Lanmikeman/Launcher
1
1
Fork 0
mirror of https://github.com/GravitLauncher/Launcher synced 2024-12-23 00:51:01 +03:00
Code Issues Projects Releases Packages Wiki Activity

[FEATURE] Public-Only server token

Browse source
This commit is contained in:
Gravita 2024-02-07 14:27:04 +07:00
parent 4f47398211
commit 80fc2900c8
3 changed files with 13 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
LaunchServer/src/main/java/pro/gravit/launchserver/command/service/TokenCommand.java
View file

@ -23,10 +23,11 @@ public void invoke(String... args) throws Exception {
logger.info("Token: {}", claims.getBody()); logger.info("Token: {}", claims.getBody());
} }
}); });
this.childCommands.put("server", new SubCommand("[profileName] (authId)", "generate new server token") { this.childCommands.put("server", new SubCommand("[profileName] (authId) (public only)", "generate new server token") {
@Override @Override
public void invoke(String... args) { public void invoke(String... args) {
AuthProviderPair pair = args.length > 1 ? server.config.getAuthProviderPair(args[1]) : server.config.getAuthProviderPair(); AuthProviderPair pair = args.length > 1 ? server.config.getAuthProviderPair(args[1]) : server.config.getAuthProviderPair();
boolean publicOnly = args.length <= 2 || Boolean.parseBoolean(args[2]);
ClientProfile profile = null; ClientProfile profile = null;
for (ClientProfile p : server.getProfiles()) { for (ClientProfile p : server.getProfiles()) {
if (p.getTitle().equals(args[0]) || p.getUUID().toString().equals(args[0])) { if (p.getTitle().equals(args[0]) || p.getUUID().toString().equals(args[0])) {
@ -41,7 +42,7 @@ public void invoke(String... args) {
logger.error("AuthId {} not found", args[1]); logger.error("AuthId {} not found", args[1]);
return; return;
} }
String token = server.authManager.newCheckServerToken(profile != null ? profile.getUUID().toString() : args[0], pair.name); String token = server.authManager.newCheckServerToken(profile != null ? profile.getUUID().toString() : args[0], pair.name, publicOnly);
logger.info("Server token {} authId {}: {}", args[0], pair.name, token); logger.info("Server token {} authId {}: {}", args[0], pair.name, token);
} }
}); });

11
LaunchServer/src/main/java/pro/gravit/launchserver/manangers/AuthManager.java
View file

@ -45,12 +45,13 @@ public AuthManager(LaunchServer server) {
.build(); .build();
} }
public String newCheckServerToken(String serverName, String authId) { public String newCheckServerToken(String serverName, String authId, boolean publicOnly) {
return Jwts.builder() return Jwts.builder()
.setIssuer("LaunchServer") .setIssuer("LaunchServer")
.claim("serverName", serverName) .claim("serverName", serverName)
.claim("authId", authId) .claim("authId", authId)
.claim("tokenType", "checkServer") .claim("tokenType", "checkServer")
.claim("isPublic", publicOnly ? "true" : "false")
.signWith(server.keyAgreementManager.ecdsaPrivateKey) .signWith(server.keyAgreementManager.ecdsaPrivateKey)
.compact(); .compact();
} }
@ -58,7 +59,8 @@ public String newCheckServerToken(String serverName, String authId) {
public CheckServerTokenInfo parseCheckServerToken(String token) { public CheckServerTokenInfo parseCheckServerToken(String token) {
try { try {
var jwt = checkServerTokenParser.parseClaimsJws(token).getBody(); var jwt = checkServerTokenParser.parseClaimsJws(token).getBody();
return new CheckServerTokenInfo(jwt.get("serverName", String.class), jwt.get("authId", String.class)); var isPublicClaim = jwt.get("isPublic", Boolean.class);
return new CheckServerTokenInfo(jwt.get("serverName", String.class), jwt.get("authId", String.class), isPublicClaim == null || isPublicClaim);
} catch (Exception e) { } catch (Exception e) {
return null; return null;
} }
@ -301,7 +303,7 @@ private AuthRequest.AuthPasswordInterface tryDecryptPasswordPlain(AuthRequest.Au
return password; return password;
} }
public record CheckServerTokenInfo(String serverName, String authId) { public record CheckServerTokenInfo(String serverName, String authId, boolean isPublic) {
} }
public static class CheckServerVerifier implements RestoreResponse.ExtendedTokenProvider { public static class CheckServerVerifier implements RestoreResponse.ExtendedTokenProvider {
@ -321,7 +323,10 @@ public boolean accept(Client client, AuthProviderPair pair, String extendedToken
client.auth = server.config.getAuthProviderPair(info.authId); client.auth = server.config.getAuthProviderPair(info.authId);
if (client.permissions == null) client.permissions = new ClientPermissions(); if (client.permissions == null) client.permissions = new ClientPermissions();
client.permissions.addPerm("launchserver.checkserver"); client.permissions.addPerm("launchserver.checkserver");
if(!info.isPublic) {
client.permissions.addPerm("launchserver.checkserver.extended");
client.permissions.addPerm("launchserver.profile.%s.show".formatted(info.serverName)); client.permissions.addPerm("launchserver.profile.%s.show".formatted(info.serverName));
}
client.setProperty("launchserver.serverName", info.serverName); client.setProperty("launchserver.serverName", info.serverName);
return true; return true;
} }

2
LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/CheckServerResponse.java
View file

@ -40,7 +40,7 @@ public void execute(ChannelHandlerContext ctx, Client pClient) {
} }
result.playerProfile = report.playerProfile; result.playerProfile = report.playerProfile;
result.uuid = report.uuid; result.uuid = report.uuid;
if(report.session != null) { if(pClient.permissions.hasPerm("launchserver.checkserver.extended") && report.session != null) {
result.sessionId = report.session.getID(); result.sessionId = report.session.getID();
if(needProperties && report.session instanceof UserSessionSupportProperties supportProperties) { if(needProperties && report.session instanceof UserSessionSupportProperties supportProperties) {
result.sessionProperties = supportProperties.getProperties(); result.sessionProperties = supportProperties.getProperties();