diff --git a/ProjectLighthouse.Servers.API/Controllers/UserEndpoints.cs b/ProjectLighthouse.Servers.API/Controllers/UserEndpoints.cs index 30e7d655..b5a8e79e 100644 --- a/ProjectLighthouse.Servers.API/Controllers/UserEndpoints.cs +++ b/ProjectLighthouse.Servers.API/Controllers/UserEndpoints.cs @@ -1,6 +1,7 @@ #nullable enable using LBPUnion.ProjectLighthouse.PlayerData.Profiles; -using LBPUnion.ProjectLighthouse.Types; +using LBPUnion.ProjectLighthouse.PlayerData; +using LBPUnion.ProjectLighthouse.Helpers; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; @@ -54,4 +55,33 @@ public class UserEndpoints : ApiEndpointController return this.Ok(userStatus); } + + [HttpPost("user/inviteToken")] + public async Task CreateUserInviteToken() + { + if (Configuration.ServerConfiguration.Instance.Authentication.PrivateRegistration || + Configuration.ServerConfiguration.Instance.Authentication.RegistrationEnabled) + { + + string authHeader = this.Request.Headers["Authorization"]; + if (!string.IsNullOrWhiteSpace(authHeader)) + { + string authToken = authHeader.Substring(authHeader.IndexOf(' ') + 1); + + APIKey? apiKey = await this.database.APIKeys.FirstOrDefaultAsync(k => k.Key == authToken); + if (apiKey == null) return this.StatusCode(403, null); + + RegistrationToken token = new(); + token.Created = DateTime.Now; + token.Token = CryptoHelper.GenerateAuthToken(); + + this.database.RegistrationTokens.Add(token); + await this.database.SaveChangesAsync(); + + return Ok(token.Token); + } + + } + return this.NotFound(); + } } \ No newline at end of file diff --git a/ProjectLighthouse.Servers.Website/Pages/Admin/AdminAPIKeyPage.cshtml b/ProjectLighthouse.Servers.Website/Pages/Admin/AdminAPIKeyPage.cshtml new file mode 100644 index 00000000..67a541cf --- /dev/null +++ b/ProjectLighthouse.Servers.Website/Pages/Admin/AdminAPIKeyPage.cshtml @@ -0,0 +1,56 @@ +@page "/admin/keys" + +@using LBPUnion.ProjectLighthouse.PlayerData +@model LBPUnion.ProjectLighthouse.Servers.Website.Pages.Admin.AdminAPIKeyPageModel +@{ + Layout = "Layouts/BaseLayout"; + Model.Title = "API Keys"; +} + +@inject Microsoft.AspNetCore.Antiforgery.IAntiforgery Antiforgery +@{ + var token = Antiforgery.GetAndStoreTokens(HttpContext).RequestToken; +} + + + +

There are @Model.KeyCount API keys registered.

+@if (Model.KeyCount == 0) +{ +

To create one, you can use the "Create API key" command in the admin panel.

+} + +
+ @foreach (APIKey key in Model.APIKeys) + { +
+
+
+ Created at: @key.Created.ToString() +
+ +

@key.Description

+
+
+ } +
diff --git a/ProjectLighthouse.Servers.Website/Pages/Admin/AdminAPIKeyPage.cshtml.cs b/ProjectLighthouse.Servers.Website/Pages/Admin/AdminAPIKeyPage.cshtml.cs new file mode 100644 index 00000000..1b44968f --- /dev/null +++ b/ProjectLighthouse.Servers.Website/Pages/Admin/AdminAPIKeyPage.cshtml.cs @@ -0,0 +1,43 @@ +using LBPUnion.ProjectLighthouse.Servers.Website.Pages.Layouts; +using LBPUnion.ProjectLighthouse.PlayerData; +using LBPUnion.ProjectLighthouse.PlayerData.Profiles; +using Microsoft.AspNetCore.Mvc; +using Microsoft.EntityFrameworkCore; + +namespace LBPUnion.ProjectLighthouse.Servers.Website.Pages.Admin +{ + public class AdminAPIKeyPageModel : BaseLayout + { + public List APIKeys = new(); + public int KeyCount; + + public AdminAPIKeyPageModel(Database database) : base(database) + { } + + public async Task OnGet() + { + User? user = this.Database.UserFromWebRequest(this.Request); + if (user == null) return this.Redirect("~/login"); + if (!user.IsAdmin) return this.NotFound(); + + this.APIKeys = await this.Database.APIKeys.OrderByDescending(k => k.Id).ToListAsync(); + this.KeyCount = this.APIKeys.Count; + + return this.Page(); + } + + public async Task OnPost(string keyID) + { + User? user = this.Database.UserFromWebRequest(this.Request); + if (user == null || !user.IsAdmin) return this.NotFound(); + + APIKey? apiKey = await this.Database.APIKeys.FirstOrDefaultAsync(k => k.Id == int.Parse(keyID)); + if (apiKey == null) return this.NotFound(); + this.Database.APIKeys.Remove(apiKey); + await this.Database.SaveChangesAsync(); + + return this.Page(); + } + + } +} diff --git a/ProjectLighthouse.Servers.Website/Pages/Admin/AdminPanelPage.cshtml.cs b/ProjectLighthouse.Servers.Website/Pages/Admin/AdminPanelPage.cshtml.cs index 6df20cfc..4d4d092e 100644 --- a/ProjectLighthouse.Servers.Website/Pages/Admin/AdminPanelPage.cshtml.cs +++ b/ProjectLighthouse.Servers.Website/Pages/Admin/AdminPanelPage.cshtml.cs @@ -15,7 +15,7 @@ public class AdminPanelPage : BaseLayout { public List Commands = MaintenanceHelper.Commands; public AdminPanelPage(Database database) : base(database) - {} + { } public List Statistics = new(); @@ -31,6 +31,7 @@ public class AdminPanelPage : BaseLayout this.Statistics.Add(new AdminPanelStatistic("Slots", await StatisticsHelper.SlotCount())); this.Statistics.Add(new AdminPanelStatistic("Photos", await StatisticsHelper.PhotoCount())); this.Statistics.Add(new AdminPanelStatistic("Reports", await StatisticsHelper.ReportCount(), "reports/0")); + this.Statistics.Add(new AdminPanelStatistic("API Keys", await StatisticsHelper.APIKeyCount(), "keys")); if (!string.IsNullOrEmpty(command)) { diff --git a/ProjectLighthouse.Servers.Website/Pages/RegisterForm.cshtml.cs b/ProjectLighthouse.Servers.Website/Pages/RegisterForm.cshtml.cs index fa49b753..4bbe3efb 100644 --- a/ProjectLighthouse.Servers.Website/Pages/RegisterForm.cshtml.cs +++ b/ProjectLighthouse.Servers.Website/Pages/RegisterForm.cshtml.cs @@ -15,7 +15,7 @@ namespace LBPUnion.ProjectLighthouse.Servers.Website.Pages; public class RegisterForm : BaseLayout { public RegisterForm(Database database) : base(database) - {} + { } public string? Error { get; private set; } @@ -23,7 +23,22 @@ public class RegisterForm : BaseLayout [SuppressMessage("ReSharper", "SpecifyStringComparison")] public async Task OnPost(string username, string password, string confirmPassword, string emailAddress) { - if (!ServerConfiguration.Instance.Authentication.RegistrationEnabled) return this.NotFound(); + if (ServerConfiguration.Instance.Authentication.PrivateRegistration) + { + if (this.Request.Query.ContainsKey("token")) + { + if (!this.Database.IsRegistrationTokenValid(this.Request.Query["token"])) + return this.StatusCode(403, "Invalid Token"); + } + else + { + return this.NotFound(); + } + } + else if (!ServerConfiguration.Instance.Authentication.RegistrationEnabled) + { + return this.NotFound(); + } if (string.IsNullOrWhiteSpace(username)) { @@ -68,6 +83,11 @@ public class RegisterForm : BaseLayout return this.Page(); } + if (this.Request.Query.ContainsKey("token")) + { + await Database.RemoveRegistrationToken(this.Request.Query["token"]); + } + User user = await this.Database.CreateUser(username, CryptoHelper.BCryptHash(password), emailAddress); WebToken webToken = new() @@ -91,7 +111,22 @@ public class RegisterForm : BaseLayout public IActionResult OnGet() { this.Error = string.Empty; - if (!ServerConfiguration.Instance.Authentication.RegistrationEnabled) return this.NotFound(); + if (ServerConfiguration.Instance.Authentication.PrivateRegistration) + { + if (this.Request.Query.ContainsKey("token")) + { + if (!this.Database.IsRegistrationTokenValid(this.Request.Query["token"])) + return this.StatusCode(403, "Invalid Token"); + } + else + { + return this.NotFound(); + } + } + else if (!ServerConfiguration.Instance.Authentication.RegistrationEnabled) + { + return this.NotFound(); + } return this.Page(); } diff --git a/ProjectLighthouse/Administration/Maintenance/Commands/CreateAPIKeyCommand.cs b/ProjectLighthouse/Administration/Maintenance/Commands/CreateAPIKeyCommand.cs new file mode 100644 index 00000000..0b5faf9b --- /dev/null +++ b/ProjectLighthouse/Administration/Maintenance/Commands/CreateAPIKeyCommand.cs @@ -0,0 +1,34 @@ +using System; +using System.Threading.Tasks; +using LBPUnion.ProjectLighthouse.Logging; +using LBPUnion.ProjectLighthouse.PlayerData; +using LBPUnion.ProjectLighthouse.Helpers; + +namespace LBPUnion.ProjectLighthouse.Administration.Maintenance.Commands +{ + public class CreateAPIKeyCommand : ICommand + { + public string Name() => "Create API Key"; + public string[] Aliases() => new[] { "createAPIKey", }; + public string Arguments() => ""; + public int RequiredArgs() => 1; + + public async Task Run(string[] args, Logger logger) + { + APIKey key = new(); + key.Description = args[0]; + if (string.IsNullOrWhiteSpace(key.Description)) + { + key.Description = ""; + } + key.Key = CryptoHelper.GenerateAuthToken(); + key.Created = DateTime.Now; + Database database = new(); + await database.APIKeys.AddAsync(key); + await database.SaveChangesAsync(); + logger.LogSuccess($"The API key has been created (id: {key.Id}), however for security the token will only be shown once.", LogArea.Command); + logger.LogInfo($"Key: {key.Key}", LogArea.Command); + } + } +} + diff --git a/ProjectLighthouse/Configuration/ConfigurationCategories/AuthenticationConfiguration.cs b/ProjectLighthouse/Configuration/ConfigurationCategories/AuthenticationConfiguration.cs index c1f75473..d716a7d9 100644 --- a/ProjectLighthouse/Configuration/ConfigurationCategories/AuthenticationConfiguration.cs +++ b/ProjectLighthouse/Configuration/ConfigurationCategories/AuthenticationConfiguration.cs @@ -8,5 +8,6 @@ public class AuthenticationConfiguration public bool BlockDeniedUsers { get; set; } public bool RegistrationEnabled { get; set; } = true; + public bool PrivateRegistration { get; set; } = false; public bool UseExternalAuth { get; set; } } \ No newline at end of file diff --git a/ProjectLighthouse/Configuration/ServerConfiguration.cs b/ProjectLighthouse/Configuration/ServerConfiguration.cs index bd3ce250..3142339e 100644 --- a/ProjectLighthouse/Configuration/ServerConfiguration.cs +++ b/ProjectLighthouse/Configuration/ServerConfiguration.cs @@ -23,7 +23,7 @@ public class ServerConfiguration // You can use an ObsoleteAttribute instead. Make sure you set it to error, though. // // Thanks for listening~ - public const int CurrentConfigVersion = 5; + public const int CurrentConfigVersion = 6; #region Meta @@ -42,7 +42,7 @@ public class ServerConfiguration private static FileSystemWatcher fileWatcher; // ReSharper disable once NotNullMemberIsNotInitialized - #pragma warning disable CS8618 +#pragma warning disable CS8618 static ServerConfiguration() { if (ServerStatics.IsUnitTesting) return; // Unit testing, we don't want to read configurations here since the tests will provide their own @@ -54,7 +54,7 @@ public class ServerConfiguration // If a valid YML configuration is available! if (File.Exists(ConfigFileName) && (tempConfig = fromFile(ConfigFileName)) != null) { -// Instance = JsonSerializer.Deserialize(configFile) ?? throw new ArgumentNullException(nameof(ConfigFileName)); + // Instance = JsonSerializer.Deserialize(configFile) ?? throw new ArgumentNullException(nameof(ConfigFileName)); Instance = tempConfig; if (Instance.ConfigVersion < CurrentConfigVersion) @@ -114,7 +114,7 @@ public class ServerConfiguration fileWatcher.EnableRaisingEvents = true; // begin watching } } - #pragma warning restore CS8618 +#pragma warning restore CS8618 private static void onConfigChanged(object sender, FileSystemEventArgs e) { @@ -178,11 +178,11 @@ public class ServerConfiguration public string ExternalUrl { get; set; } = "http://localhost:10060"; public bool ConfigReloading { get; set; } public string EulaText { get; set; } = ""; - #if !DEBUG +#if !DEBUG public string AnnounceText { get; set; } = "You are now logged in as %user."; - #else +#else public string AnnounceText { get; set; } = "You are now logged in as %user (id: %id)."; - #endif +#endif public bool CheckForUnsafeFiles { get; set; } = true; public FilterMode UserInputFilterMode { get; set; } = FilterMode.None; diff --git a/ProjectLighthouse/Database.cs b/ProjectLighthouse/Database.cs index ca7fa61b..f6fad8b5 100644 --- a/ProjectLighthouse/Database.cs +++ b/ProjectLighthouse/Database.cs @@ -47,11 +47,13 @@ public class Database : DbContext public DbSet EmailVerificationTokens { get; set; } public DbSet EmailSetTokens { get; set; } public DbSet PasswordResetTokens { get; set; } + public DbSet RegistrationTokens { get; set; } + public DbSet APIKeys { get; set; } protected override void OnConfiguring(DbContextOptionsBuilder options) => options.UseMySql(ServerConfiguration.Instance.DbConnectionString, MySqlServerVersion.LatestSupportedServerVersion); - #nullable enable +#nullable enable public async Task CreateUser(string username, string password, string? emailAddress = null) { if (!password.StartsWith('$')) throw new ArgumentException(nameof(password) + " is not a BCrypt hash"); @@ -357,10 +359,6 @@ public class Database : DbContext return this.WebTokens.FirstOrDefault(t => t.UserToken == lighthouseToken); } - #endregion - - #region Password Reset Token - public async Task UserFromPasswordResetToken(string resetToken) { @@ -378,6 +376,32 @@ public class Database : DbContext return await this.Users.FirstOrDefaultAsync(user => user.UserId == token.UserId); } + public bool IsRegistrationTokenValid(string tokenString) + { + RegistrationToken? token = this.RegistrationTokens.FirstOrDefault(t => t.Token == tokenString); + + if (token == null) return false; + + if (token.Created < DateTime.Now.AddDays(-7)) // if token is expired + { + this.RegistrationTokens.Remove(token); + return false; + } + + return true; + } + + public async Task RemoveRegistrationToken(string tokenString) + { + RegistrationToken? token = await this.RegistrationTokens.FirstOrDefaultAsync(t => t.Token == tokenString); + + if (token == null) return; + + this.RegistrationTokens.Remove(token); + + await this.SaveChangesAsync(); + } + #endregion public async Task PhotoFromSubject(PhotoSubject subject) @@ -419,5 +443,5 @@ public class Database : DbContext if (saveChanges) await this.SaveChangesAsync(); } - #nullable disable +#nullable disable } \ No newline at end of file diff --git a/ProjectLighthouse/Helpers/StatisticsHelper.cs b/ProjectLighthouse/Helpers/StatisticsHelper.cs index a03b03ab..f5531d49 100644 --- a/ProjectLighthouse/Helpers/StatisticsHelper.cs +++ b/ProjectLighthouse/Helpers/StatisticsHelper.cs @@ -25,4 +25,6 @@ public static class StatisticsHelper public static async Task PhotoCount() => await database.Photos.CountAsync(); public static async Task ReportCount() => await database.Reports.CountAsync(); + + public static async Task APIKeyCount() => await database.APIKeys.CountAsync(); } \ No newline at end of file diff --git a/ProjectLighthouse/Migrations/20220715222906_UserInvite.cs b/ProjectLighthouse/Migrations/20220715222906_UserInvite.cs new file mode 100644 index 00000000..98312088 --- /dev/null +++ b/ProjectLighthouse/Migrations/20220715222906_UserInvite.cs @@ -0,0 +1,62 @@ +using System; +using Microsoft.EntityFrameworkCore.Metadata; +using Microsoft.EntityFrameworkCore.Migrations; +using Microsoft.EntityFrameworkCore.Infrastructure; +using LBPUnion.ProjectLighthouse; + +#nullable disable + +namespace ProjectLighthouse.Migrations +{ + [DbContext(typeof(Database))] + [Migration("20220715222906_UserInvite")] + public partial class UserInvite : Migration + { + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.CreateTable( + name: "APIKeys", + columns: table => new + { + Id = table.Column(type: "int", nullable: false) + .Annotation("MySql:ValueGenerationStrategy", MySqlValueGenerationStrategy.IdentityColumn), + Description = table.Column(type: "longtext", nullable: true) + .Annotation("MySql:CharSet", "utf8mb4"), + Key = table.Column(type: "longtext", nullable: true) + .Annotation("MySql:CharSet", "utf8mb4"), + Created = table.Column(type: "datetime(6)", nullable: false), + Enabled = table.Column(type: "tinyint(1)", nullable: false) + }, + constraints: table => + { + table.PrimaryKey("PK_APIKeys", x => x.Id); + }) + .Annotation("MySql:CharSet", "utf8mb4"); + + migrationBuilder.CreateTable( + name: "RegistrationTokens", + columns: table => new + { + TokenId = table.Column(type: "int", nullable: false) + .Annotation("MySql:ValueGenerationStrategy", MySqlValueGenerationStrategy.IdentityColumn), + Token = table.Column(type: "longtext", nullable: true) + .Annotation("MySql:CharSet", "utf8mb4"), + Created = table.Column(type: "datetime(6)", nullable: false) + }, + constraints: table => + { + table.PrimaryKey("PK_RegistrationTokens", x => x.TokenId); + }) + .Annotation("MySql:CharSet", "utf8mb4"); + } + + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropTable( + name: "APIKeys"); + + migrationBuilder.DropTable( + name: "RegistrationTokens"); + } + } +} diff --git a/ProjectLighthouse/Migrations/20220716234844_RemovedAPIKeyEnabled.cs b/ProjectLighthouse/Migrations/20220716234844_RemovedAPIKeyEnabled.cs new file mode 100644 index 00000000..fc3f2ee1 --- /dev/null +++ b/ProjectLighthouse/Migrations/20220716234844_RemovedAPIKeyEnabled.cs @@ -0,0 +1,29 @@ +using Microsoft.EntityFrameworkCore.Migrations; +using LBPUnion.ProjectLighthouse; +using Microsoft.EntityFrameworkCore.Infrastructure; +#nullable disable + +namespace ProjectLighthouse.Migrations +{ + [DbContext(typeof(Database))] + [Migration("20220716234844_RemovedAPIKeyEnabled")] + public partial class RemovedAPIKeyEnabled : Migration + { + protected override void Up(MigrationBuilder migrationBuilder) + { + migrationBuilder.DropColumn( + name: "Enabled", + table: "APIKeys"); + } + + protected override void Down(MigrationBuilder migrationBuilder) + { + migrationBuilder.AddColumn( + name: "Enabled", + table: "APIKeys", + type: "tinyint(1)", + nullable: false, + defaultValue: false); + } + } +} diff --git a/ProjectLighthouse/Migrations/DatabaseModelSnapshot.cs b/ProjectLighthouse/Migrations/DatabaseModelSnapshot.cs index 515b95d0..53cd19d1 100644 --- a/ProjectLighthouse/Migrations/DatabaseModelSnapshot.cs +++ b/ProjectLighthouse/Migrations/DatabaseModelSnapshot.cs @@ -16,7 +16,7 @@ namespace ProjectLighthouse.Migrations { #pragma warning disable 612, 618 modelBuilder - .HasAnnotation("ProductVersion", "6.0.6") + .HasAnnotation("ProductVersion", "6.0.7") .HasAnnotation("Relational:MaxIdentifierLength", 64); modelBuilder.Entity("LBPUnion.ProjectLighthouse.Administration.CompletedMigration", b => @@ -331,6 +331,26 @@ namespace ProjectLighthouse.Migrations b.ToTable("VisitedLevels"); }); + modelBuilder.Entity("LBPUnion.ProjectLighthouse.PlayerData.APIKey", b => + { + b.Property("Id") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + b.Property("Created") + .HasColumnType("datetime(6)"); + + b.Property("Description") + .HasColumnType("longtext"); + + b.Property("Key") + .HasColumnType("longtext"); + + b.HasKey("Id"); + + b.ToTable("APIKeys"); + }); + modelBuilder.Entity("LBPUnion.ProjectLighthouse.PlayerData.AuthenticationAttempt", b => { b.Property("AuthenticationAttemptId") @@ -702,6 +722,23 @@ namespace ProjectLighthouse.Migrations b.ToTable("Reactions"); }); + modelBuilder.Entity("LBPUnion.ProjectLighthouse.PlayerData.RegistrationToken", b => + { + b.Property("TokenId") + .ValueGeneratedOnAdd() + .HasColumnType("int"); + + b.Property("Created") + .HasColumnType("datetime(6)"); + + b.Property("Token") + .HasColumnType("longtext"); + + b.HasKey("TokenId"); + + b.ToTable("RegistrationTokens"); + }); + modelBuilder.Entity("LBPUnion.ProjectLighthouse.PlayerData.Reviews.RatedReview", b => { b.Property("RatedReviewId") diff --git a/ProjectLighthouse/PlayerData/APIKey.cs b/ProjectLighthouse/PlayerData/APIKey.cs new file mode 100644 index 00000000..156d8766 --- /dev/null +++ b/ProjectLighthouse/PlayerData/APIKey.cs @@ -0,0 +1,19 @@ + +using System; +using System.ComponentModel.DataAnnotations; + +namespace LBPUnion.ProjectLighthouse.PlayerData +{ + public class APIKey + { + [Key] + public int Id { get; set; } + + public string Description { get; set; } + + public string Key { get; set; } + + public DateTime Created { get; set; } + } +} + diff --git a/ProjectLighthouse/PlayerData/RegistrationToken.cs b/ProjectLighthouse/PlayerData/RegistrationToken.cs new file mode 100644 index 00000000..6e0bd7f6 --- /dev/null +++ b/ProjectLighthouse/PlayerData/RegistrationToken.cs @@ -0,0 +1,16 @@ +using System; +using System.ComponentModel.DataAnnotations; + +namespace LBPUnion.ProjectLighthouse.PlayerData +{ + public class RegistrationToken + { + [Key] + public int TokenId { get; set; } + + public string Token { get; set; } + + public DateTime Created { get; set; } + } +} +