private static void PerformanceTest()
{
ApiServer server = ApiServer.CreateDummy();
using DatabaseManager databaseManager = new DatabaseManager(server);
const string query = "SELECT id FROM Tbl_user WHERE id = 1 LIMIT 1";
SqlApiRequest request = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
const int maxIter = 10000;
Console.WriteLine("Performance Test: Sending " + maxIter.ToString() + " requests to DB server ...");
Stopwatch stopwatch = Stopwatch.StartNew();
for (int i = 0; i < maxIter; i++)
{
SqlSingleOrDefaultResponse response = databaseManager.AwaitSingleOrDefaultResponse(request, out bool success);
if (!success)
{
break;
}
Console.WriteLine("Request #" + i.ToString() + " succeeded!");
}
stopwatch.Stop();
double average = stopwatch.ElapsedMilliseconds / (double)maxIter;
Console.WriteLine("Average time per request: " + average.ToString() + " ms.");
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOnline() || server.AssertPasswordSet() || server.AssertIdSet())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
// Check if security token is valid.
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT u.id FROM Tbl_cookies as c, Tbl_user as u WHERE c.value = \'", SecurityToken, "\' AND u.id = c.userid;" });
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 2);
SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out bool success);
if (!success)
{
return;
}
if (!singleOrDefaultResponse.Success || !singleOrDefaultResponse.Result.Equals(server.Account.Id))
{
ApiError.Throw(ApiErrorCode.InvalidToken, server, "Security token was invalid.");
return;
}
// Reset security token expiration timer..
int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime;
query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_cookies SET expires = \'", expirationDate.ToString(), "\' WHERE value = \'", SecurityToken, "\';" });
sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to refresh security token.");
return;
}
// Delete all other security tokens associated with the account.
if (databaseManager.DeleteSecurityTokens(new string[] { SecurityToken }))
{
return;
}
// Update password.
if (databaseManager.UpdatePassword())
{
return;
}
server.Account.AuthenticationCode = string.Empty;
server.Account.AuthenticationId = ApiRequestId.Invalid;
server.Account.AuthenticationTime = -1;
GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public bool CheckEmailAvailable(string email, out bool success)
{
string sanitizedEmail = DatabaseEssentials.Security.Sanitize(email);
string query = "SELECT 1 FROM Tbl_user WHERE email = \'" + sanitizedEmail + "\' LIMIT 1;";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = this.AwaitSingleOrDefaultResponse(sqlRequest, out bool sqlSuccess);
success = sqlSuccess;
return(success && !singleOrDefaultResponse.Success);
}
public bool CheckUserExists(string userId, out bool success)
{
string query = "SELECT 1 FROM Tbl_user WHERE hid = \'" + DatabaseEssentials.Security.Sanitize(userId) + "\' LIMIT 1;";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = AwaitSingleOrDefaultResponse(sqlRequest, out bool sqlSuccess);
if (!sqlSuccess)
{
success = false;
return(false);
}
success = true;
return(singleOrDefaultResponse.Success);
}
public Permission GetUserPermission(string userId, out bool success)
{
string id = UserIdToId(userId, out bool sqlSuccess);
if (!sqlSuccess)
{
success = false;
return(Permission.NONE);
}
string query = "SELECT permissions FROM Tbl_admin WHERE userid = " + id + " LIMIT 1;";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = AwaitSingleOrDefaultResponse(sqlRequest, out sqlSuccess);
if (!sqlSuccess)
{
success = false;
return(Permission.NONE);
}
if (!singleOrDefaultResponse.Success)
{
success = true;
return(Permission.NONE);
}
bool parseSuccess = int.TryParse(singleOrDefaultResponse.Result, out int intPermission);
if (!parseSuccess)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to parse user permission.");
success = false;
return(Permission.NONE);
}
Permission permission = (Permission)intPermission;
if (permission == Permission.NONE)
{
query = "DELETE FROM Tbl_admin WHERE userid = " + id + ";";
sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
AwaitModifyDataResponse(sqlRequest, out sqlSuccess);
if (!sqlSuccess)
{
success = false;
return(Permission.NONE);
}
}
success = true;
return(permission);
}
public override async void Process(SqlServer server)
{
SqlPacket packet = await DatabaseManager.GetSingleOrDefault(Query);
ApiResponse response;
if (packet.Success)
{
string result = (string)packet.Data;
response = SqlSingleOrDefaultResponse.Create(result);
}
else
{
response = SqlErrorResponse.Create(packet.ErrorMessage);
}
SerializedSqlApiResponse serializedApiResponse = SerializedSqlApiResponse.Create(response);
string data = serializedApiResponse.Serialize();
server.Network.Send(data);
}
public bool UserIsRoot(string userId, out bool success)
{
string query = "SELECT email FROM Tbl_user WHERE hid = \'" + DatabaseEssentials.Security.Sanitize(userId) + "\' LIMIT 1;";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = AwaitSingleOrDefaultResponse(sqlRequest, out bool sqlSuccess);
if (!sqlSuccess)
{
success = false;
return(false);
}
if (!singleOrDefaultResponse.Success)
{
ApiError.Throw(ApiErrorCode.InvalidUser, server, "User could not be found.");
success = false;
return(false);
}
success = true;
return(singleOrDefaultResponse.Result.Equals(MainServer.Config.WamsrvEmailConfig.EmailAddress));
}
/// <summary>
/// Throws an exception if the EventID is invalid and returns true otherwise.
/// </summary>
/// <param name="server"></param>
/// <param name="eventId"></param>
/// <returns></returns>
public bool AssertEventExists(string eventId)
{
if (string.IsNullOrEmpty(eventId))
{
ApiError.Throw(ApiErrorCode.InvalidArgument, server, "Invalid argument: EventID was null.");
return(true);
}
string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT 1 FROM Tbl_event WHERE hid = \'", eventId, "\' LIMIT 1;" });
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = AwaitSingleOrDefaultResponse(sqlRequest, out bool success);
if (!success)
{
return(true);
}
if (!singleOrDefaultResponse.Success)
{
ApiError.Throw(ApiErrorCode.NotFound, server, "There is no event associated with this EventID.");
return(true);
}
return(false);
}
public string UserIdToId(string userid, out bool success)
{
string sanitizedUserId = DatabaseEssentials.Security.Sanitize(userid);
string query = "SELECT id FROM Tbl_user WHERE hid = \'" + sanitizedUserId + "\' LIMIT 1;";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = this.AwaitSingleOrDefaultResponse(sqlRequest, out bool sqlSuccess);
if (!sqlSuccess)
{
success = false;
return(string.Empty);
}
string id = singleOrDefaultResponse.Result;
if (!singleOrDefaultResponse.Success)
{
ApiError.Throw(ApiErrorCode.InvalidUser, server, "User could not be found.");
success = false;
return(string.Empty);
}
success = true;
return(id);
}
public bool OptionalAssertUserExists(string id, bool isDatabaseId)
{
if (MainServer.Config.AdvancedErrorChecking)
{
string query;
if (isDatabaseId)
{
query = "SELECT 1 FROM Tbl_user WHERE id = " + DatabaseEssentials.Security.Sanitize(id) + ";";
}
else
{
query = "SELECT 1 FROM Tbl_user WHERE hid = \'" + DatabaseEssentials.Security.Sanitize(id) + "\';";
}
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = AwaitSingleOrDefaultResponse(sqlRequest, out bool success);
if (!success)
{
return(true);
}
return(!singleOrDefaultResponse.Success);
}
return(false);
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || server.AssertUserOnline())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
if (databaseManager.AssertEventExists(EventId) || databaseManager.AssertHasPermission(Permission.QUERY_EVENT_INFO))
{
return;
}
EventInfo eventInfo = databaseManager.GetEventInfo(EventId, out bool success);
if (!success)
{
return;
}
string query = "SELECT u.hid FROM Tbl_event as e, Tbl_user as u WHERE e.hid = \'" + DatabaseEssentials.Security.Sanitize(EventId) + "\' AND e.userid = u.id LIMIT 1;";
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out success);
if (!success)
{
return;
}
if (!singleOrDefaultResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to fetch event.");
return;
}
GetEventResponseA response = new GetEventResponseA(ResponseId.GetEventA, new Event(eventInfo, singleOrDefaultResponse.Result));
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
public override void Process(ApiServer server)
{
if (server.AssertServerSetup(this) || AccountInfo == null)
{
ApiError.Throw(ApiErrorCode.InvalidArgument, server, "AccountInfo was null.");
return;
}
if (server.AssertUserOnline() || server.AssertIdSet() || server.AssertAccountInfoNotNull())
{
return;
}
using DatabaseManager databaseManager = new DatabaseManager(server);
string query;
bool success;
if (string.IsNullOrEmpty(server.Account.AccountInfo.UserId))
{
query = "SELECT hid FROM Tbl_user WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id);
SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1);
SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out success);
if (!success)
{
return;
}
if (!singleOrDefaultResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to determine userid.");
return;
}
server.Account.AccountInfo.UserId = singleOrDefaultResponse.Result;
}
AesContext aesContext = new AesContext(server.Account.AccountInfo.UserId);
string cryptoName = aesContext.EncryptOrDefault(AccountInfo.Name);
string cryptoOccupation = aesContext.EncryptOrDefault(AccountInfo.Occupation);
StringBuilder stringBuilder = new StringBuilder();
string[] infos = new string[] { AccountInfo.Info1, AccountInfo.Info2, AccountInfo.Info3, AccountInfo.Info4, AccountInfo.Info5, AccountInfo.Info6, AccountInfo.Info7, AccountInfo.Info8, AccountInfo.Info9, AccountInfo.Info10 };
for (int i = 0; i < infos.Length; i++)
{
stringBuilder.Append(", info").Append((i + 1).ToString()).Append(" = \'").Append(aesContext.EncryptOrDefault(infos[i])).Append('\'');
}
query = "UPDATE Tbl_user SET name = \'" + cryptoName + "\', occupation = \'" + cryptoOccupation + "\'" + stringBuilder.ToString() + ", location = \'" + DatabaseEssentials.Security.Sanitize(AccountInfo.Location) + "\', radius = " + AccountInfo.Radius.ToString() + ", isVisible = " + (AccountInfo.IsVisible ? "1" : "0") + ", showLog = " + (AccountInfo.ShowLog ? "1" : "0") + " WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id) + ";";
SqlApiRequest sqlApiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1);
SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlApiRequest, out success);
if (!success)
{
return;
}
if (!modifyDataResponse.Success)
{
ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update account info.");
return;
}
GenericSuccessResponse successResponse = new GenericSuccessResponse(ResponseId.UpdateAccountInfo, true);
SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(successResponse);
string json = serializedApiResponse.Serialize();
server.Send(json);
server.UnitTesting.MethodSuccess = true;
}
