public static ValidateInfo FromTaggingRestrictions(Scaffold.User user, Scaffold.UserUploadHistory history)
{
return(new ValidateInfo
{
User = user,
History = history,
MaxCommandsAge = TimeSpan.FromDays(Configuration.Behavior.Tagging.MaxDaysSinceCommandUpload),
MaxIncomingsAge = TimeSpan.FromDays(Configuration.Behavior.Tagging.MaxDaysSinceIncomingsUpload),
MaxReportsAge = TimeSpan.FromDays(Configuration.Behavior.Tagging.MaxDaysSinceReportUpload),
MaxTroopsAge = TimeSpan.FromDays(Configuration.Behavior.Tagging.MaxDaysSinceTroopUpload)
});
}
public IActionResult CreateAccessGroup(String systemToken, [FromBody] AccessGroupRequest groupRequest)
{
var token = Guid.Parse(systemToken);
var user = context.User.Where(u => u.AuthToken == token).FirstOrDefault();
if (user == null || user.PermissionsLevel < (short)PermissionLevel.System)
{
return(NotFound());
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (groupRequest.FirstPlayerId == null && groupRequest.FirstPlayerName == null)
{
return(BadRequest("Need to define at least either firstPlayerId or firstPlayerName"));
}
var escapedName = groupRequest.FirstPlayerName?.UrlEncode();
var playerId = groupRequest.FirstPlayerId ?? context.Player.FromWorld(CurrentWorldId).Where(p => p.PlayerName == escapedName).First().PlayerId;
var newGroup = new Scaffold.AccessGroup();
newGroup.WorldId = CurrentWorldId;
context.Add(newGroup);
context.SaveChanges();
var newUser = new Scaffold.User();
newUser.TransactionTime = DateTime.UtcNow;
newUser.AccessGroupId = newGroup.Id;
newUser.AuthToken = Guid.NewGuid();
newUser.PlayerId = playerId;
newUser.PermissionsLevel = groupRequest.PermissionsLevel;
newUser.Enabled = true;
newUser.IsReadOnly = false;
newUser.WorldId = CurrentWorldId;
context.Add(newUser);
context.SaveChanges();
return(Ok(new
{
AuthToken = newUser.AuthToken,
Script = $"javascript:window.vaultToken='{newUser.AuthToken}';$.getScript('https://v.tylercamp.me/script/main.js')"
}));
}
public static JSON.User ModelToJson(Scaffold.User user, String playerName = null, String tribeName = null)
{
var result = new JSON.User();
result.PlayerId = user.PlayerId;
result.IsAdmin = user.PermissionsLevel >= (short)Security.PermissionLevel.Admin;
result.PlayerName = playerName;
result.TribeName = tribeName;
if (user.PermissionsLevel < (short)Security.PermissionLevel.System)
{
result.Key = user.AuthToken.ToString();
}
return(result);
}
public async Task <IActionResult> MakeVaultKey([FromBody] JSON.VaultKeyRequest keyRequest)
{
if (!CurrentUserIsAdmin)
{
var authRecord = MakeFailedAuthRecord("User is not admin");
context.Add(authRecord);
await context.SaveChangesAsync();
return(Unauthorized());
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
Scaffold.Player player;
if (keyRequest.PlayerId.HasValue)
{
long playerId = keyRequest.PlayerId.Value;
var possiblePlayer = await(
from p in CurrentSets.Player
where p.PlayerId == playerId
select p
).FirstOrDefaultAsync();
if (possiblePlayer == null)
{
return(BadRequest(new { error = Translate("ADMIN_PLAYER_NOT_FOUND_ID") }));
}
player = possiblePlayer;
}
else if (keyRequest.PlayerName != null)
{
var formattedPlayerName = keyRequest.PlayerName.UrlEncode();
var possiblePlayer = await(
from p in CurrentSets.Player
where p.PlayerName == formattedPlayerName
select p
).FirstOrDefaultAsync();
if (possiblePlayer == null)
{
return(BadRequest(new { error = Translate("ADMIN_PLAYER_NOT_FOUND_NAME") }));
}
player = possiblePlayer;
}
else
{
return(BadRequest(new { error = Translate("ADMIN_PLAYER_NAME_NOT_SET") }));
}
if (!CurrentUserIsSystem && player.TribeId != CurrentTribeId && Configuration.Security.RestrictAccessWithinTribes)
{
return(BadRequest(new { error = Translate("ADMIN_PLAYER_NOT_IN_TRIBE") }));
}
bool userExists = await(
from user in CurrentSets.User
where user.PlayerId == player.PlayerId
where user.WorldId == null || user.WorldId == CurrentWorldId
where user.Enabled
select user
).AnyAsync();
if (userExists)
{
return(BadRequest(new { error = Translate("ADMIN_PLAYER_HAS_KEY") }));
}
var newAuthUser = new Scaffold.User();
newAuthUser.WorldId = CurrentWorldId;
newAuthUser.PlayerId = player.PlayerId;
newAuthUser.AccessGroupId = CurrentAccessGroupId;
newAuthUser.AuthToken = Guid.NewGuid();
newAuthUser.Enabled = true;
newAuthUser.TransactionTime = DateTime.UtcNow;
newAuthUser.AdminAuthToken = CurrentAuthToken;
newAuthUser.AdminPlayerId = CurrentPlayerId;
newAuthUser.KeySource = CurrentUserId;
newAuthUser.Label = player.PlayerName;
newAuthUser.Tx = BuildTransaction();
if (keyRequest.NewUserIsAdmin)
{
newAuthUser.PermissionsLevel = (short)Security.PermissionLevel.Admin;
}
else
{
newAuthUser.PermissionsLevel = (short)Security.PermissionLevel.Default;
}
context.User.Add(newAuthUser);
await context.SaveChangesAsync();
var jsonUser = UserConvert.ModelToJson(newAuthUser);
jsonUser.PlayerName = player.PlayerName.UrlDecode();
var playerTribe = await(
from tribe in CurrentSets.Ally
where tribe.TribeId == player.TribeId
select tribe
).FirstOrDefaultAsync();
jsonUser.TribeName = playerTribe?.TribeName?.UrlDecode();
return(Ok(jsonUser));
}
public ActionResult Post([FromBody] UserInfo userInfo)
{
var world = context.World.Where(w => w.Id == userInfo.WorldId).SingleOrDefault();
if (world == null)
{
return(Ok(new { error = "No world exists with that id" }));
}
var encodedPlayerName = userInfo.Name.UrlEncode();
var player = context.Player.Where(p => p.WorldId == userInfo.WorldId && p.PlayerName == encodedPlayerName).SingleOrDefault();
if (player == null)
{
return(Ok(new { error = $"No user exists with that name on world {world.Hostname} (Name is Case-Sensitive).\n\nIf you just registered, you'll need to wait up to 60 minutes for the world data to refresh." }));
}
var remoteIp = HttpContext.Connection.RemoteIpAddress;
try
{
var captchaPrivateKey = Configuration.Instance["CaptchaSecretKey"];
var captchaUrl = $"https://www.google.com/recaptcha/api/siteverify?secret={captchaPrivateKey}&response={userInfo.CaptchaToken}&remoteip={remoteIp}";
var captchaRequest = (HttpWebRequest)WebRequest.Create(captchaUrl);
using (var response = captchaRequest.GetResponse())
using (var stream = new StreamReader(response.GetResponseStream()))
{
var responseObject = JObject.Parse(stream.ReadToEnd());
var success = responseObject.Value <bool>("success");
if (!success)
{
var errorCodes = responseObject.GetValue("error-codes").Values <string>();
logger.LogWarning("Got error codes from captcha when verifying for remote IP {0}: [{1}]", remoteIp, string.Join(", ", errorCodes));
return(Ok(new { error = "Captcha verification failed" }));
}
}
}
catch (Exception e)
{
logger.LogError("Captcha error occured: {ex}", e);
return(Ok(new { error = "An error occurred while verifying captcha" }));
}
var tx = new Scaffold.Transaction
{
OccurredAt = DateTime.UtcNow,
WorldId = world.Id,
Ip = remoteIp
};
context.Add(tx);
var accessGroup = new Scaffold.AccessGroup();
accessGroup.WorldId = userInfo.WorldId;
accessGroup.Label = userInfo.Name;
context.AccessGroup.Add(accessGroup);
context.SaveChanges();
var authToken = Guid.NewGuid();
var user = new Scaffold.User
{
AccessGroupId = accessGroup.Id,
WorldId = (short)userInfo.WorldId,
PlayerId = player.PlayerId,
Enabled = true,
PermissionsLevel = 2,
AuthToken = authToken,
TransactionTime = DateTime.UtcNow,
Label = $"{world.Name} - {userInfo.Name}",
Tx = tx
};
context.User.Add(user);
context.SaveChanges();
logger.LogInformation("Creating user for {0} on world {1} from {2}", player.PlayerName, world.Hostname, remoteIp);
return(Ok(new { token = authToken.ToString() }));
}
