arch/timelog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

formated all files

Browse Source
This commit is contained in:
QkoSad
2024-12-04 15:46:10 +02:00
parent cb7b3ad94c
commit 926436860c
34 changed files with 360 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backendCs/routes/CreateLog.cs
+37 -19
View File
@@ -1,17 +1,18 @@
using System.IdentityModel.Tokens.Jwt;
using System.Net;
using System.Text;
using MySql.Data.MySqlClient;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.IdentityModel.Tokens;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using System.Text.RegularExpressions;
using Microsoft.IdentityModel.Tokens;
using MySql.Data.MySqlClient;
using Newtonsoft.Json.Linq;
namespace Server
{
public class CreateLog : Route
{
private static string secretKey = "stronk-key-much-sercret-much-more-stronk-stronk-key-much-sercret-much-more-stronk";
private static string secretKey =
"stronk-key-much-sercret-much-more-stronk-stronk-key-much-sercret-much-more-stronk";
private static bool ValidateToken(string token)
{
try
@@ -25,10 +26,14 @@ namespace Server
ValidateLifetime = true,
ValidIssuer = "TimeLogServer",
ValidAudience = "TimeLogWebsite",
IssuerSigningKey = key
IssuerSigningKey = key,
};
var principal = tokenHandler.ValidateToken(token, validationParameters, out SecurityToken validatedToken);
var principal = tokenHandler.ValidateToken(
token,
validationParameters,
out SecurityToken validatedToken
);
return validatedToken != null;
}
catch
@@ -36,7 +41,12 @@ namespace Server
return false;
}
}
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response, HttpListenerContext context)
public static void HandleRequest(
HttpListenerRequest request,
HttpListenerResponse response,
HttpListenerContext context
)
{
try
{
@@ -51,7 +61,12 @@ namespace Server
MySqlCommand cmd = new MySqlCommand();
// extact data from body
string body;
using (StreamReader bodyReader = new StreamReader(request.InputStream, request.ContentEncoding))
using (
StreamReader bodyReader = new StreamReader(
request.InputStream,
request.ContentEncoding
)
)
{
body = bodyReader.ReadToEnd();
}
@@ -60,37 +75,41 @@ namespace Server
string time = jsonObject["time"]?.ToString() ?? "";
string date = jsonObject["date"]?.ToString() ?? "";
// TODO check if the hours on given date don't combine to more
// than 8
// validate time
if (!int.TryParse(time, out int myInt) || myInt < 0)
if (!int.TryParse(time, out int myInt) || myInt < 0 || myInt > 8)
throw new Exception("Incorect ammount of hours");
//validate date
// validate date
Regex regex = new Regex(@"^\d{4}-\d{2}-\d{2}$");
if (string.IsNullOrEmpty(date) || !regex.IsMatch(date))
{
throw new Exception("Incorrect date format");
}
// validate user
// extract user from jwt
// extract user from jwt
var handler = new JwtSecurityTokenHandler();
var jwtToken = handler.ReadJwtToken(token);
string? usernameClaim = jwtToken.Claims.FirstOrDefault(c => c.Type == "user")?.Value ?? "";
string? usernameClaim =
jwtToken.Claims.FirstOrDefault(c => c.Type == "user")?.Value ?? "";
if (string.IsNullOrEmpty(usernameClaim))
{
throw new Exception("wrong user id");
}
//validate project
// validate project
// TODO better project validation
if (!string.IsNullOrEmpty(project))
if (string.IsNullOrEmpty(project))
{
throw new Exception("wrong project");
}
using (MySqlConnection conn = new MySqlConnection(connectionString))
{
conn.Open();
cmd.Connection = conn;
cmd.CommandText = @"INSERT INTO Timelog(user,project,date,time)
cmd.CommandText =
@"INSERT INTO Timelog(user,project,date,time)
VALUES(@user,@project,@date,@time);";
cmd.Parameters.AddWithValue("@user", usernameClaim);
cmd.Parameters.AddWithValue("@project", project);
@@ -109,4 +128,3 @@ namespace Server
}
}
}
backendCs/routes/CreateProcedure.cs
+5 -3
View File
@@ -1,6 +1,6 @@
using System.Net;
using System.Text;
using MySql.Data.MySqlClient;
namespace Server
{
public class CreateProcedure : Route
@@ -15,7 +15,8 @@ namespace Server
{
conn.Open();
cmd.Connection = conn;
cmd.CommandText = @"
cmd.CommandText =
@"
CREATE PROCEDURE fill_timelog ()
BEGIN
DECLARE j INT DEFAULT 1;
@@ -53,7 +54,8 @@ BEGIN
END WHILE;
END;";
cmd.ExecuteNonQuery();
cmd.CommandText = @"CREATE PROCEDURE InitDB()
cmd.CommandText =
@"CREATE PROCEDURE InitDB()
BEGIN
DECLARE i INT DEFAULT 1;
TRUNCATE TABLE Timelog;
backendCs/routes/Getall.cs
+25 -14
View File
@@ -1,5 +1,4 @@
using System.Net;
using System.Text;
using System.Text.RegularExpressions;
using MySql.Data.MySqlClient;
using Newtonsoft.Json;
@@ -34,11 +33,12 @@ namespace Server
string? offset = queryString["offset"];
string? order = queryString["order"];
order = order == "true" ? "ASC" : "DESC";
// this shenanigan is needed to remove the "" around group by
string mainQuery = @"SELECT u.f_name,u.l_name,u.mail,p.name,t.time,t.date,t.user
string mainQuery =
@"SELECT u.f_name,u.l_name,u.mail,p.name,t.time,t.date,t.user
FROM Timelog t
INNER JOIN Project p ON p.id=t.project
INNER JOIN User u ON u.id=t.user ";
// this shenanigan is needed to remove the "" around group by
string offsetQuery = " LIMIT 10 OFFSET " + offset + ";";
// depending on the incoming parameters construct a Query
if (!string.IsNullOrEmpty(to) && !string.IsNullOrEmpty(from))
@@ -53,7 +53,16 @@ namespace Server
}
if (!string.IsNullOrEmpty(sortby))
{
List<string> validSorting = new List<string> { "f_name", "l_name", "mail", "time", "date", "user", };
List<string> validSorting = new List<string>
{
"f_name",
"l_name",
"mail",
"time",
"date",
"user",
"project",
};
if (!validSorting.Contains(sortby))
{
throw new Exception("Incorrect sorting value");
@@ -79,16 +88,18 @@ namespace Server
List<Log> entries = new List<Log>();
while (reader.Read())
{
entries.Add(new Log
{
f_name = reader["f_name"],
l_name = reader["l_name"],
user = reader["user"],
date = reader["date"],
name = reader["name"],
time = reader["time"],
mail = reader["mail"],
});
entries.Add(
new Log
{
f_name = reader["f_name"],
l_name = reader["l_name"],
user = reader["user"],
date = reader["date"],
name = reader["name"],
time = reader["time"],
mail = reader["mail"],
}
);
}
// serialize JSON
string jsonResponse = JsonConvert.SerializeObject(entries);
backendCs/routes/Gettopten.cs
+18 -14
View File
@@ -1,5 +1,4 @@
using System.Net;
using System.Text;
using System.Text.RegularExpressions;
using MySql.Data.MySqlClient;
using Newtonsoft.Json;
@@ -16,6 +15,7 @@ namespace Server
public object? name { get; set; }
public object? total_time { get; set; }
}
public class Gettopten : Route
{
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
@@ -52,12 +52,15 @@ namespace Server
// this shenanigan is needed to remove the "" around
// group by
string req = @"SELECT t.user,t.date,t.project,u.f_name,u.l_name,p.name,SUM(t.time) as total_time
string req =
@"SELECT t.user,t.date,t.project,u.f_name,u.l_name,p.name,SUM(t.time) as total_time
FROM Timelog t
INNER JOIN Project p ON p.id=t.project
INNER JOIN User u ON u.id=t.user
WHERE t.date BETWEEN @from AND @to
GROUP BY " + filterBy + @" ORDER BY total_time DESC
GROUP BY "
+ filterBy
+ @" ORDER BY total_time DESC
LIMIT 10;";
cmd.CommandText = req;
cmd.Parameters.AddWithValue("@from", from);
@@ -72,22 +75,23 @@ namespace Server
List<TopTen> entries = new List<TopTen>();
while (reader.Read())
{
entries.Add(new TopTen
{
user = reader["user"],
date = reader["date"],
project = reader["project"],
f_name = reader["f_name"],
l_name = reader["l_name"],
name = reader["name"],
total_time = reader["total_time"],
});
entries.Add(
new TopTen
{
user = reader["user"],
date = reader["date"],
project = reader["project"],
f_name = reader["f_name"],
l_name = reader["l_name"],
name = reader["name"],
total_time = reader["total_time"],
}
);
}
// Serialize the data to JSON
string jsonResponse = JsonConvert.SerializeObject(entries);
// prepare response
SendSuccess(response, jsonResponse);
}
}
catch (Exception ex)
backendCs/routes/Getuser.cs
+13 -11
View File
@@ -1,7 +1,6 @@
using System.Net;
using System.Text;
using MySql.Data.MySqlClient;
using System.Dynamic;
using System.Net;
using MySql.Data.MySqlClient;
using Newtonsoft.Json;
namespace Server
@@ -10,19 +9,23 @@ namespace Server
{
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
{
try
{
var queryString = request.QueryString;
string? userid = queryString["userid"];
if (string.IsNullOrEmpty(userid))
{
throw new Exception("Missing userid");
}
// prepare SQL query
MySqlCommand cmd = new MySqlCommand();
cmd.CommandText = @"SELECT p.name, SUM(t.time)
cmd.CommandText =
@"SELECT p.name, SUM(t.time)
FROM Timelog t
INNER JOIN Project p ON p.id=t.project
INNER JOIN User u ON u.id=t.user
WHERE User = @userid
GROUP BY name;";
var queryString = request.QueryString;
string? userid = queryString["userid"];
cmd.Parameters.AddWithValue("@userid", userid);
using (MySqlConnection conn = new MySqlConnection(connectionString))
@@ -34,14 +37,14 @@ namespace Server
dynamic expando = new ExpandoObject();
while (reader.Read())
{
((IDictionary<string?, object>)expando)[reader["name"].ToString()] = reader["SUM(t.time)"];
((IDictionary<string?, object>)expando)[reader["name"].ToString()] = reader[
"SUM(t.time)"
];
}
// serialize JSON
string jsonResponse = JsonConvert.SerializeObject(expando);
// prepare response
SendSuccess(response, jsonResponse);
}
}
catch (Exception ex)
@@ -51,4 +54,3 @@ namespace Server
}
}
}
backendCs/routes/Login.cs
+27 -15
View File
@@ -1,18 +1,19 @@
using System.IdentityModel.Tokens.Jwt;
using System.Net;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text;
using Microsoft.IdentityModel.Tokens;
using MySql.Data.MySqlClient;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using System.Security.Claims;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.IdentityModel.Tokens;
using System.Security.Cryptography;
namespace Server
{
public class Login : Route
{
private static string secretKey = "stronk-key-much-sercret-much-more-stronk-stronk-key-much-sercret-much-more-stronk";
private static string secretKey =
"stronk-key-much-sercret-much-more-stronk-stronk-key-much-sercret-much-more-stronk";
public static string GenerateToken(string user)
{
@@ -22,10 +23,7 @@ namespace Server
var token = new JwtSecurityToken(
issuer: "TimeLogServer",
audience: "TimeLogWebsite",
claims: new[]
{
new Claim("user", user)
},
claims: new[] { new Claim("user", user) },
expires: DateTime.Now.AddHours(2),
signingCredentials: creds
);
@@ -42,7 +40,14 @@ namespace Server
Array.Copy(hashBytes, 0, salt, 0, 16);
// Hash the entered password with the stored salt
using (var pbkdf2 = new Rfc2898DeriveBytes(enteredPassword, salt, 10000, HashAlgorithmName.SHA256))
using (
var pbkdf2 = new Rfc2898DeriveBytes(
enteredPassword,
salt,
10000,
HashAlgorithmName.SHA256
)
)
{
byte[] newHash = pbkdf2.GetBytes(32);
@@ -62,7 +67,12 @@ namespace Server
{
// extract data from body
string body;
using (StreamReader bodyReader = new StreamReader(request.InputStream, request.ContentEncoding))
using (
StreamReader bodyReader = new StreamReader(
request.InputStream,
request.ContentEncoding
)
)
{
body = bodyReader.ReadToEnd();
}
@@ -72,7 +82,8 @@ namespace Server
// prepare SQL query
MySqlCommand cmd = new MySqlCommand();
cmd.CommandText = @"SELECT u.id, password FROM User u
cmd.CommandText =
@"SELECT u.id, password FROM User u
INNER JOIN Password p ON p.user=u.id
WHERE mail=@mail;";
cmd.Parameters.AddWithValue("@mail", mail);
@@ -98,9 +109,11 @@ namespace Server
throw new Exception("Invalid Username or Password");
}
//check password
if (string.IsNullOrEmpty(password)
if (
string.IsNullOrEmpty(password)
|| string.IsNullOrEmpty(hashedPass)
|| !VerifyPassword(password, hashedPass))
|| !VerifyPassword(password, hashedPass)
)
{
throw new Exception("Invalid Username or Password");
}
@@ -118,4 +131,3 @@ namespace Server
}
}
}
backendCs/routes/Register.cs
+27 -10
View File
@@ -1,8 +1,6 @@
using System.Net;
using System.Text;
using MySql.Data.MySqlClient;
using System.Security.Cryptography;
using Newtonsoft.Json;
using MySql.Data.MySqlClient;
using Newtonsoft.Json.Linq;
namespace Server
@@ -15,7 +13,9 @@ namespace Server
byte[] salt = new byte[16];
RandomNumberGenerator.Fill(salt);
// Create a PBKDF2 instance to hash the password
using (var pbkdf2 = new Rfc2898DeriveBytes(password, salt, 10000, HashAlgorithmName.SHA256))
using (
var pbkdf2 = new Rfc2898DeriveBytes(password, salt, 10000, HashAlgorithmName.SHA256)
)
{
byte[] hash = pbkdf2.GetBytes(32);
@@ -28,6 +28,7 @@ namespace Server
return Convert.ToBase64String(hashBytes);
}
}
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
{
MySqlTransaction? transaction = null;
@@ -35,7 +36,12 @@ namespace Server
{
// extract parameters from req body
string body;
using (StreamReader bodyReader = new StreamReader(request.InputStream, request.ContentEncoding))
using (
StreamReader bodyReader = new StreamReader(
request.InputStream,
request.ContentEncoding
)
)
{
body = bodyReader.ReadToEnd();
}
@@ -46,10 +52,20 @@ namespace Server
string mail = jsonObject["mail"]?.ToString() ?? "";
// validate parameters
if (string.IsNullOrEmpty(f_name) || f_name.Length > 30 || f_name.Length < 2 ||
string.IsNullOrEmpty(l_name) || l_name.Length > 30 || l_name.Length < 2 ||
string.IsNullOrEmpty(mail) || mail.Length > 50 || mail.Length < 6 ||
string.IsNullOrEmpty(password) || password.Length > 30 || password.Length < 10)
if (
string.IsNullOrEmpty(f_name)
|| f_name.Length > 30
|| f_name.Length < 2
|| string.IsNullOrEmpty(l_name)
|| l_name.Length > 30
|| l_name.Length < 2
|| string.IsNullOrEmpty(mail)
|| mail.Length > 50
|| mail.Length < 6
|| string.IsNullOrEmpty(password)
|| password.Length > 30
|| password.Length < 10
)
{
throw new Exception("Wrong parameters");
}
@@ -58,7 +74,8 @@ namespace Server
MySqlCommand cmd = new MySqlCommand();
// Insert into User
cmd.CommandText = "INSERT INTO User(f_name,l_name,mail) VALUES(@f_name,@l_name,@mail)";
cmd.CommandText =
"INSERT INTO User(f_name,l_name,mail) VALUES(@f_name,@l_name,@mail)";
cmd.Parameters.AddWithValue("@f_name", f_name);
cmd.Parameters.AddWithValue("@l_name", l_name);
cmd.Parameters.AddWithValue("@mail", mail);
backendCs/routes/Reset.cs
-1
View File
@@ -1,5 +1,4 @@
using System.Net;
using System.Text;
using MySql.Data.MySqlClient;
namespace Server