>("Shard-Status-List");
var shards = shardsDomain.All;
foreach (var shard in shards)
{
var status = Protocol.CitySelector.ShardStatus.Down;
/*switch (shard.Status)
* {
* case Database.DA.Shards.ShardStatus.Up:
* status = Protocol.CitySelector.ShardStatus.Up;
* break;
* case Database.DA.Shards.ShardStatus.Full:
* status = Protocol.CitySelector.ShardStatus.Full;
* break;
* case Database.DA.Shards.ShardStatus.Frontier:
* status = Protocol.CitySelector.ShardStatus.Frontier;
* break;
* case Database.DA.Shards.ShardStatus.Down:
* status = Protocol.CitySelector.ShardStatus.Down;
* break;
* case Database.DA.Shards.ShardStatus.Closed:
* status = Protocol.CitySelector.ShardStatus.Closed;
* break;
* case Database.DA.Shards.ShardStatus.Busy:
* status = Protocol.CitySelector.ShardStatus.Busy;
* break;
* }*/
result.Add(shard);
}
return(Response.AsXml(result));
};
}
