mirror of
https://github.com/elyby/accounts.git
synced 2024-11-26 16:52:02 +05:30
Merge branch 'authlib_injector'
This commit is contained in:
commit
6469f6bd68
@ -9,8 +9,11 @@ EMAILS_RENDERER_HOST=http://emails-renderer:3000
|
|||||||
## Security params
|
## Security params
|
||||||
JWT_USER_SECRET=replace_me_for_production
|
JWT_USER_SECRET=replace_me_for_production
|
||||||
JWT_ENCRYPTION_KEY=thisisadummyvalue32latterslength
|
JWT_ENCRYPTION_KEY=thisisadummyvalue32latterslength
|
||||||
|
JWT_PRIVATE_PEM_LOCATION=
|
||||||
|
JWT_PUBLIC_PEM_LOCATION=
|
||||||
|
|
||||||
## External services
|
## External services
|
||||||
|
CHRLY_HOST=skinsystem.ely.by
|
||||||
RECAPTCHA_PUBLIC=
|
RECAPTCHA_PUBLIC=
|
||||||
RECAPTCHA_SECRET=
|
RECAPTCHA_SECRET=
|
||||||
SENTRY_DSN=
|
SENTRY_DSN=
|
||||||
|
32
Dockerfile
32
Dockerfile
@ -65,11 +65,39 @@ CMD ["php-fpm"]
|
|||||||
|
|
||||||
# ================================================================================
|
# ================================================================================
|
||||||
|
|
||||||
FROM fholzer/nginx-brotli:v1.16.0 AS web
|
FROM fholzer/nginx-brotli:v1.19.1 AS web
|
||||||
|
|
||||||
ENV PHP_SERVERS php:9000
|
ENV PHP_SERVERS php:9000
|
||||||
|
|
||||||
RUN rm /etc/nginx/conf.d/default.conf \
|
# Add headers-more-nginx-module
|
||||||
|
RUN apk add --update --no-cache --virtual ".nginx-module-build-deps" \
|
||||||
|
gcc \
|
||||||
|
make \
|
||||||
|
libc-dev \
|
||||||
|
g++ \
|
||||||
|
openssl-dev \
|
||||||
|
linux-headers \
|
||||||
|
pcre-dev \
|
||||||
|
zlib-dev \
|
||||||
|
libtool \
|
||||||
|
automake \
|
||||||
|
autoconf \
|
||||||
|
git \
|
||||||
|
&& cd /opt \
|
||||||
|
&& git clone --depth 1 -b v0.33 --single-branch https://github.com/openresty/headers-more-nginx-module.git \
|
||||||
|
&& cd /opt/headers-more-nginx-module \
|
||||||
|
&& git submodule update --init \
|
||||||
|
&& cd /opt \
|
||||||
|
&& wget -O - http://nginx.org/download/nginx-$(nginx -v 2>&1 | sed 's@.*/@@').tar.gz | tar zxfv - \
|
||||||
|
&& cd /opt/nginx* \
|
||||||
|
&& ./configure --with-compat --add-dynamic-module=/opt/headers-more-nginx-module \
|
||||||
|
&& make modules \
|
||||||
|
&& cp /opt/nginx*/objs/ngx_http_headers_more_filter_module.so /usr/lib/nginx/modules/ \
|
||||||
|
&& sed -i '1iload_module \/usr\/lib\/nginx\/modules\/ngx_http_headers_more_filter_module.so;' /etc/nginx/nginx.conf \
|
||||||
|
&& rm -rf /opt/* \
|
||||||
|
&& apk del ".nginx-module-build-deps" \
|
||||||
|
# Prepare image for the application
|
||||||
|
&& rm /etc/nginx/conf.d/default.conf \
|
||||||
&& mkdir -p /data/nginx/cache \
|
&& mkdir -p /data/nginx/cache \
|
||||||
&& mkdir -p /var/www/html
|
&& mkdir -p /var/www/html
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@ return [
|
|||||||
'authserverHost' => 'localhost',
|
'authserverHost' => 'localhost',
|
||||||
],
|
],
|
||||||
'container' => [
|
'container' => [
|
||||||
'definitions' => [
|
'singletons' => [
|
||||||
api\components\ReCaptcha\Validator::class => function() {
|
api\components\ReCaptcha\Validator::class => function() {
|
||||||
return new class(new GuzzleHttp\Client()) extends api\components\ReCaptcha\Validator {
|
return new class(new GuzzleHttp\Client()) extends api\components\ReCaptcha\Validator {
|
||||||
protected function validateValue($value) {
|
protected function validateValue($value) {
|
||||||
@ -26,7 +26,7 @@ return [
|
|||||||
};
|
};
|
||||||
},
|
},
|
||||||
common\components\SkinsSystemApi::class => function() {
|
common\components\SkinsSystemApi::class => function() {
|
||||||
return new class extends common\components\SkinsSystemApi {
|
return new class('http://chrly.ely.by') extends common\components\SkinsSystemApi {
|
||||||
public function textures(string $username): ?array {
|
public function textures(string $username): ?array {
|
||||||
return [
|
return [
|
||||||
'SKIN' => [
|
'SKIN' => [
|
||||||
@ -34,6 +34,45 @@ return [
|
|||||||
],
|
],
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function profile(string $username, bool $signed = false): ?array {
|
||||||
|
$account = common\models\Account::findOne(['username' => $username]);
|
||||||
|
$uuid = $account ? str_replace('-', '', $account->uuid) : '00000000000000000000000000000000';
|
||||||
|
|
||||||
|
$profile = [
|
||||||
|
'name' => $username,
|
||||||
|
'id' => $uuid,
|
||||||
|
'properties' => [
|
||||||
|
[
|
||||||
|
'name' => 'textures',
|
||||||
|
'value' => base64_encode(json_encode([
|
||||||
|
'timestamp' => Carbon\Carbon::now()->getPreciseTimestamp(3),
|
||||||
|
'profileId' => $uuid,
|
||||||
|
'profileName' => $username,
|
||||||
|
'textures' => [
|
||||||
|
'SKIN' => [
|
||||||
|
'url' => 'http://ely.by/skin.png',
|
||||||
|
],
|
||||||
|
],
|
||||||
|
])),
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'name' => 'ely',
|
||||||
|
'value' => 'but why are you asking?',
|
||||||
|
],
|
||||||
|
],
|
||||||
|
];
|
||||||
|
|
||||||
|
if ($signed) {
|
||||||
|
$profile['properties'][0]['signature'] = 'signature';
|
||||||
|
}
|
||||||
|
|
||||||
|
return $profile;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getSignatureVerificationKey(string $format = 'pem'): string {
|
||||||
|
return "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANbUpVCZkMKpfvYZ08W3lumdAaYxLBnm\nUDlzHBQH3DpYef5WCO32TDU6feIJ58A0lAywgtZ4wwi2dGHOz/1hAvcCAwEAAQ==\n-----END PUBLIC KEY-----";
|
||||||
|
}
|
||||||
};
|
};
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
|
@ -46,4 +46,10 @@ return [
|
|||||||
'/mojang/profiles/<username>' => 'mojang/api/uuid-by-username',
|
'/mojang/profiles/<username>' => 'mojang/api/uuid-by-username',
|
||||||
'/mojang/profiles/<uuid>/names' => 'mojang/api/usernames-by-uuid',
|
'/mojang/profiles/<uuid>/names' => 'mojang/api/usernames-by-uuid',
|
||||||
'POST /mojang/profiles' => 'mojang/api/uuids-by-usernames',
|
'POST /mojang/profiles' => 'mojang/api/uuids-by-usernames',
|
||||||
|
|
||||||
|
// authlib-injector
|
||||||
|
'/authlib-injector/authserver/<action>' => 'authserver/authentication/<action>',
|
||||||
|
'/authlib-injector/sessionserver/session/minecraft/join' => 'session/session/join',
|
||||||
|
'/authlib-injector/sessionserver/session/minecraft/hasJoined' => 'session/session/has-joined',
|
||||||
|
'/authlib-injector/sessionserver/session/minecraft/profile/<uuid>' => 'session/session/profile',
|
||||||
];
|
];
|
||||||
|
44
api/controllers/AuthlibInjectorController.php
Normal file
44
api/controllers/AuthlibInjectorController.php
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
namespace api\controllers;
|
||||||
|
|
||||||
|
use api\filters\NginxCache;
|
||||||
|
use common\components\SkinsSystemApi;
|
||||||
|
use yii\helpers\ArrayHelper;
|
||||||
|
use yii\web\Controller as BaseController;
|
||||||
|
|
||||||
|
final class AuthlibInjectorController extends BaseController {
|
||||||
|
|
||||||
|
public function behaviors(): array {
|
||||||
|
return ArrayHelper::merge(parent::behaviors(), [
|
||||||
|
'nginxCache' => [
|
||||||
|
'class' => NginxCache::class,
|
||||||
|
'rules' => [
|
||||||
|
'index' => 3600, // 1h
|
||||||
|
],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function actionIndex(SkinsSystemApi $skinsSystemApi): array {
|
||||||
|
return [
|
||||||
|
'meta' => [
|
||||||
|
'serverName' => 'Ely.by',
|
||||||
|
'implementationName' => 'Account Ely.by adapter for the authlib-injector library',
|
||||||
|
'implementationVersion' => '1.0.0',
|
||||||
|
'feature.no_mojang_namespace' => true,
|
||||||
|
'links' => [
|
||||||
|
'homepage' => 'https://ely.by',
|
||||||
|
'register' => 'https://account.ely.by/register',
|
||||||
|
],
|
||||||
|
],
|
||||||
|
'skinDomains' => [
|
||||||
|
'ely.by',
|
||||||
|
'.ely.by',
|
||||||
|
],
|
||||||
|
'signaturePublickey' => $skinsSystemApi->getSignatureVerificationKey(),
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -85,7 +85,7 @@ class SessionController extends Controller {
|
|||||||
$account = $hasJoinedForm->hasJoined();
|
$account = $hasJoinedForm->hasJoined();
|
||||||
$textures = new Textures($account);
|
$textures = new Textures($account);
|
||||||
|
|
||||||
return $textures->getMinecraftResponse();
|
return $textures->getMinecraftResponse(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function actionHasJoinedLegacy(): string {
|
public function actionHasJoinedLegacy(): string {
|
||||||
@ -109,11 +109,12 @@ class SessionController extends Controller {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $uuid
|
* @param string $uuid
|
||||||
|
* @param string $unsigned
|
||||||
*
|
*
|
||||||
* @return array|null
|
* @return array|null
|
||||||
* @throws IllegalArgumentException
|
* @throws IllegalArgumentException
|
||||||
*/
|
*/
|
||||||
public function actionProfile(string $uuid): ?array {
|
public function actionProfile(string $uuid, string $unsigned = null): ?array {
|
||||||
try {
|
try {
|
||||||
$uuid = Uuid::fromString($uuid)->toString();
|
$uuid = Uuid::fromString($uuid)->toString();
|
||||||
} catch (\InvalidArgumentException $e) {
|
} catch (\InvalidArgumentException $e) {
|
||||||
@ -127,7 +128,7 @@ class SessionController extends Controller {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
return (new Textures($account))->getMinecraftResponse();
|
return (new Textures($account))->getMinecraftResponse($unsigned === 'false');
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -19,8 +19,13 @@ class SessionServerRoute extends BasePage {
|
|||||||
$this->getActor()->sendGET('/api/minecraft/session/legacy/hasJoined', $params);
|
$this->getActor()->sendGET('/api/minecraft/session/legacy/hasJoined', $params);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function profile($profileUuid) {
|
public function profile(string $profileUuid, bool $signed = false) {
|
||||||
$this->getActor()->sendGET("/api/minecraft/session/profile/{$profileUuid}");
|
$url = "/api/minecraft/session/profile/{$profileUuid}";
|
||||||
|
if ($signed) {
|
||||||
|
$url .= '?unsigned=false';
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->getActor()->sendGET($url);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -36,19 +36,31 @@ class SessionServerSteps extends FunctionalTester {
|
|||||||
return [$username, $serverId];
|
return [$username, $serverId];
|
||||||
}
|
}
|
||||||
|
|
||||||
public function canSeeValidTexturesResponse($expectedUsername, $expectedUuid) {
|
public function canSeeValidTexturesResponse(
|
||||||
|
string $expectedUsername,
|
||||||
|
string $expectedUuid,
|
||||||
|
bool $shouldBeSigned = false
|
||||||
|
) {
|
||||||
$this->seeResponseIsJson();
|
$this->seeResponseIsJson();
|
||||||
$this->canSeeResponseContainsJson([
|
$this->canSeeResponseContainsJson([
|
||||||
'name' => $expectedUsername,
|
'name' => $expectedUsername,
|
||||||
'id' => $expectedUuid,
|
'id' => $expectedUuid,
|
||||||
'ely' => true,
|
|
||||||
'properties' => [
|
'properties' => [
|
||||||
[
|
[
|
||||||
'name' => 'textures',
|
'name' => 'textures',
|
||||||
'signature' => 'Cg==',
|
],
|
||||||
|
[
|
||||||
|
'name' => 'ely',
|
||||||
|
'value' => 'but why are you asking?',
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
if ($shouldBeSigned) {
|
||||||
|
$this->canSeeResponseJsonMatchesJsonPath('$.properties[?(@.name == "textures")].signature');
|
||||||
|
} else {
|
||||||
|
$this->cantSeeResponseJsonMatchesJsonPath('$.properties[?(@.name == "textures")].signature');
|
||||||
|
}
|
||||||
|
|
||||||
$this->canSeeResponseJsonMatchesJsonPath('$.properties[0].value');
|
$this->canSeeResponseJsonMatchesJsonPath('$.properties[0].value');
|
||||||
$value = $this->grabDataFromResponseByJsonPath('$.properties[0].value')[0];
|
$value = $this->grabDataFromResponseByJsonPath('$.properties[0].value')[0];
|
||||||
$decoded = json_decode(base64_decode($value), true);
|
$decoded = json_decode(base64_decode($value), true);
|
||||||
@ -56,7 +68,6 @@ class SessionServerSteps extends FunctionalTester {
|
|||||||
$this->assertArrayHasKey('textures', $decoded);
|
$this->assertArrayHasKey('textures', $decoded);
|
||||||
$this->assertSame($expectedUuid, $decoded['profileId']);
|
$this->assertSame($expectedUuid, $decoded['profileId']);
|
||||||
$this->assertSame($expectedUsername, $decoded['profileName']);
|
$this->assertSame($expectedUsername, $decoded['profileName']);
|
||||||
$this->assertTrue($decoded['ely']);
|
|
||||||
$textures = $decoded['textures'];
|
$textures = $decoded['textures'];
|
||||||
$this->assertArrayHasKey('SKIN', $textures);
|
$this->assertArrayHasKey('SKIN', $textures);
|
||||||
$skinTextures = $textures['SKIN'];
|
$skinTextures = $textures['SKIN'];
|
||||||
|
52
api/tests/functional/authlibInjector/HasJoinedCest.php
Normal file
52
api/tests/functional/authlibInjector/HasJoinedCest.php
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
namespace api\tests\functional\authlibInjector;
|
||||||
|
|
||||||
|
use api\tests\functional\_steps\SessionServerSteps;
|
||||||
|
use api\tests\FunctionalTester;
|
||||||
|
use function Ramsey\Uuid\v4 as uuid;
|
||||||
|
|
||||||
|
class HasJoinedCest {
|
||||||
|
|
||||||
|
public function hasJoined(SessionServerSteps $I) {
|
||||||
|
$I->wantTo('check hasJoined user to some server');
|
||||||
|
[$username, $serverId] = $I->amJoined();
|
||||||
|
|
||||||
|
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/hasJoined', [
|
||||||
|
'username' => $username,
|
||||||
|
'serverId' => $serverId,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$I->seeResponseCodeIs(200);
|
||||||
|
$I->canSeeValidTexturesResponse($username, 'df936908b2e1544d96f82977ec213022', true);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function wrongArguments(FunctionalTester $I) {
|
||||||
|
$I->wantTo('get error on wrong amount of arguments');
|
||||||
|
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/hasJoined', [
|
||||||
|
'wrong' => 'argument',
|
||||||
|
]);
|
||||||
|
$I->canSeeResponseCodeIs(400);
|
||||||
|
$I->canSeeResponseIsJson();
|
||||||
|
$I->canSeeResponseContainsJson([
|
||||||
|
'error' => 'IllegalArgumentException',
|
||||||
|
'errorMessage' => 'credentials can not be null.',
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function hasJoinedWithNoJoinOperation(FunctionalTester $I) {
|
||||||
|
$I->wantTo('hasJoined to some server without join call');
|
||||||
|
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/hasJoined', [
|
||||||
|
'username' => 'some-username',
|
||||||
|
'serverId' => uuid(),
|
||||||
|
]);
|
||||||
|
$I->seeResponseCodeIs(401);
|
||||||
|
$I->seeResponseIsJson();
|
||||||
|
$I->canSeeResponseContainsJson([
|
||||||
|
'error' => 'ForbiddenOperationException',
|
||||||
|
'errorMessage' => 'Invalid token.',
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
30
api/tests/functional/authlibInjector/IndexCest.php
Normal file
30
api/tests/functional/authlibInjector/IndexCest.php
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
namespace api\tests\functional\authlibInjector;
|
||||||
|
|
||||||
|
use api\tests\FunctionalTester;
|
||||||
|
|
||||||
|
class IndexCest {
|
||||||
|
|
||||||
|
public function index(FunctionalTester $I) {
|
||||||
|
$I->sendGet('/api/authlib-injector');
|
||||||
|
$I->seeResponseCodeIs(200);
|
||||||
|
$I->canSeeResponseContainsJson([
|
||||||
|
'meta' => [
|
||||||
|
'serverName' => 'Ely.by',
|
||||||
|
'implementationName' => 'Account Ely.by adapter for the authlib-injector library',
|
||||||
|
'implementationVersion' => '1.0.0',
|
||||||
|
'feature.no_mojang_namespace' => true,
|
||||||
|
'links' => [
|
||||||
|
'homepage' => 'https://ely.by',
|
||||||
|
'register' => 'https://account.ely.by/register',
|
||||||
|
],
|
||||||
|
],
|
||||||
|
'skinDomains' => ['ely.by', '.ely.by'],
|
||||||
|
'signaturePublickey' => "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANbUpVCZkMKpfvYZ08W3lumdAaYxLBnm\nUDlzHBQH3DpYef5WCO32TDU6feIJ58A0lAywgtZ4wwi2dGHOz/1hAvcCAwEAAQ==\n-----END PUBLIC KEY-----",
|
||||||
|
]);
|
||||||
|
$I->canSeeHttpHeader('X-Accel-Expires');
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
147
api/tests/functional/authlibInjector/JoinCest.php
Normal file
147
api/tests/functional/authlibInjector/JoinCest.php
Normal file
@ -0,0 +1,147 @@
|
|||||||
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
namespace api\tests\functional\authlibInjector;
|
||||||
|
|
||||||
|
use api\rbac\Permissions as P;
|
||||||
|
use api\tests\functional\_steps\AuthserverSteps;
|
||||||
|
use api\tests\functional\_steps\OauthSteps;
|
||||||
|
use api\tests\FunctionalTester;
|
||||||
|
use Codeception\Example;
|
||||||
|
use function Ramsey\Uuid\v4 as uuid;
|
||||||
|
|
||||||
|
class JoinCest {
|
||||||
|
|
||||||
|
public function joinByLegacyAuthserver(AuthserverSteps $I) {
|
||||||
|
$I->wantTo('join to server, using legacy authserver access token');
|
||||||
|
[$accessToken] = $I->amAuthenticated();
|
||||||
|
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
|
||||||
|
'accessToken' => $accessToken,
|
||||||
|
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
|
||||||
|
'serverId' => uuid(),
|
||||||
|
]);
|
||||||
|
$this->expectSuccessResponse($I);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function joinByPassJsonInPost(AuthserverSteps $I) {
|
||||||
|
$I->wantTo('join to server, passing data in body as encoded json');
|
||||||
|
[$accessToken] = $I->amAuthenticated();
|
||||||
|
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
|
||||||
|
'accessToken' => $accessToken,
|
||||||
|
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
|
||||||
|
'serverId' => uuid(),
|
||||||
|
]);
|
||||||
|
$this->expectSuccessResponse($I);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @example ["df936908-b2e1-544d-96f8-2977ec213022"]
|
||||||
|
* @example ["df936908b2e1544d96f82977ec213022"]
|
||||||
|
*/
|
||||||
|
public function joinByOauth2Token(OauthSteps $I, Example $case) {
|
||||||
|
$I->wantTo('join to server, using modern oAuth2 generated token');
|
||||||
|
$accessToken = $I->getAccessToken([P::MINECRAFT_SERVER_SESSION]);
|
||||||
|
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
|
||||||
|
'accessToken' => $accessToken,
|
||||||
|
'selectedProfile' => $case[0],
|
||||||
|
'serverId' => uuid(),
|
||||||
|
]);
|
||||||
|
$this->expectSuccessResponse($I);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function joinByModernOauth2TokenWithoutPermission(OauthSteps $I) {
|
||||||
|
$I->wantTo('join to server, using moder oAuth2 generated token, but without minecraft auth permission');
|
||||||
|
$accessToken = $I->getAccessToken(['account_info', 'account_email']);
|
||||||
|
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
|
||||||
|
'accessToken' => $accessToken,
|
||||||
|
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
|
||||||
|
'serverId' => uuid(),
|
||||||
|
]);
|
||||||
|
$I->seeResponseCodeIs(401);
|
||||||
|
$I->seeResponseIsJson();
|
||||||
|
$I->canSeeResponseContainsJson([
|
||||||
|
'error' => 'ForbiddenOperationException',
|
||||||
|
'errorMessage' => 'The token does not have required scope.',
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function joinWithExpiredToken(FunctionalTester $I) {
|
||||||
|
$I->wantTo('join to some server with expired accessToken');
|
||||||
|
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
|
||||||
|
'accessToken' => '6042634a-a1e2-4aed-866c-c661fe4e63e2',
|
||||||
|
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
|
||||||
|
'serverId' => uuid(),
|
||||||
|
]);
|
||||||
|
$I->seeResponseCodeIs(401);
|
||||||
|
$I->seeResponseIsJson();
|
||||||
|
$I->canSeeResponseContainsJson([
|
||||||
|
'error' => 'ForbiddenOperationException',
|
||||||
|
'errorMessage' => 'Expired access_token.',
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function wrongArguments(FunctionalTester $I) {
|
||||||
|
$I->wantTo('get error on wrong amount of arguments');
|
||||||
|
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
|
||||||
|
'wrong' => 'argument',
|
||||||
|
]);
|
||||||
|
$I->canSeeResponseCodeIs(400);
|
||||||
|
$I->canSeeResponseIsJson();
|
||||||
|
$I->canSeeResponseContainsJson([
|
||||||
|
'error' => 'IllegalArgumentException',
|
||||||
|
'errorMessage' => 'credentials can not be null.',
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function joinWithWrongAccessToken(FunctionalTester $I) {
|
||||||
|
$I->wantTo('join to some server with wrong accessToken');
|
||||||
|
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
|
||||||
|
'accessToken' => uuid(),
|
||||||
|
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
|
||||||
|
'serverId' => uuid(),
|
||||||
|
]);
|
||||||
|
$I->seeResponseCodeIs(401);
|
||||||
|
$I->seeResponseIsJson();
|
||||||
|
$I->canSeeResponseContainsJson([
|
||||||
|
'error' => 'ForbiddenOperationException',
|
||||||
|
'errorMessage' => 'Invalid access_token.',
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function joinWithNilUuids(FunctionalTester $I) {
|
||||||
|
$I->wantTo('join to some server with nil accessToken and selectedProfile');
|
||||||
|
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
|
||||||
|
'accessToken' => '00000000-0000-0000-0000-000000000000',
|
||||||
|
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
|
||||||
|
'serverId' => uuid(),
|
||||||
|
]);
|
||||||
|
$I->canSeeResponseCodeIs(400);
|
||||||
|
$I->canSeeResponseIsJson();
|
||||||
|
$I->canSeeResponseContainsJson([
|
||||||
|
'error' => 'IllegalArgumentException',
|
||||||
|
'errorMessage' => 'credentials can not be null.',
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function joinByAccountMarkedForDeletion(FunctionalTester $I) {
|
||||||
|
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
|
||||||
|
'accessToken' => '239ba889-7020-4383-8d99-cd8c8aab4a2f',
|
||||||
|
'selectedProfile' => '6383de63-8f85-4ed5-92b7-5401a1fa68cd',
|
||||||
|
'serverId' => uuid(),
|
||||||
|
]);
|
||||||
|
$I->canSeeResponseCodeIs(401);
|
||||||
|
$I->canSeeResponseContainsJson([
|
||||||
|
'error' => 'ForbiddenOperationException',
|
||||||
|
'errorMessage' => 'Invalid credentials',
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
private function expectSuccessResponse(FunctionalTester $I) {
|
||||||
|
$I->seeResponseCodeIs(200);
|
||||||
|
$I->seeResponseIsJson();
|
||||||
|
$I->canSeeResponseContainsJson([
|
||||||
|
'id' => 'OK',
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
56
api/tests/functional/authlibInjector/ProfileCest.php
Normal file
56
api/tests/functional/authlibInjector/ProfileCest.php
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
namespace api\tests\functional\authlibInjector;
|
||||||
|
|
||||||
|
use api\tests\functional\_steps\SessionServerSteps;
|
||||||
|
use api\tests\FunctionalTester;
|
||||||
|
use Codeception\Example;
|
||||||
|
use function Ramsey\Uuid\v4;
|
||||||
|
|
||||||
|
class ProfileCest {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @example ["df936908-b2e1-544d-96f8-2977ec213022"]
|
||||||
|
* @example ["df936908b2e1544d96f82977ec213022"]
|
||||||
|
*/
|
||||||
|
public function getProfile(SessionServerSteps $I, Example $case) {
|
||||||
|
$I->sendGET("/api/authlib-injector/sessionserver/session/minecraft/profile/{$case[0]}");
|
||||||
|
$I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022', false);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getProfileSigned(SessionServerSteps $I) {
|
||||||
|
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/df936908b2e1544d96f82977ec213022?unsigned=false');
|
||||||
|
$I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022', true);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function directCallWithoutUuidPart(FunctionalTester $I) {
|
||||||
|
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/');
|
||||||
|
$I->canSeeResponseCodeIs(404);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function callWithInvalidUuid(FunctionalTester $I) {
|
||||||
|
$I->wantTo('call profile route with invalid uuid string');
|
||||||
|
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/bla-bla-bla');
|
||||||
|
$I->canSeeResponseCodeIs(400);
|
||||||
|
$I->canSeeResponseIsJson();
|
||||||
|
$I->canSeeResponseContainsJson([
|
||||||
|
'error' => 'IllegalArgumentException',
|
||||||
|
'errorMessage' => 'Invalid uuid format.',
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getProfileWithNonexistentUuid(FunctionalTester $I) {
|
||||||
|
$I->wantTo('get info about nonexistent uuid');
|
||||||
|
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/' . v4());
|
||||||
|
$I->canSeeResponseCodeIs(204);
|
||||||
|
$I->canSeeResponseEquals('');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getProfileOfAccountMarkedForDeletion(FunctionalTester $I) {
|
||||||
|
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/6383de63-8f85-4ed5-92b7-5401a1fa68cd');
|
||||||
|
$I->canSeeResponseCodeIs(204);
|
||||||
|
$I->canSeeResponseEquals('');
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -26,7 +26,7 @@ class HasJoinedCest {
|
|||||||
'serverId' => $serverId,
|
'serverId' => $serverId,
|
||||||
]);
|
]);
|
||||||
$I->seeResponseCodeIs(200);
|
$I->seeResponseCodeIs(200);
|
||||||
$I->canSeeValidTexturesResponse($username, 'df936908b2e1544d96f82977ec213022');
|
$I->canSeeValidTexturesResponse($username, 'df936908b2e1544d96f82977ec213022', true);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function wrongArguments(FunctionalTester $I) {
|
public function wrongArguments(FunctionalTester $I) {
|
||||||
|
@ -4,6 +4,7 @@ namespace api\tests\functional\sessionserver;
|
|||||||
use api\tests\_pages\SessionServerRoute;
|
use api\tests\_pages\SessionServerRoute;
|
||||||
use api\tests\functional\_steps\SessionServerSteps;
|
use api\tests\functional\_steps\SessionServerSteps;
|
||||||
use api\tests\FunctionalTester;
|
use api\tests\FunctionalTester;
|
||||||
|
use Codeception\Example;
|
||||||
use function Ramsey\Uuid\v4;
|
use function Ramsey\Uuid\v4;
|
||||||
|
|
||||||
class ProfileCest {
|
class ProfileCest {
|
||||||
@ -17,16 +18,20 @@ class ProfileCest {
|
|||||||
$this->route = new SessionServerRoute($I);
|
$this->route = new SessionServerRoute($I);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getProfile(SessionServerSteps $I) {
|
/**
|
||||||
|
* @example ["df936908-b2e1-544d-96f8-2977ec213022"]
|
||||||
|
* @example ["df936908b2e1544d96f82977ec213022"]
|
||||||
|
*/
|
||||||
|
public function getProfile(SessionServerSteps $I, Example $case) {
|
||||||
$I->wantTo('get info about player textures by uuid');
|
$I->wantTo('get info about player textures by uuid');
|
||||||
$this->route->profile('df936908-b2e1-544d-96f8-2977ec213022');
|
$this->route->profile($case[0]);
|
||||||
$I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022');
|
$I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getProfileByUuidWithoutDashes(SessionServerSteps $I) {
|
public function getProfileWithSignedTextures(SessionServerSteps $I) {
|
||||||
$I->wantTo('get info about player textures by uuid without dashes');
|
$I->wantTo('get info about player textures by uuid');
|
||||||
$this->route->profile('df936908b2e1544d96f82977ec213022');
|
$this->route->profile('df936908b2e1544d96f82977ec213022', true);
|
||||||
$I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022');
|
$I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022', true);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function directCallWithoutUuidPart(FunctionalTester $I) {
|
public function directCallWithoutUuidPart(FunctionalTester $I) {
|
||||||
|
@ -4,15 +4,19 @@ declare(strict_types=1);
|
|||||||
namespace common\components;
|
namespace common\components;
|
||||||
|
|
||||||
use GuzzleHttp\ClientInterface;
|
use GuzzleHttp\ClientInterface;
|
||||||
|
use Webmozart\Assert\Assert;
|
||||||
use Yii;
|
use Yii;
|
||||||
|
|
||||||
// TODO: convert to complete Chrly client library
|
// TODO: convert to complete Chrly client library
|
||||||
class SkinsSystemApi {
|
class SkinsSystemApi {
|
||||||
|
|
||||||
private const BASE_DOMAIN = 'http://skinsystem.ely.by';
|
private string $baseDomain;
|
||||||
|
|
||||||
/** @var ClientInterface */
|
private ?ClientInterface $client = null;
|
||||||
private $client;
|
|
||||||
|
public function __construct(string $baseDomain) {
|
||||||
|
$this->baseDomain = $baseDomain;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $username
|
* @param string $username
|
||||||
@ -29,12 +33,47 @@ class SkinsSystemApi {
|
|||||||
return json_decode($response->getBody()->getContents(), true);
|
return json_decode($response->getBody()->getContents(), true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string $username
|
||||||
|
*
|
||||||
|
* @return array|null
|
||||||
|
* @throws \GuzzleHttp\Exception\GuzzleException
|
||||||
|
*/
|
||||||
|
public function profile(string $username, bool $signed = false): ?array {
|
||||||
|
$url = "/profile/{$username}";
|
||||||
|
if ($signed) {
|
||||||
|
$url .= '?unsigned=false';
|
||||||
|
}
|
||||||
|
|
||||||
|
$response = $this->getClient()->request('GET', $this->buildUrl($url));
|
||||||
|
if ($response->getStatusCode() !== 200) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return json_decode($response->getBody()->getContents(), true);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param 'pem'|'der' $format
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
* @throws \GuzzleHttp\Exception\GuzzleException
|
||||||
|
*/
|
||||||
|
public function getSignatureVerificationKey(string $format = 'pem'): string {
|
||||||
|
Assert::inArray($format, ['pem', 'der']);
|
||||||
|
|
||||||
|
return $this->getClient()
|
||||||
|
->request('GET', $this->buildUrl("/signature-verification-key.{$format}"))
|
||||||
|
->getBody()
|
||||||
|
->getContents();
|
||||||
|
}
|
||||||
|
|
||||||
public function setClient(ClientInterface $client): void {
|
public function setClient(ClientInterface $client): void {
|
||||||
$this->client = $client;
|
$this->client = $client;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function buildUrl(string $url): string {
|
private function buildUrl(string $url): string {
|
||||||
return self::BASE_DOMAIN . $url;
|
return $this->baseDomain . $url;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function getClient(): ClientInterface {
|
private function getClient(): ClientInterface {
|
||||||
|
@ -7,7 +7,7 @@ return [
|
|||||||
],
|
],
|
||||||
'components' => [
|
'components' => [
|
||||||
'cache' => [
|
'cache' => [
|
||||||
'class' => \yii\caching\FileCache::class,
|
'class' => yii\caching\FileCache::class,
|
||||||
],
|
],
|
||||||
'security' => [
|
'security' => [
|
||||||
// It's allows us to increase tests speed by decreasing password hashing algorithm complexity
|
// It's allows us to increase tests speed by decreasing password hashing algorithm complexity
|
||||||
|
@ -16,10 +16,13 @@ return [
|
|||||||
'supportEmail' => 'support@ely.by',
|
'supportEmail' => 'support@ely.by',
|
||||||
],
|
],
|
||||||
'container' => [
|
'container' => [
|
||||||
'definitions' => [
|
'singletons' => [
|
||||||
GuzzleHttp\ClientInterface::class => GuzzleHttp\Client::class,
|
GuzzleHttp\ClientInterface::class => GuzzleHttp\Client::class,
|
||||||
Ely\Mojang\Api::class => Ely\Mojang\Api::class,
|
Ely\Mojang\Api::class => Ely\Mojang\Api::class,
|
||||||
common\components\SkinsSystemApi::class => common\components\SkinsSystemApi::class,
|
common\components\SkinsSystemApi::class => [
|
||||||
|
'class' => common\components\SkinsSystemApi::class,
|
||||||
|
'__construct()' => 'http://' . (getenv('CHRLY_HOST') ?: 'skinsystem.ely.by'),
|
||||||
|
],
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
'components' => [
|
'components' => [
|
||||||
|
@ -3,95 +3,79 @@ declare(strict_types=1);
|
|||||||
|
|
||||||
namespace common\models;
|
namespace common\models;
|
||||||
|
|
||||||
use common\components\SkinsSystemApi as SkinSystemApi;
|
use Carbon\Carbon;
|
||||||
use DateInterval;
|
use common\components\SkinsSystemApi;
|
||||||
use DateTime;
|
use GuzzleHttp\Client as GuzzleHttpClient;
|
||||||
use GuzzleHttp\Exception\GuzzleException;
|
use GuzzleHttp\Exception\GuzzleException;
|
||||||
use GuzzleHttp\Exception\RequestException;
|
|
||||||
use Yii;
|
use Yii;
|
||||||
|
|
||||||
class Textures {
|
class Textures {
|
||||||
|
|
||||||
public $displayElyMark = true;
|
protected Account $account;
|
||||||
|
|
||||||
/**
|
|
||||||
* @var Account
|
|
||||||
*/
|
|
||||||
protected $account;
|
|
||||||
|
|
||||||
public function __construct(Account $account) {
|
public function __construct(Account $account) {
|
||||||
$this->account = $account;
|
$this->account = $account;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getMinecraftResponse(): array {
|
public function getMinecraftResponse(bool $signed = false): array {
|
||||||
$response = [
|
$uuid = str_replace('-', '', $this->account->uuid);
|
||||||
'name' => $this->account->username,
|
$profile = $this->getProfile($signed);
|
||||||
'id' => str_replace('-', '', $this->account->uuid),
|
if ($profile === null) {
|
||||||
'properties' => [
|
// This case shouldn't happen at all, but until we find out how it'll actually behave,
|
||||||
[
|
// provide for a fallback solution
|
||||||
'name' => 'textures',
|
Yii::warning("By some reasons there is no profile for \"{$this->account->username}\".");
|
||||||
'signature' => 'Cg==',
|
|
||||||
'value' => $this->getTexturesValue(),
|
$profile = [
|
||||||
|
'name' => $this->account->username,
|
||||||
|
'id' => $uuid,
|
||||||
|
'properties' => [
|
||||||
|
[
|
||||||
|
'name' => 'textures',
|
||||||
|
'value' => base64_encode(json_encode([
|
||||||
|
'timestamp' => Carbon::now()->getPreciseTimestamp(3),
|
||||||
|
'profileId' => $uuid,
|
||||||
|
'profileName' => $this->account->username,
|
||||||
|
'textures' => [],
|
||||||
|
])),
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'name' => 'ely',
|
||||||
|
'value' => 'but why are you asking?',
|
||||||
|
],
|
||||||
],
|
],
|
||||||
],
|
];
|
||||||
];
|
|
||||||
|
|
||||||
if ($this->displayElyMark) {
|
if ($signed) {
|
||||||
$response['ely'] = true;
|
// I don't remember why this value has been used, but it was, so keep the same behavior until
|
||||||
|
// figure out why it was made in this way
|
||||||
|
$profile['properties'][0]['signature'] = 'Cg==';
|
||||||
|
}
|
||||||
|
} elseif ($profile['id'] !== $uuid) {
|
||||||
|
// Also a case that shouldn't happen, but is technically possible
|
||||||
|
Yii::warning("By an unknown reason username \"{$this->account->username}\" has an invalid id from chrly");
|
||||||
|
$profile['id'] = $uuid;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $response;
|
return $profile;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getTexturesValue($encrypted = true) {
|
private function getProfile(bool $signed): ?array {
|
||||||
$array = [
|
/** @var SkinsSystemApi $api */
|
||||||
'timestamp' => (new DateTime())->add(new DateInterval('P2D'))->getTimestamp(),
|
$api = Yii::$container->get(SkinsSystemApi::class);
|
||||||
'profileId' => str_replace('-', '', $this->account->uuid),
|
|
||||||
'profileName' => $this->account->username,
|
|
||||||
'textures' => $this->getTextures(),
|
|
||||||
];
|
|
||||||
|
|
||||||
if ($this->displayElyMark) {
|
|
||||||
$array['ely'] = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$encrypted) {
|
|
||||||
return $array;
|
|
||||||
}
|
|
||||||
|
|
||||||
return static::encrypt($array);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getTextures(): array {
|
|
||||||
/** @var SkinSystemApi $api */
|
|
||||||
$api = Yii::$container->get(SkinSystemApi::class);
|
|
||||||
if (YII_ENV_PROD) {
|
if (YII_ENV_PROD) {
|
||||||
$api->setClient(new \GuzzleHttp\Client([
|
$api->setClient(new GuzzleHttpClient([
|
||||||
'connect_timeout' => 2,
|
'connect_timeout' => 2,
|
||||||
'decode_content' => false,
|
'read_timeout' => 7,
|
||||||
'read_timeout' => 5,
|
|
||||||
'stream' => true,
|
|
||||||
'timeout' => 5,
|
|
||||||
]));
|
]));
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$textures = $api->textures($this->account->username);
|
return $api->profile($this->account->username, $signed);
|
||||||
} catch (RequestException $e) {
|
|
||||||
Yii::warning('Cannot get textures from skinsystem.ely.by. Exception message is ' . $e->getMessage());
|
|
||||||
} catch (GuzzleException $e) {
|
} catch (GuzzleException $e) {
|
||||||
Yii::warning($e);
|
Yii::warning('Cannot get textures from skinsystem.ely.by. Exception message is ' . $e->getMessage());
|
||||||
}
|
}
|
||||||
|
|
||||||
return $textures ?? [];
|
return null;
|
||||||
}
|
|
||||||
|
|
||||||
public static function encrypt(array $data): string {
|
|
||||||
return base64_encode(stripcslashes(json_encode($data)));
|
|
||||||
}
|
|
||||||
|
|
||||||
public static function decrypt($string, $assoc = true) {
|
|
||||||
return json_decode(base64_decode($string), $assoc);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -35,6 +35,10 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
|
if ($request_uri = '/') {
|
||||||
|
more_set_headers "X-Authlib-Injector-API-Location: /api/authlib-injector";
|
||||||
|
}
|
||||||
|
|
||||||
root $frontend_path;
|
root $frontend_path;
|
||||||
access_log off;
|
access_log off;
|
||||||
etag on;
|
etag on;
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
|
||||||
|
|
||||||
user nginx;
|
user nginx;
|
||||||
worker_processes auto;
|
worker_processes auto;
|
||||||
|
|
||||||
|
@ -37,8 +37,9 @@ done
|
|||||||
# Fix permissions for cron tasks
|
# Fix permissions for cron tasks
|
||||||
chmod 644 /etc/cron.d/*
|
chmod 644 /etc/cron.d/*
|
||||||
|
|
||||||
JWT_PRIVATE_PEM_LOCATION="/var/www/html/data/certs/private.pem"
|
JWT_PRIVATE_PEM_LOCATION="${JWT_PRIVATE_PEM_LOCATION:-/var/www/html/data/certs/private.pem}"
|
||||||
JWT_PUBLIC_PEM_LOCATION="/var/www/html/data/certs/public.pem"
|
JWT_PUBLIC_PEM_LOCATION="${JWT_PUBLIC_PEM_LOCATION:-/var/www/html/data/certs/public.pem}"
|
||||||
|
|
||||||
if [ ! -f "$JWT_PRIVATE_PEM_LOCATION" ] ; then
|
if [ ! -f "$JWT_PRIVATE_PEM_LOCATION" ] ; then
|
||||||
echo "There is no private key. Generating the new one."
|
echo "There is no private key. Generating the new one."
|
||||||
openssl ecparam -name prime256v1 -genkey -noout -out "$JWT_PRIVATE_PEM_LOCATION"
|
openssl ecparam -name prime256v1 -genkey -noout -out "$JWT_PRIVATE_PEM_LOCATION"
|
||||||
|
Loading…
Reference in New Issue
Block a user