QkoSad
93 lines
2.7 KiB
C#
93 lines
2.7 KiB
C#
using System.IdentityModel.Tokens.Jwt;
|
|
using System.Net;
|
|
using System.Text;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using MySql.Data.MySqlClient;
|
|
|
|
namespace Server;
|
|
|
|
public class SecuredRoute : Route
|
|
{
|
|
protected static readonly string secretKey =
|
|
"stronk-key-much-sercret-much-more-stronk-stronk-key-much-sercret-much-more-stronk";
|
|
protected delegate void DelegateValidate(Dictionary<string, string> bodyparamValues);
|
|
|
|
protected static string ExtractUserId(HttpListenerRequest request)
|
|
{
|
|
var headers = request.Headers;
|
|
string token = headers["token"] ?? "";
|
|
string? usernameClaim = GetUserFromToken(token);
|
|
if (
|
|
!string.IsNullOrEmpty(token)
|
|
&& !ValidateToken(token)
|
|
&& string.IsNullOrEmpty(usernameClaim)
|
|
)
|
|
return "";
|
|
else
|
|
return usernameClaim;
|
|
}
|
|
|
|
protected static MySqlCommand AddValuesToCmd(
|
|
Dictionary<string, string> values,
|
|
MySqlCommand cmd
|
|
)
|
|
{
|
|
foreach (var item in values)
|
|
{
|
|
cmd.Parameters.AddWithValue("@" + item.Key, item.Value);
|
|
}
|
|
return cmd;
|
|
}
|
|
|
|
// create an insert route and move this func there
|
|
protected static string CreateInsertQuery(string table, List<string> valuesToAdd)
|
|
{
|
|
string query =
|
|
"INSERT INTO "
|
|
+ table
|
|
+ "("
|
|
+ string.Join(",", valuesToAdd)
|
|
+ ") VALUES(@"
|
|
+ string.Join(",@", valuesToAdd)
|
|
+ ");";
|
|
return query;
|
|
}
|
|
|
|
private static bool ValidateToken(string token)
|
|
{
|
|
try
|
|
{
|
|
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey));
|
|
var tokenHandler = new JwtSecurityTokenHandler();
|
|
var validationParameters = new TokenValidationParameters
|
|
{
|
|
ValidateIssuer = true,
|
|
ValidateAudience = true,
|
|
ValidateLifetime = true,
|
|
ValidIssuer = "TimeLogServer",
|
|
ValidAudience = "TimeLogWebsite",
|
|
IssuerSigningKey = key,
|
|
};
|
|
|
|
var principal = tokenHandler.ValidateToken(
|
|
token,
|
|
validationParameters,
|
|
out SecurityToken validatedToken
|
|
);
|
|
return validatedToken != null;
|
|
}
|
|
catch
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
private static string GetUserFromToken(string token)
|
|
{
|
|
var handler = new JwtSecurityTokenHandler();
|
|
var jwtToken = handler.ReadJwtToken(token);
|
|
string? usernameClaim = jwtToken.Claims.FirstOrDefault(c => c.Type == "user")?.Value;
|
|
return string.IsNullOrEmpty(usernameClaim) ? "" : usernameClaim;
|
|
}
|
|
}
|