mirror of
https://github.com/GravitLauncher/Launcher
synced 2024-12-22 08:31:07 +03:00
[FEATURE][EXPERIMENTAL] New permissions system
This commit is contained in:
parent
8e1cf303ac
commit
0692fe367f
10 changed files with 161 additions and 57 deletions
|
@ -36,7 +36,7 @@ public void invoke(String... args) {
|
|||
LogHelper.info("Client name %s | ip %s | connectUUID %s", client.username == null ? "null" : client.username, ip, frameHandler.getConnectUUID());
|
||||
LogHelper.subInfo("Data: checkSign %s | auth_id %s", client.checkSign ? "true" : "false",
|
||||
client.auth_id);
|
||||
LogHelper.subInfo("Permissions: %s (long %d)", client.permissions == null ? "null" : client.permissions.toString(), client.permissions == null ? 0 : client.permissions.toLong());
|
||||
LogHelper.subInfo("Permissions: %s (permissions %d | flags %d)", client.permissions == null ? "null" : client.permissions.toString(), client.permissions == null ? 0 : client.permissions.permissions, client.permissions == null ? 0 : client.permissions.flags);
|
||||
}
|
||||
}));
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
import pro.gravit.launcher.Launcher;
|
||||
import pro.gravit.launcher.LauncherConfig;
|
||||
import pro.gravit.launchserver.LaunchServer;
|
||||
import pro.gravit.launchserver.Reconfigurable;
|
||||
import pro.gravit.launchserver.auth.AuthProviderPair;
|
||||
import pro.gravit.launchserver.auth.handler.MemoryAuthHandler;
|
||||
import pro.gravit.launchserver.auth.protect.ProtectHandler;
|
||||
|
@ -124,8 +125,10 @@ public void init(LaunchServer.ReloadType type) {
|
|||
for (Map.Entry<String,AuthProviderPair> provider : auth.entrySet()) {
|
||||
provider.getValue().init(server, provider.getKey());
|
||||
}
|
||||
if (dao != null)
|
||||
if (dao != null) {
|
||||
server.registerObject("dao", dao);
|
||||
dao.init(server);
|
||||
}
|
||||
if (protectHandler != null) {
|
||||
protectHandler.checkLaunchServerLicense();
|
||||
}
|
||||
|
|
|
@ -2,14 +2,22 @@
|
|||
|
||||
import org.hibernate.SessionFactory;
|
||||
import org.hibernate.cfg.Configuration;
|
||||
import pro.gravit.launcher.ClientPermissions;
|
||||
import pro.gravit.launchserver.LaunchServer;
|
||||
import pro.gravit.launchserver.Reconfigurable;
|
||||
import pro.gravit.launchserver.dao.User;
|
||||
import pro.gravit.launchserver.dao.impl.UserHibernateImpl;
|
||||
import pro.gravit.launchserver.dao.impl.HibernateUserDAOImpl;
|
||||
import pro.gravit.utils.command.Command;
|
||||
import pro.gravit.utils.command.SubCommand;
|
||||
import pro.gravit.utils.helper.CommonHelper;
|
||||
import pro.gravit.utils.helper.LogHelper;
|
||||
|
||||
import java.nio.file.Paths;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
public class HibernateDaoProvider extends DaoProvider {
|
||||
public class HibernateDaoProvider extends DaoProvider implements Reconfigurable {
|
||||
public String driver;
|
||||
public String url;
|
||||
public String username;
|
||||
|
@ -42,4 +50,65 @@ public void init(LaunchServer server) {
|
|||
else
|
||||
init.run();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, Command> getCommands() {
|
||||
Map<String, Command> commands = new HashMap<>();
|
||||
commands.put("getallusers", new SubCommand() {
|
||||
@Override
|
||||
public void invoke(String... args) throws Exception {
|
||||
int count = 0;
|
||||
for (User user : userDAO.findAll()) {
|
||||
LogHelper.subInfo("[%s] UUID: %s", user.getUsername(), user.getUuid().toString());
|
||||
count++;
|
||||
}
|
||||
LogHelper.info("Print %d users", count);
|
||||
}
|
||||
});
|
||||
commands.put("getuser", new SubCommand() {
|
||||
@Override
|
||||
public void invoke(String... args) throws Exception {
|
||||
verifyArgs(args, 1);
|
||||
User user = userDAO.findByUsername(args[0]);
|
||||
if (user == null) {
|
||||
LogHelper.error("User %s not found", args[0]);
|
||||
return;
|
||||
}
|
||||
LogHelper.info("[%s] UUID: %s | permissions %s", user.getUsername(), user.getUuid().toString(), user.getPermissions() == null ? "null" : user.getPermissions().toString());
|
||||
}
|
||||
});
|
||||
commands.put("givepermission", new SubCommand() {
|
||||
@Override
|
||||
public void invoke(String... args) throws Exception {
|
||||
verifyArgs(args, 3);
|
||||
User user = userDAO.findByUsername(args[0]);
|
||||
if (user == null) {
|
||||
LogHelper.error("User %s not found", args[0]);
|
||||
return;
|
||||
}
|
||||
ClientPermissions permissions = user.getPermissions();
|
||||
long perm = Long.parseLong(args[1]);
|
||||
boolean value = Boolean.parseBoolean(args[2]);
|
||||
permissions.setPermission(perm, value);
|
||||
userDAO.update(user);
|
||||
}
|
||||
});
|
||||
commands.put("giveflag", new SubCommand() {
|
||||
@Override
|
||||
public void invoke(String... args) throws Exception {
|
||||
verifyArgs(args, 3);
|
||||
User user = userDAO.findByUsername(args[0]);
|
||||
if (user == null) {
|
||||
LogHelper.error("User %s not found", args[0]);
|
||||
return;
|
||||
}
|
||||
ClientPermissions permissions = user.getPermissions();
|
||||
long perm = Long.parseLong(args[1]);
|
||||
boolean value = Boolean.parseBoolean(args[2]);
|
||||
permissions.setFlag(perm, value);
|
||||
userDAO.update(user);
|
||||
}
|
||||
});
|
||||
return commands;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package pro.gravit.launchserver.socket.response.admin;
|
||||
|
||||
import io.netty.channel.ChannelHandlerContext;
|
||||
import pro.gravit.launcher.ClientPermissions;
|
||||
import pro.gravit.launcher.events.request.LogEvent;
|
||||
import pro.gravit.launchserver.socket.Client;
|
||||
import pro.gravit.launchserver.socket.response.SimpleResponse;
|
||||
|
@ -20,7 +21,7 @@ public void execute(ChannelHandlerContext ctx, Client client) {
|
|||
sendError("Access denied");
|
||||
return;
|
||||
}
|
||||
if (!client.permissions.canAdmin) {
|
||||
if (!client.permissions.isPermission(ClientPermissions.PermissionConsts.ADMIN)) {
|
||||
sendError("Access denied");
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package pro.gravit.launchserver.socket.response.admin;
|
||||
|
||||
import io.netty.channel.ChannelHandlerContext;
|
||||
import pro.gravit.launcher.ClientPermissions;
|
||||
import pro.gravit.launcher.events.request.ExecCommandRequestEvent;
|
||||
import pro.gravit.launchserver.socket.Client;
|
||||
import pro.gravit.launchserver.socket.response.SimpleResponse;
|
||||
|
@ -15,7 +16,7 @@ public String getType() {
|
|||
|
||||
@Override
|
||||
public void execute(ChannelHandlerContext ctx, Client client) {
|
||||
if (!client.isAuth || !client.permissions.canAdmin) {
|
||||
if (!client.isAuth || !client.permissions.isPermission(ClientPermissions.PermissionConsts.ADMIN)) {
|
||||
sendError("Access denied");
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package pro.gravit.launchserver.socket.response.auth;
|
||||
|
||||
import io.netty.channel.ChannelHandlerContext;
|
||||
import pro.gravit.launcher.ClientPermissions;
|
||||
import pro.gravit.launcher.events.RequestEvent;
|
||||
import pro.gravit.launcher.events.request.ExitRequestEvent;
|
||||
import pro.gravit.launchserver.socket.Client;
|
||||
|
@ -17,7 +18,7 @@ public String getType() {
|
|||
|
||||
@Override
|
||||
public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
|
||||
if(username != null && ( !client.isAuth || client.permissions == null || !client.permissions.canAdmin ))
|
||||
if(username != null && ( !client.isAuth || client.permissions == null || !client.permissions.isPermission(ClientPermissions.PermissionConsts.ADMIN) ))
|
||||
{
|
||||
sendError("Permissions denied");
|
||||
return;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package pro.gravit.launchserver.socket.response.auth;
|
||||
|
||||
import io.netty.channel.ChannelHandlerContext;
|
||||
import pro.gravit.launcher.ClientPermissions;
|
||||
import pro.gravit.launchserver.dao.User;
|
||||
import pro.gravit.launchserver.dao.impl.UserHibernateImpl;
|
||||
import pro.gravit.launchserver.socket.Client;
|
||||
|
@ -21,7 +22,7 @@ public class RegisterResponse extends SimpleResponse {
|
|||
@Override
|
||||
public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
|
||||
byte[] normalHash = registerHash(login, server.runtime.registerApiKey);
|
||||
if (!(client.isAuth && client.permissions.canAdmin) && !Arrays.equals(normalHash, verifyHash)) {
|
||||
if (!(client.isAuth && client.permissions.isPermission(ClientPermissions.PermissionConsts.ADMIN)) && !Arrays.equals(normalHash, verifyHash)) {
|
||||
sendError("Hash invalid");
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package pro.gravit.launchserver.socket.response.auth;
|
||||
|
||||
import io.netty.channel.ChannelHandlerContext;
|
||||
import pro.gravit.launcher.ClientPermissions;
|
||||
import pro.gravit.launcher.events.request.SetPasswordRequestEvent;
|
||||
import pro.gravit.launchserver.dao.User;
|
||||
import pro.gravit.launchserver.socket.Client;
|
||||
|
@ -26,7 +27,7 @@ public void execute(ChannelHandlerContext ctx, Client client) {
|
|||
sendError("You not authorized");
|
||||
return;
|
||||
}
|
||||
if (username != null && !client.permissions.canAdmin) {
|
||||
if (username != null && !client.permissions.isPermission(ClientPermissions.PermissionConsts.ADMIN)) {
|
||||
sendError("You not admin");
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -12,10 +12,6 @@ public class AuthService {
|
|||
public static ClientProfile profile;
|
||||
|
||||
public static boolean isAdmin() {
|
||||
return permissions.canAdmin;
|
||||
}
|
||||
|
||||
public static boolean isServer() {
|
||||
return permissions.canServer;
|
||||
return permissions.isPermission(ClientPermissions.PermissionConsts.ADMIN);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,73 +8,104 @@
|
|||
|
||||
public class ClientPermissions {
|
||||
public static final ClientPermissions DEFAULT = new ClientPermissions();
|
||||
@LauncherNetworkAPI
|
||||
public boolean canAdmin;
|
||||
@LauncherNetworkAPI
|
||||
public boolean canServer;
|
||||
@LauncherNetworkAPI
|
||||
public final boolean canUSR1;
|
||||
@LauncherNetworkAPI
|
||||
public final boolean canUSR2;
|
||||
@LauncherNetworkAPI
|
||||
public final boolean canUSR3;
|
||||
@LauncherNetworkAPI
|
||||
public boolean canBot;
|
||||
public long permissions;
|
||||
public long flags;
|
||||
public enum PermissionConsts
|
||||
{
|
||||
ADMIN(0x01),
|
||||
MANAGEMENT(0x02);
|
||||
public final long mask;
|
||||
|
||||
PermissionConsts(long mask) {
|
||||
this.mask = mask;
|
||||
}
|
||||
}
|
||||
public enum FlagConsts
|
||||
{
|
||||
SYSTEM(0x01),
|
||||
BANNED(0x02),
|
||||
UNTRUSTED(0x04),
|
||||
HIDDEN(0x08);
|
||||
public final long mask;
|
||||
|
||||
FlagConsts(long mask) {
|
||||
this.mask = mask;
|
||||
}
|
||||
}
|
||||
|
||||
public ClientPermissions(HInput input) throws IOException {
|
||||
this(input.readLong());
|
||||
}
|
||||
|
||||
public ClientPermissions() {
|
||||
canAdmin = false;
|
||||
canServer = false;
|
||||
canUSR1 = false;
|
||||
canUSR2 = false;
|
||||
canUSR3 = false;
|
||||
canBot = false;
|
||||
|
||||
}
|
||||
|
||||
public ClientPermissions(long data) {
|
||||
canAdmin = (data & (1)) != 0;
|
||||
canServer = (data & (1 << 1)) != 0;
|
||||
canUSR1 = (data & (1 << 2)) != 0;
|
||||
canUSR2 = (data & (1 << 3)) != 0;
|
||||
canUSR3 = (data & (1 << 4)) != 0;
|
||||
canBot = (data & (1 << 5)) != 0;
|
||||
public ClientPermissions(long permissions) {
|
||||
this.permissions = permissions;
|
||||
}
|
||||
|
||||
public ClientPermissions(long permissions, long flags) {
|
||||
this.permissions = permissions;
|
||||
this.flags = flags;
|
||||
}
|
||||
|
||||
public long toLong() {
|
||||
long result = 0;
|
||||
result |= !canAdmin ? 0 : 1;
|
||||
result |= !canServer ? 0 : (1 << 1);
|
||||
result |= !canUSR1 ? 0 : (1 << 2);
|
||||
result |= !canUSR2 ? 0 : (1 << 3);
|
||||
result |= !canUSR3 ? 0 : (1 << 4);
|
||||
result |= !canBot ? 0 : (1 << 5);
|
||||
return result;
|
||||
return permissions;
|
||||
}
|
||||
|
||||
public static ClientPermissions getSuperuserAccount() {
|
||||
ClientPermissions perm = new ClientPermissions();
|
||||
perm.canServer = true;
|
||||
perm.canAdmin = true;
|
||||
return perm;
|
||||
}
|
||||
|
||||
@Deprecated
|
||||
public void write(HOutput output) throws IOException {
|
||||
output.writeLong(toLong());
|
||||
}
|
||||
|
||||
//Read methods
|
||||
public final boolean isPermission(PermissionConsts con)
|
||||
{
|
||||
return (permissions & con.mask) != 0;
|
||||
}
|
||||
public final boolean isPermission(long mask)
|
||||
{
|
||||
return (permissions & mask) != 0;
|
||||
}
|
||||
public final boolean isFlag(FlagConsts con)
|
||||
{
|
||||
return (flags & con.mask) != 0;
|
||||
}
|
||||
public final boolean isFlag(long mask)
|
||||
{
|
||||
return (flags & mask) != 0;
|
||||
}
|
||||
//Write methods
|
||||
public final void setPermission(PermissionConsts con, boolean value)
|
||||
{
|
||||
if(value) this.permissions |= con.mask;
|
||||
else this.permissions &= ~con.mask;
|
||||
}
|
||||
public final void setPermission(long mask, boolean value)
|
||||
{
|
||||
if(value) this.permissions |= mask;
|
||||
else this.permissions &= ~mask;
|
||||
}
|
||||
public final void setFlag(FlagConsts con, boolean value)
|
||||
{
|
||||
if(value) this.flags |= con.mask;
|
||||
else this.flags &= ~con.mask;
|
||||
}
|
||||
public final void setFlag(long mask, boolean value)
|
||||
{
|
||||
if(value) this.flags |= mask;
|
||||
else this.flags &= ~mask;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return new StringJoiner(", ", ClientPermissions.class.getSimpleName() + "[", "]")
|
||||
.add("canAdmin=" + canAdmin)
|
||||
.add("canServer=" + canServer)
|
||||
.add("canUSR1=" + canUSR1)
|
||||
.add("canUSR2=" + canUSR2)
|
||||
.add("canUSR3=" + canUSR3)
|
||||
.add("canBot=" + canBot)
|
||||
.toString();
|
||||
return String.format("permissions %d | flags %d", permissions, flags);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue