diff --git a/ProjectLighthouse/Controllers/CommentController.cs b/ProjectLighthouse/Controllers/CommentController.cs index 49c64b30..2bcb35d3 100644 --- a/ProjectLighthouse/Controllers/CommentController.cs +++ b/ProjectLighthouse/Controllers/CommentController.cs @@ -32,10 +32,13 @@ namespace ProjectLighthouse.Controllers { Comment comment = (Comment)serializer.Deserialize(new StringReader(bodyString)); await using Database database = new(); - User poster = await database.Users.FirstOrDefaultAsync(u => u.Username == "jvyden"); - User target = await database.Users.FirstOrDefaultAsync(u => u.Username == username); + User poster = await database.UserFromRequest(Request); - if(comment == null) return this.BadRequest(); + if(poster == null) return this.StatusCode(403, ""); + + User target = await database.Users.FirstOrDefaultAsync(u => u.Username == username); + + if(comment == null || target == null) return this.BadRequest(); comment.PosterUserId = poster.UserId; comment.TargetUserId = target.UserId; diff --git a/ProjectLighthouse/Controllers/LoginController.cs b/ProjectLighthouse/Controllers/LoginController.cs index 7d82bda0..9091f41a 100644 --- a/ProjectLighthouse/Controllers/LoginController.cs +++ b/ProjectLighthouse/Controllers/LoginController.cs @@ -32,10 +32,10 @@ namespace ProjectLighthouse.Controllers { Token? token = await database.AuthenticateUser(loginData); - if(token == null) return this.BadRequest(""); // TODO: send 403 + if(token == null) return this.StatusCode(403, ""); return this.Ok(new LoginResult { - AuthTicket = token.UserToken, + AuthTicket = "MM_AUTH=" + token.UserToken, LbpEnvVer = ServerSettings.ServerName }.Serialize()); } diff --git a/ProjectLighthouse/Controllers/MessageController.cs b/ProjectLighthouse/Controllers/MessageController.cs index 5a8ab309..c6a4089c 100644 --- a/ProjectLighthouse/Controllers/MessageController.cs +++ b/ProjectLighthouse/Controllers/MessageController.cs @@ -10,14 +10,13 @@ namespace ProjectLighthouse.Controllers { public class MessageController : ControllerBase { [HttpGet("eula")] public async Task Eula() { - User user = await new Database().Users.FirstOrDefaultAsync(u => u.Username == "jvyden"); - - return Ok($"You are logged in as user {user.Username} (id {user.UserId})"); + User user = await new Database().UserFromRequest(Request); + return user == null ? this.StatusCode(403, "") : this.Ok($"You are logged in as user {user.Username} (id {user.UserId})"); } [HttpGet("announce")] public IActionResult Announce() { - return Ok("PROJECT LIGHTHOUSE IS A GO!\nalso ezoiar was here\nnow on ASP.NET!"); + return Ok(""); } [HttpGet("notification")] diff --git a/ProjectLighthouse/Controllers/PublishController.cs b/ProjectLighthouse/Controllers/PublishController.cs index a1963e0b..6ccadf20 100644 --- a/ProjectLighthouse/Controllers/PublishController.cs +++ b/ProjectLighthouse/Controllers/PublishController.cs @@ -30,7 +30,9 @@ namespace ProjectLighthouse.Controllers { public async Task Publish() { await using Database database = new(); - User user = await database.Users.FirstOrDefaultAsync(u => u.Username == "jvyden"); + User user = await database.UserFromRequest(Request); + if(user == null) return this.StatusCode(403, ""); + Slot slot = await this.GetSlotFromBody(); //TODO: parse location in body diff --git a/ProjectLighthouse/Controllers/UserController.cs b/ProjectLighthouse/Controllers/UserController.cs index 22e90f79..bd57f76e 100644 --- a/ProjectLighthouse/Controllers/UserController.cs +++ b/ProjectLighthouse/Controllers/UserController.cs @@ -31,9 +31,9 @@ namespace ProjectLighthouse.Controllers { [HttpPost("updateUser")] public async Task UpdateUser() { await using Database database = new(); - User user = await database.Users.Where(u => u.Username == "jvyden").FirstOrDefaultAsync(); + User user = await database.UserFromRequest(Request); - if(user == null) return this.BadRequest(); + if(user == null) return this.StatusCode(403, ""); XmlReaderSettings settings = new() { Async = true // this is apparently not default diff --git a/ProjectLighthouse/Database.cs b/ProjectLighthouse/Database.cs index 85312f66..a8372e49 100644 --- a/ProjectLighthouse/Database.cs +++ b/ProjectLighthouse/Database.cs @@ -1,6 +1,7 @@ #nullable enable using System; using System.Threading.Tasks; +using Microsoft.AspNetCore.Http; using Microsoft.EntityFrameworkCore; using ProjectLighthouse.Helpers; using ProjectLighthouse.Types; @@ -60,5 +61,13 @@ namespace ProjectLighthouse { if(token == null) return null; return await Users.FirstOrDefaultAsync(u => u.UserId == token.UserId); } + + public async Task UserFromRequest(HttpRequest request) { + if(!request.Cookies.TryGetValue("MM_AUTH", out string? mmAuth) || mmAuth == null) { + return null; + } + + return await UserFromAuthToken(mmAuth); + } } } \ No newline at end of file diff --git a/ProjectLighthouse/Types/Slot.cs b/ProjectLighthouse/Types/Slot.cs index f9dc621c..fb46eb37 100644 --- a/ProjectLighthouse/Types/Slot.cs +++ b/ProjectLighthouse/Types/Slot.cs @@ -36,9 +36,19 @@ namespace ProjectLighthouse.Types { [XmlIgnore] public int LocationId { get; set; } - + [XmlIgnore] public int CreatorId { get; set; } + + private User creator; + + public User Creator { + get { + if(this.creator != null) return this.creator; + + return creator = new Database().Users.First(u => u.UserId == CreatorId); + } + } private Location location; @@ -85,7 +95,7 @@ namespace ProjectLighthouse.Types { string slotData = LbpSerializer.StringElement("name", Name) + LbpSerializer.StringElement("id", SlotId) + LbpSerializer.StringElement("game", 1) + - LbpSerializer.StringElement("npHandle", "jvyden") + + LbpSerializer.StringElement("npHandle", Creator.UserId) + LbpSerializer.StringElement("description", Description) + LbpSerializer.StringElement("icon", IconHash) + LbpSerializer.StringElement("resource", Resource) +