Jaki/SteamWar
1
0
Fork 0
forked from SteamWar/SteamWar
Code Pull Requests Activity

Simplify Tokens and add Discord OAuth

Browse Source 
Signed-off-by: Chaoscaot <max@maxsp.de>
This commit is contained in:
Chaoscaot
2025-11-13 14:31:05 +01:00
parent afcf3a1906
commit 08ad5edf76
7 changed files with 103 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files
WebsiteBackend/build.gradle.kts
+1 -1
View File
@@ -52,7 +52,7 @@ dependencies {
implementation(libs.ktorRequestValidation) implementation(libs.ktorRequestValidation)
implementation(libs.ktorAuth) implementation(libs.ktorAuth)
implementation(libs.ktorAuthJvm) implementation(libs.ktorAuthJvm)
implementation(libs.ktorAuthLdap) implementation(libs.ktorAuthSession)
implementation(libs.ktorClientCore) implementation(libs.ktorClientCore)
implementation(libs.ktorClientJava) implementation(libs.ktorClientJava)
implementation(libs.ktorClientContentNegotiation) implementation(libs.ktorClientContentNegotiation)
WebsiteBackend/src/de/steamwar/Application.kt
+1 -1
View File
@@ -38,7 +38,7 @@ import java.io.File
data class ResponseError(val error: String, val code: String = error) data class ResponseError(val error: String, val code: String = error)
@Serializable @Serializable
data class Config(val giteaToken: String) data class Config(val giteaToken: String, val sessionSignSecret: String, val sessionEncryptSecret: String)
@OptIn(ExperimentalSerializationApi::class) @OptIn(ExperimentalSerializationApi::class)
val config = Json.decodeFromStream<Config>(File("config.json").inputStream()) val config = Json.decodeFromStream<Config>(File("config.json").inputStream())
WebsiteBackend/src/de/steamwar/plugins/Auth.kt
+5 -1
View File
@@ -29,10 +29,14 @@ import io.ktor.server.application.hooks.*
import io.ktor.server.auth.* import io.ktor.server.auth.*
import io.ktor.server.request.* import io.ktor.server.request.*
import io.ktor.server.response.* import io.ktor.server.response.*
import io.ktor.server.sessions.sessions
import io.ktor.util.* import io.ktor.util.*
import kotlinx.serialization.Serializable
@Serializable
data class SWUserSession(val userId: Int)
data class SWAuthPrincipal(val token: Token, val user: SteamwarUser) : Principal data class SWAuthPrincipal(val user: SteamwarUser) : Principal
class SWAuthConfig { class SWAuthConfig {
var permission: UserPerm? = null var permission: UserPerm? = null
WebsiteBackend/src/de/steamwar/plugins/Plugins.kt
+49 -18
View File
@@ -19,6 +19,8 @@
package de.steamwar.plugins package de.steamwar.plugins
import de.steamwar.config
import de.steamwar.sql.SteamwarUser
import de.steamwar.sql.Token import de.steamwar.sql.Token
import de.steamwar.util.TokenType import de.steamwar.util.TokenType
import de.steamwar.util.isValid import de.steamwar.util.isValid
@@ -31,7 +33,13 @@ import io.ktor.server.auth.*
import io.ktor.server.plugins.contentnegotiation.* import io.ktor.server.plugins.contentnegotiation.*
import io.ktor.server.plugins.cors.routing.* import io.ktor.server.plugins.cors.routing.*
import io.ktor.server.plugins.ratelimit.* import io.ktor.server.plugins.ratelimit.*
import io.ktor.server.response.respond
import io.ktor.server.sessions.SessionTransportTransformerEncrypt
import io.ktor.server.sessions.Sessions
import io.ktor.server.sessions.cookie
import io.ktor.server.sessions.directorySessionStorage
import kotlinx.serialization.json.Json import kotlinx.serialization.json.Json
import java.io.File
import kotlin.time.Duration.Companion.seconds import kotlin.time.Duration.Companion.seconds
fun Application.configurePlugins() { fun Application.configurePlugins() {
@@ -46,6 +54,7 @@ fun Application.configurePlugins() {
allowHeader(HttpHeaders.ContentType) allowHeader(HttpHeaders.ContentType)
anyHost() anyHost()
allowXHttpMethodOverride() allowXHttpMethodOverride()
allowCredentials = true
} }
install(RateLimit) { install(RateLimit) {
global { global {
@@ -54,7 +63,7 @@ fun Application.configurePlugins() {
it.request.headers["X-Forwarded-For"] ?: it.request.local.remoteHost it.request.headers["X-Forwarded-For"] ?: it.request.local.remoteHost
} }
requestWeight { applicationCall, _ -> requestWeight { applicationCall, _ ->
if(!applicationCall.request.headers.contains("X-Forwarded-For")) { if (!applicationCall.request.headers.contains("X-Forwarded-For")) {
0 0
} else { } else {
1 1
@@ -63,28 +72,50 @@ fun Application.configurePlugins() {
} }
} }
authentication { authentication {
bearer("sw-auth") { // Disabled, Maybe for API later
realm = "SteamWar API" //bearer("sw-auth") {
authenticate { call -> // realm = "SteamWar API"
val token = Token.getTokenByCode(call.token) // authenticate { call ->
if (token == null) { // val token = Token.getTokenByCode(call.token)
null // if (token == null) {
} else { // null
if (!token.isValid) { // } else {
token.delete() // if (!token.isValid) {
return@authenticate null // token.delete()
} // return@authenticate null
if (token.type == TokenType.REFRESH_TOKEN) { // }
token.delete() // if (token.type == TokenType.REFRESH_TOKEN) {
} // token.delete()
// }
SWAuthPrincipal(token, token.owner) // SWAuthPrincipal(token.owner)
} // }
// }
//}
session<SWUserSession>("sw-session") {
validate { session ->
val steamwarUser = session.userId.let { SteamwarUser.byId(it) }
return@validate steamwarUser?.let { SWAuthPrincipal(it) }
} }
challenge {
call.respond(HttpStatusCode.Unauthorized)
}
}
}
install(Sessions) {
cookie<SWUserSession>("sw-session", directorySessionStorage(File("sessions"))) {
cookie.path = "/"
cookie.maxAgeInSeconds = 60 * 60 * 24 * 7
cookie.httpOnly = true
cookie.secure = true
transform(SessionTransportTransformerEncrypt(
config.sessionEncryptSecret.toByteArray(),
config.sessionSignSecret.toByteArray()
))
} }
} }
install(ContentNegotiation) { install(ContentNegotiation) {
json(Json) json(Json)
} }
install(ErrorLogger) install(ErrorLogger)
} }
WebsiteBackend/src/de/steamwar/routes/Auth.kt
+45 -53
View File
@@ -20,44 +20,60 @@
package de.steamwar.routes package de.steamwar.routes
import de.steamwar.ResponseError import de.steamwar.ResponseError
import de.steamwar.plugins.SWAuthPrincipal import de.steamwar.config
import de.steamwar.plugins.SWUserSession
import de.steamwar.sql.SteamwarUser import de.steamwar.sql.SteamwarUser
import de.steamwar.sql.Token import io.ktor.client.HttpClient
import de.steamwar.util.TokenType import io.ktor.client.engine.java.Java
import de.steamwar.util.lifetime import io.ktor.client.plugins.contentnegotiation.ContentNegotiation
import de.steamwar.util.type import io.ktor.client.plugins.defaultRequest
import io.ktor.client.request.get
import io.ktor.client.request.headers
import io.ktor.client.statement.bodyAsText
import io.ktor.http.* import io.ktor.http.*
import io.ktor.serialization.kotlinx.json.json
import io.ktor.server.application.* import io.ktor.server.application.*
import io.ktor.server.auth.*
import io.ktor.server.request.* import io.ktor.server.request.*
import io.ktor.server.response.* import io.ktor.server.response.*
import io.ktor.server.routing.* import io.ktor.server.routing.*
import io.ktor.server.sessions.clear
import io.ktor.server.sessions.sessions
import io.ktor.server.sessions.set
import kotlinx.serialization.Serializable import kotlinx.serialization.Serializable
import java.time.LocalDateTime import kotlinx.serialization.json.Json
import kotlin.time.Duration import kotlinx.serialization.json.jsonObject
import kotlin.time.toJavaDuration import kotlinx.serialization.json.jsonPrimitive
@Serializable @Serializable
data class UsernamePassword(val name: String, val password: String, val keepLoggedIn: Boolean = false) data class UsernamePassword(val name: String, val password: String, val keepLoggedIn: Boolean = false)
@Serializable
data class ResponseToken(val token: String, val expires: String) {
constructor(token: String, lifetime: Duration) : this(token, LocalDateTime.now().plus(lifetime.toJavaDuration()).toString())
}
@Serializable
data class AuthTokenResponse(val accessToken: ResponseToken, val refreshToken: ResponseToken? = null)
fun SteamwarUser.createAccessAndRefreshToken(keepLoggedIn: Boolean = false): AuthTokenResponse {
val code = System.currentTimeMillis() % 1000
val accessToken = Token.createToken("AT-${userName}-${code}", this)
val refreshToken = if (keepLoggedIn) Token.createToken("RT-${userName}-${code}", this) else null
return AuthTokenResponse(ResponseToken(accessToken, TokenType.ACCESS_TOKEN.lifetime), refreshToken?.let { ResponseToken(it, TokenType.REFRESH_TOKEN.lifetime) })
}
fun Route.configureAuth() { fun Route.configureAuth() {
route("/auth") { route("/auth") {
val client = HttpClient(Java) {
install(ContentNegotiation) {
json()
}
}
post<Any>("/discord") {
val token = call.receiveText()
val res = client.get("https://discord.com/api/v10/oauth2/@me") {
headers {
set("Authorization", "Bearer $token")
}
}
val resJson = Json.parseToJsonElement(res.bodyAsText()).jsonObject
val discordId = resJson["user"]?.jsonObject["id"]?.jsonPrimitive?.content ?: return@post
SteamwarUser.clear()
val user = SteamwarUser.get(discordId.toLong()) ?: return@post
call.sessions.set(SWUserSession(user.getId()))
call.respond(ResponseUser.get(user))
}
post { post {
val request = call.receive<UsernamePassword>() val request = call.receive<UsernamePassword>()
@@ -70,37 +86,13 @@ fun Route.configureAuth() {
return@post return@post
} }
call.respond(user.createAccessAndRefreshToken(request.keepLoggedIn)) call.sessions.set(SWUserSession(user.getId()))
call.respond(ResponseUser.get(user))
} }
put {
val token = call.principal<SWAuthPrincipal>()
if (token == null || token.token.type != TokenType.REFRESH_TOKEN) {
call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid token type", "invalid"))
return@put
}
val code = token.token.name.substringAfterLast('-')
Token.listUser(token.user)
.filter { it.type == TokenType.ACCESS_TOKEN }
.filter { it.name.endsWith(code) }
.forEach { it.delete() }
call.respond(token.user.createAccessAndRefreshToken(true))
}
delete { delete {
val token = call.principal<SWAuthPrincipal>() call.sessions.clear<SWUserSession>()
token?.let { t -> call.respond(HttpStatusCode.NoContent)
t.token.delete()
val code = t.token.name.substringAfterLast('-')
Token.listUser(token.user)
.filter { it.type == TokenType.REFRESH_TOKEN }
.filter { it.name.endsWith(code) }
.forEach { it.delete() }
}
call.respond(HttpStatusCode.OK)
} }
} }
} }
WebsiteBackend/src/de/steamwar/routes/Routes.kt
+1 -1
View File
@@ -25,7 +25,7 @@ import io.ktor.server.routing.*
fun Application.configureRoutes() { fun Application.configureRoutes() {
routing { routing {
authenticate("sw-auth", optional = true) { authenticate("sw-session", optional = true) {
configureEventsRoute() configureEventsRoute()
configureDataRoutes() configureDataRoutes()
configureUserPerms() configureUserPerms()
settings.gradle.kts
+1 -1
View File
@@ -155,7 +155,7 @@ dependencyResolutionManagement {
library("ktorRequestValidation", "io.ktor:ktor-server-request-validation:$ktorVersion") library("ktorRequestValidation", "io.ktor:ktor-server-request-validation:$ktorVersion")
library("ktorAuth", "io.ktor:ktor-server-auth:$ktorVersion") library("ktorAuth", "io.ktor:ktor-server-auth:$ktorVersion")
library("ktorAuthJvm", "io.ktor:ktor-server-auth-jvm:$ktorVersion") library("ktorAuthJvm", "io.ktor:ktor-server-auth-jvm:$ktorVersion")
library("ktorAuthLdap", "io.ktor:ktor-server-auth-ldap-jvm:$ktorVersion") library("ktorAuthSession", "io.ktor:ktor-server-sessions:$ktorVersion")
library("ktorClientCore", "io.ktor:ktor-client-core-jvm:$ktorVersion") library("ktorClientCore", "io.ktor:ktor-client-core-jvm:$ktorVersion")
library("ktorClientJava", "io.ktor:ktor-client-java:$ktorVersion") library("ktorClientJava", "io.ktor:ktor-client-java:$ktorVersion")
library("ktorClientContentNegotiation", "io.ktor:ktor-client-content-negotiation:$ktorVersion") library("ktorClientContentNegotiation", "io.ktor:ktor-client-content-negotiation:$ktorVersion")