From 80fc2900c8966261ab631e919072aff63a2b226e Mon Sep 17 00:00:00 2001 From: Gravita <12893402+gravit0@users.noreply.github.com> Date: Wed, 7 Feb 2024 14:27:04 +0700 Subject: [PATCH] [FEATURE] Public-Only server token --- .../launchserver/command/service/TokenCommand.java | 5 +++-- .../gravit/launchserver/manangers/AuthManager.java | 13 +++++++++---- .../socket/response/auth/CheckServerResponse.java | 2 +- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/TokenCommand.java b/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/TokenCommand.java index 35fdb687..c2939900 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/TokenCommand.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/TokenCommand.java @@ -23,10 +23,11 @@ public void invoke(String... args) throws Exception { logger.info("Token: {}", claims.getBody()); } }); - this.childCommands.put("server", new SubCommand("[profileName] (authId)", "generate new server token") { + this.childCommands.put("server", new SubCommand("[profileName] (authId) (public only)", "generate new server token") { @Override public void invoke(String... args) { AuthProviderPair pair = args.length > 1 ? server.config.getAuthProviderPair(args[1]) : server.config.getAuthProviderPair(); + boolean publicOnly = args.length <= 2 || Boolean.parseBoolean(args[2]); ClientProfile profile = null; for (ClientProfile p : server.getProfiles()) { if (p.getTitle().equals(args[0]) || p.getUUID().toString().equals(args[0])) { @@ -41,7 +42,7 @@ public void invoke(String... args) { logger.error("AuthId {} not found", args[1]); return; } - String token = server.authManager.newCheckServerToken(profile != null ? profile.getUUID().toString() : args[0], pair.name); + String token = server.authManager.newCheckServerToken(profile != null ? profile.getUUID().toString() : args[0], pair.name, publicOnly); logger.info("Server token {} authId {}: {}", args[0], pair.name, token); } }); diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/manangers/AuthManager.java b/LaunchServer/src/main/java/pro/gravit/launchserver/manangers/AuthManager.java index 8d00596d..7c01ab38 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/manangers/AuthManager.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/manangers/AuthManager.java @@ -45,12 +45,13 @@ public AuthManager(LaunchServer server) { .build(); } - public String newCheckServerToken(String serverName, String authId) { + public String newCheckServerToken(String serverName, String authId, boolean publicOnly) { return Jwts.builder() .setIssuer("LaunchServer") .claim("serverName", serverName) .claim("authId", authId) .claim("tokenType", "checkServer") + .claim("isPublic", publicOnly ? "true" : "false") .signWith(server.keyAgreementManager.ecdsaPrivateKey) .compact(); } @@ -58,7 +59,8 @@ public String newCheckServerToken(String serverName, String authId) { public CheckServerTokenInfo parseCheckServerToken(String token) { try { var jwt = checkServerTokenParser.parseClaimsJws(token).getBody(); - return new CheckServerTokenInfo(jwt.get("serverName", String.class), jwt.get("authId", String.class)); + var isPublicClaim = jwt.get("isPublic", Boolean.class); + return new CheckServerTokenInfo(jwt.get("serverName", String.class), jwt.get("authId", String.class), isPublicClaim == null || isPublicClaim); } catch (Exception e) { return null; } @@ -301,7 +303,7 @@ private AuthRequest.AuthPasswordInterface tryDecryptPasswordPlain(AuthRequest.Au return password; } - public record CheckServerTokenInfo(String serverName, String authId) { + public record CheckServerTokenInfo(String serverName, String authId, boolean isPublic) { } public static class CheckServerVerifier implements RestoreResponse.ExtendedTokenProvider { @@ -321,7 +323,10 @@ public boolean accept(Client client, AuthProviderPair pair, String extendedToken client.auth = server.config.getAuthProviderPair(info.authId); if (client.permissions == null) client.permissions = new ClientPermissions(); client.permissions.addPerm("launchserver.checkserver"); - client.permissions.addPerm("launchserver.profile.%s.show".formatted(info.serverName)); + if(!info.isPublic) { + client.permissions.addPerm("launchserver.checkserver.extended"); + client.permissions.addPerm("launchserver.profile.%s.show".formatted(info.serverName)); + } client.setProperty("launchserver.serverName", info.serverName); return true; } diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/CheckServerResponse.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/CheckServerResponse.java index 29aed1be..f661b275 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/CheckServerResponse.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/CheckServerResponse.java @@ -40,7 +40,7 @@ public void execute(ChannelHandlerContext ctx, Client pClient) { } result.playerProfile = report.playerProfile; result.uuid = report.uuid; - if(report.session != null) { + if(pClient.permissions.hasPerm("launchserver.checkserver.extended") && report.session != null) { result.sessionId = report.session.getID(); if(needProperties && report.session instanceof UserSessionSupportProperties supportProperties) { result.sessionProperties = supportProperties.getProperties();