added tests for backend, router dom to frontend
This commit is contained in:
QkoSad
@@ -0,0 +1,112 @@
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using MySql.Data.MySqlClient;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using Newtonsoft.Json;
|
||||
using Newtonsoft.Json.Linq;
|
||||
using System.Text.RegularExpressions;
|
||||
|
||||
namespace Server
|
||||
{
|
||||
public class CreateLog : Route
|
||||
{
|
||||
private static string secretKey = "stronk-key-much-sercret-much-more-stronk-stronk-key-much-sercret-much-more-stronk";
|
||||
private static bool ValidateToken(string token)
|
||||
{
|
||||
try
|
||||
{
|
||||
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey));
|
||||
var tokenHandler = new JwtSecurityTokenHandler();
|
||||
var validationParameters = new TokenValidationParameters
|
||||
{
|
||||
ValidateIssuer = true,
|
||||
ValidateAudience = true,
|
||||
ValidateLifetime = true,
|
||||
ValidIssuer = "TimeLogServer",
|
||||
ValidAudience = "TimeLogWebsite",
|
||||
IssuerSigningKey = key
|
||||
};
|
||||
|
||||
var principal = tokenHandler.ValidateToken(token, validationParameters, out SecurityToken validatedToken);
|
||||
return validatedToken != null;
|
||||
}
|
||||
catch
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response, HttpListenerContext context)
|
||||
{
|
||||
try
|
||||
{
|
||||
// check header
|
||||
var headers = request.Headers;
|
||||
string? token = headers["token"];
|
||||
if (!string.IsNullOrEmpty(token) && !ValidateToken(token))
|
||||
{
|
||||
throw new Exception("Invalid token");
|
||||
}
|
||||
// prepare SQL query
|
||||
MySqlCommand cmd = new MySqlCommand();
|
||||
// extact data from body
|
||||
string body;
|
||||
using (StreamReader bodyReader = new StreamReader(request.InputStream, request.ContentEncoding))
|
||||
{
|
||||
body = bodyReader.ReadToEnd();
|
||||
}
|
||||
JObject jsonObject = JObject.Parse(body);
|
||||
string project = jsonObject["project"]?.ToString() ?? "";
|
||||
string time = jsonObject["time"]?.ToString() ?? "";
|
||||
string date = jsonObject["date"]?.ToString() ?? "";
|
||||
|
||||
// validate time
|
||||
if (!int.TryParse(time, out int myInt) || myInt < 0)
|
||||
throw new Exception("Incorect ammount of hours");
|
||||
//validate date
|
||||
Regex regex = new Regex(@"^\d{4}-\d{2}-\d{2}$");
|
||||
if (string.IsNullOrEmpty(date) || !regex.IsMatch(date))
|
||||
{
|
||||
throw new Exception("Incorrect date format");
|
||||
}
|
||||
// validate user
|
||||
// extract user from jwt
|
||||
var handler = new JwtSecurityTokenHandler();
|
||||
var jwtToken = handler.ReadJwtToken(token);
|
||||
string? usernameClaim = jwtToken.Claims.FirstOrDefault(c => c.Type == "user")?.Value ?? "";
|
||||
if (string.IsNullOrEmpty(usernameClaim))
|
||||
{
|
||||
throw new Exception("wrong user id");
|
||||
}
|
||||
|
||||
//validate project
|
||||
// TODO better project validation
|
||||
if (!string.IsNullOrEmpty(project))
|
||||
{
|
||||
throw new Exception("wrong project");
|
||||
}
|
||||
using (MySqlConnection conn = new MySqlConnection(connectionString))
|
||||
{
|
||||
|
||||
conn.Open();
|
||||
cmd.Connection = conn;
|
||||
cmd.CommandText = @"INSERT INTO Timelog(user,project,date,time)
|
||||
VALUES(@user,@project,@date,@time);";
|
||||
cmd.Parameters.AddWithValue("@user", usernameClaim);
|
||||
cmd.Parameters.AddWithValue("@project", project);
|
||||
cmd.Parameters.AddWithValue("@time", time);
|
||||
cmd.Parameters.AddWithValue("@date", date);
|
||||
// execute query and read results
|
||||
cmd.ExecuteNonQuery();
|
||||
|
||||
SendSuccess(response);
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
SendError(response, ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,128 @@
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using MySql.Data.MySqlClient;
|
||||
namespace Server
|
||||
{
|
||||
public class CreateProcedure : Route
|
||||
{
|
||||
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
|
||||
{
|
||||
try
|
||||
{
|
||||
MySqlCommand cmd = new MySqlCommand();
|
||||
|
||||
using (MySqlConnection conn = new MySqlConnection(connectionString))
|
||||
{
|
||||
conn.Open();
|
||||
cmd.Connection = conn;
|
||||
cmd.CommandText = @"
|
||||
CREATE PROCEDURE fill_timelog ()
|
||||
BEGIN
|
||||
DECLARE j INT DEFAULT 1;
|
||||
DECLARE users INT DEFAULT 1;
|
||||
DECLARE logs INT;
|
||||
DECLARE hours FLOAT;
|
||||
DECLARE project INT;
|
||||
DECLARE curDate DATE DEFAULT '2024-11-18';
|
||||
DECLARE h2 INT;
|
||||
|
||||
WHILE users <= 100 DO
|
||||
SET logs = FLOOR(1 + (RAND() * 20));
|
||||
SET j = 1;
|
||||
WHILE j <= logs DO
|
||||
SET project = FLOOR(1 + (RAND() * 3));
|
||||
SET curDate = DATE_ADD('2020-01-01', INTERVAL FLOOR(RAND() * DATEDIFF('2020-02-01', '2020-01-01')) DAY);
|
||||
SET hours = (RAND() * (8 - 0.25)) + 0.25;
|
||||
|
||||
SELECT SUM(time) INTO h2
|
||||
FROM Timelog
|
||||
WHERE date = curdate && user = users;
|
||||
|
||||
WHILE(h2 + hours) > 8 DO
|
||||
SET curDate = DATE_ADD('2020-01-01', INTERVAL FLOOR(RAND() * DATEDIFF('2020-02-01', '2020-01-01')) DAY);
|
||||
|
||||
SELECT SUM(time)INTO h2
|
||||
FROM Timelog
|
||||
WHERE date = curdate && user = users;
|
||||
|
||||
END WHILE;
|
||||
INSERT INTO Timelog(user, project, date, time) VALUES(users, project, curDate, hours);
|
||||
SET j = j + 1;
|
||||
END WHILE;
|
||||
SET users = users + 1;
|
||||
END WHILE;
|
||||
END;";
|
||||
cmd.ExecuteNonQuery();
|
||||
cmd.CommandText = @"CREATE PROCEDURE InitDB()
|
||||
BEGIN
|
||||
DECLARE i INT DEFAULT 1;
|
||||
TRUNCATE TABLE Timelog;
|
||||
TRUNCATE TABLE Project;
|
||||
SET foreign_key_checks = 0;
|
||||
TRUNCATE TABLE User;
|
||||
SET foreign_key_checks = 1;
|
||||
|
||||
INSERT INTO Project(name) VALUES('My own'),('Outcons'),('Free Time');
|
||||
|
||||
CREATE TEMPORARY TABLE temp_fname (fname VARCHAR(255));
|
||||
INSERT INTO temp_fname (fname) VALUES
|
||||
( 'John' ),
|
||||
( 'Gringo' ),
|
||||
( 'Mark' ),
|
||||
( 'Lisa' ),
|
||||
( 'Maria' ),
|
||||
( 'Sonya' ),
|
||||
( 'Philip' ),
|
||||
( 'Jose' ),
|
||||
( 'Lorenzo' ),
|
||||
( 'George' ),
|
||||
( 'Justin' );
|
||||
|
||||
CREATE TEMPORARY TABLE temp_lname (lname VARCHAR(255));
|
||||
INSERT INTO temp_lname (lname) VALUES
|
||||
( 'Johnson' ),
|
||||
( 'Lamas' ),
|
||||
( 'Jackson' ),
|
||||
( 'Brown' ),
|
||||
( 'Mason' ),
|
||||
( 'Rodriguez' ),
|
||||
( 'Roberts' ),
|
||||
( 'Thomas' ),
|
||||
( 'Rose' ),
|
||||
( 'McDonalds' );
|
||||
|
||||
CREATE TEMPORARY TABLE temp_mail (mail VARCHAR(255));
|
||||
INSERT INTO temp_mail (mail) VALUES
|
||||
( 'hotmail.com' ),
|
||||
( 'gmail.com' ),
|
||||
( 'live.com' );
|
||||
|
||||
WHILE i <= 100 DO
|
||||
INSERT INTO User (f_name, l_name, mail)
|
||||
SELECT
|
||||
(SELECT fname FROM temp_fname ORDER BY RAND() LIMIT 1),
|
||||
(SELECT lname FROM temp_lname ORDER BY RAND() LIMIT 1),
|
||||
(SELECT mail FROM temp_mail ORDER BY RAND() LIMIT 1);
|
||||
SET i = i + 1;
|
||||
END WHILE;
|
||||
|
||||
UPDATE User
|
||||
SET User.mail = CONCAT(User.f_name,'.', User.l_name,'@', User.mail);
|
||||
|
||||
CALL fill_timelog();
|
||||
DROP TABLE temp_mail;
|
||||
DROP TABLE temp_fname;
|
||||
DROP TABLE temp_lname;
|
||||
END;";
|
||||
cmd.ExecuteNonQuery();
|
||||
// prepare response
|
||||
SendSuccess(response);
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
SendError(response, ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,104 @@
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using System.Text.RegularExpressions;
|
||||
using MySql.Data.MySqlClient;
|
||||
using Newtonsoft.Json;
|
||||
|
||||
namespace Server
|
||||
{
|
||||
// there should be a better way to deal with data comming from sql
|
||||
public class Log
|
||||
{
|
||||
public object? f_name { get; set; }
|
||||
public object? l_name { get; set; }
|
||||
public object? mail { get; set; }
|
||||
public object? name { get; set; }
|
||||
public object? time { get; set; }
|
||||
public object? date { get; set; }
|
||||
public object? user { get; set; }
|
||||
}
|
||||
|
||||
public class Getall : Route
|
||||
{
|
||||
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
|
||||
{
|
||||
try
|
||||
{
|
||||
// prepare SQL query
|
||||
MySqlCommand cmd = new MySqlCommand();
|
||||
// get url params
|
||||
var queryString = request.QueryString;
|
||||
string? from = queryString["from"];
|
||||
string? to = queryString["to"];
|
||||
string? sortby = queryString["sortby"];
|
||||
string? offset = queryString["offset"];
|
||||
string? order = queryString["order"];
|
||||
order = order == "true" ? "ASC" : "DESC";
|
||||
// this shenanigan is needed to remove the "" around group by
|
||||
string mainQuery = @"SELECT u.f_name,u.l_name,u.mail,p.name,t.time,t.date,t.user
|
||||
FROM Timelog t
|
||||
INNER JOIN Project p ON p.id=t.project
|
||||
INNER JOIN User u ON u.id=t.user ";
|
||||
string offsetQuery = " LIMIT 10 OFFSET " + offset + ";";
|
||||
// depending on the incoming parameters construct a Query
|
||||
if (!string.IsNullOrEmpty(to) && !string.IsNullOrEmpty(from))
|
||||
{
|
||||
Regex regex = new Regex(@"^\d{4}-\d{2}-\d{2}$");
|
||||
if (!regex.IsMatch(to) || !regex.IsMatch(from))
|
||||
{
|
||||
throw new Exception("Incorrect date format");
|
||||
}
|
||||
string whereQuery = " WHERE t.date BETWEEN @from AND @to ";
|
||||
mainQuery = mainQuery + whereQuery;
|
||||
}
|
||||
if (!string.IsNullOrEmpty(sortby))
|
||||
{
|
||||
List<string> validSorting = new List<string> { "f_name", "l_name", "mail", "time", "date", "user", };
|
||||
if (!validSorting.Contains(sortby))
|
||||
{
|
||||
throw new Exception("Incorrect sorting value");
|
||||
}
|
||||
string orderQuery = " ORDER BY " + sortby + " " + order;
|
||||
mainQuery = mainQuery + orderQuery;
|
||||
}
|
||||
if (!int.TryParse(offset, out int myInt) || myInt < 0)
|
||||
throw new Exception("Incorect offset");
|
||||
// add the final line to the query
|
||||
cmd.CommandText = mainQuery + offsetQuery;
|
||||
// those don't produce error if they don't find their variables
|
||||
cmd.Parameters.AddWithValue("@from", from);
|
||||
cmd.Parameters.AddWithValue("@to", to);
|
||||
|
||||
using (MySqlConnection conn = new MySqlConnection(connectionString))
|
||||
{
|
||||
conn.Open();
|
||||
cmd.Connection = conn;
|
||||
// execute query and read results
|
||||
MySqlDataReader reader = cmd.ExecuteReader();
|
||||
|
||||
List<Log> entries = new List<Log>();
|
||||
while (reader.Read())
|
||||
{
|
||||
entries.Add(new Log
|
||||
{
|
||||
f_name = reader["f_name"],
|
||||
l_name = reader["l_name"],
|
||||
user = reader["user"],
|
||||
date = reader["date"],
|
||||
name = reader["name"],
|
||||
time = reader["time"],
|
||||
mail = reader["mail"],
|
||||
});
|
||||
}
|
||||
// serialize JSON
|
||||
string jsonResponse = JsonConvert.SerializeObject(entries);
|
||||
SendSuccess(response, jsonResponse);
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
SendError(response, ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,99 @@
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using System.Text.RegularExpressions;
|
||||
using MySql.Data.MySqlClient;
|
||||
using Newtonsoft.Json;
|
||||
|
||||
namespace Server
|
||||
{
|
||||
public class TopTen
|
||||
{
|
||||
public object? user { get; set; }
|
||||
public object? date { get; set; }
|
||||
public object? project { get; set; }
|
||||
public object? f_name { get; set; }
|
||||
public object? l_name { get; set; }
|
||||
public object? name { get; set; }
|
||||
public object? total_time { get; set; }
|
||||
}
|
||||
public class Gettopten : Route
|
||||
{
|
||||
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
|
||||
{
|
||||
try
|
||||
{
|
||||
// prepare SQL query
|
||||
MySqlCommand cmd = new MySqlCommand();
|
||||
var queryString = request.QueryString;
|
||||
string? from = queryString["from"];
|
||||
string? to = queryString["to"];
|
||||
string? filterBy = queryString["filterBy"];
|
||||
|
||||
if (!string.IsNullOrEmpty(to) && !string.IsNullOrEmpty(from))
|
||||
{
|
||||
Regex regex = new Regex(@"^\d{4}-\d{2}-\d{2}$");
|
||||
if (!regex.IsMatch(to) || !regex.IsMatch(from))
|
||||
{
|
||||
throw new Exception("Incorrect date format");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new Exception("Empty date format");
|
||||
}
|
||||
if (string.IsNullOrEmpty(filterBy))
|
||||
{
|
||||
throw new Exception("Empty filterby");
|
||||
}
|
||||
if (filterBy != "user" && filterBy != "project")
|
||||
{
|
||||
throw new Exception("Incorrect filterby");
|
||||
}
|
||||
|
||||
// this shenanigan is needed to remove the "" around
|
||||
// group by
|
||||
string req = @"SELECT t.user,t.date,t.project,u.f_name,u.l_name,p.name,SUM(t.time) as total_time
|
||||
FROM Timelog t
|
||||
INNER JOIN Project p ON p.id=t.project
|
||||
INNER JOIN User u ON u.id=t.user
|
||||
WHERE t.date BETWEEN @from AND @to
|
||||
GROUP BY " + filterBy + @" ORDER BY total_time DESC
|
||||
LIMIT 10;";
|
||||
cmd.CommandText = req;
|
||||
cmd.Parameters.AddWithValue("@from", from);
|
||||
cmd.Parameters.AddWithValue("@to", to);
|
||||
|
||||
using (MySqlConnection conn = new MySqlConnection(connectionString))
|
||||
{
|
||||
cmd.Connection = conn;
|
||||
conn.Open();
|
||||
// Execute the query and read the results
|
||||
MySqlDataReader reader = cmd.ExecuteReader();
|
||||
List<TopTen> entries = new List<TopTen>();
|
||||
while (reader.Read())
|
||||
{
|
||||
entries.Add(new TopTen
|
||||
{
|
||||
user = reader["user"],
|
||||
date = reader["date"],
|
||||
project = reader["project"],
|
||||
f_name = reader["f_name"],
|
||||
l_name = reader["l_name"],
|
||||
name = reader["name"],
|
||||
total_time = reader["total_time"],
|
||||
});
|
||||
}
|
||||
// Serialize the data to JSON
|
||||
string jsonResponse = JsonConvert.SerializeObject(entries);
|
||||
// prepare response
|
||||
SendSuccess(response, jsonResponse);
|
||||
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
SendError(response, ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,54 @@
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using MySql.Data.MySqlClient;
|
||||
using System.Dynamic;
|
||||
using Newtonsoft.Json;
|
||||
|
||||
namespace Server
|
||||
{
|
||||
public class Getuser : Route
|
||||
{
|
||||
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
|
||||
{
|
||||
|
||||
try
|
||||
{
|
||||
// prepare SQL query
|
||||
MySqlCommand cmd = new MySqlCommand();
|
||||
cmd.CommandText = @"SELECT p.name, SUM(t.time)
|
||||
FROM Timelog t
|
||||
INNER JOIN Project p ON p.id=t.project
|
||||
INNER JOIN User u ON u.id=t.user
|
||||
WHERE User = @userid
|
||||
GROUP BY name;";
|
||||
var queryString = request.QueryString;
|
||||
string? userid = queryString["userid"];
|
||||
cmd.Parameters.AddWithValue("@userid", userid);
|
||||
|
||||
using (MySqlConnection conn = new MySqlConnection(connectionString))
|
||||
{
|
||||
conn.Open();
|
||||
cmd.Connection = conn;
|
||||
// execute query and read results
|
||||
MySqlDataReader reader = cmd.ExecuteReader();
|
||||
dynamic expando = new ExpandoObject();
|
||||
while (reader.Read())
|
||||
{
|
||||
((IDictionary<string?, object>)expando)[reader["name"].ToString()] = reader["SUM(t.time)"];
|
||||
|
||||
}
|
||||
// serialize JSON
|
||||
string jsonResponse = JsonConvert.SerializeObject(expando);
|
||||
// prepare response
|
||||
SendSuccess(response, jsonResponse);
|
||||
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
SendError(response, ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,121 @@
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using MySql.Data.MySqlClient;
|
||||
using Newtonsoft.Json;
|
||||
using Newtonsoft.Json.Linq;
|
||||
using System.Security.Claims;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using System.Security.Cryptography;
|
||||
|
||||
namespace Server
|
||||
{
|
||||
public class Login : Route
|
||||
{
|
||||
private static string secretKey = "stronk-key-much-sercret-much-more-stronk-stronk-key-much-sercret-much-more-stronk";
|
||||
|
||||
public static string GenerateToken(string user)
|
||||
{
|
||||
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey));
|
||||
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
|
||||
|
||||
var token = new JwtSecurityToken(
|
||||
issuer: "TimeLogServer",
|
||||
audience: "TimeLogWebsite",
|
||||
claims: new[]
|
||||
{
|
||||
new Claim("user", user)
|
||||
},
|
||||
expires: DateTime.Now.AddHours(2),
|
||||
signingCredentials: creds
|
||||
);
|
||||
|
||||
return new JwtSecurityTokenHandler().WriteToken(token);
|
||||
}
|
||||
|
||||
public static bool VerifyPassword(string enteredPassword, string storedHash)
|
||||
{
|
||||
byte[] hashBytes = Convert.FromBase64String(storedHash);
|
||||
|
||||
// Extract the salt from the stored hash
|
||||
byte[] salt = new byte[16];
|
||||
Array.Copy(hashBytes, 0, salt, 0, 16);
|
||||
|
||||
// Hash the entered password with the stored salt
|
||||
using (var pbkdf2 = new Rfc2898DeriveBytes(enteredPassword, salt, 10000, HashAlgorithmName.SHA256))
|
||||
{
|
||||
byte[] newHash = pbkdf2.GetBytes(32);
|
||||
|
||||
// Compare the computed hash with the stored hash
|
||||
for (int i = 0; i < 32; i++)
|
||||
{
|
||||
if (newHash[i] != hashBytes[i + 16])
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
|
||||
{
|
||||
try
|
||||
{
|
||||
// extract data from body
|
||||
string body;
|
||||
using (StreamReader bodyReader = new StreamReader(request.InputStream, request.ContentEncoding))
|
||||
{
|
||||
body = bodyReader.ReadToEnd();
|
||||
}
|
||||
JObject jsonObject = JObject.Parse(body);
|
||||
string mail = jsonObject["mail"]?.ToString() ?? "";
|
||||
string password = jsonObject["password"]?.ToString() ?? "";
|
||||
|
||||
// prepare SQL query
|
||||
MySqlCommand cmd = new MySqlCommand();
|
||||
cmd.CommandText = @"SELECT u.id, password FROM User u
|
||||
INNER JOIN Password p ON p.user=u.id
|
||||
WHERE mail=@mail;";
|
||||
cmd.Parameters.AddWithValue("@mail", mail);
|
||||
|
||||
using (MySqlConnection conn = new MySqlConnection(connectionString))
|
||||
{
|
||||
cmd.Connection = conn;
|
||||
conn.Open();
|
||||
// execute query and read results
|
||||
MySqlDataReader reader = cmd.ExecuteReader();
|
||||
string? userId = "";
|
||||
string? hashedPass = "";
|
||||
string? jsonResponse;
|
||||
while (reader.Read())
|
||||
{
|
||||
userId = Convert.ToString(reader["id"]);
|
||||
hashedPass = reader.GetString("password");
|
||||
}
|
||||
|
||||
// check username
|
||||
if (string.IsNullOrEmpty(userId))
|
||||
{
|
||||
throw new Exception("Invalid Username or Password");
|
||||
}
|
||||
//check password
|
||||
if (string.IsNullOrEmpty(password)
|
||||
|| string.IsNullOrEmpty(hashedPass)
|
||||
|| !VerifyPassword(password, hashedPass))
|
||||
{
|
||||
throw new Exception("Invalid Username or Password");
|
||||
}
|
||||
|
||||
jsonResponse = JsonConvert.SerializeObject(GenerateToken(userId));
|
||||
|
||||
// prepare response
|
||||
SendSuccess(response, jsonResponse);
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
SendError(response, ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,98 @@
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using MySql.Data.MySqlClient;
|
||||
using System.Security.Cryptography;
|
||||
using Newtonsoft.Json;
|
||||
using Newtonsoft.Json.Linq;
|
||||
|
||||
namespace Server
|
||||
{
|
||||
public class Register : Route
|
||||
{
|
||||
private static string HashPassword(string password)
|
||||
{
|
||||
// Generate a salt
|
||||
byte[] salt = new byte[16];
|
||||
RandomNumberGenerator.Fill(salt);
|
||||
// Create a PBKDF2 instance to hash the password
|
||||
using (var pbkdf2 = new Rfc2898DeriveBytes(password, salt, 10000, HashAlgorithmName.SHA256))
|
||||
{
|
||||
byte[] hash = pbkdf2.GetBytes(32);
|
||||
|
||||
// Combine the salt and the hash together
|
||||
byte[] hashBytes = new byte[48]; // 16 (salt) + 32 (hash)
|
||||
Array.Copy(salt, 0, hashBytes, 0, 16);
|
||||
Array.Copy(hash, 0, hashBytes, 16, 32);
|
||||
|
||||
// Return the final hash as a Base64 encoded string
|
||||
return Convert.ToBase64String(hashBytes);
|
||||
}
|
||||
}
|
||||
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
|
||||
{
|
||||
MySqlTransaction? transaction = null;
|
||||
try
|
||||
{
|
||||
// extract parameters from req body
|
||||
string body;
|
||||
using (StreamReader bodyReader = new StreamReader(request.InputStream, request.ContentEncoding))
|
||||
{
|
||||
body = bodyReader.ReadToEnd();
|
||||
}
|
||||
JObject jsonObject = JObject.Parse(body);
|
||||
string f_name = jsonObject["f_name"]?.ToString() ?? "";
|
||||
string l_name = jsonObject["l_name"]?.ToString() ?? "";
|
||||
string password = jsonObject["password"]?.ToString() ?? "";
|
||||
string mail = jsonObject["mail"]?.ToString() ?? "";
|
||||
|
||||
// validate parameters
|
||||
if (string.IsNullOrEmpty(f_name) || f_name.Length > 30 || f_name.Length < 2 ||
|
||||
string.IsNullOrEmpty(l_name) || l_name.Length > 30 || l_name.Length < 2 ||
|
||||
string.IsNullOrEmpty(mail) || mail.Length > 50 || mail.Length < 6 ||
|
||||
string.IsNullOrEmpty(password) || password.Length > 30 || password.Length < 10)
|
||||
{
|
||||
throw new Exception("Wrong parameters");
|
||||
}
|
||||
// open connection
|
||||
// prepare SQL query
|
||||
MySqlCommand cmd = new MySqlCommand();
|
||||
|
||||
// Insert into User
|
||||
cmd.CommandText = "INSERT INTO User(f_name,l_name,mail) VALUES(@f_name,@l_name,@mail)";
|
||||
cmd.Parameters.AddWithValue("@f_name", f_name);
|
||||
cmd.Parameters.AddWithValue("@l_name", l_name);
|
||||
cmd.Parameters.AddWithValue("@mail", mail);
|
||||
|
||||
using (MySqlConnection conn = new MySqlConnection(connectionString))
|
||||
{
|
||||
conn.Open();
|
||||
transaction = conn.BeginTransaction();
|
||||
cmd.Connection = conn;
|
||||
cmd.ExecuteNonQuery();
|
||||
|
||||
// Get user ID
|
||||
cmd.CommandText = "SELECT id FROM User WHERE mail=@mail;";
|
||||
MySqlDataReader reader = cmd.ExecuteReader();
|
||||
reader.Read();
|
||||
var id = reader["id"];
|
||||
reader.Close();
|
||||
|
||||
// Insert into password
|
||||
cmd.CommandText = "INSERT INTO Password(user,password) VALUES(@id,@password)";
|
||||
cmd.Parameters.AddWithValue("@password", HashPassword(password));
|
||||
cmd.Parameters.AddWithValue("@id", id);
|
||||
cmd.ExecuteNonQuery();
|
||||
transaction.Commit();
|
||||
|
||||
SendSuccess(response);
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
if (transaction != null)
|
||||
transaction.Rollback();
|
||||
SendError(response, ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,33 @@
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using MySql.Data.MySqlClient;
|
||||
|
||||
namespace Server
|
||||
{
|
||||
public class Reset : Route
|
||||
{
|
||||
public static void HandleRequest(HttpListenerRequest request, HttpListenerResponse response)
|
||||
{
|
||||
try
|
||||
{
|
||||
// prepare SQL query
|
||||
MySqlCommand cmd = new MySqlCommand();
|
||||
cmd.CommandText = "CALL InitDB";
|
||||
using (MySqlConnection conn = new MySqlConnection(connectionString))
|
||||
{
|
||||
cmd.Connection = conn;
|
||||
// open connection
|
||||
conn.Open();
|
||||
// execute query
|
||||
cmd.ExecuteNonQuery();
|
||||
// set up and send response
|
||||
SendSuccess(response);
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
SendError(response, ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user