diff --git a/src/main/java/app/annotations/exceptions/InvalidSecretKey.java b/src/main/java/app/annotations/exceptions/InvalidSecretKey.java
new file mode 100644
index 0000000..594b8f6
--- /dev/null
+++ b/src/main/java/app/annotations/exceptions/InvalidSecretKey.java
@@ -0,0 +1,4 @@
+package app.annotations.exceptions;
+
+public class InvalidSecretKey extends RuntimeException{
+}
diff --git a/src/main/java/app/annotations/impl/CookieAspect.java b/src/main/java/app/annotations/impl/WebAccessAspect.java
similarity index 64%
rename from src/main/java/app/annotations/impl/CookieAspect.java
rename to src/main/java/app/annotations/impl/WebAccessAspect.java
index ee34183..e3753ac 100644
--- a/src/main/java/app/annotations/impl/CookieAspect.java
+++ b/src/main/java/app/annotations/impl/WebAccessAspect.java
@@ -1,6 +1,7 @@
package app.annotations.impl;
import app.annotations.exceptions.InvalidCookie;
+import app.annotations.exceptions.InvalidSecretKey;
import app.annotations.exceptions.NeedCookie;
import app.utils.SaltedCookie;
import jakarta.servlet.http.HttpServletRequest;
@@ -11,17 +12,17 @@ import org.springframework.context.annotation.Configuration;
@Aspect
@Configuration
-public class CookieAspect {
+public class WebAccessAspect {
SaltedCookie saltedCookie;
@Autowired
- public CookieAspect(SaltedCookie saltedCookie) {
+ public WebAccessAspect(SaltedCookie saltedCookie) {
this.saltedCookie = saltedCookie;
}
- @Before("@annotation(app.annotations.interfaces.NeedValidCookie) && args(request,..)")
+ @Before("@annotation(app.annotations.interfaces.CheckWebAccess) && args(request,..)")
public void before(HttpServletRequest request){
- System.out.println("check cookie");
+ System.out.println("check web access");
if(!(request instanceof HttpServletRequest)) {
throw new RuntimeException("cannot read cookie from invalid request");
}
@@ -32,9 +33,10 @@ public class CookieAspect {
String[] rawCookieParams = request.getHeader("Cookie").split(";");
String steam64 = "";
String steam64_secured = "";
+ String secret_key = "";
for(String rawCookie: rawCookieParams) {
- if(!steam64.isEmpty() && !steam64_secured.isEmpty()) {
+ if((!steam64.isEmpty() && !steam64_secured.isEmpty() || (!steam64.isEmpty() && !secret_key.isEmpty()))) {
break;
}
if(rawCookie.contains("steam64=")) {
@@ -45,6 +47,19 @@ public class CookieAspect {
steam64_secured = rawCookie.split("=")[1];
continue;
}
+ if(rawCookie.contains("secretkey=")) {
+ secret_key = rawCookie.split("=")[1];
+ continue;
+ }
+ }
+
+ if (!secret_key.isEmpty() && !steam64.isEmpty()) {
+ if (saltedCookie.ValidateSecretKey(secret_key)) {
+ System.out.println("used secret key");
+ return;
+ } else {
+ throw new InvalidSecretKey();
+ }
}
if (steam64.isEmpty() || steam64_secured.isEmpty()) {
diff --git a/src/main/java/app/annotations/interfaces/NeedValidCookie.java b/src/main/java/app/annotations/interfaces/CheckWebAccess.java
similarity index 88%
rename from src/main/java/app/annotations/interfaces/NeedValidCookie.java
rename to src/main/java/app/annotations/interfaces/CheckWebAccess.java
index 326dcae..621a2f1 100644
--- a/src/main/java/app/annotations/interfaces/NeedValidCookie.java
+++ b/src/main/java/app/annotations/interfaces/CheckWebAccess.java
@@ -7,5 +7,5 @@ import java.lang.annotation.Target;
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
-public @interface NeedValidCookie {
+public @interface CheckWebAccess {
}
diff --git a/src/main/java/app/controllers/admin/BanController.java b/src/main/java/app/controllers/admin/BanController.java
index d2d0efe..a6891d2 100644
--- a/src/main/java/app/controllers/admin/BanController.java
+++ b/src/main/java/app/controllers/admin/BanController.java
@@ -1,9 +1,7 @@
package app.controllers.admin;
import app.annotations.interfaces.CheckPermitionFlag;
-import app.annotations.interfaces.NeedValidCookie;
-import app.entities.db.Ban;
-import app.entities.other.SteamID;
+import app.annotations.interfaces.CheckWebAccess;
import app.services.ProfileService;
import app.services.db.BanService;
import app.services.db.PermitionService;
@@ -33,7 +31,7 @@ public class BanController {
}
@PostMapping
- @NeedValidCookie
+ @CheckWebAccess
@CheckPermitionFlag(flag = "d")
public ResponseEntity banPlayer(
HttpServletRequest request,
@@ -51,7 +49,7 @@ public class BanController {
}
@DeleteMapping
- @NeedValidCookie
+ @CheckWebAccess
@CheckPermitionFlag(flag = "e")
public ResponseEntity unbanPlayer(
HttpServletRequest request,
diff --git a/src/main/java/app/controllers/admin/KickController.java b/src/main/java/app/controllers/admin/KickController.java
index 2b9c19f..186b3a0 100644
--- a/src/main/java/app/controllers/admin/KickController.java
+++ b/src/main/java/app/controllers/admin/KickController.java
@@ -1,7 +1,7 @@
package app.controllers.admin;
import app.annotations.interfaces.CheckPermitionFlag;
-import app.annotations.interfaces.NeedValidCookie;
+import app.annotations.interfaces.CheckWebAccess;
import app.services.ProfileService;
import app.services.ServerService;
import app.services.db.BanService;
@@ -28,7 +28,7 @@ public class KickController {
}
@PostMapping
- @NeedValidCookie
+ @CheckWebAccess
@CheckPermitionFlag(flag = "c")
public ResponseEntity kickPlayer(
HttpServletRequest request,
diff --git a/src/main/java/app/controllers/admin/RconController.java b/src/main/java/app/controllers/admin/RconController.java
index c763cf6..bc48f48 100644
--- a/src/main/java/app/controllers/admin/RconController.java
+++ b/src/main/java/app/controllers/admin/RconController.java
@@ -1,7 +1,7 @@
package app.controllers.admin;
import app.annotations.interfaces.CheckPermitionFlag;
-import app.annotations.interfaces.NeedValidCookie;
+import app.annotations.interfaces.CheckWebAccess;
import app.services.StatsService;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
@@ -21,7 +21,7 @@ public class RconController {
}
@PostMapping
- @NeedValidCookie
+ @CheckWebAccess
@CheckPermitionFlag(flag = "m")
public ResponseEntity<String> rcon(HttpServletRequest request,
@RequestParam String srv,
diff --git a/src/main/java/app/controllers/user/DetailController.java b/src/main/java/app/controllers/user/DetailController.java
index 518e8e0..1c44e74 100644
--- a/src/main/java/app/controllers/user/DetailController.java
+++ b/src/main/java/app/controllers/user/DetailController.java
@@ -1,7 +1,7 @@
package app.controllers.user;
import app.annotations.interfaces.CheckPermitionFlag;
-import app.annotations.interfaces.NeedValidCookie;
+import app.annotations.interfaces.CheckWebAccess;
import app.entities.other.SteamID;
import app.services.ProfileService;
import jakarta.servlet.http.HttpServletRequest;
@@ -24,7 +24,7 @@ public class DetailController {
}
@GetMapping
- @NeedValidCookie
+ @CheckWebAccess
@CheckPermitionFlag(flag = "z")
public ResponseEntity GetUser(HttpServletRequest request,
@RequestParam String steam64) {
@@ -32,7 +32,7 @@ public class DetailController {
}
@GetMapping("/steam")
- @NeedValidCookie
+ @CheckWebAccess
@CheckPermitionFlag(flag = "z")
public ResponseEntity<SteamID> GetSteam(HttpServletRequest request,
@RequestParam String any) {
diff --git a/src/main/java/app/controllers/user/ProfileController.java b/src/main/java/app/controllers/user/ProfileController.java
index 052b45e..9700160 100644
--- a/src/main/java/app/controllers/user/ProfileController.java
+++ b/src/main/java/app/controllers/user/ProfileController.java
@@ -1,13 +1,10 @@
package app.controllers.user;
-import app.annotations.interfaces.CheckPermitionFlag;
-import app.annotations.interfaces.NeedValidCookie;
+import app.annotations.interfaces.CheckWebAccess;
import app.entities.SocialAuth;
-import app.entities.other.SteamID;
import app.services.ProfileService;
import app.services.ReportService;
import app.services.db.FreeVIPService;
-import app.utils.SaltedCookie;
import app.utils.SteamIDConverter;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
@@ -32,7 +29,7 @@ public class ProfileController {
}
@GetMapping
- @NeedValidCookie
+ @CheckWebAccess
public ResponseEntity GetCurrentUser(HttpServletRequest request,
@CookieValue(value = "steam64", defaultValue = "") String steam64,
@RequestParam(value = "requests", defaultValue = "") String requests
@@ -45,7 +42,7 @@ public class ProfileController {
}
@PostMapping("/freevip")
- @NeedValidCookie
+ @CheckWebAccess
public ResponseEntity GetFreeVIP(HttpServletRequest request,
@CookieValue(value = "steam64", defaultValue = "") String steam64,
SocialAuth socialAuth) {
@@ -57,7 +54,7 @@ public class ProfileController {
}
@PostMapping("/report")
- @NeedValidCookie
+ @CheckWebAccess
public ResponseEntity<Long> ReportUser(HttpServletRequest request,
@CookieValue(value = "steam64", defaultValue = "") String steam64,
@RequestParam(value = "steam64", defaultValue = "") String reported_steam64,
diff --git a/src/main/java/app/utils/SaltedCookie.java b/src/main/java/app/utils/SaltedCookie.java
index 46d4859..36a9bd0 100644
--- a/src/main/java/app/utils/SaltedCookie.java
+++ b/src/main/java/app/utils/SaltedCookie.java
@@ -9,6 +9,9 @@ public class SaltedCookie {
@Value("${backend.auth.salt}")
private String salt;
+ @Value("${backend.secret_key}")
+ private String secret_key;
+
public String Hashed(String value) {
return DigestUtils.md5DigestAsHex(String.format("%s+%s", value, salt).getBytes());
}
@@ -20,4 +23,8 @@ public class SaltedCookie {
public boolean Validate(Long value, String hashed_value) {
return Validate(value.toString(), hashed_value);
}
+
+ public boolean ValidateSecretKey(String secret_key) {
+ return this.secret_key.equals(secret_key);
+ }
}
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index 9cb9f29..aa472bb 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -24,6 +24,7 @@ org:
enabled: true
backend:
+ secret_key: ${SECRET_KEY}
servers_file: ${SERVERS_FILE}
geoip_file: ${GEOIP_FILE}
updates: