mirror of
https://github.com/exzork/GCAuth.git
synced 2024-11-24 00:23:58 +00:00
Implement access control
This commit is contained in:
parent
4f4c722b8c
commit
b06d249224
GPG Key ID:
4CBB3F4FA8C85659
10
README.md
10
README.md
@ -1,22 +1,25 @@
|
|||||||
# GCAuth
|
# GCAuth
|
||||||
|
|
||||||
Grasscutter Authentication System
|
Grasscutter Authentication System
|
||||||
|
|
||||||
### Usage :
|
### Usage :
|
||||||
- Place jar inside plugins folder of Grasscutter.
|
- Place jar inside plugins folder of Grasscutter.
|
||||||
- To change hash algorithm change `Hash` in config.json inside plugins/GCAuth (Only Bcrypt and Scrypt is supported)
|
- To change hash algorithm change `Hash` in config.json inside plugins/GCAuth (Only Bcrypt and Scrypt is supported)
|
||||||
|
- To use access control, you need set the `ACCESS_KEY` in config.json inside plugins/GCAuth. (Optional)
|
||||||
- All payload must be send with `application/json` and Compact JSON format ( without unnecessary spaces )
|
- All payload must be send with `application/json` and Compact JSON format ( without unnecessary spaces )
|
||||||
- Auth endpoint is:
|
- Auth endpoint is:
|
||||||
- Authentication Checking : `/authentication/type` (GET) , it'll return `me.exzork.gcauth.handler.GCAuthAuthenticationHandler` if GCAuth is loaded and enabled.
|
- Authentication Checking : `/authentication/type` (GET) , it'll return `me.exzork.gcauth.handler.GCAuthAuthenticationHandler` if GCAuth is loaded and enabled.
|
||||||
- Register: `/authentication/register` (POST)
|
- Register: `/authentication/register` (POST)
|
||||||
```
|
```
|
||||||
{"username":"username","password":"password","password_confirmation":"password_confirmation"}
|
{"username":"username","password":"password","password_confirmation":"password_confirmation","access_key":"access_key"}
|
||||||
```
|
```
|
||||||
- Login: `/authentication/login` (POST)
|
- Login: `/authentication/login` (POST)
|
||||||
```
|
```
|
||||||
{"username":"username","password":"password"}
|
{"username":"username","password":"password","access_key":"access_key"}
|
||||||
```
|
```
|
||||||
- Change password: `/authentication/change_password` (POST)
|
- Change password: `/authentication/change_password` (POST)
|
||||||
```
|
```
|
||||||
{"username":"username","new_password":"new_password","new_password_confirmation":"new_password_confirmation","old_password":"old_password"}
|
{"username":"username","new_password":"new_password","new_password_confirmation":"new_password_confirmation","old_password":"old_password","access_key":"access_key"}
|
||||||
```
|
```
|
||||||
- Response is `JSON` with following keys:
|
- Response is `JSON` with following keys:
|
||||||
- `status` : `success` or `error`
|
- `status` : `success` or `error`
|
||||||
@ -29,6 +32,7 @@ Grasscutter Authentication System
|
|||||||
- UNKNOWN : Unknown error
|
- UNKNOWN : Unknown error
|
||||||
- INVALID_ACCOUNT : Username or password is invalid
|
- INVALID_ACCOUNT : Username or password is invalid
|
||||||
- NO_PASSWORD : Password is not set, please set password first by resetting it (change password)
|
- NO_PASSWORD : Password is not set, please set password first by resetting it (change password)
|
||||||
|
- ERROR_ACCESS_KEY : Access key is invalid (if access control is enabled)
|
||||||
- `jwt` : JWT token if success with body :
|
- `jwt` : JWT token if success with body :
|
||||||
- `token` : Token used for authentication, paste it in username field of client.
|
- `token` : Token used for authentication, paste it in username field of client.
|
||||||
- `username` : Username of the user.
|
- `username` : Username of the user.
|
||||||
|
|||||||
@ -5,4 +5,5 @@ import me.exzork.gcauth.utils.Authentication;
|
|||||||
public final class Config {
|
public final class Config {
|
||||||
public String Hash = "BCRYPT";
|
public String Hash = "BCRYPT";
|
||||||
public String jwtSecret = Authentication.generateRandomString(32);
|
public String jwtSecret = Authentication.generateRandomString(32);
|
||||||
|
public String ACCESS_KEY = "";
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,6 +6,7 @@ import emu.grasscutter.game.Account;
|
|||||||
import express.http.HttpContextHandler;
|
import express.http.HttpContextHandler;
|
||||||
import express.http.Request;
|
import express.http.Request;
|
||||||
import express.http.Response;
|
import express.http.Response;
|
||||||
|
import me.exzork.gcauth.GCAuth;
|
||||||
import me.exzork.gcauth.json.AuthResponseJson;
|
import me.exzork.gcauth.json.AuthResponseJson;
|
||||||
import me.exzork.gcauth.json.ChangePasswordAccount;
|
import me.exzork.gcauth.json.ChangePasswordAccount;
|
||||||
import me.exzork.gcauth.utils.Authentication;
|
import me.exzork.gcauth.utils.Authentication;
|
||||||
@ -25,6 +26,11 @@ public class ChangePasswordHandler implements HttpContextHandler {
|
|||||||
authResponse.jwt = "";
|
authResponse.jwt = "";
|
||||||
} else {
|
} else {
|
||||||
ChangePasswordAccount changePasswordAccount = new Gson().fromJson(requestBody, ChangePasswordAccount.class);
|
ChangePasswordAccount changePasswordAccount = new Gson().fromJson(requestBody, ChangePasswordAccount.class);
|
||||||
|
if (!GCAuth.getConfigStatic().ACCESS_KEY.isEmpty() && !GCAuth.getConfigStatic().ACCESS_KEY.equals(changePasswordAccount.access_key)){
|
||||||
|
authResponse.success = false;
|
||||||
|
authResponse.message = "ERROR_ACCESS_KEY"; // ENG = "Error access key was sent with the request"
|
||||||
|
authResponse.jwt = "";
|
||||||
|
} else {
|
||||||
if (changePasswordAccount.new_password.equals(changePasswordAccount.new_password_confirmation)) {
|
if (changePasswordAccount.new_password.equals(changePasswordAccount.new_password_confirmation)) {
|
||||||
Account account = Authentication.getAccountByUsernameAndPassword(changePasswordAccount.username, changePasswordAccount.old_password);
|
Account account = Authentication.getAccountByUsernameAndPassword(changePasswordAccount.username, changePasswordAccount.old_password);
|
||||||
if (account == null) {
|
if (account == null) {
|
||||||
@ -51,6 +57,7 @@ public class ChangePasswordHandler implements HttpContextHandler {
|
|||||||
authResponse.jwt = "";
|
authResponse.jwt = "";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
authResponse.success = false;
|
authResponse.success = false;
|
||||||
authResponse.message = "UNKNOWN"; // ENG = "An unknown error has occurred..."
|
authResponse.message = "UNKNOWN"; // ENG = "An unknown error has occurred..."
|
||||||
|
|||||||
@ -44,6 +44,11 @@ public class GCAuthAuthenticationHandler implements AuthenticationHandler {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean verifyUser(String details) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public LoginResultJson handleGameLogin(Request request, LoginAccountRequestJson requestData) {
|
public LoginResultJson handleGameLogin(Request request, LoginAccountRequestJson requestData) {
|
||||||
LoginResultJson responseData = new LoginResultJson();
|
LoginResultJson responseData = new LoginResultJson();
|
||||||
|
|||||||
@ -6,6 +6,7 @@ import emu.grasscutter.game.Account;
|
|||||||
import express.http.HttpContextHandler;
|
import express.http.HttpContextHandler;
|
||||||
import express.http.Request;
|
import express.http.Request;
|
||||||
import express.http.Response;
|
import express.http.Response;
|
||||||
|
import me.exzork.gcauth.GCAuth;
|
||||||
import me.exzork.gcauth.json.AuthResponseJson;
|
import me.exzork.gcauth.json.AuthResponseJson;
|
||||||
import me.exzork.gcauth.json.LoginGenerateToken;
|
import me.exzork.gcauth.json.LoginGenerateToken;
|
||||||
import me.exzork.gcauth.utils.Authentication;
|
import me.exzork.gcauth.utils.Authentication;
|
||||||
@ -26,6 +27,11 @@ public class LoginHandler implements HttpContextHandler {
|
|||||||
authResponse.jwt = "";
|
authResponse.jwt = "";
|
||||||
} else {
|
} else {
|
||||||
LoginGenerateToken loginGenerateToken = new Gson().fromJson(requestBody, LoginGenerateToken.class);
|
LoginGenerateToken loginGenerateToken = new Gson().fromJson(requestBody, LoginGenerateToken.class);
|
||||||
|
if (!GCAuth.getConfigStatic().ACCESS_KEY.isEmpty() && !GCAuth.getConfigStatic().ACCESS_KEY.equals(loginGenerateToken.access_key)){
|
||||||
|
authResponse.success = false;
|
||||||
|
authResponse.message = "ERROR_ACCESS_KEY"; // ENG = "Error access key was sent with the request"
|
||||||
|
authResponse.jwt = "";
|
||||||
|
} else {
|
||||||
Account account = Authentication.getAccountByUsernameAndPassword(loginGenerateToken.username, loginGenerateToken.password);
|
Account account = Authentication.getAccountByUsernameAndPassword(loginGenerateToken.username, loginGenerateToken.password);
|
||||||
if (account == null) {
|
if (account == null) {
|
||||||
authResponse.success = false;
|
authResponse.success = false;
|
||||||
@ -43,6 +49,7 @@ public class LoginHandler implements HttpContextHandler {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
authResponse.success = false;
|
authResponse.success = false;
|
||||||
authResponse.message = "UNKNOWN"; // ENG = "An unknown error has occurred..."
|
authResponse.message = "UNKNOWN"; // ENG = "An unknown error has occurred..."
|
||||||
|
|||||||
@ -7,6 +7,7 @@ import emu.grasscutter.game.Account;
|
|||||||
import express.http.HttpContextHandler;
|
import express.http.HttpContextHandler;
|
||||||
import express.http.Request;
|
import express.http.Request;
|
||||||
import express.http.Response;
|
import express.http.Response;
|
||||||
|
import me.exzork.gcauth.GCAuth;
|
||||||
import me.exzork.gcauth.json.AuthResponseJson;
|
import me.exzork.gcauth.json.AuthResponseJson;
|
||||||
import me.exzork.gcauth.json.RegisterAccount;
|
import me.exzork.gcauth.json.RegisterAccount;
|
||||||
import me.exzork.gcauth.utils.Authentication;
|
import me.exzork.gcauth.utils.Authentication;
|
||||||
@ -26,6 +27,11 @@ public class RegisterHandler implements HttpContextHandler {
|
|||||||
authResponse.jwt = "";
|
authResponse.jwt = "";
|
||||||
} else {
|
} else {
|
||||||
RegisterAccount registerAccount = new Gson().fromJson(requestBody, RegisterAccount.class);
|
RegisterAccount registerAccount = new Gson().fromJson(requestBody, RegisterAccount.class);
|
||||||
|
if (!GCAuth.getConfigStatic().ACCESS_KEY.isEmpty() && !GCAuth.getConfigStatic().ACCESS_KEY.equals(registerAccount.access_key)){
|
||||||
|
authResponse.success = false;
|
||||||
|
authResponse.message = "ERROR_ACCESS_KEY"; // ENG = "Error access key was sent with the request"
|
||||||
|
authResponse.jwt = "";
|
||||||
|
} else {
|
||||||
if (registerAccount.password.equals(registerAccount.password_confirmation)) {
|
if (registerAccount.password.equals(registerAccount.password_confirmation)) {
|
||||||
if (registerAccount.password.length() >= 8) {
|
if (registerAccount.password.length() >= 8) {
|
||||||
String password = Authentication.generateHash(registerAccount.password);
|
String password = Authentication.generateHash(registerAccount.password);
|
||||||
@ -65,6 +71,7 @@ public class RegisterHandler implements HttpContextHandler {
|
|||||||
authResponse.jwt = "";
|
authResponse.jwt = "";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
authResponse.success = false;
|
authResponse.success = false;
|
||||||
authResponse.message = "UNKNOWN"; // ENG = "An unknown error has occurred..."
|
authResponse.message = "UNKNOWN"; // ENG = "An unknown error has occurred..."
|
||||||
|
|||||||
@ -5,4 +5,5 @@ public class ChangePasswordAccount {
|
|||||||
public String new_password;
|
public String new_password;
|
||||||
public String new_password_confirmation;
|
public String new_password_confirmation;
|
||||||
public String old_password;
|
public String old_password;
|
||||||
|
public String access_key;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,4 +3,5 @@ package me.exzork.gcauth.json;
|
|||||||
public class LoginGenerateToken {
|
public class LoginGenerateToken {
|
||||||
public String username;
|
public String username;
|
||||||
public String password;
|
public String password;
|
||||||
|
public String access_key;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -4,4 +4,5 @@ public class RegisterAccount {
|
|||||||
public String username;
|
public String username;
|
||||||
public String password;
|
public String password;
|
||||||
public String password_confirmation;
|
public String password_confirmation;
|
||||||
|
public String access_key;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -49,12 +49,11 @@ public final class Authentication {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static String generateJwt(Account account) {
|
public static String generateJwt(Account account) {
|
||||||
String jws = JWT.create()
|
return JWT.create()
|
||||||
.withClaim("token",generateOneTimeToken(account))
|
.withClaim("token",generateOneTimeToken(account))
|
||||||
.withClaim("username",account.getUsername())
|
.withClaim("username",account.getUsername())
|
||||||
.withClaim("uid",account.getPlayerUid())
|
.withClaim("uid",account.getPlayerUid())
|
||||||
.sign(key);
|
.sign(key);
|
||||||
return jws;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String generateHash(String password) {
|
public static String generateHash(String password) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user