-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathuser.cs
More file actions
127 lines (101 loc) · 3.7 KB
/
user.cs
File metadata and controls
127 lines (101 loc) · 3.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
static class User {
public static IResult Create(
Auth auth, SqliteConnection conn, JsonElement o
) {
if(!auth.IsAdmin()) {
return Results.BadRequest(new {error = "verboten"});
}
string? username = o._str("username");
string? password = o._str("password");
if((username, password) is (null, null)) {
return Results.BadRequest(new {error = "need a name and password"});
}
using var ex_user = conn.CreateCommand();
ex_user.CommandText = "select id from user where username=:username";
ex_user.Parameters.AddWithValue("username", username);
if(ex_user.ExecuteScalar() is not null) {
return Results.BadRequest(new {error = "username already exists"});
}
byte[] salt = RandomNumberGenerator.GetBytes(16);
byte[] hash = deriveKey(password: password!, salt: salt);
using var cmd = conn.CreateCommand();
cmd.CommandText
= "insert into user(username, password) values (:username, :password)";
cmd.Parameters.AddWithValue("username", username);
cmd.Parameters.AddWithValue("password",
Convert.ToBase64String(salt) + ':' + Convert.ToBase64String(hash));
if(cmd.ExecuteNonQuery() == 0) {
return Results.BadRequest(new {error = "cannot create"});
}
return Results.Ok();
}
public static IResult List(
Auth auth, SqliteConnection conn, JsonElement? o
) {
if(!auth.IsAdmin()) {
return Results.BadRequest(new {error = "verboten"});
}
using var cmd = conn.CreateCommand();
cmd.CommandText = "select id, username from user where 1 ";
if(o?._long("id") is long id) {
cmd.CommandText += " and id=:id ";
cmd.Parameters.AddWithValue("id", id);
}
if(o?._str("username") is string username) {
cmd.CommandText += " and username like :username ";
cmd.Parameters.AddWithValue("username", $"%{username}%");
}
return Results.Ok(cmd.ExecuteReader().ToDictArray());
}
public static IResult Delete(
Auth auth, SqliteConnection conn, JsonElement o
) {
if(!auth.IsAdmin()) {
return Results.BadRequest(new {error = "verboten"});
}
long? id = o._long("id");
if(id is null) {
return Results.BadRequest(new {error = "need an id"});
}
if(id == 1) {
return Results.BadRequest(new {error = "can't delete admin"});
}
using var cmd = conn.CreateCommand();
cmd.CommandText = "delete from user where id = :id";
cmd.Parameters.AddWithValue("id", id);
if(cmd.ExecuteNonQuery() == 0) {
return Results.BadRequest(new {error = "cannot delete"});
}
return Results.Ok();
}
public static IResult ResetPass(
Auth auth, SqliteConnection conn, JsonElement o
) {
string? password = o._str("password");
if(password is null) {
return Results.BadRequest(new {error = "need a password"});
}
byte[] salt = RandomNumberGenerator.GetBytes(16);
byte[] hash = deriveKey(password: password!, salt: salt);
using var cmd = conn.CreateCommand();
cmd.CommandText
= "update user set password = :password where id = :id";
cmd.Parameters.AddWithValue("id", auth.GetCurrentUser());
cmd.Parameters.AddWithValue("password",
Convert.ToBase64String(salt) + ':' + Convert.ToBase64String(hash));
if(cmd.ExecuteNonQuery() == 0) {
return Results.BadRequest(new {error = "cannot reset"});
}
return Results.Ok();
}
public static IResult Profile(
Auth auth, SqliteConnection conn
) {
using var cmd = conn.CreateCommand();
cmd.CommandText = "select id, username as name from user where id=:id";
cmd.Parameters.AddWithValue("id", auth.GetCurrentUser());
return Results.Ok(new {
user = cmd.ExecuteReader().ToDictArray().FirstOrDefault()
});
}
}