91 lines
3.5 KiB
Java
91 lines
3.5 KiB
Java
package org.openautonomousconnection.oac2web.frontend;
|
|
|
|
import org.openautonomousconnection.oac2web.utils.Oac2WebApp;
|
|
import org.openautonomousconnection.oac2web.utils.Sha256;
|
|
import org.openautonomousconnection.protocol.packets.v1_0_0.beta.web.WebResponsePacket;
|
|
import org.openautonomousconnection.protocol.side.web.ProtocolWebServer;
|
|
import org.openautonomousconnection.protocol.side.web.managers.SessionManager;
|
|
import org.openautonomousconnection.protocol.versions.v1_0_0.beta.WebRequestMethod;
|
|
import org.openautonomousconnection.webserver.api.Route;
|
|
import org.openautonomousconnection.webserver.api.WebPage;
|
|
import org.openautonomousconnection.webserver.api.WebPageContext;
|
|
import org.openautonomousconnection.webserver.utils.Html;
|
|
import org.openautonomousconnection.webserver.utils.RequestParams;
|
|
|
|
import java.util.HashMap;
|
|
import java.util.Map;
|
|
|
|
/**
|
|
* Registration page.
|
|
*
|
|
* POST headers expected:
|
|
* - username
|
|
* - password
|
|
*
|
|
* Stores:
|
|
* - users.username = sha256(username) as HEX (64 chars)
|
|
* - users.password = PBKDF2$sha256$...
|
|
*/
|
|
@Route(path = "/ins/register")
|
|
public final class register implements WebPage {
|
|
|
|
@Override
|
|
public WebResponsePacket handle(WebPageContext ctx) throws Exception {
|
|
if (ctx.request.getMethod() != WebRequestMethod.POST) {
|
|
return renderForm(null);
|
|
}
|
|
|
|
RequestParams p = new RequestParams(ctx.request);
|
|
|
|
String username = p.get("username");
|
|
String password = p.get("password");
|
|
|
|
if (username == null || username.isBlank() || password == null || password.isBlank()) {
|
|
return renderForm("Missing username/password (send via headers).");
|
|
}
|
|
|
|
Oac2WebApp app = Oac2WebApp.get();
|
|
|
|
String usernameHashHex = Sha256.hex(username.trim());
|
|
String passwordEnc = app.passwordHasher().hash(password);
|
|
|
|
try {
|
|
int userId = app.dao().createUser(usernameHashHex, passwordEnc);
|
|
|
|
String ip = (ctx.client.getConnection().getTcpSocket() != null && ctx.client.getConnection().getTcpSocket().getInetAddress() != null)
|
|
? ctx.client.getConnection().getTcpSocket().getInetAddress().getHostAddress()
|
|
: "";
|
|
|
|
String ua = ctx.request.getHeaders() != null ? ctx.request.getHeaders().getOrDefault("user-agent", "") : "";
|
|
|
|
String session = SessionManager.create(String.valueOf(userId), ip, ua, (ProtocolWebServer) ctx.client.getServer());
|
|
|
|
Map<String, String> headers = new HashMap<>();
|
|
headers.put("session", session);
|
|
headers.put("location", "/ins/dashboard");
|
|
|
|
return new WebResponsePacket(302, "text/plain", headers, new byte[0]);
|
|
|
|
} catch (Exception e) {
|
|
return renderForm("Register failed: " + e.getMessage());
|
|
}
|
|
}
|
|
|
|
private WebResponsePacket renderForm(String err) {
|
|
String body = """
|
|
<div class="card">
|
|
<h2>Register</h2>
|
|
%s
|
|
<p class="muted">Send a POST request with headers <code>username</code> and <code>password</code>.</p>
|
|
<div class="row">
|
|
<div class="col"><a href="/ins/login">Login</a></div>
|
|
<div class="col"><a href="/ins/index.html">Home</a></div>
|
|
</div>
|
|
</div>
|
|
""".formatted(err == null ? "" : "<p class='err'>" + Html.esc(err) + "</p>");
|
|
|
|
String html = Html.page("Register", body);
|
|
return new WebResponsePacket(200, "text/html", new HashMap<>(), Html.utf8(html));
|
|
}
|
|
}
|