secretkey auth

2 years ago · a4b8fc6a0e
10 changed files with 47 additions and 25 deletions
--- a/src/main/java/app/annotations/exceptions/InvalidSecretKey.java
+++ b/src/main/java/app/annotations/exceptions/InvalidSecretKey.java
@ -0,0 +1,4 @@
+package app.annotations.exceptions;
+
+public class InvalidSecretKey extends RuntimeException{
+}
--- a/src/main/java/app/annotations/impl/WebAccessAspect.java
+++ b/src/main/java/app/annotations/impl/WebAccessAspect.java
@ -1,6 +1,7 @@
 package app.annotations.impl;

 import app.annotations.exceptions.InvalidCookie;
+import app.annotations.exceptions.InvalidSecretKey;
 import app.annotations.exceptions.NeedCookie;
 import app.utils.SaltedCookie;
 import jakarta.servlet.http.HttpServletRequest;
@ -11,17 +12,17 @@ import org.springframework.context.annotation.Configuration;

@Aspect
@Configuration
-public class CookieAspect {
+public class WebAccessAspect {
    SaltedCookie saltedCookie;

    @Autowired
-    public CookieAspect(SaltedCookie saltedCookie) {
+    public WebAccessAspect(SaltedCookie saltedCookie) {
        this.saltedCookie = saltedCookie;
    }

-    @Before("@annotation(app.annotations.interfaces.NeedValidCookie) && args(request,..)")
+    @Before("@annotation(app.annotations.interfaces.CheckWebAccess) && args(request,..)")
    public void before(HttpServletRequest request){
-        System.out.println("check cookie");
+        System.out.println("check web access");
        if(!(request instanceof HttpServletRequest)) {
            throw new RuntimeException("cannot read cookie from invalid request");
        }
@ -32,9 +33,10 @@ public class CookieAspect {
        String[] rawCookieParams = request.getHeader("Cookie").split(";");
        String steam64 = "";
        String steam64_secured = "";
+        String secret_key = "";

        for(String rawCookie: rawCookieParams) {
-            if(!steam64.isEmpty() && !steam64_secured.isEmpty()) {
+            if((!steam64.isEmpty() && !steam64_secured.isEmpty() || (!steam64.isEmpty() && !secret_key.isEmpty()))) {
                break;
            }
            if(rawCookie.contains("steam64=")) {
@ -45,6 +47,19 @@ public class CookieAspect {
                steam64_secured = rawCookie.split("=")[1];
                continue;
            }
+            if(rawCookie.contains("secretkey=")) {
+                secret_key = rawCookie.split("=")[1];
+                continue;
+            }
+        }
+
+        if (!secret_key.isEmpty() && !steam64.isEmpty()) {
+            if (saltedCookie.ValidateSecretKey(secret_key)) {
+                System.out.println("used secret key");
+                return;
+            } else {
+                throw new InvalidSecretKey();
+            }
        }

        if (steam64.isEmpty() || steam64_secured.isEmpty()) {
--- a/src/main/java/app/annotations/interfaces/NeedValidCookie.java
+++ b/src/main/java/app/annotations/interfaces/NeedValidCookie.java
@ -7,5 +7,5 @@ import java.lang.annotation.Target;

@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
-public @interface NeedValidCookie {
+public @interface CheckWebAccess {
 }
--- a/src/main/java/app/controllers/admin/BanController.java
+++ b/src/main/java/app/controllers/admin/BanController.java
@ -1,9 +1,7 @@
 package app.controllers.admin;

 import app.annotations.interfaces.CheckPermitionFlag;
-import app.annotations.interfaces.NeedValidCookie;
-import app.entities.db.Ban;
-import app.entities.other.SteamID;
+import app.annotations.interfaces.CheckWebAccess;
 import app.services.ProfileService;
 import app.services.db.BanService;
 import app.services.db.PermitionService;
@ -33,7 +31,7 @@ public class BanController {
    }

    @PostMapping
-    @NeedValidCookie
+    @CheckWebAccess
    @CheckPermitionFlag(flag = "d")
    public ResponseEntity banPlayer(
            HttpServletRequest request,
@ -51,7 +49,7 @@ public class BanController {
    }

    @DeleteMapping
-    @NeedValidCookie
+    @CheckWebAccess
    @CheckPermitionFlag(flag = "e")
    public ResponseEntity unbanPlayer(
            HttpServletRequest request,
--- a/src/main/java/app/controllers/admin/KickController.java
+++ b/src/main/java/app/controllers/admin/KickController.java
@ -1,7 +1,7 @@
 package app.controllers.admin;

 import app.annotations.interfaces.CheckPermitionFlag;
-import app.annotations.interfaces.NeedValidCookie;
+import app.annotations.interfaces.CheckWebAccess;
 import app.services.ProfileService;
 import app.services.ServerService;
 import app.services.db.BanService;
@ -28,7 +28,7 @@ public class KickController {
    }

    @PostMapping
-    @NeedValidCookie
+    @CheckWebAccess
    @CheckPermitionFlag(flag = "c")
    public ResponseEntity kickPlayer(
            HttpServletRequest request,
--- a/src/main/java/app/controllers/admin/RconController.java
+++ b/src/main/java/app/controllers/admin/RconController.java
@ -1,7 +1,7 @@
 package app.controllers.admin;

 import app.annotations.interfaces.CheckPermitionFlag;
-import app.annotations.interfaces.NeedValidCookie;
+import app.annotations.interfaces.CheckWebAccess;
 import app.services.StatsService;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
@ -21,7 +21,7 @@ public class RconController {
    }

    @PostMapping
-    @NeedValidCookie
+    @CheckWebAccess
    @CheckPermitionFlag(flag = "m")
    public ResponseEntity<String> rcon(HttpServletRequest request,
                                       @RequestParam String srv,
--- a/src/main/java/app/controllers/user/DetailController.java
+++ b/src/main/java/app/controllers/user/DetailController.java
@ -1,7 +1,7 @@
 package app.controllers.user;

 import app.annotations.interfaces.CheckPermitionFlag;
-import app.annotations.interfaces.NeedValidCookie;
+import app.annotations.interfaces.CheckWebAccess;
 import app.entities.other.SteamID;
 import app.services.ProfileService;
 import jakarta.servlet.http.HttpServletRequest;
@ -24,7 +24,7 @@ public class DetailController {
    }

    @GetMapping
-    @NeedValidCookie
+    @CheckWebAccess
    @CheckPermitionFlag(flag = "z")
    public ResponseEntity GetUser(HttpServletRequest request,
                                  @RequestParam String steam64) {
@ -32,7 +32,7 @@ public class DetailController {
    }

    @GetMapping("/steam")
-    @NeedValidCookie
+    @CheckWebAccess
    @CheckPermitionFlag(flag = "z")
    public ResponseEntity<SteamID> GetSteam(HttpServletRequest request,
                                            @RequestParam String any) {
--- a/src/main/java/app/controllers/user/ProfileController.java
+++ b/src/main/java/app/controllers/user/ProfileController.java
@ -1,13 +1,10 @@
 package app.controllers.user;

-import app.annotations.interfaces.CheckPermitionFlag;
-import app.annotations.interfaces.NeedValidCookie;
+import app.annotations.interfaces.CheckWebAccess;
 import app.entities.SocialAuth;
-import app.entities.other.SteamID;
 import app.services.ProfileService;
 import app.services.ReportService;
 import app.services.db.FreeVIPService;
-import app.utils.SaltedCookie;
 import app.utils.SteamIDConverter;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
@ -32,7 +29,7 @@ public class ProfileController {
    }

    @GetMapping
-    @NeedValidCookie
+    @CheckWebAccess
    public ResponseEntity GetCurrentUser(HttpServletRequest request,
                                         @CookieValue(value = "steam64", defaultValue = "") String steam64,
                                         @RequestParam(value = "requests", defaultValue = "") String requests
@ -45,7 +42,7 @@ public class ProfileController {
    }

    @PostMapping("/freevip")
-    @NeedValidCookie
+    @CheckWebAccess
    public ResponseEntity GetFreeVIP(HttpServletRequest request,
                                     @CookieValue(value = "steam64", defaultValue = "") String steam64,
                                     SocialAuth socialAuth) {
@ -57,7 +54,7 @@ public class ProfileController {
    }

    @PostMapping("/report")
-    @NeedValidCookie
+    @CheckWebAccess
    public ResponseEntity<Long> ReportUser(HttpServletRequest request,
                                              @CookieValue(value = "steam64", defaultValue = "") String steam64,
                                              @RequestParam(value = "steam64", defaultValue = "") String reported_steam64,
--- a/src/main/java/app/utils/SaltedCookie.java
+++ b/src/main/java/app/utils/SaltedCookie.java
@ -9,6 +9,9 @@ public class SaltedCookie {
    @Value("${backend.auth.salt}")
    private String salt;

+    @Value("${backend.secret_key}")
+    private String secret_key;
+
    public String Hashed(String value) {
        return DigestUtils.md5DigestAsHex(String.format("%s+%s", value, salt).getBytes());
    }
@ -20,4 +23,8 @@ public class SaltedCookie {
    public boolean Validate(Long value, String hashed_value) {
        return Validate(value.toString(), hashed_value);
    }
+
+    public boolean ValidateSecretKey(String secret_key) {
+        return this.secret_key.equals(secret_key);
+    }
 }
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@ -24,6 +24,7 @@ org:
      enabled: true

 backend:
+  secret_key: ${SECRET_KEY}
  servers_file: ${SERVERS_FILE}
  geoip_file: ${GEOIP_FILE}
  updates: