mirror of
https://github.com/Grasscutters/Grasscutter.git
synced 2025-01-10 22:03:03 +08:00
Add new authentication system
This commit is contained in:
parent
0b21a43900
commit
39f23a0c47
101
src/main/java/emu/grasscutter/auth/AuthenticationSystem.java
Normal file
101
src/main/java/emu/grasscutter/auth/AuthenticationSystem.java
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
package emu.grasscutter.auth;
|
||||||
|
|
||||||
|
import emu.grasscutter.server.http.objects.*;
|
||||||
|
import express.http.Request;
|
||||||
|
import lombok.AllArgsConstructor;
|
||||||
|
import lombok.Builder;
|
||||||
|
import lombok.Getter;
|
||||||
|
|
||||||
|
import javax.annotation.Nullable;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Defines an authenticator for the server.
|
||||||
|
* Can be changed by plugins.
|
||||||
|
*/
|
||||||
|
public interface AuthenticationSystem {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Called when a user requests to make an account.
|
||||||
|
* @param username The provided username.
|
||||||
|
* @param password The provided password. (SHA-256'ed)
|
||||||
|
*/
|
||||||
|
void createAccount(String username, String password);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Called when a user requests to reset their password.
|
||||||
|
* @param username The username of the account to reset.
|
||||||
|
*/
|
||||||
|
void resetPassword(String username);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This is the authenticator used for password authentication.
|
||||||
|
* @return An authenticator.
|
||||||
|
*/
|
||||||
|
Authenticator<LoginResultJson> getPasswordAuthenticator();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This is the authenticator used for token authentication.
|
||||||
|
* @return An authenticator.
|
||||||
|
*/
|
||||||
|
Authenticator<LoginResultJson> getTokenAuthenticator();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This is the authenticator used for session authentication.
|
||||||
|
* @return An authenticator.
|
||||||
|
*/
|
||||||
|
Authenticator<ComboTokenResJson> getSessionKeyAuthenticator();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A data container that holds relevant data for authenticating a client.
|
||||||
|
* Call {@link AuthenticationRequest#builder()} to create a builder.
|
||||||
|
*/
|
||||||
|
@Builder @AllArgsConstructor @Getter
|
||||||
|
class AuthenticationRequest {
|
||||||
|
private final Request request;
|
||||||
|
@Nullable private final LoginAccountRequestJson passwordRequest;
|
||||||
|
@Nullable private final LoginTokenRequestJson tokenRequest;
|
||||||
|
@Nullable private final ComboTokenReqJson sessionKeyRequest;
|
||||||
|
@Nullable private final ComboTokenReqJson.LoginTokenData sessionKeyData;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generates an authentication request from a {@link LoginAccountRequestJson} object.
|
||||||
|
* @param request The Express request.
|
||||||
|
* @param jsonData The JSON data.
|
||||||
|
* @return An authentication request.
|
||||||
|
*/
|
||||||
|
static AuthenticationRequest fromPasswordRequest(Request request, LoginAccountRequestJson jsonData) {
|
||||||
|
return AuthenticationRequest.builder()
|
||||||
|
.request(request)
|
||||||
|
.passwordRequest(jsonData)
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generates an authentication request from a {@link LoginTokenRequestJson} object.
|
||||||
|
* @param request The Express request.
|
||||||
|
* @param jsonData The JSON data.
|
||||||
|
* @return An authentication request.
|
||||||
|
*/
|
||||||
|
static AuthenticationRequest fromTokenRequest(Request request, LoginTokenRequestJson jsonData) {
|
||||||
|
return AuthenticationRequest.builder()
|
||||||
|
.request(request)
|
||||||
|
.tokenRequest(jsonData)
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generates an authentication request from a {@link ComboTokenReqJson} object.
|
||||||
|
* @param request The Express request.
|
||||||
|
* @param jsonData The JSON data.
|
||||||
|
* @return An authentication request.
|
||||||
|
*/
|
||||||
|
static AuthenticationRequest fromComboTokenRequest(Request request, ComboTokenReqJson jsonData,
|
||||||
|
ComboTokenReqJson.LoginTokenData tokenData) {
|
||||||
|
return AuthenticationRequest.builder()
|
||||||
|
.request(request)
|
||||||
|
.sessionKeyRequest(jsonData)
|
||||||
|
.sessionKeyData(tokenData)
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
}
|
17
src/main/java/emu/grasscutter/auth/Authenticator.java
Normal file
17
src/main/java/emu/grasscutter/auth/Authenticator.java
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
package emu.grasscutter.auth;
|
||||||
|
|
||||||
|
import emu.grasscutter.server.http.objects.*;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handles username/password authentication from the client.
|
||||||
|
* @param <T> The response object type. Should be {@link LoginResultJson} or {@link ComboTokenResJson}
|
||||||
|
*/
|
||||||
|
public interface Authenticator<T> {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Attempt to authenticate the client with the provided credentials.
|
||||||
|
* @param request The authentication request wrapped in a {@link AuthenticationSystem.AuthenticationRequest} object.
|
||||||
|
* @return The result of the login in an object.
|
||||||
|
*/
|
||||||
|
T authenticate(AuthenticationSystem.AuthenticationRequest request);
|
||||||
|
}
|
@ -0,0 +1,40 @@
|
|||||||
|
package emu.grasscutter.auth;
|
||||||
|
|
||||||
|
import emu.grasscutter.auth.DefaultAuthenticators.*;
|
||||||
|
import emu.grasscutter.server.http.objects.ComboTokenResJson;
|
||||||
|
import emu.grasscutter.server.http.objects.LoginResultJson;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The default Grasscutter authentication implementation.
|
||||||
|
* Allows all users to access any account.
|
||||||
|
*/
|
||||||
|
public final class DefaultAuthentication implements AuthenticationSystem {
|
||||||
|
private final Authenticator<LoginResultJson> passwordAuthenticator = new PasswordAuthenticator();
|
||||||
|
private final Authenticator<LoginResultJson> tokenAuthenticator = new TokenAuthenticator();
|
||||||
|
private final Authenticator<ComboTokenResJson> sessionKeyAuthenticator = new SessionKeyAuthenticator();
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void createAccount(String username, String password) {
|
||||||
|
// Unhandled. The default authenticator doesn't store passwords.
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void resetPassword(String username) {
|
||||||
|
// Unhandled. The default authenticator doesn't store passwords.
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Authenticator<LoginResultJson> getPasswordAuthenticator() {
|
||||||
|
return this.passwordAuthenticator;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Authenticator<LoginResultJson> getTokenAuthenticator() {
|
||||||
|
return this.tokenAuthenticator;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Authenticator<ComboTokenResJson> getSessionKeyAuthenticator() {
|
||||||
|
return this.sessionKeyAuthenticator;
|
||||||
|
}
|
||||||
|
}
|
161
src/main/java/emu/grasscutter/auth/DefaultAuthenticators.java
Normal file
161
src/main/java/emu/grasscutter/auth/DefaultAuthenticators.java
Normal file
@ -0,0 +1,161 @@
|
|||||||
|
package emu.grasscutter.auth;
|
||||||
|
|
||||||
|
import emu.grasscutter.Grasscutter;
|
||||||
|
import emu.grasscutter.auth.AuthenticationSystem.AuthenticationRequest;
|
||||||
|
import emu.grasscutter.database.DatabaseHelper;
|
||||||
|
import emu.grasscutter.game.Account;
|
||||||
|
import emu.grasscutter.server.http.objects.*;
|
||||||
|
|
||||||
|
import static emu.grasscutter.Configuration.*;
|
||||||
|
import static emu.grasscutter.utils.Language.translate;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A class containing default authenticators.
|
||||||
|
*/
|
||||||
|
public final class DefaultAuthenticators {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handles the authentication request from the username & password form.
|
||||||
|
*/
|
||||||
|
public static class PasswordAuthenticator implements Authenticator<LoginResultJson> {
|
||||||
|
@Override public LoginResultJson authenticate(AuthenticationRequest request) {
|
||||||
|
var response = new LoginResultJson();
|
||||||
|
|
||||||
|
var requestData = request.getPasswordRequest();
|
||||||
|
assert requestData != null; // This should never be null.
|
||||||
|
|
||||||
|
boolean successfulLogin = false;
|
||||||
|
String address = request.getRequest().ip();
|
||||||
|
String responseMessage = translate("messages.dispatch.account.username_error");
|
||||||
|
|
||||||
|
// Get account from database.
|
||||||
|
Account account = DatabaseHelper.getAccountByName(requestData.account);
|
||||||
|
|
||||||
|
// Check if account exists.
|
||||||
|
if(account == null && ACCOUNT.autoCreate) {
|
||||||
|
// This account has been created AUTOMATICALLY. There will be no permissions added.
|
||||||
|
account = DatabaseHelper.createAccountWithId(requestData.account, 0);
|
||||||
|
|
||||||
|
// Check if the account was created successfully.
|
||||||
|
if(account == null) {
|
||||||
|
responseMessage = translate("messages.dispatch.account.username_create_error");
|
||||||
|
Grasscutter.getLogger().info(translate("messages.dispatch.account.account_login_create_error", address));
|
||||||
|
} else {
|
||||||
|
// Add default permissions.
|
||||||
|
for (var permission : ACCOUNT.defaultPermissions)
|
||||||
|
account.addPermission(permission);
|
||||||
|
|
||||||
|
// Continue with login.
|
||||||
|
successfulLogin = true;
|
||||||
|
|
||||||
|
// Log the creation.
|
||||||
|
Grasscutter.getLogger().info(translate("messages.dispatch.account.account_login_create_success", address, response.data.account.uid));
|
||||||
|
}
|
||||||
|
} else if(account != null)
|
||||||
|
successfulLogin = true;
|
||||||
|
|
||||||
|
// Set response data.
|
||||||
|
if(successfulLogin) {
|
||||||
|
response.message = "OK";
|
||||||
|
response.data.account.uid = account.getId();
|
||||||
|
response.data.account.token = account.generateSessionKey();
|
||||||
|
response.data.account.email = account.getEmail();
|
||||||
|
|
||||||
|
// Log the login.
|
||||||
|
Grasscutter.getLogger().info(translate("messages.dispatch.account.login_success", address, account.getId()));
|
||||||
|
} else {
|
||||||
|
response.retcode = -201;
|
||||||
|
response.message = responseMessage;
|
||||||
|
|
||||||
|
// Log the failure.
|
||||||
|
Grasscutter.getLogger().info(translate("messages.dispatch.account.account_login_exist_error", address));
|
||||||
|
}
|
||||||
|
|
||||||
|
return response;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handles the authentication request from the game when using a registry token.
|
||||||
|
*/
|
||||||
|
public static class TokenAuthenticator implements Authenticator<LoginResultJson> {
|
||||||
|
@Override public LoginResultJson authenticate(AuthenticationRequest request) {
|
||||||
|
var response = new LoginResultJson();
|
||||||
|
|
||||||
|
var requestData = request.getTokenRequest();
|
||||||
|
assert requestData != null;
|
||||||
|
|
||||||
|
boolean successfulLogin;
|
||||||
|
String address = request.getRequest().ip();
|
||||||
|
|
||||||
|
// Log the attempt.
|
||||||
|
Grasscutter.getLogger().info(translate("messages.dispatch.account.login_token_attempt", address));
|
||||||
|
|
||||||
|
// Get account from database.
|
||||||
|
Account account = DatabaseHelper.getAccountById(requestData.uid);
|
||||||
|
|
||||||
|
// Check if account exists/token is valid.
|
||||||
|
successfulLogin = account != null && account.getSessionKey().equals(requestData.token);
|
||||||
|
|
||||||
|
// Set response data.
|
||||||
|
if(successfulLogin) {
|
||||||
|
response.message = "OK";
|
||||||
|
response.data.account.uid = account.getId();
|
||||||
|
response.data.account.token = account.getSessionKey();
|
||||||
|
response.data.account.email = account.getEmail();
|
||||||
|
|
||||||
|
// Log the login.
|
||||||
|
Grasscutter.getLogger().info(translate("messages.dispatch.account.login_token_success", address, requestData.uid));
|
||||||
|
} else {
|
||||||
|
response.retcode = -201;
|
||||||
|
response.message = translate("messages.dispatch.account.account_cache_error");
|
||||||
|
|
||||||
|
// Log the failure.
|
||||||
|
Grasscutter.getLogger().info(translate("messages.dispatch.account.login_token_error", address));
|
||||||
|
}
|
||||||
|
|
||||||
|
return response;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handles the authentication request from the game when using a combo token/session key.
|
||||||
|
*/
|
||||||
|
public static class SessionKeyAuthenticator implements Authenticator<ComboTokenResJson> {
|
||||||
|
@Override public ComboTokenResJson authenticate(AuthenticationRequest request) {
|
||||||
|
var response = new ComboTokenResJson();
|
||||||
|
|
||||||
|
var requestData = request.getSessionKeyRequest();
|
||||||
|
var loginData = request.getSessionKeyData();
|
||||||
|
assert requestData != null; assert loginData != null;
|
||||||
|
|
||||||
|
boolean successfulLogin;
|
||||||
|
String address = request.getRequest().ip();
|
||||||
|
|
||||||
|
// Get account from database.
|
||||||
|
Account account = DatabaseHelper.getAccountById(loginData.uid);
|
||||||
|
|
||||||
|
// Check if account exists/token is valid.
|
||||||
|
successfulLogin = account != null && account.getSessionKey().equals(loginData.token);
|
||||||
|
|
||||||
|
// Set response data.
|
||||||
|
if(successfulLogin) {
|
||||||
|
response.message = "OK";
|
||||||
|
response.data.open_id = account.getId();
|
||||||
|
response.data.combo_id = "157795300";
|
||||||
|
response.data.combo_token = account.generateLoginToken();
|
||||||
|
|
||||||
|
// Log the login.
|
||||||
|
Grasscutter.getLogger().info(translate("messages.dispatch.account.combo_token_success", address));
|
||||||
|
} else {
|
||||||
|
response.retcode = -201;
|
||||||
|
response.message = translate("messages.dispatch.account.session_key_error");
|
||||||
|
|
||||||
|
// Log the failure.
|
||||||
|
Grasscutter.getLogger().info(translate("messages.dispatch.account.combo_token_error", address));
|
||||||
|
}
|
||||||
|
|
||||||
|
return response;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user