ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-01-11 14:32:12 +05:30
Code Issues Packages Projects Releases Wiki Activity

Cleanup session server module

Browse Source
This commit is contained in:
ErickSkrauch 2019-12-05 01:15:45 +03:00
parent 25f1ca912c
commit c3ffb08c4a
3 changed files with 73 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
api/modules/session/controllers/SessionController.php
View File

@ -1,4 +1,6 @@
<?php <?php
declare(strict_types=1);
namespace api\modules\session\controllers; namespace api\modules\session\controllers;
use api\controllers\Controller; use api\controllers\Controller;
@ -31,18 +33,23 @@ class SessionController extends Controller {
return $behaviors; return $behaviors;
} }
public function actionJoin() { /**
* @return array
* @throws ForbiddenOperationException
* @throws IllegalArgumentException
*/
public function actionJoin(): array {
Yii::$app->response->format = Response::FORMAT_JSON; Yii::$app->response->format = Response::FORMAT_JSON;
$data = Yii::$app->request->post(); $data = Yii::$app->request->post();
$protocol = new ModernJoin($data['accessToken'] ?? '', $data['selectedProfile'] ?? '', $data['serverId'] ?? ''); $protocol = new ModernJoin($data['accessToken'] ?? '', $data['selectedProfile'] ?? '', $data['serverId'] ?? '');
$joinForm = new JoinForm($protocol); $joinForm = new JoinForm($protocol);
$joinForm->join(); $joinForm->join(); // will throw an exception in case of any error
return ['id' => 'OK']; return ['id' => 'OK'];
} }
public function actionJoinLegacy() { public function actionJoinLegacy(): string {
Yii::$app->response->format = Response::FORMAT_RAW; Yii::$app->response->format = Response::FORMAT_RAW;
$data = Yii::$app->request->get(); $data = Yii::$app->request->get();
@ -64,7 +71,12 @@ class SessionController extends Controller {
return 'OK'; return 'OK';
} }
public function actionHasJoined() { /**
* @return array
* @throws ForbiddenOperationException
* @throws IllegalArgumentException
*/
public function actionHasJoined(): array {
Yii::$app->response->format = Response::FORMAT_JSON; Yii::$app->response->format = Response::FORMAT_JSON;
$data = Yii::$app->request->get(); $data = Yii::$app->request->get();
@ -76,7 +88,7 @@ class SessionController extends Controller {
return $textures->getMinecraftResponse(); return $textures->getMinecraftResponse();
} }
public function actionHasJoinedLegacy() { public function actionHasJoinedLegacy(): string {
Yii::$app->response->format = Response::FORMAT_RAW; Yii::$app->response->format = Response::FORMAT_RAW;
$data = Yii::$app->request->get(); $data = Yii::$app->request->get();
@ -95,7 +107,14 @@ class SessionController extends Controller {
return 'YES'; return 'YES';
} }
public function actionProfile($uuid) { /**
* @param string $uuid
*
* @return array
* @throws ForbiddenOperationException
* @throws IllegalArgumentException
*/
public function actionProfile(string $uuid): array {
try { try {
$uuid = Uuid::fromString($uuid)->toString(); $uuid = Uuid::fromString($uuid)->toString();
} catch (\InvalidArgumentException $e) { } catch (\InvalidArgumentException $e) {

19
api/modules/session/models/HasJoinedForm.php
View File

@ -1,4 +1,6 @@
<?php <?php
declare(strict_types=1);
namespace api\modules\session\models; namespace api\modules\session\models;
use api\modules\session\exceptions\ForbiddenOperationException; use api\modules\session\exceptions\ForbiddenOperationException;
@ -6,19 +8,27 @@ use api\modules\session\exceptions\IllegalArgumentException;
use api\modules\session\models\protocols\HasJoinedInterface; use api\modules\session\models\protocols\HasJoinedInterface;
use api\modules\session\Module as Session; use api\modules\session\Module as Session;
use common\models\Account; use common\models\Account;
use Webmozart\Assert\Assert;
use Yii; use Yii;
use yii\base\ErrorException;
use yii\base\Model; use yii\base\Model;
class HasJoinedForm extends Model { class HasJoinedForm extends Model {
/**
* @var HasJoinedInterface
*/
private $protocol; private $protocol;
public function __construct(HasJoinedInterface $protocol, array $config = []) { public function __construct(HasJoinedInterface $protocol, array $config = []) {
$this->protocol = $protocol;
parent::__construct($config); parent::__construct($config);
$this->protocol = $protocol;
} }
/**
* @return Account
* @throws ForbiddenOperationException
* @throws IllegalArgumentException
*/
public function hasJoined(): Account { public function hasJoined(): Account {
Yii::$app->statsd->inc('sessionserver.hasJoined.attempt'); Yii::$app->statsd->inc('sessionserver.hasJoined.attempt');
if (!$this->protocol->validate()) { if (!$this->protocol->validate()) {
@ -38,10 +48,9 @@ class HasJoinedForm extends Model {
} }
$joinModel->delete(); $joinModel->delete();
/** @var Account $account */
$account = $joinModel->getAccount(); $account = $joinModel->getAccount();
if ($account === null) { Assert::notNull($account);
throw new ErrorException('Account must exists');
}
Session::info("User with username = '{$username}' successfully verified by server with server_id = '{$serverId}'."); Session::info("User with username = '{$username}' successfully verified by server with server_id = '{$serverId}'.");
Yii::$app->statsd->inc('sessionserver.hasJoined.success'); Yii::$app->statsd->inc('sessionserver.hasJoined.success');

47
api/modules/session/models/JoinForm.php
View File

@ -1,4 +1,6 @@
<?php <?php
declare(strict_types=1);
namespace api\modules\session\models; namespace api\modules\session\models;
use api\modules\session\exceptions\ForbiddenOperationException; use api\modules\session\exceptions\ForbiddenOperationException;
@ -11,8 +13,8 @@ use common\helpers\StringHelper;
use common\models\Account; use common\models\Account;
use common\models\MinecraftAccessKey; use common\models\MinecraftAccessKey;
use Ramsey\Uuid\Uuid; use Ramsey\Uuid\Uuid;
use Webmozart\Assert\Assert;
use Yii; use Yii;
use yii\base\ErrorException;
use yii\base\Model; use yii\base\Model;
use yii\web\UnauthorizedHttpException; use yii\web\UnauthorizedHttpException;
@ -35,15 +37,14 @@ class JoinForm extends Model {
private $protocol; private $protocol;
public function __construct(JoinInterface $protocol, array $config = []) { public function __construct(JoinInterface $protocol, array $config = []) {
parent::__construct($config);
$this->protocol = $protocol; $this->protocol = $protocol;
$this->accessToken = $protocol->getAccessToken(); $this->accessToken = $protocol->getAccessToken();
$this->selectedProfile = $protocol->getSelectedProfile(); $this->selectedProfile = $protocol->getSelectedProfile();
$this->serverId = $protocol->getServerId(); $this->serverId = $protocol->getServerId();
parent::__construct($config);
} }
public function rules() { public function rules(): array {
return [ return [
[['accessToken', 'serverId'], RequiredValidator::class], [['accessToken', 'serverId'], RequiredValidator::class],
[['accessToken', 'selectedProfile'], 'validateUuid'], [['accessToken', 'selectedProfile'], 'validateUuid'],
@ -51,7 +52,12 @@ class JoinForm extends Model {
]; ];
} }
public function join() { /**
* @return bool
* @throws IllegalArgumentException
* @throws ForbiddenOperationException
*/
public function join(): bool {
$serverId = $this->serverId; $serverId = $this->serverId;
$accessToken = $this->accessToken; $accessToken = $this->accessToken;
Session::info("User with access_token = '{$accessToken}' trying join to server with server_id = '{$serverId}'."); Session::info("User with access_token = '{$accessToken}' trying join to server with server_id = '{$serverId}'.");
@ -62,9 +68,7 @@ class JoinForm extends Model {
$account = $this->getAccount(); $account = $this->getAccount();
$sessionModel = new SessionModel($account->username, $serverId); $sessionModel = new SessionModel($account->username, $serverId);
if (!$sessionModel->save()) { Assert::true($sessionModel->save());
throw new ErrorException('Cannot save join session model');
}
Session::info("User with access_token = '{$accessToken}' and nickname = '{$account->username}' successfully joined to server_id = '{$serverId}'."); Session::info("User with access_token = '{$accessToken}' and nickname = '{$account->username}' successfully joined to server_id = '{$serverId}'.");
Yii::$app->statsd->inc('sessionserver.join.success'); Yii::$app->statsd->inc('sessionserver.join.success');
@ -72,7 +76,14 @@ class JoinForm extends Model {
return true; return true;
} }
public function validate($attributeNames = null, $clearErrors = true) { /**
* @param string $attributeNames
* @param bool $clearErrors
*
* @return bool
* @throws IllegalArgumentException
*/
public function validate($attributeNames = null, $clearErrors = true): bool {
if (!$this->protocol->validate()) { if (!$this->protocol->validate()) {
throw new IllegalArgumentException(); throw new IllegalArgumentException();
} }
@ -80,7 +91,12 @@ class JoinForm extends Model {
return parent::validate($attributeNames, $clearErrors); return parent::validate($attributeNames, $clearErrors);
} }
public function validateUuid($attribute) { /**
* @param string $attribute
*
* @throws IllegalArgumentException
*/
public function validateUuid(string $attribute): void {
if ($this->hasErrors($attribute)) { if ($this->hasErrors($attribute)) {
return; return;
} }
@ -91,18 +107,19 @@ class JoinForm extends Model {
} }
/** /**
* @throws \api\modules\session\exceptions\SessionServerException * @throws \api\modules\session\exceptions\ForbiddenOperationException
*/ */
public function validateAccessToken() { public function validateAccessToken(): void {
$accessToken = $this->accessToken; $accessToken = $this->accessToken;
/** @var MinecraftAccessKey|null $accessModel */ /** @var MinecraftAccessKey|null $accessModel */
$accessModel = MinecraftAccessKey::findOne($accessToken); $accessModel = MinecraftAccessKey::findOne(['access_token' => $accessToken]);
if ($accessModel !== null) { if ($accessModel !== null) {
Yii::$app->statsd->inc('sessionserver.authentication.legacy_minecraft_protocol'); Yii::$app->statsd->inc('sessionserver.authentication.legacy_minecraft_protocol');
/** @var MinecraftAccessKey|\api\components\OAuth2\Entities\AccessTokenEntity $accessModel */ /** @var MinecraftAccessKey|\api\components\OAuth2\Entities\AccessTokenEntity $accessModel */
if ($accessModel->isExpired()) { if ($accessModel->isExpired()) {
Session::error("User with access_token = '{$accessToken}' failed join by expired access_token."); Session::error("User with access_token = '{$accessToken}' failed join by expired access_token.");
Yii::$app->statsd->inc('sessionserver.authentication.legacy_minecraft_protocol_token_expired'); Yii::$app->statsd->inc('sessionserver.authentication.legacy_minecraft_protocol_token_expired');
throw new ForbiddenOperationException('Expired access_token.'); throw new ForbiddenOperationException('Expired access_token.');
} }
@ -117,6 +134,7 @@ class JoinForm extends Model {
if ($identity === null) { if ($identity === null) {
Session::error("User with access_token = '{$accessToken}' failed join by wrong access_token."); Session::error("User with access_token = '{$accessToken}' failed join by wrong access_token.");
Yii::$app->statsd->inc('sessionserver.join.fail_wrong_token'); Yii::$app->statsd->inc('sessionserver.join.fail_wrong_token');
throw new ForbiddenOperationException('Invalid access_token.'); throw new ForbiddenOperationException('Invalid access_token.');
} }
@ -124,6 +142,7 @@ class JoinForm extends Model {
if (!Yii::$app->user->can(P::MINECRAFT_SERVER_SESSION)) { if (!Yii::$app->user->can(P::MINECRAFT_SERVER_SESSION)) {
Session::error("User with access_token = '{$accessToken}' doesn't have enough scopes to make join."); Session::error("User with access_token = '{$accessToken}' doesn't have enough scopes to make join.");
Yii::$app->statsd->inc('sessionserver.authentication.oauth2_not_enough_scopes'); Yii::$app->statsd->inc('sessionserver.authentication.oauth2_not_enough_scopes');
throw new ForbiddenOperationException('The token does not have required scope.'); throw new ForbiddenOperationException('The token does not have required scope.');
} }
@ -135,12 +154,14 @@ class JoinForm extends Model {
if ($isUuid && $account->uuid !== $this->normalizeUUID($selectedProfile)) { if ($isUuid && $account->uuid !== $this->normalizeUUID($selectedProfile)) {
Session::error("User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}', but access_token issued to account with id = '{$account->uuid}'."); Session::error("User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}', but access_token issued to account with id = '{$account->uuid}'.");
Yii::$app->statsd->inc('sessionserver.join.fail_uuid_mismatch'); Yii::$app->statsd->inc('sessionserver.join.fail_uuid_mismatch');
throw new ForbiddenOperationException('Wrong selected_profile.'); throw new ForbiddenOperationException('Wrong selected_profile.');
} }
if (!$isUuid && mb_strtolower($account->username) !== mb_strtolower($selectedProfile)) { if (!$isUuid && mb_strtolower($account->username) !== mb_strtolower($selectedProfile)) {
Session::error("User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}', but access_token issued to account with username = '{$account->username}'."); Session::error("User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}', but access_token issued to account with username = '{$account->username}'.");
Yii::$app->statsd->inc('sessionserver.join.fail_username_mismatch'); Yii::$app->statsd->inc('sessionserver.join.fail_username_mismatch');
throw new ForbiddenOperationException('Invalid credentials'); throw new ForbiddenOperationException('Invalid credentials');
} }