From dea0d3318521709510924e64b3cd5e7f4a2d3b34 Mon Sep 17 00:00:00 2001
From: Chaoscaot <chaos@chaoscaot.de>
Date: Thu, 20 Feb 2025 22:13:13 +0100
Subject: [PATCH] Refactor token generation and remove unused endpoints.

---
 .../commands/WebpasswordCommand.java          | 19 +++-----------
 .../src/de/steamwar/routes/Routes.kt          |  6 ++---
 .../src/de/steamwar/routes/Stats.kt           |  1 -
 .../src/de/steamwar/routes/v2/Auth.kt         | 26 -------------------
 4 files changed, 5 insertions(+), 47 deletions(-)

diff --git a/VelocityCore/src/de/steamwar/velocitycore/commands/WebpasswordCommand.java b/VelocityCore/src/de/steamwar/velocitycore/commands/WebpasswordCommand.java
index 8f9b7b60..6115f47f 100644
--- a/VelocityCore/src/de/steamwar/velocitycore/commands/WebpasswordCommand.java
+++ b/VelocityCore/src/de/steamwar/velocitycore/commands/WebpasswordCommand.java
@@ -19,17 +19,13 @@
 
 package de.steamwar.velocitycore.commands;
 
-import com.google.gson.JsonObject;
-import com.google.gson.JsonParser;
 import de.steamwar.command.SWCommand;
 import de.steamwar.messages.Chatter;
 import de.steamwar.sql.SteamwarUser;
+import de.steamwar.sql.Token;
 
-import java.net.URI;
 import java.net.URLEncoder;
 import java.net.http.HttpClient;
-import java.net.http.HttpRequest;
-import java.net.http.HttpResponse;
 import java.nio.charset.StandardCharsets;
 
 public class WebpasswordCommand extends SWCommand {
@@ -44,16 +40,7 @@ public class WebpasswordCommand extends SWCommand {
     public void genericCommand(Chatter sender) {
         SteamwarUser user = sender.user();
 
-        HttpRequest request = HttpRequest.newBuilder()
-                        .POST(HttpRequest.BodyPublishers.noBody())
-                        .uri(URI.create("http://localhost:1337/v2/auth/enroll/" + user.getId())).build();
-
-        client.sendAsync(request, responseInfo -> HttpResponse.BodySubscribers.ofString(StandardCharsets.UTF_8)).thenAccept(httpResponse -> {
-            JsonObject jsonObject = JsonParser.parseString(httpResponse.body()).getAsJsonObject();
-
-            String token = jsonObject.get("token").getAsString();
-
-            sender.system("WEB_RESET_URL", URLEncoder.encode(token, StandardCharsets.UTF_8));
-        });
+        String token = Token.createToken("PT" + user.getUserName(), user);
+        sender.system("WEB_RESET_URL", URLEncoder.encode(token, StandardCharsets.UTF_8));
     }
 }
diff --git a/WebsiteBackend/src/de/steamwar/routes/Routes.kt b/WebsiteBackend/src/de/steamwar/routes/Routes.kt
index 1da4ed29..b28eef2e 100644
--- a/WebsiteBackend/src/de/steamwar/routes/Routes.kt
+++ b/WebsiteBackend/src/de/steamwar/routes/Routes.kt
@@ -19,7 +19,7 @@
 
 package de.steamwar.routes
 
-import de.steamwar.routes.v2.configureNewAuth
+import de.steamwar.routes.v2.*
 import io.ktor.server.application.*
 import io.ktor.server.auth.*
 import io.ktor.server.routing.*
@@ -35,9 +35,7 @@ fun Application.configureRoutes() {
             configurePage()
             configureSchematic()
             configureAuthRoutes()
-            route("/v2") {
-                configureNewAuth()
-            }
+            configureNewAuth()
         }
     }
 }
\ No newline at end of file
diff --git a/WebsiteBackend/src/de/steamwar/routes/Stats.kt b/WebsiteBackend/src/de/steamwar/routes/Stats.kt
index 0c4e571b..11aa8b97 100644
--- a/WebsiteBackend/src/de/steamwar/routes/Stats.kt
+++ b/WebsiteBackend/src/de/steamwar/routes/Stats.kt
@@ -21,7 +21,6 @@ package de.steamwar.routes
 
 import de.steamwar.plugins.SWAuthPrincipal
 import de.steamwar.plugins.SWPermissionCheck
-import de.steamwar.plugins.getUser
 import de.steamwar.sql.*
 import io.ktor.http.*
 import io.ktor.server.application.*
diff --git a/WebsiteBackend/src/de/steamwar/routes/v2/Auth.kt b/WebsiteBackend/src/de/steamwar/routes/v2/Auth.kt
index 9d6a5181..79fcd2ac 100644
--- a/WebsiteBackend/src/de/steamwar/routes/v2/Auth.kt
+++ b/WebsiteBackend/src/de/steamwar/routes/v2/Auth.kt
@@ -61,32 +61,6 @@ fun SteamwarUser.createAccessAndRefreshToken(keepLoggedIn: Boolean = false): Aut
 
 fun Route.configureNewAuth() {
     route("/auth") {
-        route("/enroll") {
-            post("/{userId}") {
-                if (call.request.headers.contains("X-Forwarded-For") || call.request.header("Host") != "localhost:1337") {
-                    SWException.log("Request to /auth/register from", "Invalid IP")
-                    call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid IP", "F_U"))
-                    return@post
-                }
-
-                val userId = call.parameters["userId"]?.toInt()
-                if (userId == null) {
-                    call.respond(HttpStatusCode.BadRequest, ResponseError("Missing or invalid userId"))
-                    return@post
-                }
-
-                val user = SteamwarUser.get(userId)
-                if (user == null) {
-                    call.respond(HttpStatusCode.BadRequest, ResponseError("Invalid userId"))
-                    return@post
-                }
-
-                val token = Token.createToken("PT-${user.userName}", user)
-
-                call.respond(HttpStatusCode.OK, ResponseToken(token, TokenType.RESET_PASSWORD.lifetime))
-            }
-        }
-
         post("/register") {
             val requester = call.request.header("X-Forwarded-For") ?: call.request.origin.remoteAddress