forked from SteamWar/SteamWar
Merge pull request 'Authentication v2' (#17) from Backend/new-auth into main
Reviewed-on: SteamWar/SteamWar#17
This commit is contained in:
@@ -42,6 +42,7 @@ import de.steamwar.velocitycore.network.NetworkSender;
|
|||||||
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Set;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
@@ -53,6 +54,8 @@ public class ChatListener extends BasicListener {
|
|||||||
|
|
||||||
private static final List<String> rankedModes = ArenaMode.getAllModes().stream().filter(ArenaMode::isRanked).map(ArenaMode::getSchemTypeOrInternalName).toList();
|
private static final List<String> rankedModes = ArenaMode.getAllModes().stream().filter(ArenaMode::isRanked).map(ArenaMode::getSchemTypeOrInternalName).toList();
|
||||||
|
|
||||||
|
private static final Set<String> noLogCommands = Set.of("webpw", "webpassword", "web");
|
||||||
|
|
||||||
@Subscribe(order = PostOrder.FIRST)
|
@Subscribe(order = PostOrder.FIRST)
|
||||||
public void fixCommands(CommandExecuteEvent e) {
|
public void fixCommands(CommandExecuteEvent e) {
|
||||||
String command = e.getCommand();
|
String command = e.getCommand();
|
||||||
@@ -73,7 +76,8 @@ public class ChatListener extends BasicListener {
|
|||||||
public void logCommands(CommandExecuteEvent e) {
|
public void logCommands(CommandExecuteEvent e) {
|
||||||
String command = e.getCommand();
|
String command = e.getCommand();
|
||||||
int space = command.indexOf(' ');
|
int space = command.indexOf(' ');
|
||||||
if(VelocityCore.getProxy().getCommandManager().hasCommand(space != -1 ? command.substring(0, space) : command)) {
|
String cmd = space != -1 ? command.substring(0, space) : command;
|
||||||
|
if(VelocityCore.getProxy().getCommandManager().hasCommand(cmd)) {
|
||||||
CommandSource source = e.getCommandSource();
|
CommandSource source = e.getCommandSource();
|
||||||
String name;
|
String name;
|
||||||
if(source instanceof Player player)
|
if(source instanceof Player player)
|
||||||
@@ -83,6 +87,10 @@ public class ChatListener extends BasicListener {
|
|||||||
else
|
else
|
||||||
name = source.toString();
|
name = source.toString();
|
||||||
|
|
||||||
|
if (noLogCommands.contains(cmd)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
cmdLogger.log(Level.INFO, "%s -> executed command /%s".formatted(name, command));
|
cmdLogger.log(Level.INFO, "%s -> executed command /%s".formatted(name, command));
|
||||||
} else if (e.getCommandSource() instanceof Player player) {
|
} else if (e.getCommandSource() instanceof Player player) {
|
||||||
// System.out.println("spoofChatInput " + e);
|
// System.out.println("spoofChatInput " + e);
|
||||||
|
|||||||
@@ -20,7 +20,11 @@
|
|||||||
package de.steamwar.plugins
|
package de.steamwar.plugins
|
||||||
|
|
||||||
import de.steamwar.sql.Token
|
import de.steamwar.sql.Token
|
||||||
|
import de.steamwar.util.TokenType
|
||||||
|
import de.steamwar.util.isValid
|
||||||
|
import de.steamwar.util.type
|
||||||
import io.ktor.http.*
|
import io.ktor.http.*
|
||||||
|
import io.ktor.http.auth.*
|
||||||
import io.ktor.serialization.kotlinx.json.*
|
import io.ktor.serialization.kotlinx.json.*
|
||||||
import io.ktor.server.application.*
|
import io.ktor.server.application.*
|
||||||
import io.ktor.server.auth.*
|
import io.ktor.server.auth.*
|
||||||
@@ -66,6 +70,14 @@ fun Application.configurePlugins() {
|
|||||||
if (token == null) {
|
if (token == null) {
|
||||||
null
|
null
|
||||||
} else {
|
} else {
|
||||||
|
if (!token.isValid) {
|
||||||
|
token.delete()
|
||||||
|
return@authenticate null
|
||||||
|
}
|
||||||
|
if (token.type == TokenType.REFRESH_TOKEN) {
|
||||||
|
token.delete()
|
||||||
|
}
|
||||||
|
|
||||||
SWAuthPrincipal(token, token.owner)
|
SWAuthPrincipal(token, token.owner)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* This file is a part of the SteamWar software.
|
* This file is a part of the SteamWar software.
|
||||||
*
|
*
|
||||||
* Copyright (C) 2024 SteamWar.de-Serverteam
|
* Copyright (C) 2025 SteamWar.de-Serverteam
|
||||||
*
|
*
|
||||||
* This program is free software: you can redistribute it and/or modify
|
* This program is free software: you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU Affero General Public License as published by
|
* it under the terms of the GNU Affero General Public License as published by
|
||||||
@@ -21,9 +21,11 @@ package de.steamwar.routes
|
|||||||
|
|
||||||
import de.steamwar.ResponseError
|
import de.steamwar.ResponseError
|
||||||
import de.steamwar.plugins.SWAuthPrincipal
|
import de.steamwar.plugins.SWAuthPrincipal
|
||||||
import de.steamwar.plugins.SWPermissionCheck
|
|
||||||
import de.steamwar.sql.SteamwarUser
|
import de.steamwar.sql.SteamwarUser
|
||||||
import de.steamwar.sql.Token
|
import de.steamwar.sql.Token
|
||||||
|
import de.steamwar.util.TokenType
|
||||||
|
import de.steamwar.util.lifetime
|
||||||
|
import de.steamwar.util.type
|
||||||
import io.ktor.http.*
|
import io.ktor.http.*
|
||||||
import io.ktor.server.application.*
|
import io.ktor.server.application.*
|
||||||
import io.ktor.server.auth.*
|
import io.ktor.server.auth.*
|
||||||
@@ -31,64 +33,73 @@ import io.ktor.server.request.*
|
|||||||
import io.ktor.server.response.*
|
import io.ktor.server.response.*
|
||||||
import io.ktor.server.routing.*
|
import io.ktor.server.routing.*
|
||||||
import kotlinx.serialization.Serializable
|
import kotlinx.serialization.Serializable
|
||||||
import java.time.format.DateTimeFormatter
|
|
||||||
import java.time.LocalDateTime
|
import java.time.LocalDateTime
|
||||||
|
import kotlin.time.Duration
|
||||||
|
import kotlin.time.toJavaDuration
|
||||||
|
|
||||||
@Serializable
|
@Serializable
|
||||||
data class AuthLoginRequest(val username: String, val password: String)
|
data class UsernamePassword(val name: String, val password: String, val keepLoggedIn: Boolean = false)
|
||||||
|
|
||||||
@Serializable
|
@Serializable
|
||||||
data class AuthTokenResponse(val token: String)
|
data class ResponseToken(val token: String, val expires: String) {
|
||||||
|
constructor(token: String, lifetime: Duration) : this(token, LocalDateTime.now().plus(lifetime.toJavaDuration()).toString())
|
||||||
@Serializable
|
|
||||||
data class ResponseToken(val id: Int, val name: String, val created: String) {
|
|
||||||
constructor(token: Token) : this(token.id, token.name, token.created.toLocalDateTime().toString())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Serializable
|
@Serializable
|
||||||
data class CreateTokenRequest(val name: String, val password: String)
|
data class AuthTokenResponse(val accessToken: ResponseToken, val refreshToken: ResponseToken? = null)
|
||||||
|
|
||||||
fun Route.configureAuthRoutes() {
|
fun SteamwarUser.createAccessAndRefreshToken(keepLoggedIn: Boolean = false): AuthTokenResponse {
|
||||||
|
val code = System.currentTimeMillis() % 1000
|
||||||
|
val accessToken = Token.createToken("AT-${userName}-${code}", this)
|
||||||
|
val refreshToken = if (keepLoggedIn) Token.createToken("RT-${userName}-${code}", this) else null
|
||||||
|
|
||||||
|
return AuthTokenResponse(ResponseToken(accessToken, TokenType.ACCESS_TOKEN.lifetime), refreshToken?.let { ResponseToken(it, TokenType.REFRESH_TOKEN.lifetime) })
|
||||||
|
}
|
||||||
|
|
||||||
|
fun Route.configureAuth() {
|
||||||
route("/auth") {
|
route("/auth") {
|
||||||
post("/login") {
|
post {
|
||||||
if (call.principal<SWAuthPrincipal>() != null) {
|
val request = call.receive<UsernamePassword>()
|
||||||
call.respond(HttpStatusCode.Forbidden, ResponseError("Already logged in", "already_logged_in"))
|
|
||||||
return@post
|
|
||||||
}
|
|
||||||
|
|
||||||
val request = call.receive<AuthLoginRequest>()
|
val user = SteamwarUser.get(request.name)
|
||||||
|
val valid = user?.verifyPassword(request.password) ?: false
|
||||||
|
|
||||||
val user = SteamwarUser.get(request.username)
|
if (!valid) {
|
||||||
|
|
||||||
if (user == null) {
|
|
||||||
call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid username or password", "invalid"))
|
call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid username or password", "invalid"))
|
||||||
return@post
|
return@post
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!user.verifyPassword(request.password)) {
|
call.respond(user.createAccessAndRefreshToken(request.keepLoggedIn))
|
||||||
call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid username or password", "invalid"))
|
|
||||||
return@post
|
|
||||||
}
|
|
||||||
|
|
||||||
val code = Token.createToken("Website: ${DateTimeFormatter.ISO_LOCAL_DATE_TIME.format(LocalDateTime.now())}", user)
|
|
||||||
call.respond(AuthTokenResponse(code))
|
|
||||||
}
|
}
|
||||||
route("/tokens") {
|
put {
|
||||||
install(SWPermissionCheck) {
|
val token = call.principal<SWAuthPrincipal>()
|
||||||
mustAuth = true
|
|
||||||
|
if (token == null || token.token.type != TokenType.REFRESH_TOKEN) {
|
||||||
|
call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid token type", "invalid"))
|
||||||
|
return@put
|
||||||
}
|
}
|
||||||
|
|
||||||
post("/logout") {
|
val code = token.token.name.substringAfterLast('-')
|
||||||
val auth = call.principal<SWAuthPrincipal>()
|
|
||||||
|
|
||||||
if(auth == null) {
|
Token.listUser(token.user)
|
||||||
call.respond(HttpStatusCode.InternalServerError)
|
.filter { it.type == TokenType.ACCESS_TOKEN }
|
||||||
return@post
|
.filter { it.name.endsWith(code) }
|
||||||
}
|
.forEach { it.delete() }
|
||||||
|
|
||||||
auth.token.delete()
|
call.respond(token.user.createAccessAndRefreshToken(true))
|
||||||
call.respond(HttpStatusCode.OK)
|
}
|
||||||
|
delete {
|
||||||
|
val token = call.principal<SWAuthPrincipal>()
|
||||||
|
token?.let { t ->
|
||||||
|
t.token.delete()
|
||||||
|
val code = t.token.name.substringAfterLast('-')
|
||||||
|
Token.listUser(token.user)
|
||||||
|
.filter { it.type == TokenType.REFRESH_TOKEN }
|
||||||
|
.filter { it.name.endsWith(code) }
|
||||||
|
.forEach { it.delete() }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
call.respond(HttpStatusCode.OK)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -33,7 +33,7 @@ fun Application.configureRoutes() {
|
|||||||
configureStats()
|
configureStats()
|
||||||
configurePage()
|
configurePage()
|
||||||
configureSchematic()
|
configureSchematic()
|
||||||
configureAuthRoutes()
|
configureAuth()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -21,7 +21,6 @@ package de.steamwar.routes
|
|||||||
|
|
||||||
import de.steamwar.plugins.SWAuthPrincipal
|
import de.steamwar.plugins.SWAuthPrincipal
|
||||||
import de.steamwar.plugins.SWPermissionCheck
|
import de.steamwar.plugins.SWPermissionCheck
|
||||||
import de.steamwar.plugins.getUser
|
|
||||||
import de.steamwar.sql.*
|
import de.steamwar.sql.*
|
||||||
import io.ktor.http.*
|
import io.ktor.http.*
|
||||||
import io.ktor.server.application.*
|
import io.ktor.server.application.*
|
||||||
|
|||||||
@@ -0,0 +1,53 @@
|
|||||||
|
/*
|
||||||
|
* This file is a part of the SteamWar software.
|
||||||
|
*
|
||||||
|
* Copyright (C) 2025 SteamWar.de-Serverteam
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package de.steamwar.util
|
||||||
|
|
||||||
|
import de.steamwar.sql.Token
|
||||||
|
import java.time.LocalDateTime
|
||||||
|
import kotlin.time.Duration
|
||||||
|
import kotlin.time.Duration.Companion.days
|
||||||
|
import kotlin.time.Duration.Companion.minutes
|
||||||
|
import kotlin.time.toJavaDuration
|
||||||
|
|
||||||
|
val Token.type: TokenType
|
||||||
|
get() = when (name.substring((0..1))) {
|
||||||
|
"RT" -> TokenType.REFRESH_TOKEN
|
||||||
|
"AT" -> TokenType.ACCESS_TOKEN
|
||||||
|
else -> TokenType.OLD_TOKEN
|
||||||
|
}
|
||||||
|
|
||||||
|
val TokenType.lifetime: Duration
|
||||||
|
get() = when (this) {
|
||||||
|
TokenType.REFRESH_TOKEN -> 7.days
|
||||||
|
TokenType.ACCESS_TOKEN -> 5.minutes
|
||||||
|
TokenType.OLD_TOKEN -> 1.days
|
||||||
|
}
|
||||||
|
|
||||||
|
val Token.lifetime: Duration
|
||||||
|
get() = type.lifetime
|
||||||
|
|
||||||
|
val Token.isValid: Boolean
|
||||||
|
get() = created.toLocalDateTime().plus(lifetime.toJavaDuration()).isAfter(LocalDateTime.now())
|
||||||
|
|
||||||
|
enum class TokenType {
|
||||||
|
ACCESS_TOKEN,
|
||||||
|
REFRESH_TOKEN,
|
||||||
|
OLD_TOKEN
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user