[FEATURE] Public-Only server token

2024-12-22 16:41:46 +03:00 · 2024-02-07 14:27:04 +07:00 · 2024-02-07 14:27:04 +07:00 · 80fc2900c8
commit 80fc2900c8
parent 4f47398211
3 changed files with 13 additions and 7 deletions
--- a/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/TokenCommand.java
+++ b/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/TokenCommand.java
@ -23,10 +23,11 @@ public void invoke(String... args) throws Exception {
                logger.info("Token: {}", claims.getBody());
            }
        });
-        this.childCommands.put("server", new SubCommand("[profileName] (authId)", "generate new server token") {
+        this.childCommands.put("server", new SubCommand("[profileName] (authId) (public only)", "generate new server token") {
            @Override
            public void invoke(String... args) {
                AuthProviderPair pair = args.length > 1 ? server.config.getAuthProviderPair(args[1]) : server.config.getAuthProviderPair();
+                boolean publicOnly = args.length <= 2 || Boolean.parseBoolean(args[2]);
                ClientProfile profile = null;
                for (ClientProfile p : server.getProfiles()) {
                    if (p.getTitle().equals(args[0]) || p.getUUID().toString().equals(args[0])) {
@ -41,7 +42,7 @@ public void invoke(String... args) {
                    logger.error("AuthId {} not found", args[1]);
                    return;
                }
-                String token = server.authManager.newCheckServerToken(profile != null ? profile.getUUID().toString() : args[0], pair.name);
+                String token = server.authManager.newCheckServerToken(profile != null ? profile.getUUID().toString() : args[0], pair.name, publicOnly);
                logger.info("Server token {} authId {}: {}", args[0], pair.name, token);
            }
        });
--- a/LaunchServer/src/main/java/pro/gravit/launchserver/manangers/AuthManager.java
+++ b/LaunchServer/src/main/java/pro/gravit/launchserver/manangers/AuthManager.java
@ -45,12 +45,13 @@ public AuthManager(LaunchServer server) {
                .build();
    }

-    public String newCheckServerToken(String serverName, String authId) {
+    public String newCheckServerToken(String serverName, String authId, boolean publicOnly) {
        return Jwts.builder()
                .setIssuer("LaunchServer")
                .claim("serverName", serverName)
                .claim("authId", authId)
                .claim("tokenType", "checkServer")
+                .claim("isPublic", publicOnly ? "true" : "false")
                .signWith(server.keyAgreementManager.ecdsaPrivateKey)
                .compact();
    }
@ -58,7 +59,8 @@ public String newCheckServerToken(String serverName, String authId) {
    public CheckServerTokenInfo parseCheckServerToken(String token) {
        try {
            var jwt = checkServerTokenParser.parseClaimsJws(token).getBody();
-            return new CheckServerTokenInfo(jwt.get("serverName", String.class), jwt.get("authId", String.class));
+            var isPublicClaim = jwt.get("isPublic", Boolean.class);
+            return new CheckServerTokenInfo(jwt.get("serverName", String.class), jwt.get("authId", String.class), isPublicClaim == null || isPublicClaim);
        } catch (Exception e) {
            return null;
        }
@ -301,7 +303,7 @@ private AuthRequest.AuthPasswordInterface tryDecryptPasswordPlain(AuthRequest.Au
        return password;
    }

-    public record CheckServerTokenInfo(String serverName, String authId) {
+    public record CheckServerTokenInfo(String serverName, String authId, boolean isPublic) {
    }

    public static class CheckServerVerifier implements RestoreResponse.ExtendedTokenProvider {
@ -321,7 +323,10 @@ public boolean accept(Client client, AuthProviderPair pair, String extendedToken
            client.auth = server.config.getAuthProviderPair(info.authId);
            if (client.permissions == null) client.permissions = new ClientPermissions();
            client.permissions.addPerm("launchserver.checkserver");
-            client.permissions.addPerm("launchserver.profile.%s.show".formatted(info.serverName));
+            if(!info.isPublic) {
+                client.permissions.addPerm("launchserver.checkserver.extended");
+                client.permissions.addPerm("launchserver.profile.%s.show".formatted(info.serverName));
+            }
            client.setProperty("launchserver.serverName", info.serverName);
            return true;
        }
--- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/CheckServerResponse.java
+++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/CheckServerResponse.java
@ -40,7 +40,7 @@ public void execute(ChannelHandlerContext ctx, Client pClient) {
            }
            result.playerProfile = report.playerProfile;
            result.uuid = report.uuid;
-            if(report.session != null) {
+            if(pClient.permissions.hasPerm("launchserver.checkserver.extended") && report.session != null) {
                result.sessionId = report.session.getID();
                if(needProperties && report.session instanceof UserSessionSupportProperties supportProperties) {
                    result.sessionProperties = supportProperties.getProperties();