public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline() || server.AssertEventInfoNotNull(EventInfo)) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); if (databaseManager.AssertHasPermission(Permission.CREATE_EVENT)) { return; } string eventId = SecurityManager.GenerateHid(); string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_event (userid, title, expires, date, time, location, url, image, description, hid) VALUES (", server.Account.Id, ", \'", EventInfo.Title, "\', ", EventInfo.ExpirationDate.ToString(), ", \'", EventInfo.Date, "\', \'", EventInfo.Time, "\', \'", EventInfo.Location, "\', \'", EventInfo.Url, "\', \'", EventInfo.Image, "\', \'", EventInfo.Description, "\', \'", eventId, "\');" }); SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to create event."); return; } CreateEventResponseA response = new CreateEventResponseA(ResponseId.CreateEvent, eventId); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOffline()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); string userid = SecurityManager.GenerateHid(); string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_user (password, hid, email) VALUES (\'", server.Account.Password, "\',\'", userid, "\', \'", server.Account.AccountInfo.Email, "\');" }); SqlApiRequest sqlRequets = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequets, out bool success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to create user."); return; } server.Account.AuthenticationCode = string.Empty; server.Account.AuthenticationId = ApiRequestId.Invalid; server.Account.AuthenticationTime = -1; GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); if (databaseManager.AssertHasPermission(Permission.CREATE_EVENT) || databaseManager.AssertEventExists(EventId)) { return; } string query = "DELETE FROM Tbl_event WHERE hid = \'" + DatabaseEssentials.Security.Sanitize(EventId) + "\';"; SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to delete the requested event."); return; } GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.DeleteEventA, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertIdSet() || server.AssertUserOnline() || server.AssertEventInfoNotNull(EventInfo)) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); if (databaseManager.AssertEventExists(EventInfo.EventId) || databaseManager.AssertHasPermission(Permission.CREATE_EVENT)) { return; } string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_event SET userid = ", server.Account.Id, ", title = \'", EventInfo.Title, "\', expires = ", EventInfo.ExpirationDate.ToString(), ", date = \'", EventInfo.Date, "\', time = \'", EventInfo.Time, "\', location = \'", EventInfo.Location, "\', url = \'", EventInfo.Url, "\', image = \'", EventInfo.Image, "\', description = \'", EventInfo.Description, "\' WHERE hid = \'", EventInfo.EventId, "\';" }); SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out bool success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update event."); return; } GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.EditEventA, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAuthenticationCodeInvalid(Code) || server.AssertUserOnline() || server.AssertPasswordSet() || server.AssertIdSet()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); // Check if security token is valid. string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT u.id FROM Tbl_cookies as c, Tbl_user as u WHERE c.value = \'", SecurityToken, "\' AND u.id = c.userid;" }); SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 2); SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out bool success); if (!success) { return; } if (!singleOrDefaultResponse.Success || !singleOrDefaultResponse.Result.Equals(server.Account.Id)) { ApiError.Throw(ApiErrorCode.InvalidToken, server, "Security token was invalid."); return; } // Reset security token expiration timer.. int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime; query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_cookies SET expires = \'", expirationDate.ToString(), "\' WHERE value = \'", SecurityToken, "\';" }); sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to refresh security token."); return; } // Delete all other security tokens associated with the account. if (databaseManager.DeleteSecurityTokens(new string[] { SecurityToken })) { return; } // Update password. if (databaseManager.UpdatePassword()) { return; } server.Account.AuthenticationCode = string.Empty; server.Account.AuthenticationId = ApiRequestId.Invalid; server.Account.AuthenticationTime = -1; GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ConfirmAccount, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public bool SetUserOffline() { if (server.AssertIdSet()) { return(false); } string query = "UPDATE Tbl_user SET isOnline = 0 WHERE id = " + server.Account.Id; SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = AwaitModifyDataResponse(sqlRequest, out bool success); if (success && modifyDataResponse.Success) { server.Account.IsOnline = false; } return(success && modifyDataResponse.Success); }
/// <summary> /// Updates the password of the current account. Requires server.Account.Id and server.Account.Password to be set. /// </summary> /// <returns></returns> public bool UpdatePassword() { string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "UPDATE Tbl_user SET password = \'", server.Account.Password, "\' WHERE id = ", server.Account.Id, ";" }); SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = AwaitModifyDataResponse(sqlRequest, out bool success); if (!success) { return(true); } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update password."); return(true); } return(false); }
public override async void Process(SqlServer server) { SqlPacket packet = await DatabaseManager.ModifyData(Query); ApiResponse response; if (packet.Success) { int result = (int)packet.Data; response = SqlModifyDataResponse.Create(result); } else { response = SqlErrorResponse.Create(packet.ErrorMessage); } SerializedSqlApiResponse serializedApiResponse = SerializedSqlApiResponse.Create(response); string data = serializedApiResponse.Serialize(); server.Network.Send(data); }
public bool DeleteSecurityTokens(string[] exceptions) { string exceptionsQueryExtension = string.Empty; if (exceptions.Length > 0) { StringBuilder stringBuilder = new StringBuilder(" AND value NOT IN ("); for (int i = 0; i < exceptions.Length; i++) { if (i == 0) { stringBuilder.Append("\'"); } else { stringBuilder.Append(", \'"); } stringBuilder.Append(DatabaseEssentials.Security.Sanitize(exceptions[i])); stringBuilder.Append("\'"); } stringBuilder.Append(")"); exceptionsQueryExtension = stringBuilder.ToString(); } string query = "DELETE FROM Tbl_cookies WHERE userid = " + DatabaseEssentials.Security.Sanitize(server.Account.Id) + exceptionsQueryExtension + ";"; SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = AwaitModifyDataResponse(sqlRequest, out bool success); if (!success) { return(true); } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to delete deprecated security tokens."); return(true); } return(false); }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || AccountInfo == null) { ApiError.Throw(ApiErrorCode.InvalidArgument, server, "AccountInfo was null."); return; } if (server.AssertUserOnline() || server.AssertIdSet() || server.AssertAccountInfoNotNull()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); string query; bool success; if (string.IsNullOrEmpty(server.Account.AccountInfo.UserId)) { query = "SELECT hid FROM Tbl_user WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id); SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.GetSingleOrDefault, query, 1); SqlSingleOrDefaultResponse singleOrDefaultResponse = databaseManager.AwaitSingleOrDefaultResponse(sqlRequest, out success); if (!success) { return; } if (!singleOrDefaultResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to determine userid."); return; } server.Account.AccountInfo.UserId = singleOrDefaultResponse.Result; } AesContext aesContext = new AesContext(server.Account.AccountInfo.UserId); string cryptoName = aesContext.EncryptOrDefault(AccountInfo.Name); string cryptoOccupation = aesContext.EncryptOrDefault(AccountInfo.Occupation); StringBuilder stringBuilder = new StringBuilder(); string[] infos = new string[] { AccountInfo.Info1, AccountInfo.Info2, AccountInfo.Info3, AccountInfo.Info4, AccountInfo.Info5, AccountInfo.Info6, AccountInfo.Info7, AccountInfo.Info8, AccountInfo.Info9, AccountInfo.Info10 }; for (int i = 0; i < infos.Length; i++) { stringBuilder.Append(", info").Append((i + 1).ToString()).Append(" = \'").Append(aesContext.EncryptOrDefault(infos[i])).Append('\''); } query = "UPDATE Tbl_user SET name = \'" + cryptoName + "\', occupation = \'" + cryptoOccupation + "\'" + stringBuilder.ToString() + ", location = \'" + DatabaseEssentials.Security.Sanitize(AccountInfo.Location) + "\', radius = " + AccountInfo.Radius.ToString() + ", isVisible = " + (AccountInfo.IsVisible ? "1" : "0") + ", showLog = " + (AccountInfo.ShowLog ? "1" : "0") + " WHERE id = " + DatabaseEssentials.Security.Sanitize(server.Account.Id) + ";"; SqlApiRequest sqlApiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlApiRequest, out success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to update account info."); return; } GenericSuccessResponse successResponse = new GenericSuccessResponse(ResponseId.UpdateAccountInfo, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(successResponse); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertAccountNull()) { server.UnitTesting.MethodSuccess = false; return; } using DatabaseManager databaseManager = new DatabaseManager(server); string query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "SELECT id, password, isOnline FROM Tbl_user WHERE email = \'", Email, "\' LIMIT 1;" }); SqlApiRequest apiRequest = SqlApiRequest.Create(SqlRequestId.GetDataArray, query, 3); SqlDataArrayResponse dataArrayResponse = databaseManager.AwaitDataArrayResponse(apiRequest, out bool success); string[] data = dataArrayResponse.Result; if (!success) { return; } if (!dataArrayResponse.Success || data.Length != 3) { ApiError.Throw(ApiErrorCode.InvalidUser, server, "No account is associated with this email address."); return; } string id = data[0]; string hash = data[1]; if (Convert.ToInt32(data[2]) == 1) { ApiError.Throw(ApiErrorCode.AlreadyOnline, server, "Already logged in from another device."); return; } bool authenticationSuccessful = SecurityManager.ScryptCheck(Password, hash); if (!authenticationSuccessful) { ApiError.Throw(ApiErrorCode.InvalidCredentials, server, "Incorrect password."); return; } string securityToken = SecurityManager.GenerateSecurityToken(); // Token should expire every month. int expirationDate = DatabaseEssentials.GetTimeStamp() + MainServer.Config.WamsrvSecurityConfig.SecurityTokenExpirationTime; query = DatabaseEssentials.Security.SanitizeQuery(new string[] { "INSERT INTO Tbl_cookies (userid, value, expires, info) VALUES (", id, ",\'", securityToken, "\',", expirationDate.ToString(), ",\'", Info, "\');" }); apiRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(apiRequest, out success); if (!success) { return; } if (!modifyDataResponse.Success) { ApiError.Throw(ApiErrorCode.InternalServerError, server, "Unable to generate security token."); return; } if (!databaseManager.SetupAccount(id)) { return; } Permission permissions = databaseManager.GetUserPermission(server.Account.AccountInfo.UserId, out success); if (!success) { return; } CreateCookieResponse apiResponse = new CreateCookieResponse(ResponseId.CreateCookie, securityToken, permissions); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(apiResponse); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; }
public override void Process(ApiServer server) { if (server.AssertServerSetup(this) || server.AssertUserOnline()) { return; } using DatabaseManager databaseManager = new DatabaseManager(server); if (databaseManager.AssertHasPermission(Permission.ADJUST_PRIVILEGES)) { return; } bool userExists = databaseManager.CheckUserExists(TargetUserId, out bool success); if (!success) { return; } if (!userExists) { ApiError.Throw(ApiErrorCode.NotFound, server, "User not found."); return; } bool targetIsRoot = databaseManager.UserIsRoot(TargetUserId, out success); if (!success) { return; } if (targetIsRoot) { ApiError.Throw(ApiErrorCode.InsufficientPermissions, server, "Cannot adjust permissions of root: is fixed to " + Permission.ALL_ACCESS.ToString()); return; } Permission currentPermissions = databaseManager.GetUserPermission(TargetUserId, out success); if (!success) { return; } if (currentPermissions != Permissions) { string targetId = databaseManager.UserIdToId(TargetUserId, out success); if (!success) { return; } string query; if (Permissions == Permission.NONE) { query = "DELETE FROM Tbl_admin WHERE userid = " + targetId + ";"; } else if (currentPermissions == Permission.NONE) { query = "INSERT INTO Tbl_admin (userid, permissions) VALUES (" + targetId + ", " + ((int)Permissions).ToString() + ");"; } else { query = "UPDATE Tbl_admin SET permissions = " + ((int)Permissions).ToString() + " WHERE userid = " + targetId + ";"; } SqlApiRequest sqlRequest = SqlApiRequest.Create(SqlRequestId.ModifyData, query, -1); SqlModifyDataResponse modifyDataResponse = databaseManager.AwaitModifyDataResponse(sqlRequest, out success); if (!success) { return; } } GenericSuccessResponse response = new GenericSuccessResponse(ResponseId.ChangeUserPermissionsA, true); SerializedApiResponse serializedApiResponse = SerializedApiResponse.Create(response); string json = serializedApiResponse.Serialize(); server.Send(json); server.UnitTesting.MethodSuccess = true; return; }