mirror of
https://github.com/Caraxi/mare.server.git
synced 2025-12-12 22:17:22 +01:00
d37c1208fe
* add auth that verifies identity is marked online * few changes for testing * handle identity with requirements * remove unnecessary logging from auth handler * change to UserRequirements * fixes to checks * fixes to UserRequirementHandler Co-authored-by: rootdarkarchon <root.darkarchon@outlook.com>
151 lines
5.4 KiB
C#
151 lines
5.4 KiB
C#
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Threading.Tasks;
|
|
using MareSynchronos.API;
|
|
using MareSynchronosShared.Models;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.SignalR;
|
|
using Microsoft.EntityFrameworkCore;
|
|
|
|
namespace MareSynchronosServer.Hubs;
|
|
|
|
public partial class MareHub
|
|
{
|
|
private List<string> OnlineAdmins => _dbContext.Users.Where(u => (u.IsModerator || u.IsAdmin)).Select(u => u.UID).ToList();
|
|
|
|
[Authorize(Policy = "Admin")]
|
|
public async Task AdminChangeModeratorStatus(string uid, bool isModerator)
|
|
{
|
|
var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UID == uid).ConfigureAwait(false);
|
|
|
|
if (user == null) return;
|
|
|
|
user.IsModerator = isModerator;
|
|
_dbContext.Update(user);
|
|
await _dbContext.SaveChangesAsync().ConfigureAwait(false);
|
|
await Clients.Users(user.UID).Client_AdminForcedReconnect().ConfigureAwait(false);
|
|
}
|
|
|
|
[Authorize(Policy = "Moderator")]
|
|
public async Task AdminDeleteBannedUser(BannedUserDto dto)
|
|
{
|
|
if (string.IsNullOrEmpty(dto.CharacterHash)) return;
|
|
|
|
var existingUser =
|
|
await _dbContext.BannedUsers.SingleOrDefaultAsync(b => b.CharacterIdentification == dto.CharacterHash).ConfigureAwait(false);
|
|
if (existingUser == null)
|
|
{
|
|
return;
|
|
}
|
|
|
|
_dbContext.Remove(existingUser);
|
|
await _dbContext.SaveChangesAsync().ConfigureAwait(false);
|
|
await Clients.Users(OnlineAdmins).Client_AdminDeleteBannedUser(dto).ConfigureAwait(false);
|
|
}
|
|
|
|
[Authorize(Policy = "Admin")]
|
|
public async Task AdminDeleteForbiddenFile(ForbiddenFileDto dto)
|
|
{
|
|
if (string.IsNullOrEmpty(dto.Hash)) return;
|
|
|
|
var existingFile =
|
|
await _dbContext.ForbiddenUploadEntries.SingleOrDefaultAsync(b => b.Hash == dto.Hash).ConfigureAwait(false);
|
|
if (existingFile == null)
|
|
{
|
|
return;
|
|
}
|
|
|
|
_dbContext.Remove(existingFile);
|
|
await _dbContext.SaveChangesAsync().ConfigureAwait(false);
|
|
await Clients.Users(OnlineAdmins).Client_AdminDeleteForbiddenFile(dto).ConfigureAwait(false);
|
|
}
|
|
|
|
[Authorize(Policy = "Moderator")]
|
|
public async Task<List<BannedUserDto>> AdminGetBannedUsers()
|
|
{
|
|
return await _dbContext.BannedUsers.AsNoTracking().Select(b => new BannedUserDto()
|
|
{
|
|
CharacterHash = b.CharacterIdentification,
|
|
Reason = b.Reason
|
|
}).ToListAsync().ConfigureAwait(false);
|
|
}
|
|
|
|
[Authorize(Policy = "Moderator")]
|
|
public async Task<List<ForbiddenFileDto>> AdminGetForbiddenFiles()
|
|
{
|
|
return await _dbContext.ForbiddenUploadEntries.AsNoTracking().Select(b => new ForbiddenFileDto()
|
|
{
|
|
Hash = b.Hash,
|
|
ForbiddenBy = b.ForbiddenBy
|
|
}).ToListAsync().ConfigureAwait(false);
|
|
}
|
|
|
|
[Authorize(Policy = "Moderator")]
|
|
public async Task<List<OnlineUserDto>> AdminGetOnlineUsers()
|
|
{
|
|
var users = await _dbContext.Users.AsNoTracking().ToListAsync().ConfigureAwait(false);
|
|
return users.Where(c => !string.IsNullOrEmpty(_clientIdentService.GetCharacterIdentForUid(c.UID))).Select(b => new OnlineUserDto
|
|
{
|
|
CharacterNameHash = _clientIdentService.GetCharacterIdentForUid(b.UID),
|
|
UID = b.UID,
|
|
IsModerator = b.IsModerator,
|
|
IsAdmin = b.IsAdmin
|
|
}).ToList();
|
|
}
|
|
|
|
[Authorize(Policy = "Moderator")]
|
|
public async Task AdminUpdateOrAddBannedUser(BannedUserDto dto)
|
|
{
|
|
if (string.IsNullOrEmpty(dto.CharacterHash)) return;
|
|
|
|
var existingUser =
|
|
await _dbContext.BannedUsers.SingleOrDefaultAsync(b => b.CharacterIdentification == dto.CharacterHash).ConfigureAwait(false);
|
|
if (existingUser != null)
|
|
{
|
|
existingUser.Reason = dto.Reason;
|
|
_dbContext.Update(existingUser);
|
|
}
|
|
else
|
|
{
|
|
await _dbContext.BannedUsers.AddAsync(new Banned
|
|
{
|
|
CharacterIdentification = dto.CharacterHash,
|
|
Reason = dto.Reason
|
|
}).ConfigureAwait(false);
|
|
}
|
|
|
|
await _dbContext.SaveChangesAsync().ConfigureAwait(false);
|
|
await Clients.Users(OnlineAdmins).Client_AdminUpdateOrAddBannedUser(dto).ConfigureAwait(false);
|
|
var bannedUser = _clientIdentService.GetUidForCharacterIdent(dto.CharacterHash);
|
|
if (!string.IsNullOrEmpty(bannedUser))
|
|
{
|
|
await Clients.User(bannedUser).Client_AdminForcedReconnect().ConfigureAwait(false);
|
|
}
|
|
}
|
|
|
|
[Authorize(Policy = "Admin")]
|
|
public async Task AdminUpdateOrAddForbiddenFile(ForbiddenFileDto dto)
|
|
{
|
|
if (string.IsNullOrEmpty(dto.Hash)) return;
|
|
|
|
var existingForbiddenFile =
|
|
await _dbContext.ForbiddenUploadEntries.SingleOrDefaultAsync(b => b.Hash == dto.Hash).ConfigureAwait(false);
|
|
if (existingForbiddenFile != null)
|
|
{
|
|
existingForbiddenFile.ForbiddenBy = dto.ForbiddenBy;
|
|
_dbContext.Update(existingForbiddenFile);
|
|
}
|
|
else
|
|
{
|
|
await _dbContext.ForbiddenUploadEntries.AddAsync(new ForbiddenUploadEntry
|
|
{
|
|
Hash = dto.Hash,
|
|
ForbiddenBy = dto.ForbiddenBy
|
|
}).ConfigureAwait(false);
|
|
}
|
|
|
|
await _dbContext.SaveChangesAsync().ConfigureAwait(false);
|
|
|
|
await Clients.Users(OnlineAdmins).Client_AdminUpdateOrAddForbiddenFile(dto).ConfigureAwait(false);
|
|
}
|
|
}
|