mirror of
https://github.com/elyby/accounts.git
synced 2024-12-24 22:29:51 +05:30
57d492da8a
* start updating to PHP 8.3
* taking off!
Co-authored-by: ErickSkrauch <erickskrauch@yandex.ru>
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
* dropped this
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
* migrate to symfonymailer
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
* this is so stupid 😭
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
* ah, free, at last.
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
* oh, Gabriel.
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
* now dawns thy reckoning.
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
* and thy gore shall GLISTEN before the temples of man.
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
* creature of steel.
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
* my gratitude upon thee for my freedom.
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
* but the crimes thy kind has committed against humanity
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
* Upgrade PHP-CS-Fixer and do fix the codebase
* First review round (maybe I have broken something)
* are NOT forgotten.
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
* Enable parallel PHP-CS-Fixer runner
* PHPStan level 1
* PHPStan level 2
* PHPStan level 3
* PHPStan level 4
* PHPStan level 5
* Levels 6 and 7 takes too much effort. Generate a baseline and fix them eventually
* Resolve TODO's related to the php-mock
* Drastically reduce baseline size with the Rector
* More code modernization with help of the Rector
* Update GitLab CI
---------
Signed-off-by: Octol1ttle <l1ttleofficial@outlook.com>
Co-authored-by: ErickSkrauch <erickskrauch@yandex.ru>
165 lines
5.6 KiB
PHP
165 lines
5.6 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace api\modules\session\models;
|
|
|
|
use api\modules\session\exceptions\ForbiddenOperationException;
|
|
use api\modules\session\exceptions\IllegalArgumentException;
|
|
use api\modules\session\models\protocols\JoinInterface;
|
|
use api\modules\session\Module as Session;
|
|
use api\modules\session\validators\RequiredValidator;
|
|
use api\rbac\Permissions as P;
|
|
use common\helpers\StringHelper;
|
|
use common\models\Account;
|
|
use Ramsey\Uuid\Uuid;
|
|
use Webmozart\Assert\Assert;
|
|
use Yii;
|
|
use yii\base\Model;
|
|
use yii\web\UnauthorizedHttpException;
|
|
|
|
class JoinForm extends Model {
|
|
|
|
public mixed $accessToken = null;
|
|
|
|
public mixed $selectedProfile = null;
|
|
|
|
public mixed $serverId = null;
|
|
|
|
/**
|
|
* @var Account|null
|
|
*/
|
|
private ?Account $account = null;
|
|
|
|
public function __construct(
|
|
private readonly JoinInterface $protocol,
|
|
array $config = [],
|
|
) {
|
|
parent::__construct($config);
|
|
$this->accessToken = $this->protocol->getAccessToken();
|
|
$this->selectedProfile = $this->protocol->getSelectedProfile();
|
|
$this->serverId = $this->protocol->getServerId();
|
|
}
|
|
|
|
public function rules(): array {
|
|
return [
|
|
[['accessToken', 'serverId'], RequiredValidator::class],
|
|
[['accessToken', 'selectedProfile'], $this->validateUuid(...)],
|
|
[['accessToken'], $this->validateAccessToken(...)],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @throws IllegalArgumentException
|
|
* @throws ForbiddenOperationException
|
|
*/
|
|
public function join(): bool {
|
|
$serverId = $this->serverId;
|
|
$accessToken = $this->accessToken;
|
|
Session::info("User with access_token = '{$accessToken}' trying join to server with server_id = '{$serverId}'.");
|
|
Yii::$app->statsd->inc('sessionserver.join.attempt');
|
|
if (!$this->validate()) {
|
|
return false;
|
|
}
|
|
|
|
$account = $this->account;
|
|
$sessionModel = new SessionModel($account->username, $serverId);
|
|
Assert::true($sessionModel->save());
|
|
|
|
Session::info("User with access_token = '{$accessToken}' and nickname = '{$account->username}' successfully joined to server_id = '{$serverId}'.");
|
|
Yii::$app->statsd->inc('sessionserver.join.success');
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* @param string $attributeNames
|
|
* @param bool $clearErrors
|
|
*
|
|
* @return bool
|
|
* @throws IllegalArgumentException
|
|
*/
|
|
public function validate($attributeNames = null, $clearErrors = true): bool {
|
|
if (!$this->protocol->validate()) {
|
|
throw new IllegalArgumentException();
|
|
}
|
|
|
|
return parent::validate($attributeNames, $clearErrors);
|
|
}
|
|
|
|
/**
|
|
* @param string $attribute
|
|
*
|
|
* @throws IllegalArgumentException
|
|
*/
|
|
private function validateUuid(string $attribute): void {
|
|
if ($this->hasErrors($attribute)) {
|
|
return;
|
|
}
|
|
|
|
if ($this->$attribute === Uuid::NIL) {
|
|
throw new IllegalArgumentException();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws \api\modules\session\exceptions\ForbiddenOperationException
|
|
*/
|
|
private function validateAccessToken(): void {
|
|
$accessToken = $this->accessToken;
|
|
try {
|
|
$identity = Yii::$app->user->loginByAccessToken($accessToken);
|
|
} catch (UnauthorizedHttpException $e) {
|
|
if ($e->getMessage() === 'Token expired') {
|
|
throw new ForbiddenOperationException('Expired access_token.', 0, $e);
|
|
}
|
|
|
|
$identity = null;
|
|
}
|
|
|
|
if ($identity === null) {
|
|
Session::error("User with access_token = '{$accessToken}' failed join by wrong access_token.");
|
|
Yii::$app->statsd->inc('sessionserver.join.fail_wrong_token');
|
|
|
|
throw new ForbiddenOperationException('Invalid access_token.');
|
|
}
|
|
|
|
Yii::$app->statsd->inc('sessionserver.authentication.oauth2');
|
|
if (!Yii::$app->user->can(P::MINECRAFT_SERVER_SESSION)) {
|
|
Session::error("User with access_token = '{$accessToken}' doesn't have enough scopes to make join.");
|
|
Yii::$app->statsd->inc('sessionserver.authentication.oauth2_not_enough_scopes');
|
|
|
|
throw new ForbiddenOperationException('The token does not have required scope.');
|
|
}
|
|
|
|
/** @var Account $account */
|
|
$account = $identity->getAccount();
|
|
|
|
$selectedProfile = $this->selectedProfile;
|
|
$isUuid = StringHelper::isUuid($selectedProfile);
|
|
if ($isUuid && $account->uuid !== $this->normalizeUUID($selectedProfile)) {
|
|
Session::error("User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}', but access_token issued to account with id = '{$account->uuid}'.");
|
|
Yii::$app->statsd->inc('sessionserver.join.fail_uuid_mismatch');
|
|
|
|
throw new ForbiddenOperationException('Wrong selected_profile.');
|
|
}
|
|
|
|
if (!$isUuid && mb_strtolower($account->username) !== mb_strtolower((string)$selectedProfile)) {
|
|
Session::error("User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}', but access_token issued to account with username = '{$account->username}'.");
|
|
Yii::$app->statsd->inc('sessionserver.join.fail_username_mismatch');
|
|
|
|
throw new ForbiddenOperationException('Invalid credentials');
|
|
}
|
|
|
|
if ($account->status === Account::STATUS_DELETED) {
|
|
throw new ForbiddenOperationException('Invalid credentials');
|
|
}
|
|
|
|
$this->account = $account;
|
|
}
|
|
|
|
private function normalizeUUID(string $uuid): string {
|
|
return Uuid::fromString($uuid)->toString();
|
|
}
|
|
|
|
}
|