mirror of
https://github.com/GravitLauncher/Launcher
synced 2025-01-22 23:34:25 +03:00
[FEATURE] Public-Only server token
This commit is contained in:
parent
4f47398211
commit
80fc2900c8
3 changed files with 13 additions and 7 deletions
|
@ -23,10 +23,11 @@ public void invoke(String... args) throws Exception {
|
|||
logger.info("Token: {}", claims.getBody());
|
||||
}
|
||||
});
|
||||
this.childCommands.put("server", new SubCommand("[profileName] (authId)", "generate new server token") {
|
||||
this.childCommands.put("server", new SubCommand("[profileName] (authId) (public only)", "generate new server token") {
|
||||
@Override
|
||||
public void invoke(String... args) {
|
||||
AuthProviderPair pair = args.length > 1 ? server.config.getAuthProviderPair(args[1]) : server.config.getAuthProviderPair();
|
||||
boolean publicOnly = args.length <= 2 || Boolean.parseBoolean(args[2]);
|
||||
ClientProfile profile = null;
|
||||
for (ClientProfile p : server.getProfiles()) {
|
||||
if (p.getTitle().equals(args[0]) || p.getUUID().toString().equals(args[0])) {
|
||||
|
@ -41,7 +42,7 @@ public void invoke(String... args) {
|
|||
logger.error("AuthId {} not found", args[1]);
|
||||
return;
|
||||
}
|
||||
String token = server.authManager.newCheckServerToken(profile != null ? profile.getUUID().toString() : args[0], pair.name);
|
||||
String token = server.authManager.newCheckServerToken(profile != null ? profile.getUUID().toString() : args[0], pair.name, publicOnly);
|
||||
logger.info("Server token {} authId {}: {}", args[0], pair.name, token);
|
||||
}
|
||||
});
|
||||
|
|
|
@ -45,12 +45,13 @@ public AuthManager(LaunchServer server) {
|
|||
.build();
|
||||
}
|
||||
|
||||
public String newCheckServerToken(String serverName, String authId) {
|
||||
public String newCheckServerToken(String serverName, String authId, boolean publicOnly) {
|
||||
return Jwts.builder()
|
||||
.setIssuer("LaunchServer")
|
||||
.claim("serverName", serverName)
|
||||
.claim("authId", authId)
|
||||
.claim("tokenType", "checkServer")
|
||||
.claim("isPublic", publicOnly ? "true" : "false")
|
||||
.signWith(server.keyAgreementManager.ecdsaPrivateKey)
|
||||
.compact();
|
||||
}
|
||||
|
@ -58,7 +59,8 @@ public String newCheckServerToken(String serverName, String authId) {
|
|||
public CheckServerTokenInfo parseCheckServerToken(String token) {
|
||||
try {
|
||||
var jwt = checkServerTokenParser.parseClaimsJws(token).getBody();
|
||||
return new CheckServerTokenInfo(jwt.get("serverName", String.class), jwt.get("authId", String.class));
|
||||
var isPublicClaim = jwt.get("isPublic", Boolean.class);
|
||||
return new CheckServerTokenInfo(jwt.get("serverName", String.class), jwt.get("authId", String.class), isPublicClaim == null || isPublicClaim);
|
||||
} catch (Exception e) {
|
||||
return null;
|
||||
}
|
||||
|
@ -301,7 +303,7 @@ private AuthRequest.AuthPasswordInterface tryDecryptPasswordPlain(AuthRequest.Au
|
|||
return password;
|
||||
}
|
||||
|
||||
public record CheckServerTokenInfo(String serverName, String authId) {
|
||||
public record CheckServerTokenInfo(String serverName, String authId, boolean isPublic) {
|
||||
}
|
||||
|
||||
public static class CheckServerVerifier implements RestoreResponse.ExtendedTokenProvider {
|
||||
|
@ -321,7 +323,10 @@ public boolean accept(Client client, AuthProviderPair pair, String extendedToken
|
|||
client.auth = server.config.getAuthProviderPair(info.authId);
|
||||
if (client.permissions == null) client.permissions = new ClientPermissions();
|
||||
client.permissions.addPerm("launchserver.checkserver");
|
||||
client.permissions.addPerm("launchserver.profile.%s.show".formatted(info.serverName));
|
||||
if(!info.isPublic) {
|
||||
client.permissions.addPerm("launchserver.checkserver.extended");
|
||||
client.permissions.addPerm("launchserver.profile.%s.show".formatted(info.serverName));
|
||||
}
|
||||
client.setProperty("launchserver.serverName", info.serverName);
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -40,7 +40,7 @@ public void execute(ChannelHandlerContext ctx, Client pClient) {
|
|||
}
|
||||
result.playerProfile = report.playerProfile;
|
||||
result.uuid = report.uuid;
|
||||
if(report.session != null) {
|
||||
if(pClient.permissions.hasPerm("launchserver.checkserver.extended") && report.session != null) {
|
||||
result.sessionId = report.session.getID();
|
||||
if(needProperties && report.session instanceof UserSessionSupportProperties supportProperties) {
|
||||
result.sessionProperties = supportProperties.getProperties();
|
||||
|
|
Loading…
Reference in a new issue