diff --git a/VelocityCore/src/de/steamwar/velocitycore/listeners/ChatListener.java b/VelocityCore/src/de/steamwar/velocitycore/listeners/ChatListener.java index 0445be62..17137bf5 100644 --- a/VelocityCore/src/de/steamwar/velocitycore/listeners/ChatListener.java +++ b/VelocityCore/src/de/steamwar/velocitycore/listeners/ChatListener.java @@ -42,6 +42,7 @@ import de.steamwar.velocitycore.network.NetworkSender; import java.util.Arrays; import java.util.List; +import java.util.Set; import java.util.concurrent.TimeUnit; import java.util.logging.Level; import java.util.logging.Logger; @@ -53,6 +54,8 @@ public class ChatListener extends BasicListener { private static final List rankedModes = ArenaMode.getAllModes().stream().filter(ArenaMode::isRanked).map(ArenaMode::getSchemTypeOrInternalName).toList(); + private static final Set noLogCommands = Set.of("webpw", "webpassword", "web"); + @Subscribe(order = PostOrder.FIRST) public void fixCommands(CommandExecuteEvent e) { String command = e.getCommand(); @@ -73,7 +76,8 @@ public class ChatListener extends BasicListener { public void logCommands(CommandExecuteEvent e) { String command = e.getCommand(); int space = command.indexOf(' '); - if(VelocityCore.getProxy().getCommandManager().hasCommand(space != -1 ? command.substring(0, space) : command)) { + String cmd = space != -1 ? command.substring(0, space) : command; + if(VelocityCore.getProxy().getCommandManager().hasCommand(cmd)) { CommandSource source = e.getCommandSource(); String name; if(source instanceof Player player) @@ -83,6 +87,10 @@ public class ChatListener extends BasicListener { else name = source.toString(); + if (noLogCommands.contains(cmd)) { + return; + } + cmdLogger.log(Level.INFO, "%s -> executed command /%s".formatted(name, command)); } else if (e.getCommandSource() instanceof Player player) { // System.out.println("spoofChatInput " + e); diff --git a/WebsiteBackend/src/de/steamwar/plugins/Plugins.kt b/WebsiteBackend/src/de/steamwar/plugins/Plugins.kt index fc8dde36..95389abe 100644 --- a/WebsiteBackend/src/de/steamwar/plugins/Plugins.kt +++ b/WebsiteBackend/src/de/steamwar/plugins/Plugins.kt @@ -20,7 +20,11 @@ package de.steamwar.plugins import de.steamwar.sql.Token +import de.steamwar.util.TokenType +import de.steamwar.util.isValid +import de.steamwar.util.type import io.ktor.http.* +import io.ktor.http.auth.* import io.ktor.serialization.kotlinx.json.* import io.ktor.server.application.* import io.ktor.server.auth.* @@ -66,6 +70,14 @@ fun Application.configurePlugins() { if (token == null) { null } else { + if (!token.isValid) { + token.delete() + return@authenticate null + } + if (token.type == TokenType.REFRESH_TOKEN) { + token.delete() + } + SWAuthPrincipal(token, token.owner) } } diff --git a/WebsiteBackend/src/de/steamwar/routes/Auth.kt b/WebsiteBackend/src/de/steamwar/routes/Auth.kt index 52238c32..e76ae47b 100644 --- a/WebsiteBackend/src/de/steamwar/routes/Auth.kt +++ b/WebsiteBackend/src/de/steamwar/routes/Auth.kt @@ -1,7 +1,7 @@ /* * This file is a part of the SteamWar software. * - * Copyright (C) 2024 SteamWar.de-Serverteam + * Copyright (C) 2025 SteamWar.de-Serverteam * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by @@ -21,9 +21,11 @@ package de.steamwar.routes import de.steamwar.ResponseError import de.steamwar.plugins.SWAuthPrincipal -import de.steamwar.plugins.SWPermissionCheck import de.steamwar.sql.SteamwarUser import de.steamwar.sql.Token +import de.steamwar.util.TokenType +import de.steamwar.util.lifetime +import de.steamwar.util.type import io.ktor.http.* import io.ktor.server.application.* import io.ktor.server.auth.* @@ -31,64 +33,73 @@ import io.ktor.server.request.* import io.ktor.server.response.* import io.ktor.server.routing.* import kotlinx.serialization.Serializable -import java.time.format.DateTimeFormatter import java.time.LocalDateTime +import kotlin.time.Duration +import kotlin.time.toJavaDuration @Serializable -data class AuthLoginRequest(val username: String, val password: String) +data class UsernamePassword(val name: String, val password: String, val keepLoggedIn: Boolean = false) @Serializable -data class AuthTokenResponse(val token: String) - -@Serializable -data class ResponseToken(val id: Int, val name: String, val created: String) { - constructor(token: Token) : this(token.id, token.name, token.created.toLocalDateTime().toString()) +data class ResponseToken(val token: String, val expires: String) { + constructor(token: String, lifetime: Duration) : this(token, LocalDateTime.now().plus(lifetime.toJavaDuration()).toString()) } @Serializable -data class CreateTokenRequest(val name: String, val password: String) +data class AuthTokenResponse(val accessToken: ResponseToken, val refreshToken: ResponseToken? = null) -fun Route.configureAuthRoutes() { +fun SteamwarUser.createAccessAndRefreshToken(keepLoggedIn: Boolean = false): AuthTokenResponse { + val code = System.currentTimeMillis() % 1000 + val accessToken = Token.createToken("AT-${userName}-${code}", this) + val refreshToken = if (keepLoggedIn) Token.createToken("RT-${userName}-${code}", this) else null + + return AuthTokenResponse(ResponseToken(accessToken, TokenType.ACCESS_TOKEN.lifetime), refreshToken?.let { ResponseToken(it, TokenType.REFRESH_TOKEN.lifetime) }) +} + +fun Route.configureAuth() { route("/auth") { - post("/login") { - if (call.principal() != null) { - call.respond(HttpStatusCode.Forbidden, ResponseError("Already logged in", "already_logged_in")) - return@post - } + post { + val request = call.receive() - val request = call.receive() + val user = SteamwarUser.get(request.name) + val valid = user?.verifyPassword(request.password) ?: false - val user = SteamwarUser.get(request.username) - - if (user == null) { + if (!valid) { call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid username or password", "invalid")) return@post } - if (!user.verifyPassword(request.password)) { - call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid username or password", "invalid")) - return@post - } - - val code = Token.createToken("Website: ${DateTimeFormatter.ISO_LOCAL_DATE_TIME.format(LocalDateTime.now())}", user) - call.respond(AuthTokenResponse(code)) + call.respond(user.createAccessAndRefreshToken(request.keepLoggedIn)) } - route("/tokens") { - install(SWPermissionCheck) { - mustAuth = true + put { + val token = call.principal() + + if (token == null || token.token.type != TokenType.REFRESH_TOKEN) { + call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid token type", "invalid")) + return@put } - post("/logout") { - val auth = call.principal() + val code = token.token.name.substringAfterLast('-') - if(auth == null) { - call.respond(HttpStatusCode.InternalServerError) - return@post - } + Token.listUser(token.user) + .filter { it.type == TokenType.ACCESS_TOKEN } + .filter { it.name.endsWith(code) } + .forEach { it.delete() } - auth.token.delete() - call.respond(HttpStatusCode.OK) + call.respond(token.user.createAccessAndRefreshToken(true)) + } + delete { + val token = call.principal() + token?.let { t -> + t.token.delete() + val code = t.token.name.substringAfterLast('-') + Token.listUser(token.user) + .filter { it.type == TokenType.REFRESH_TOKEN } + .filter { it.name.endsWith(code) } + .forEach { it.delete() } } + + call.respond(HttpStatusCode.OK) } } } \ No newline at end of file diff --git a/WebsiteBackend/src/de/steamwar/routes/Routes.kt b/WebsiteBackend/src/de/steamwar/routes/Routes.kt index 041d4b31..388f8055 100644 --- a/WebsiteBackend/src/de/steamwar/routes/Routes.kt +++ b/WebsiteBackend/src/de/steamwar/routes/Routes.kt @@ -33,7 +33,7 @@ fun Application.configureRoutes() { configureStats() configurePage() configureSchematic() - configureAuthRoutes() + configureAuth() } } } \ No newline at end of file diff --git a/WebsiteBackend/src/de/steamwar/routes/Stats.kt b/WebsiteBackend/src/de/steamwar/routes/Stats.kt index 0c4e571b..11aa8b97 100644 --- a/WebsiteBackend/src/de/steamwar/routes/Stats.kt +++ b/WebsiteBackend/src/de/steamwar/routes/Stats.kt @@ -21,7 +21,6 @@ package de.steamwar.routes import de.steamwar.plugins.SWAuthPrincipal import de.steamwar.plugins.SWPermissionCheck -import de.steamwar.plugins.getUser import de.steamwar.sql.* import io.ktor.http.* import io.ktor.server.application.* diff --git a/WebsiteBackend/src/de/steamwar/util/TokenUtils.kt b/WebsiteBackend/src/de/steamwar/util/TokenUtils.kt new file mode 100644 index 00000000..54675dd0 --- /dev/null +++ b/WebsiteBackend/src/de/steamwar/util/TokenUtils.kt @@ -0,0 +1,53 @@ +/* + * This file is a part of the SteamWar software. + * + * Copyright (C) 2025 SteamWar.de-Serverteam + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package de.steamwar.util + +import de.steamwar.sql.Token +import java.time.LocalDateTime +import kotlin.time.Duration +import kotlin.time.Duration.Companion.days +import kotlin.time.Duration.Companion.minutes +import kotlin.time.toJavaDuration + +val Token.type: TokenType + get() = when (name.substring((0..1))) { + "RT" -> TokenType.REFRESH_TOKEN + "AT" -> TokenType.ACCESS_TOKEN + else -> TokenType.OLD_TOKEN + } + +val TokenType.lifetime: Duration + get() = when (this) { + TokenType.REFRESH_TOKEN -> 7.days + TokenType.ACCESS_TOKEN -> 5.minutes + TokenType.OLD_TOKEN -> 1.days + } + +val Token.lifetime: Duration + get() = type.lifetime + +val Token.isValid: Boolean + get() = created.toLocalDateTime().plus(lifetime.toJavaDuration()).isAfter(LocalDateTime.now()) + +enum class TokenType { + ACCESS_TOKEN, + REFRESH_TOKEN, + OLD_TOKEN +} \ No newline at end of file