auth cookie expires after 30 days

only check hit offset when distance > 3 meters fix null reference on unauthorized user fixed stats not showing on profile if anticheat disabled server client history turns red server is unresponsive
2025-06-10 15:20:48 -05:00 · 2018-04-04 23:38:45 -05:00
parent 6ab37a6b6e
commit aec8ec6256
29 changed files with 455 additions and 352 deletions
--- a/WebfrontCore/Controllers/AccountController.cs
+++ b/WebfrontCore/Controllers/AccountController.cs
@ -2,6 +2,7 @@
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using System.Security.Claims;
+using System;

 namespace WebfrontCore.Controllers
 {
@ -15,23 +16,37 @@ namespace WebfrontCore.Controllers
                return Unauthorized();
            }

-            var client = IW4MAdmin.Program.ServerManager.PrivilegedClients[userId];
-            string[] hashedPassword = await Task.FromResult(SharedLibrary.Helpers.Hashing.Hash(password, client.PasswordSalt));
-
-            if (hashedPassword[0] == client.Password)
+            try
            {
-                var claims = new[]
+                var client = IW4MAdmin.Program.ServerManager.PrivilegedClients[userId];
+                string[] hashedPassword = await Task.FromResult(SharedLibrary.Helpers.Hashing.Hash(password, client.PasswordSalt));
+
+                if (hashedPassword[0] == client.Password)
                {
+                    var claims = new[]
+                    {
                    new Claim(ClaimTypes.NameIdentifier, client.Name),
                    new Claim(ClaimTypes.Role, client.Level.ToString()),
                    new Claim(ClaimTypes.Sid, client.ClientId.ToString())
                };

-                var claimsIdentity = new ClaimsIdentity(claims, "login");
-                var claimsPrinciple = new ClaimsPrincipal(claimsIdentity);
-                await HttpContext.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrinciple);
+                    var claimsIdentity = new ClaimsIdentity(claims, "login");
+                    var claimsPrinciple = new ClaimsPrincipal(claimsIdentity);
+                    await HttpContext.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrinciple, new Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties()
+                    {
+                        AllowRefresh = true,
+                        ExpiresUtc = DateTime.UtcNow.AddDays(30),
+                        IsPersistent = true,
+                        IssuedUtc = DateTime.UtcNow
+                    });

-                return Ok();
+                    return Ok();
+                }
+            }
+
+            catch (Exception)
+            {
+                return Unauthorized();
            }

            return Unauthorized();