tripwire/auth.go

196 lines
4.4 KiB
Go
Raw Normal View History

2022-06-23 00:07:14 +00:00
package main
import (
2022-06-25 22:09:27 +00:00
"crypto/x509"
2022-06-23 00:07:14 +00:00
"net/http"
"github.com/gorilla/mux"
)
2022-06-23 00:47:00 +00:00
func rootEndpoint(w http.ResponseWriter, r *http.Request) {
2022-06-25 22:09:27 +00:00
skinDomains := []string{
config.BaseUrl,
}
response := YggdrasilInfo{
2022-06-23 00:47:00 +00:00
Status: "OK",
RuntimeMode: "productionMode",
AppAuthor: "Tripwire Team",
AppDescription: "Custom Yggdrasil authentication server",
SpecVersion: "5.2.0",
AppName: "tripwire.yggdrasil",
ImplVersion: "5.2.0",
AppOwner: "Who knows?",
2022-06-25 22:09:27 +00:00
//Used by authlib-injector
SkinDomains: skinDomains,
}
if publicKey != nil {
pubkey, err := x509.MarshalPKIXPublicKey(publicKey)
if err == nil {
pubKeyString := string(encodePem(pubkey, "PUBLIC KEY"))
response.PublicKey = &pubKeyString
}
}
sendJSON(w, response)
2022-06-23 00:47:00 +00:00
}
2022-06-23 00:07:14 +00:00
func authenticateEndpoint(w http.ResponseWriter, r *http.Request) {
var authPayload AuthPayload
err := unmarshalTo(r, &authPayload)
if err != nil {
handleError(w, err)
return
}
// checks username and password
authToken, err := getAuthToken(authPayload.Username, authPayload.Password)
2022-06-25 15:25:08 +00:00
2022-06-23 00:07:14 +00:00
if err != nil {
err := YggError{
Code: 403,
Error: "ForbiddenOperationException",
ErrorMessage: "Invalid credentials.",
}
2022-06-23 00:07:14 +00:00
sendError(w, err)
return
}
// authenticated at this point
clientToken, err := checkClientToken(authPayload.ClientToken, authPayload.Username)
if err != nil {
handleError(w, err)
return
}
2022-06-25 03:25:49 +00:00
player, err := getPlayerByUsername(authPayload.Username)
2022-06-23 00:07:14 +00:00
if err != nil {
handleError(w, err)
return
}
2022-06-25 03:25:49 +00:00
profile := MCProfile{authPayload.Username, player.UUID}
2022-06-23 00:07:14 +00:00
authResponse := AuthResponse{
ClientToken: clientToken,
AccessToken: authToken,
AvailableProfiles: []MCProfile{
profile,
},
SelectedProfile: profile,
}
sendJSON(w, authResponse)
}
func addUserEndpoint(w http.ResponseWriter, r *http.Request) {
var user UserCredentials
err := unmarshalTo(r, &user)
if err != nil {
handleError(w, err)
return
}
// add user to db
newPassword, err := createUser(user.Username, user.Password)
if err != nil {
handleError(w, err)
return
}
// in this case, password is the admin token, not the password to assign
// send response
respAccount := UserCredentials{
Username: user.Username,
Password: newPassword,
}
sendJSON(w, respAccount)
}
func refreshTokenEndpoint(w http.ResponseWriter, r *http.Request) {
var refreshPayload RefreshPayload
err := unmarshalTo(r, &refreshPayload)
if err != nil {
handleError(w, err)
return
}
responsePayload, err := refreshTokens(refreshPayload)
if err != nil {
handleError(w, err)
return
}
if refreshPayload == responsePayload {
err := YggError{
Code: 403,
Error: "ForbiddenOperationException",
ErrorMessage: "Invalid token.",
}
2022-06-23 00:07:14 +00:00
sendError(w, err)
return
}
sendJSON(w, responsePayload)
}
func validateEndpoint(w http.ResponseWriter, r *http.Request) {
var refreshPayload RefreshPayload
err := unmarshalTo(r, &refreshPayload)
if err != nil {
handleError(w, err)
return
}
isValid, err := validateTokens(refreshPayload.AccessToken, refreshPayload.ClientToken)
if err != nil {
handleError(w, err)
return
}
if !isValid {
err := YggError{
Code: 403,
Error: "ForbiddenOperationException",
ErrorMessage: "Invalid token.",
}
2022-06-23 00:07:14 +00:00
sendError(w, err)
return
}
sendEmpty(w)
}
func signoutEndpoint(w http.ResponseWriter, r *http.Request) {
var creds UserCredentials
err := unmarshalTo(r, &creds)
if err != nil {
handleError(w, err)
return
}
err = invalidateTokensWithLogin(creds.Username, creds.Password)
if err != nil {
handleError(w, err)
return
}
sendEmpty(w)
}
func invalidateEndpoint(w http.ResponseWriter, r *http.Request) {
var refreshPayload RefreshPayload
err := unmarshalTo(r, &refreshPayload)
if err != nil {
handleError(w, err)
return
}
err = invalidateTokens(refreshPayload.AccessToken, refreshPayload.ClientToken)
if err != nil {
handleError(w, err)
return
}
sendEmpty(w)
}
func registerAuthEndpoints(r *mux.Router) {
2022-06-25 03:25:49 +00:00
prefix := "/authserver"
r.HandleFunc(prefix+"/", rootEndpoint)
r.HandleFunc(prefix+"/authenticate", authenticateEndpoint).Methods("POST")
r.HandleFunc(prefix+"/refresh", refreshTokenEndpoint).Methods("POST")
r.HandleFunc(prefix+"/signout", signoutEndpoint).Methods("POST")
r.HandleFunc(prefix+"/invalidate", invalidateEndpoint).Methods("POST")
r.HandleFunc(prefix+"/validate", validateEndpoint).Methods("POST")
r.HandleFunc(prefix+"/admin/addUser", addUserEndpoint).Methods("POST")
2022-06-23 00:07:14 +00:00
}