diff --git a/auth.go b/auth.go index 318a9f4..b49426a 100644 --- a/auth.go +++ b/auth.go @@ -1,6 +1,7 @@ package main import ( + "log" "net/http" "github.com/gorilla/mux" @@ -29,8 +30,13 @@ func authenticateEndpoint(w http.ResponseWriter, r *http.Request) { // checks username and password authToken, err := getAuthToken(authPayload.Username, authPayload.Password) + log.Println(err) if err != nil { - err := YggError{Code: 401, Error: "Unauthorized", ErrorMessage: "The username or password is incorrect"} + err := YggError{ + Code: 403, + Error: "ForbiddenOperationException", + ErrorMessage: "Invalid credentials.", + } sendError(w, err) return } @@ -95,7 +101,11 @@ func refreshTokenEndpoint(w http.ResponseWriter, r *http.Request) { return } if refreshPayload == responsePayload { - err := YggError{Code: 400, Error: "Bad Request", ErrorMessage: "The access token is invalid or has expired"} + err := YggError{ + Code: 403, + Error: "ForbiddenOperationException", + ErrorMessage: "Invalid token.", + } sendError(w, err) return } @@ -115,7 +125,11 @@ func validateEndpoint(w http.ResponseWriter, r *http.Request) { return } if !isValid { - err := YggError{Code: 403, Error: "Bad Request", ErrorMessage: "The access token is invalid or has expired"} + err := YggError{ + Code: 403, + Error: "ForbiddenOperationException", + ErrorMessage: "Invalid token.", + } sendError(w, err) return } diff --git a/db.go b/db.go index 81b614b..46af9f0 100644 --- a/db.go +++ b/db.go @@ -199,7 +199,8 @@ func createUser(username string, adminToken string) (string, error) { return "", err } if !exists { - password := uuid.New().String() + // shrunk so it fits into Auth Me login + password := shrinkUUID(uuid.New().String()) insertUser(username, password) return password, nil } else { diff --git a/player.go b/player.go index f02bc89..128c405 100644 --- a/player.go +++ b/player.go @@ -8,7 +8,6 @@ import ( "errors" "io/fs" "os" - "log" ) func _playerExistsBy(query string, value any) (bool, error) { @@ -64,7 +63,6 @@ func getPlayerByUsername(username string) (PlayerData, error) { return _getPlayerBy("username", username) } func getPlayerByAuthToken(auth string) (PlayerData, error) { - log.Println(auth) return _getPlayerBy("auth_token", auth) } diff --git a/session.go b/session.go index 725c1f3..b7ed4b7 100644 --- a/session.go +++ b/session.go @@ -3,10 +3,10 @@ package main import ( "encoding/base64" "encoding/json" + "log" "net/http" "os" "strings" - "log" "github.com/gorilla/mux" ) @@ -56,11 +56,12 @@ func hasJoinedEndpoint(w http.ResponseWriter, r *http.Request) { return } - response, err := generateProfileResponse(params.Get("username"), player.UUID) + response, err := generateProfileResponse(player.UUID, params.Get("username")) if err != nil { handleError(w, err) return } + log.Println(response) sendJSON(w, response) } @@ -82,7 +83,7 @@ func joinEndpoint(w http.ResponseWriter, r *http.Request) { handleError(w, err) return } - log.Println(payload.SelectedProfile, ",", player.UUID) + if payload.SelectedProfile != shrinkUUID(player.UUID) { sendError(w, YggError{ Code: 400, @@ -103,14 +104,13 @@ func registerSessionEndpoints(r *mux.Router) { func generateProfileResponse(uuid string, username string) (ProfileResponse, error) { // todo: make this more visually appealing if possible - clearUUID := strings.Join(strings.Split(uuid, "-"), "") skin := SkinTexture{} skin.Url = config.BaseUrl + "/getTexture/" + uuid + "?type=skin" skin.Metadata = SkinMetadata{} skin.Metadata.Model = "default" textures := ProfileTextureMetadata{} - textures.Id = clearUUID + textures.Id = shrinkUUID(uuid) textures.Name = username textures.Textures = ProfileTextures{} textures.Textures.Skin = skin @@ -129,7 +129,7 @@ func generateProfileResponse(uuid string, username string) (ProfileResponse, err encodedTextures := base64.StdEncoding.EncodeToString(marshalledTextures) response := ProfileResponse{} - response.Id = clearUUID + response.Id = shrinkUUID(uuid) response.Name = username response.Properties = []Property{ {