using System.Net; using System.Security.Cryptography; using MySql.Data.MySqlClient; namespace Server; public class Register : SecuredRoute { private static void ValidateParams(Dictionary paramsToValidate) { if ( string.IsNullOrEmpty(paramsToValidate["username"]) || paramsToValidate["username"].Length > 30 || paramsToValidate["username"].Length < 4 || string.IsNullOrEmpty(paramsToValidate["email"]) || paramsToValidate["email"].Length > 50 || paramsToValidate["email"].Length < 6 || string.IsNullOrEmpty(paramsToValidate["password"]) || paramsToValidate["password"].Length > 50 || paramsToValidate["password"].Length < 10 ) { throw new Exception("Wrong parameters"); } } public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response) { try { List bodyParamNames = ["username", "email", "password"]; var bodyParamValues = ExtractBody(request, bodyParamNames); ValidateParams(bodyParamValues); MySqlCommand cmd = new(CreateInsertQuery("user", bodyParamNames)); bodyParamValues["password"] = HashPassword(bodyParamValues["password"]); cmd = AddValuesToCmd(bodyParamValues, cmd); using MySqlConnection conn = new(connectionString); conn.Open(); cmd.Connection = conn; cmd.ExecuteNonQuery(); SendSuccess(response); } catch (Exception ex) { SendError(response, ex); } } private static string HashPassword(string password) { byte[] salt = new byte[16]; RandomNumberGenerator.Fill(salt); using var pbkdf2 = new Rfc2898DeriveBytes(password, salt, 10000, HashAlgorithmName.SHA256); byte[] hash = pbkdf2.GetBytes(32); byte[] hashBytes = new byte[48]; // 16 (salt) + 32 (hash) Array.Copy(salt, 0, hashBytes, 0, 16); Array.Copy(hash, 0, hashBytes, 16, 32); return Convert.ToBase64String(hashBytes); } }