accounts/api/modules/session/models/JoinForm.php
Octol1ttle 57d492da8a
Upgrade project to PHP 8.3, add PHPStan, upgrade almost every dependency (#36)
* start updating to PHP 8.3

* taking off!

Co-authored-by: ErickSkrauch <erickskrauch@yandex.ru>
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>

* dropped this

Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>

* migrate to symfonymailer

Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>

* this is so stupid 😭

Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>

* ah, free, at last.

Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>

* oh, Gabriel.

Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>

* now dawns thy reckoning.

Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>

* and thy gore shall GLISTEN before the temples of man.

Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>

* creature of steel.

Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>

* my gratitude upon thee for my freedom.

Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>

* but the crimes thy kind has committed against humanity

Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>

* Upgrade PHP-CS-Fixer and do fix the codebase

* First review round (maybe I have broken something)

* are NOT forgotten.

Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>

* Enable parallel PHP-CS-Fixer runner

* PHPStan level 1

* PHPStan level 2

* PHPStan level 3

* PHPStan level 4

* PHPStan level 5

* Levels 6 and 7 takes too much effort. Generate a baseline and fix them eventually

* Resolve TODO's related to the php-mock

* Drastically reduce baseline size with the Rector

* More code modernization with help of the Rector

* Update GitLab CI

---------

Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
Co-authored-by: ErickSkrauch <erickskrauch@yandex.ru>
2024-12-02 11:10:55 +01:00

165 lines
5.6 KiB
PHP

<?php
declare(strict_types=1);
namespace api\modules\session\models;
use api\modules\session\exceptions\ForbiddenOperationException;
use api\modules\session\exceptions\IllegalArgumentException;
use api\modules\session\models\protocols\JoinInterface;
use api\modules\session\Module as Session;
use api\modules\session\validators\RequiredValidator;
use api\rbac\Permissions as P;
use common\helpers\StringHelper;
use common\models\Account;
use Ramsey\Uuid\Uuid;
use Webmozart\Assert\Assert;
use Yii;
use yii\base\Model;
use yii\web\UnauthorizedHttpException;
class JoinForm extends Model {
public mixed $accessToken = null;
public mixed $selectedProfile = null;
public mixed $serverId = null;
/**
* @var Account|null
*/
private ?Account $account = null;
public function __construct(
private readonly JoinInterface $protocol,
array $config = [],
) {
parent::__construct($config);
$this->accessToken = $this->protocol->getAccessToken();
$this->selectedProfile = $this->protocol->getSelectedProfile();
$this->serverId = $this->protocol->getServerId();
}
public function rules(): array {
return [
[['accessToken', 'serverId'], RequiredValidator::class],
[['accessToken', 'selectedProfile'], $this->validateUuid(...)],
[['accessToken'], $this->validateAccessToken(...)],
];
}
/**
* @throws IllegalArgumentException
* @throws ForbiddenOperationException
*/
public function join(): bool {
$serverId = $this->serverId;
$accessToken = $this->accessToken;
Session::info("User with access_token = '{$accessToken}' trying join to server with server_id = '{$serverId}'.");
Yii::$app->statsd->inc('sessionserver.join.attempt');
if (!$this->validate()) {
return false;
}
$account = $this->account;
$sessionModel = new SessionModel($account->username, $serverId);
Assert::true($sessionModel->save());
Session::info("User with access_token = '{$accessToken}' and nickname = '{$account->username}' successfully joined to server_id = '{$serverId}'.");
Yii::$app->statsd->inc('sessionserver.join.success');
return true;
}
/**
* @param string $attributeNames
* @param bool $clearErrors
*
* @return bool
* @throws IllegalArgumentException
*/
public function validate($attributeNames = null, $clearErrors = true): bool {
if (!$this->protocol->validate()) {
throw new IllegalArgumentException();
}
return parent::validate($attributeNames, $clearErrors);
}
/**
* @param string $attribute
*
* @throws IllegalArgumentException
*/
private function validateUuid(string $attribute): void {
if ($this->hasErrors($attribute)) {
return;
}
if ($this->$attribute === Uuid::NIL) {
throw new IllegalArgumentException();
}
}
/**
* @throws \api\modules\session\exceptions\ForbiddenOperationException
*/
private function validateAccessToken(): void {
$accessToken = $this->accessToken;
try {
$identity = Yii::$app->user->loginByAccessToken($accessToken);
} catch (UnauthorizedHttpException $e) {
if ($e->getMessage() === 'Token expired') {
throw new ForbiddenOperationException('Expired access_token.', 0, $e);
}
$identity = null;
}
if ($identity === null) {
Session::error("User with access_token = '{$accessToken}' failed join by wrong access_token.");
Yii::$app->statsd->inc('sessionserver.join.fail_wrong_token');
throw new ForbiddenOperationException('Invalid access_token.');
}
Yii::$app->statsd->inc('sessionserver.authentication.oauth2');
if (!Yii::$app->user->can(P::MINECRAFT_SERVER_SESSION)) {
Session::error("User with access_token = '{$accessToken}' doesn't have enough scopes to make join.");
Yii::$app->statsd->inc('sessionserver.authentication.oauth2_not_enough_scopes');
throw new ForbiddenOperationException('The token does not have required scope.');
}
/** @var Account $account */
$account = $identity->getAccount();
$selectedProfile = $this->selectedProfile;
$isUuid = StringHelper::isUuid($selectedProfile);
if ($isUuid && $account->uuid !== $this->normalizeUUID($selectedProfile)) {
Session::error("User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}', but access_token issued to account with id = '{$account->uuid}'.");
Yii::$app->statsd->inc('sessionserver.join.fail_uuid_mismatch');
throw new ForbiddenOperationException('Wrong selected_profile.');
}
if (!$isUuid && mb_strtolower($account->username) !== mb_strtolower((string)$selectedProfile)) {
Session::error("User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}', but access_token issued to account with username = '{$account->username}'.");
Yii::$app->statsd->inc('sessionserver.join.fail_username_mismatch');
throw new ForbiddenOperationException('Invalid credentials');
}
if ($account->status === Account::STATUS_DELETED) {
throw new ForbiddenOperationException('Invalid credentials');
}
$this->account = $account;
}
private function normalizeUUID(string $uuid): string {
return Uuid::fromString($uuid)->toString();
}
}