olcxjas-softworks/LarpixServer
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make most requests use id instead of username
All checks were successful
Server Build / publish (push) Successful in 28s
Details
Voice Build / publish (push) Successful in 25s
Details

Browse source
This commit is contained in:
olcxja 2026-05-27 19:41:56 +02:00
commit 9183651c4f
3 changed files with 32 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

45
LarpixServer/Account/Requests.cs
View file

@ -20,7 +20,7 @@ public class Requests
public static async Task Delete(HttpContext context, Func<Task> next, IQueryCollection query,
StreamReader bodyReader)
{
if (!query.TryGetValue("u", out var username))
if (!query.TryGetValue("id", out var idQuery))
{
return;
}
@ -30,9 +30,9 @@ public class Requests
return;
}
string id = await Utils.IdFromName(username);
string id = idQuery.ToString().Split(":")[0];
string password = await Utils.GetPassword(id);
secret = await Utils.NonceDecryptBody(username, password, secret);
secret = await Utils.NonceDecryptBody(id, password, secret);
string auth = await Utils.Auth(id, password, secret);
if (auth != Utils.LOGIN_SUCCESS)
{
@ -279,7 +279,7 @@ public class Requests
public static async Task Auth(HttpContext context, Func<Task> next, IQueryCollection query, StreamReader bodyReader)
{
if (!query.TryGetValue("u", out var username))
if (!query.TryGetValue("id", out var idQuery))
{
return;
}
@ -289,9 +289,9 @@ public class Requests
return;
}
string id = await Utils.IdFromName(username);
string id = idQuery.ToString().Split(":")[0];
string password = await Utils.GetPassword(id);
secret = await Utils.NonceDecryptBody(username, password, secret);
secret = await Utils.NonceDecryptBody(id, password, secret);
string auth = await Utils.Auth(id, password, secret);
await context.Response.WriteAsync(auth);
@ -359,19 +359,20 @@ public class Requests
public static async Task NextNonce(HttpContext context, Func<Task> next, IQueryCollection query)
{
if (!query.TryGetValue("u", out var username))
if (!query.TryGetValue("id", out var idQuery))
{
return;
}
string plainPass = await Utils.GetPassword(await Utils.IdFromName(username));
string id = idQuery.ToString().Split(":")[0];
string plainPass = await Utils.GetPassword(id);
foreach (var kvp in nonceHolder) //clearowanie nieuzytych nonce
{
if (kvp.Value.Item2 < DateTimeOffset.UtcNow.AddMinutes(-2))
{
nonceHolder.TryRemove(kvp.Key, out _);
}
else if (kvp.Key == username)
else if (kvp.Key == id)
{
await context.Response.WriteAsync(Encryption.Encryption.EncryptString(kvp.Value.Item1,
plainPass));
@ -380,7 +381,7 @@ public class Requests
}
string nonce = Encryption.Encryption.GetRandomString(64);
nonceHolder.TryAdd(username, (nonce, DateTimeOffset.UtcNow));
nonceHolder.TryAdd(id, (nonce, DateTimeOffset.UtcNow));
await context.Response.WriteAsync(Encryption.Encryption.EncryptString(nonce,
plainPass));
return;
@ -389,7 +390,7 @@ public class Requests
public static async Task ChangePassword(HttpContext context, Func<Task> next, IQueryCollection query,
StreamReader bodyReader)
{
if (!query.TryGetValue("u", out var username))
if (!query.TryGetValue("id", out var idQuery))
{
return;
}
@ -399,11 +400,11 @@ public class Requests
return;
}
string id = await Utils.IdFromName(username);
string id = idQuery.ToString().Split(":")[0];
string body = await LoadBody(bodyReader);
string password = await Utils.GetPassword(id);
string newPass = await Utils.NonceDecryptBody(username, password, body, false);
secret = await Utils.NonceDecryptBody(username, password, secret);
string newPass = await Utils.NonceDecryptBody(id, password, body, false);
secret = await Utils.NonceDecryptBody(id, password, secret);
string auth = await Utils.Auth(id, password, secret);
@ -437,7 +438,7 @@ public class Requests
public static async Task ChangeUsername(HttpContext context, Func<Task> next, IQueryCollection query,
StreamReader bodyReader)
{
if (!query.TryGetValue("u", out var username))
if (!query.TryGetValue("id", out var idQuery))
{
return;
}
@ -447,13 +448,13 @@ public class Requests
return;
}
string id = await Utils.IdFromName(username);
string id = idQuery.ToString().Split(":")[0];
string body = await LoadBody(bodyReader);
string password = await Utils.GetPassword(id);
body = await Utils.NonceDecryptBody(username, password, body, false);
secret = await Utils.NonceDecryptBody(username, password, secret);
body = await Utils.NonceDecryptBody(id, password, body, false);
secret = await Utils.NonceDecryptBody(id, password, secret);
string auth = await Utils.Auth(id, secret, password);
if (auth != Utils.LOGIN_SUCCESS)
@ -538,7 +539,7 @@ public class Requests
public static async Task EncryptedRequest(HttpContext context, Func<Task> next, IQueryCollection query, StreamReader bodyReader)
{
if (!query.TryGetValue("u", out var username))
if (!query.TryGetValue("id", out var idQuery))
{
return;
}
@ -548,11 +549,11 @@ public class Requests
return;
}
string id = await Utils.IdFromName(username);
string id = idQuery.ToString().Split(":")[0];
string body = await LoadBody(bodyReader);
string password = await Utils.GetPassword(id);
body = await Utils.NonceDecryptBody(username, password, body, false);
secret = await Utils.NonceDecryptBody(username, password, secret);
body = await Utils.NonceDecryptBody(id, password, body, false);
secret = await Utils.NonceDecryptBody(id, password, secret);
Universal2String serializedBody = JsonSerializer.Deserialize(
body,

6
LarpixServer/Account/Utils.cs
View file

@ -137,16 +137,16 @@ public class Utils
return LOGIN_SUCCESS;
}
public static async Task<string> NonceDecryptBody(string username, string password, string body, bool delEntry = true)
public static async Task<string> NonceDecryptBody(string id, string password, string body, bool delEntry = true)
{
if (!Requests.nonceHolder.TryGetValue(username, out (string, DateTimeOffset) nonce))
if (!Requests.nonceHolder.TryGetValue(id, out (string, DateTimeOffset) nonce))
{
return "error:invalid.nonce";
}
string decBody = Encryption.Encryption.PacketDecPass(body, password, nonce.Item1);
if (delEntry)
{
Requests.nonceHolder.TryRemove(username, out _);
Requests.nonceHolder.TryRemove(id, out _);
}
return decBody;

10
LarpixServer/Room/Requests.cs
View file

@ -128,6 +128,11 @@ public class Requests
return "error:user.not.found";
}
Universal2String keys = JsonSerializer.Deserialize( //we need to pull keys before we do anything, because if user do NOT have them, dm creation will crash
await Account.Utils.GetUserKeys(id),
AppJsonSerializerContext.Default.Universal2String
);
if (isUserLocal)
{
@ -180,10 +185,7 @@ public class Requests
Encoding.UTF8.GetBytes(serializedBody.string2));
Universal2String keys = JsonSerializer.Deserialize(
await Account.Utils.GetUserKeys(id),
AppJsonSerializerContext.Default.Universal2String
);
await Fs.WriteFile($"{ROOMS_DIR}/dms/{DOMAIN}/{dmId}/keys/0/{id2};{domain}",
Encoding.UTF8.GetBytes($"SETUP:{keys.string2};{serializedBody.string3}")); //jezeli mamy setup to [1] to jest publiczny klucz drugiej osoby,
//a string 3 to zaszyfrowany klucz pokoju ktory musi odszyfrowac za pomoca swoich kluczy i tego publicznego