Implement access control

README.md

@@ -1,22 +1,25 @@
 # GCAuth
+
 Grasscutter Authentication System
+
 ### Usage : 
 - Place jar inside plugins folder of Grasscutter.
 - To change hash algorithm change `Hash` in config.json inside plugins/GCAuth (Only Bcrypt and Scrypt is supported)
+- To use access control, you need set the `ACCESS_KEY` in config.json inside plugins/GCAuth. (Optional)
 - All payload must be send with `application/json` and Compact JSON format ( without unnecessary spaces )
 - Auth endpoint is:
   - Authentication Checking : `/authentication/type` (GET) , it'll return `me.exzork.gcauth.handler.GCAuthAuthenticationHandler` if GCAuth is loaded and enabled.
   - Register: `/authentication/register` (POST)
   ```
-  {"username":"username","password":"password","password_confirmation":"password_confirmation"}
+  {"username":"username","password":"password","password_confirmation":"password_confirmation","access_key":"access_key"}
   ```
   - Login: `/authentication/login` (POST) 
   ```
-  {"username":"username","password":"password"}
+  {"username":"username","password":"password","access_key":"access_key"}
   ```
   - Change password: `/authentication/change_password` (POST)  
   ```
-  {"username":"username","new_password":"new_password","new_password_confirmation":"new_password_confirmation","old_password":"old_password"}
+  {"username":"username","new_password":"new_password","new_password_confirmation":"new_password_confirmation","old_password":"old_password","access_key":"access_key"}
   ```
 - Response is `JSON` with following keys:
   - `status` : `success` or `error`
@@ -29,6 +32,7 @@ Grasscutter Authentication System
     - UNKNOWN : Unknown error
     - INVALID_ACCOUNT : Username or password is invalid
     - NO_PASSWORD : Password is not set, please set password first by resetting it (change password)
+    - ERROR_ACCESS_KEY : Access key is invalid (if access control is enabled)
   - `jwt` : JWT token if success with body :
     - `token` : Token used for authentication, paste it in username field of client.
     - `username` : Username of the user.

src/main/java/me/exzork/gcauth/Config.java

@@ -5,4 +5,5 @@ import me.exzork.gcauth.utils.Authentication;
 public final class Config {
     public String Hash = "BCRYPT";
     public String jwtSecret = Authentication.generateRandomString(32);
+    public String ACCESS_KEY = "";
 }

src/main/java/me/exzork/gcauth/handler/ChangePasswordHandler.java

@@ -6,6 +6,7 @@ import emu.grasscutter.game.Account;
 import express.http.HttpContextHandler;
 import express.http.Request;
 import express.http.Response;
+import me.exzork.gcauth.GCAuth;
 import me.exzork.gcauth.json.AuthResponseJson;
 import me.exzork.gcauth.json.ChangePasswordAccount;
 import me.exzork.gcauth.utils.Authentication;
@@ -25,6 +26,11 @@ public class ChangePasswordHandler implements HttpContextHandler {
                 authResponse.jwt = "";
             } else {
                 ChangePasswordAccount changePasswordAccount = new Gson().fromJson(requestBody, ChangePasswordAccount.class);
+                if (!GCAuth.getConfigStatic().ACCESS_KEY.isEmpty() && !GCAuth.getConfigStatic().ACCESS_KEY.equals(changePasswordAccount.access_key)){
+                    authResponse.success = false;
+                    authResponse.message = "ERROR_ACCESS_KEY"; // ENG = "Error access key was sent with the request"
+                    authResponse.jwt = "";
+                } else {
                     if (changePasswordAccount.new_password.equals(changePasswordAccount.new_password_confirmation)) {
                         Account account = Authentication.getAccountByUsernameAndPassword(changePasswordAccount.username, changePasswordAccount.old_password);
                         if (account == null) {
@@ -51,6 +57,7 @@ public class ChangePasswordHandler implements HttpContextHandler {
                         authResponse.jwt = "";
                     }
                 }
+            }
         } catch (Exception e) {
             authResponse.success = false;
             authResponse.message = "UNKNOWN"; // ENG = "An unknown error has occurred..."

src/main/java/me/exzork/gcauth/handler/GCAuthAuthenticationHandler.java

@@ -44,6 +44,11 @@ public class GCAuthAuthenticationHandler implements AuthenticationHandler {
         }
     }
 
+    @Override
+    public boolean verifyUser(String details) {
+        return false;
+    }
+
     @Override
     public LoginResultJson handleGameLogin(Request request, LoginAccountRequestJson requestData) {
         LoginResultJson responseData = new LoginResultJson();

src/main/java/me/exzork/gcauth/handler/LoginHandler.java

@@ -6,6 +6,7 @@ import emu.grasscutter.game.Account;
 import express.http.HttpContextHandler;
 import express.http.Request;
 import express.http.Response;
+import me.exzork.gcauth.GCAuth;
 import me.exzork.gcauth.json.AuthResponseJson;
 import me.exzork.gcauth.json.LoginGenerateToken;
 import me.exzork.gcauth.utils.Authentication;
@@ -26,6 +27,11 @@ public class LoginHandler implements HttpContextHandler {
                 authResponse.jwt = "";
             } else {
                 LoginGenerateToken loginGenerateToken = new Gson().fromJson(requestBody, LoginGenerateToken.class);
+                if (!GCAuth.getConfigStatic().ACCESS_KEY.isEmpty() && !GCAuth.getConfigStatic().ACCESS_KEY.equals(loginGenerateToken.access_key)){
+                    authResponse.success = false;
+                    authResponse.message = "ERROR_ACCESS_KEY"; // ENG = "Error access key was sent with the request"
+                    authResponse.jwt = "";
+                } else {
                     Account account = Authentication.getAccountByUsernameAndPassword(loginGenerateToken.username, loginGenerateToken.password);
                     if (account == null) {
                         authResponse.success = false;
@@ -43,6 +49,7 @@ public class LoginHandler implements HttpContextHandler {
                         }
                     }
                 }
+            }
         } catch (Exception e) {
             authResponse.success = false;
             authResponse.message = "UNKNOWN"; // ENG = "An unknown error has occurred..."

src/main/java/me/exzork/gcauth/handler/RegisterHandler.java

@@ -7,6 +7,7 @@ import emu.grasscutter.game.Account;
 import express.http.HttpContextHandler;
 import express.http.Request;
 import express.http.Response;
+import me.exzork.gcauth.GCAuth;
 import me.exzork.gcauth.json.AuthResponseJson;
 import me.exzork.gcauth.json.RegisterAccount;
 import me.exzork.gcauth.utils.Authentication;
@@ -26,6 +27,11 @@ public class RegisterHandler implements HttpContextHandler {
                 authResponse.jwt = "";
             } else {
                 RegisterAccount registerAccount = new Gson().fromJson(requestBody, RegisterAccount.class);
+                if (!GCAuth.getConfigStatic().ACCESS_KEY.isEmpty() && !GCAuth.getConfigStatic().ACCESS_KEY.equals(registerAccount.access_key)){
+                    authResponse.success = false;
+                    authResponse.message = "ERROR_ACCESS_KEY"; // ENG = "Error access key was sent with the request"
+                    authResponse.jwt = "";
+                } else {
                     if (registerAccount.password.equals(registerAccount.password_confirmation)) {
                         if (registerAccount.password.length() >= 8) {
                             String password = Authentication.generateHash(registerAccount.password);
@@ -65,6 +71,7 @@ public class RegisterHandler implements HttpContextHandler {
                         authResponse.jwt = "";
                     }
                 }
+            }
         } catch (Exception e) {
             authResponse.success = false;
             authResponse.message = "UNKNOWN"; // ENG = "An unknown error has occurred..."

src/main/java/me/exzork/gcauth/json/ChangePasswordAccount.java

@@ -5,4 +5,5 @@ public class ChangePasswordAccount {
     public String new_password;
     public String new_password_confirmation;
     public String old_password;
+    public String access_key;
 }

src/main/java/me/exzork/gcauth/json/LoginGenerateToken.java

@@ -3,4 +3,5 @@ package me.exzork.gcauth.json;
 public class LoginGenerateToken {
     public String username;
     public String password;
+    public String access_key;
 }

src/main/java/me/exzork/gcauth/json/RegisterAccount.java

@@ -4,4 +4,5 @@ public class RegisterAccount {
     public String username;
     public String password;
     public String password_confirmation;
+    public String access_key;
 }

src/main/java/me/exzork/gcauth/utils/Authentication.java

@@ -49,12 +49,11 @@ public final class Authentication {
     }
 
     public static String generateJwt(Account account) {
-        String jws = JWT.create()
+        return JWT.create()
                 .withClaim("token",generateOneTimeToken(account))
                 .withClaim("username",account.getUsername())
                 .withClaim("uid",account.getPlayerUid())
                 .sign(key);
-        return jws;
     }
 
     public static String generateHash(String password) {