arch/timelog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refractoring

Browse Source
This commit is contained in:
QkoSad
2024-12-05 12:09:30 +02:00
parent 926436860c
commit 80040638a6
37 changed files with 814 additions and 682 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backendCs/routes/Login.cs
+101 -105
View File
@@ -8,126 +8,122 @@ using MySql.Data.MySqlClient;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
namespace Server
namespace Server;
public class Login : Route
{
public class Login : Route
private static string secretKey =
"stronk-key-much-sercret-much-more-stronk-stronk-key-much-sercret-much-more-stronk";
public static string GenerateToken(string user)
{
private static string secretKey =
"stronk-key-much-sercret-much-more-stronk-stronk-key-much-sercret-much-more-stronk";
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
public static string GenerateToken(string user)
{
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "TimeLogServer",
audience: "TimeLogWebsite",
claims: new[] { new Claim("user", user) },
expires: DateTime.Now.AddHours(2),
signingCredentials: creds
);
var token = new JwtSecurityToken(
issuer: "TimeLogServer",
audience: "TimeLogWebsite",
claims: new[] { new Claim("user", user) },
expires: DateTime.Now.AddHours(2),
signingCredentials: creds
);
return new JwtSecurityTokenHandler().WriteToken(token);
}
return new JwtSecurityTokenHandler().WriteToken(token);
}
public static bool VerifyPassword(string enteredPassword, string storedHash)
{
byte[] hashBytes = Convert.FromBase64String(storedHash);
public static bool VerifyPassword(string enteredPassword, string storedHash)
{
byte[] hashBytes = Convert.FromBase64String(storedHash);
// Extract the salt from the stored hash
byte[] salt = new byte[16];
Array.Copy(hashBytes, 0, salt, 0, 16);
// Extract the salt from the stored hash
byte[] salt = new byte[16];
Array.Copy(hashBytes, 0, salt, 0, 16);
// Hash the entered password with the stored salt
using (
var pbkdf2 = new Rfc2898DeriveBytes(
enteredPassword,
salt,
10000,
HashAlgorithmName.SHA256
)
// Hash the entered password with the stored salt
using (
var pbkdf2 = new Rfc2898DeriveBytes(
enteredPassword,
salt,
10000,
HashAlgorithmName.SHA256
)
{
byte[] newHash = pbkdf2.GetBytes(32);
// Compare the computed hash with the stored hash
for (int i = 0; i < 32; i++)
{
if (newHash[i] != hashBytes[i + 16])
return false;
}
return true;
}
}
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
)
{
try
{
// extract data from body
string body;
using (
StreamReader bodyReader = new StreamReader(
request.InputStream,
request.ContentEncoding
)
)
{
body = bodyReader.ReadToEnd();
}
JObject jsonObject = JObject.Parse(body);
string mail = jsonObject["mail"]?.ToString() ?? "";
string password = jsonObject["password"]?.ToString() ?? "";
byte[] newHash = pbkdf2.GetBytes(32);
// prepare SQL query
MySqlCommand cmd = new MySqlCommand();
cmd.CommandText =
// Compare the computed hash with the stored hash
for (int i = 0; i < 32; i++)
{
if (newHash[i] != hashBytes[i + 16])
return false;
}
return true;
}
}
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
{
try
{
// extract data from body
string body;
using (StreamReader bodyReader = new(request.InputStream, request.ContentEncoding))
{
body = bodyReader.ReadToEnd();
}
JObject jsonObject = JObject.Parse(body);
string mail = jsonObject["mail"]?.ToString() ?? "";
string password = jsonObject["password"]?.ToString() ?? "";
// prepare SQL query
MySqlCommand cmd = new()
{
CommandText =
@"SELECT u.id, password FROM User u
INNER JOIN Password p ON p.user=u.id
WHERE mail=@mail;";
cmd.Parameters.AddWithValue("@mail", mail);
WHERE mail=@mail;",
};
cmd.Parameters.AddWithValue("@mail", mail);
using (MySqlConnection conn = new MySqlConnection(connectionString))
{
cmd.Connection = conn;
conn.Open();
// execute query and read results
MySqlDataReader reader = cmd.ExecuteReader();
string? userId = "";
string? hashedPass = "";
string? jsonResponse;
while (reader.Read())
{
userId = Convert.ToString(reader["id"]);
hashedPass = reader.GetString("password");
}
// check username
if (string.IsNullOrEmpty(userId))
{
throw new Exception("Invalid Username or Password");
}
//check password
if (
string.IsNullOrEmpty(password)
|| string.IsNullOrEmpty(hashedPass)
|| !VerifyPassword(password, hashedPass)
)
{
throw new Exception("Invalid Username or Password");
}
jsonResponse = JsonConvert.SerializeObject(GenerateToken(userId));
// prepare response
SendSuccess(response, jsonResponse);
}
}
catch (Exception ex)
using (MySqlConnection conn = new(connectionString))
{
SendError(response, ex);
cmd.Connection = conn;
conn.Open();
// execute query and read results
MySqlDataReader reader = cmd.ExecuteReader();
string? userId = "";
string? hashedPass = "";
string? jsonResponse;
while (reader.Read())
{
userId = Convert.ToString(reader["id"]);
hashedPass = reader.GetString("password");
}
// check username
if (string.IsNullOrEmpty(userId))
{
throw new Exception("Invalid Username or Password");
}
//check password
if (
string.IsNullOrEmpty(password)
|| string.IsNullOrEmpty(hashedPass)
|| !VerifyPassword(password, hashedPass)
)
{
throw new Exception("Invalid Username or Password");
}
jsonResponse = JsonConvert.SerializeObject(GenerateToken(userId));
// prepare response
SendSuccess(response, jsonResponse);
}
}
catch (Exception ex)
{
SendError(response, ex);
}
}
}