arch/timelog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refractoring

Browse Source
This commit is contained in:
QkoSad
2024-12-05 12:09:30 +02:00
parent 926436860c
commit 80040638a6
37 changed files with 814 additions and 682 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backendCs/routes/Register.cs
+86 -97
View File
@@ -3,113 +3,102 @@ using System.Security.Cryptography;
using MySql.Data.MySqlClient;
using Newtonsoft.Json.Linq;
namespace Server
namespace Server;
public class Register : Route
{
public class Register : Route
private static string HashPassword(string password)
{
private static string HashPassword(string password)
// Generate a salt
byte[] salt = new byte[16];
RandomNumberGenerator.Fill(salt);
// Create a PBKDF2 instance to hash the password
using var pbkdf2 = new Rfc2898DeriveBytes(password, salt, 10000, HashAlgorithmName.SHA256);
byte[] hash = pbkdf2.GetBytes(32);
// Combine the salt and the hash together
byte[] hashBytes = new byte[48]; // 16 (salt) + 32 (hash)
Array.Copy(salt, 0, hashBytes, 0, 16);
Array.Copy(hash, 0, hashBytes, 16, 32);
// Return the final hash as a Base64 encoded string
return Convert.ToBase64String(hashBytes);
}
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
{
MySqlTransaction? transaction = null;
try
{
// Generate a salt
byte[] salt = new byte[16];
RandomNumberGenerator.Fill(salt);
// Create a PBKDF2 instance to hash the password
using (
var pbkdf2 = new Rfc2898DeriveBytes(password, salt, 10000, HashAlgorithmName.SHA256)
// extract parameters from req body
string body;
using (StreamReader bodyReader = new(request.InputStream, request.ContentEncoding))
{
body = bodyReader.ReadToEnd();
}
JObject jsonObject = JObject.Parse(body);
string f_name = jsonObject["f_name"]?.ToString() ?? "";
string l_name = jsonObject["l_name"]?.ToString() ?? "";
string password = jsonObject["password"]?.ToString() ?? "";
string mail = jsonObject["mail"]?.ToString() ?? "";
// validate parameters
if (
string.IsNullOrEmpty(f_name)
|| f_name.Length > 30
|| f_name.Length < 2
|| string.IsNullOrEmpty(l_name)
|| l_name.Length > 30
|| l_name.Length < 2
|| string.IsNullOrEmpty(mail)
|| mail.Length > 50
|| mail.Length < 6
|| string.IsNullOrEmpty(password)
|| password.Length > 30
|| password.Length < 10
)
{
byte[] hash = pbkdf2.GetBytes(32);
throw new Exception("Wrong parameters");
}
// open connection
// prepare SQL query
MySqlCommand cmd = new()
{
// Insert into User
CommandText = "INSERT INTO User(f_name,l_name,mail) VALUES(@f_name,@l_name,@mail)",
};
cmd.Parameters.AddWithValue("@f_name", f_name);
cmd.Parameters.AddWithValue("@l_name", l_name);
cmd.Parameters.AddWithValue("@mail", mail);
// Combine the salt and the hash together
byte[] hashBytes = new byte[48]; // 16 (salt) + 32 (hash)
Array.Copy(salt, 0, hashBytes, 0, 16);
Array.Copy(hash, 0, hashBytes, 16, 32);
using (MySqlConnection conn = new(connectionString))
{
conn.Open();
transaction = conn.BeginTransaction();
cmd.Connection = conn;
cmd.ExecuteNonQuery();
// Return the final hash as a Base64 encoded string
return Convert.ToBase64String(hashBytes);
// Get user ID
cmd.CommandText = "SELECT id FROM User WHERE mail=@mail;";
MySqlDataReader reader = cmd.ExecuteReader();
reader.Read();
var id = reader["id"];
reader.Close();
// Insert into password
cmd.CommandText = "INSERT INTO Password(user,password) VALUES(@id,@password)";
cmd.Parameters.AddWithValue("@password", HashPassword(password));
cmd.Parameters.AddWithValue("@id", id);
cmd.ExecuteNonQuery();
transaction.Commit();
SendSuccess(response);
}
}
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
catch (Exception ex)
{
MySqlTransaction? transaction = null;
try
{
// extract parameters from req body
string body;
using (
StreamReader bodyReader = new StreamReader(
request.InputStream,
request.ContentEncoding
)
)
{
body = bodyReader.ReadToEnd();
}
JObject jsonObject = JObject.Parse(body);
string f_name = jsonObject["f_name"]?.ToString() ?? "";
string l_name = jsonObject["l_name"]?.ToString() ?? "";
string password = jsonObject["password"]?.ToString() ?? "";
string mail = jsonObject["mail"]?.ToString() ?? "";
// validate parameters
if (
string.IsNullOrEmpty(f_name)
|| f_name.Length > 30
|| f_name.Length < 2
|| string.IsNullOrEmpty(l_name)
|| l_name.Length > 30
|| l_name.Length < 2
|| string.IsNullOrEmpty(mail)
|| mail.Length > 50
|| mail.Length < 6
|| string.IsNullOrEmpty(password)
|| password.Length > 30
|| password.Length < 10
)
{
throw new Exception("Wrong parameters");
}
// open connection
// prepare SQL query
MySqlCommand cmd = new MySqlCommand();
// Insert into User
cmd.CommandText =
"INSERT INTO User(f_name,l_name,mail) VALUES(@f_name,@l_name,@mail)";
cmd.Parameters.AddWithValue("@f_name", f_name);
cmd.Parameters.AddWithValue("@l_name", l_name);
cmd.Parameters.AddWithValue("@mail", mail);
using (MySqlConnection conn = new MySqlConnection(connectionString))
{
conn.Open();
transaction = conn.BeginTransaction();
cmd.Connection = conn;
cmd.ExecuteNonQuery();
// Get user ID
cmd.CommandText = "SELECT id FROM User WHERE mail=@mail;";
MySqlDataReader reader = cmd.ExecuteReader();
reader.Read();
var id = reader["id"];
reader.Close();
// Insert into password
cmd.CommandText = "INSERT INTO Password(user,password) VALUES(@id,@password)";
cmd.Parameters.AddWithValue("@password", HashPassword(password));
cmd.Parameters.AddWithValue("@id", id);
cmd.ExecuteNonQuery();
transaction.Commit();
SendSuccess(response);
}
}
catch (Exception ex)
{
if (transaction != null)
transaction.Rollback();
SendError(response, ex);
}
transaction?.Rollback();
SendError(response, ex);
}
}
}