-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathuser.cs
123 lines (98 loc) · 3.6 KB
/
user.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
static class User {
public static IResult Create(
Auth auth, SqliteConnection conn, JsonElement o
) {
if(!auth.IsAdmin()) {
return Results.BadRequest(new {error = "verboten"});
}
string? username = o._str("username");
string? password = o._str("password");
if((username, password) is (null, null)) {
return Results.BadRequest(new {error = "need a name and password"});
}
using var ex_user = conn.CreateCommand();
ex_user.CommandText = "select id from user where username=:username";
ex_user.Parameters.AddWithValue("username", username);
if(ex_user.ExecuteScalar() is not null) {
return Results.BadRequest(new {error = "username already exists"});
}
byte[] salt = RandomNumberGenerator.GetBytes(16);
byte[] hash = deriveKey(password: password!, salt: salt);
using var cmd = conn.CreateCommand();
cmd.CommandText
= "insert into user(username, password) values (:username, :password)";
cmd.Parameters.AddWithValue("username", username);
cmd.Parameters.AddWithValue("password",
Convert.ToBase64String(salt) + ':' + Convert.ToBase64String(hash));
if(cmd.ExecuteNonQuery() == 0) {
return Results.BadRequest(new {error = "cannot create"});
}
return Results.Ok();
}
public static IResult List(
Auth auth, SqliteConnection conn, JsonElement? o
) {
if(!auth.IsAdmin()) {
return Results.BadRequest(new {error = "verboten"});
}
using var cmd = conn.CreateCommand();
cmd.CommandText = "select id, username from user where 1 ";
if(o?._long("id") is long id) {
cmd.CommandText += " and id=:id ";
cmd.Parameters.AddWithValue("id", id);
}
if(o?._str("username") is string username) {
cmd.CommandText += " and username = :username ";
cmd.Parameters.AddWithValue("username", username);
}
return Results.Ok(cmd.ExecuteReader().ToDictArray());
}
public static IResult Delete(
Auth auth, SqliteConnection conn, JsonElement o
) {
if(!auth.IsAdmin()) {
return Results.BadRequest(new {error = "verboten"});
}
long? id = o._long("id");
if(id is null) {
return Results.BadRequest(new {error = "need an id"});
}
using var cmd = conn.CreateCommand();
cmd.CommandText = "delete from user where id = :id";
cmd.Parameters.AddWithValue("id", id);
if(cmd.ExecuteNonQuery() == 0) {
return Results.BadRequest(new {error = "cannot delete"});
}
return Results.Ok();
}
public static IResult ResetPass(
Auth auth, SqliteConnection conn, JsonElement o
) {
string? password = o._str("password");
if(password is null) {
return Results.BadRequest(new {error = "need a password"});
}
byte[] salt = RandomNumberGenerator.GetBytes(16);
byte[] hash = deriveKey(password: password!, salt: salt);
using var cmd = conn.CreateCommand();
cmd.CommandText
= "update user set password = :password where id = :id";
cmd.Parameters.AddWithValue("id", auth.GetCurrentUser());
cmd.Parameters.AddWithValue("password",
Convert.ToBase64String(salt) + ':' + Convert.ToBase64String(hash));
if(cmd.ExecuteNonQuery() == 0) {
return Results.BadRequest(new {error = "cannot reset"});
}
return Results.Ok();
}
public static IResult Profile(
Auth auth, SqliteConnection conn
) {
using var cmd = conn.CreateCommand();
cmd.CommandText = "select id, username as name from user where id=:id";
cmd.Parameters.AddWithValue("id", auth.GetCurrentUser());
return Results.Ok(new {
user = cmd.ExecuteReader().ToDictArray().FirstOrDefault()
});
}
}