diff --git a/TShockAPI/RestManager.cs b/TShockAPI/RestManager.cs index 5701b341..23e45393 100644 --- a/TShockAPI/RestManager.cs +++ b/TShockAPI/RestManager.cs @@ -18,11 +18,18 @@ namespace TShockAPI { public void RegisterRestfulCommands() { Rest.Register(new RestCommand("/status", Status) {RequiesToken = false}); + Rest.Register(new RestCommand("/tokentest", TokenTest) { RequiesToken = true }); //RegisterExamples(); } #region RestMethods + object TokenTest(RestVerbs verbs, IParameterCollection parameters) + { + return new Dictionary + {{"status", "200"}, {"response", "Token is valid and was passed through correctly."}}; + } + object Status(RestVerbs verbs, IParameterCollection parameters) { var ReturnBlock = new Dictionary(); diff --git a/TShockAPI/SecureRest.cs b/TShockAPI/SecureRest.cs index 1aa3a847..953008ff 100644 --- a/TShockAPI/SecureRest.cs +++ b/TShockAPI/SecureRest.cs @@ -23,6 +23,22 @@ namespace TShockAPI var user = verbs["username"]; var pass = verbs["password"]; + var userAccount = TShock.Users.GetUserByName(user); + if (userAccount == null) + { + return new Dictionary { { "status", "401" }, { "error", "Invalid username/password combination provided. Please re-submit your query with a correct pair." } }; + } + + if (Tools.HashPassword(pass).ToUpper() != userAccount.Password.ToUpper()) + { + return new Dictionary { { "status", "401" }, { "error", "Invalid username/password combination provided. Please re-submit your query with a correct pair." } }; + } + + if (!Tools.GetGroup(userAccount.Group).HasPermission("api") && userAccount.Group != "superadmin") + { + return new Dictionary { { "status", "403" }, { "error", "Although your account was successfully found and identified, your account lacks the permission required to use the API. (api)"} }; + } + if (Verify != null && !Verify(user, pass)) return new Dictionary { { "status", "401" } , { "error", "Invalid username/password combination provided. Please re-submit your query with a correct pair." } };