From a4b8fc6a0e25baea65d6b6357c4083afaf239ad8 Mon Sep 17 00:00:00 2001 From: gsd Date: Wed, 1 Mar 2023 15:44:17 +0300 Subject: [PATCH] secretkey auth --- .../exceptions/InvalidSecretKey.java | 4 +++ ...CookieAspect.java => WebAccessAspect.java} | 25 +++++++++++++++---- ...edValidCookie.java => CheckWebAccess.java} | 2 +- .../app/controllers/admin/BanController.java | 8 +++--- .../app/controllers/admin/KickController.java | 4 +-- .../app/controllers/admin/RconController.java | 4 +-- .../controllers/user/DetailController.java | 6 ++--- .../controllers/user/ProfileController.java | 11 +++----- src/main/java/app/utils/SaltedCookie.java | 7 ++++++ src/main/resources/application.yaml | 1 + 10 files changed, 47 insertions(+), 25 deletions(-) create mode 100644 src/main/java/app/annotations/exceptions/InvalidSecretKey.java rename src/main/java/app/annotations/impl/{CookieAspect.java => WebAccessAspect.java} (64%) rename src/main/java/app/annotations/interfaces/{NeedValidCookie.java => CheckWebAccess.java} (88%) diff --git a/src/main/java/app/annotations/exceptions/InvalidSecretKey.java b/src/main/java/app/annotations/exceptions/InvalidSecretKey.java new file mode 100644 index 0000000..594b8f6 --- /dev/null +++ b/src/main/java/app/annotations/exceptions/InvalidSecretKey.java @@ -0,0 +1,4 @@ +package app.annotations.exceptions; + +public class InvalidSecretKey extends RuntimeException{ +} diff --git a/src/main/java/app/annotations/impl/CookieAspect.java b/src/main/java/app/annotations/impl/WebAccessAspect.java similarity index 64% rename from src/main/java/app/annotations/impl/CookieAspect.java rename to src/main/java/app/annotations/impl/WebAccessAspect.java index ee34183..e3753ac 100644 --- a/src/main/java/app/annotations/impl/CookieAspect.java +++ b/src/main/java/app/annotations/impl/WebAccessAspect.java @@ -1,6 +1,7 @@ package app.annotations.impl; import app.annotations.exceptions.InvalidCookie; +import app.annotations.exceptions.InvalidSecretKey; import app.annotations.exceptions.NeedCookie; import app.utils.SaltedCookie; import jakarta.servlet.http.HttpServletRequest; @@ -11,17 +12,17 @@ import org.springframework.context.annotation.Configuration; @Aspect @Configuration -public class CookieAspect { +public class WebAccessAspect { SaltedCookie saltedCookie; @Autowired - public CookieAspect(SaltedCookie saltedCookie) { + public WebAccessAspect(SaltedCookie saltedCookie) { this.saltedCookie = saltedCookie; } - @Before("@annotation(app.annotations.interfaces.NeedValidCookie) && args(request,..)") + @Before("@annotation(app.annotations.interfaces.CheckWebAccess) && args(request,..)") public void before(HttpServletRequest request){ - System.out.println("check cookie"); + System.out.println("check web access"); if(!(request instanceof HttpServletRequest)) { throw new RuntimeException("cannot read cookie from invalid request"); } @@ -32,9 +33,10 @@ public class CookieAspect { String[] rawCookieParams = request.getHeader("Cookie").split(";"); String steam64 = ""; String steam64_secured = ""; + String secret_key = ""; for(String rawCookie: rawCookieParams) { - if(!steam64.isEmpty() && !steam64_secured.isEmpty()) { + if((!steam64.isEmpty() && !steam64_secured.isEmpty() || (!steam64.isEmpty() && !secret_key.isEmpty()))) { break; } if(rawCookie.contains("steam64=")) { @@ -45,6 +47,19 @@ public class CookieAspect { steam64_secured = rawCookie.split("=")[1]; continue; } + if(rawCookie.contains("secretkey=")) { + secret_key = rawCookie.split("=")[1]; + continue; + } + } + + if (!secret_key.isEmpty() && !steam64.isEmpty()) { + if (saltedCookie.ValidateSecretKey(secret_key)) { + System.out.println("used secret key"); + return; + } else { + throw new InvalidSecretKey(); + } } if (steam64.isEmpty() || steam64_secured.isEmpty()) { diff --git a/src/main/java/app/annotations/interfaces/NeedValidCookie.java b/src/main/java/app/annotations/interfaces/CheckWebAccess.java similarity index 88% rename from src/main/java/app/annotations/interfaces/NeedValidCookie.java rename to src/main/java/app/annotations/interfaces/CheckWebAccess.java index 326dcae..621a2f1 100644 --- a/src/main/java/app/annotations/interfaces/NeedValidCookie.java +++ b/src/main/java/app/annotations/interfaces/CheckWebAccess.java @@ -7,5 +7,5 @@ import java.lang.annotation.Target; @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) -public @interface NeedValidCookie { +public @interface CheckWebAccess { } diff --git a/src/main/java/app/controllers/admin/BanController.java b/src/main/java/app/controllers/admin/BanController.java index d2d0efe..a6891d2 100644 --- a/src/main/java/app/controllers/admin/BanController.java +++ b/src/main/java/app/controllers/admin/BanController.java @@ -1,9 +1,7 @@ package app.controllers.admin; import app.annotations.interfaces.CheckPermitionFlag; -import app.annotations.interfaces.NeedValidCookie; -import app.entities.db.Ban; -import app.entities.other.SteamID; +import app.annotations.interfaces.CheckWebAccess; import app.services.ProfileService; import app.services.db.BanService; import app.services.db.PermitionService; @@ -33,7 +31,7 @@ public class BanController { } @PostMapping - @NeedValidCookie + @CheckWebAccess @CheckPermitionFlag(flag = "d") public ResponseEntity banPlayer( HttpServletRequest request, @@ -51,7 +49,7 @@ public class BanController { } @DeleteMapping - @NeedValidCookie + @CheckWebAccess @CheckPermitionFlag(flag = "e") public ResponseEntity unbanPlayer( HttpServletRequest request, diff --git a/src/main/java/app/controllers/admin/KickController.java b/src/main/java/app/controllers/admin/KickController.java index 2b9c19f..186b3a0 100644 --- a/src/main/java/app/controllers/admin/KickController.java +++ b/src/main/java/app/controllers/admin/KickController.java @@ -1,7 +1,7 @@ package app.controllers.admin; import app.annotations.interfaces.CheckPermitionFlag; -import app.annotations.interfaces.NeedValidCookie; +import app.annotations.interfaces.CheckWebAccess; import app.services.ProfileService; import app.services.ServerService; import app.services.db.BanService; @@ -28,7 +28,7 @@ public class KickController { } @PostMapping - @NeedValidCookie + @CheckWebAccess @CheckPermitionFlag(flag = "c") public ResponseEntity kickPlayer( HttpServletRequest request, diff --git a/src/main/java/app/controllers/admin/RconController.java b/src/main/java/app/controllers/admin/RconController.java index c763cf6..bc48f48 100644 --- a/src/main/java/app/controllers/admin/RconController.java +++ b/src/main/java/app/controllers/admin/RconController.java @@ -1,7 +1,7 @@ package app.controllers.admin; import app.annotations.interfaces.CheckPermitionFlag; -import app.annotations.interfaces.NeedValidCookie; +import app.annotations.interfaces.CheckWebAccess; import app.services.StatsService; import jakarta.servlet.http.HttpServletRequest; import org.springframework.beans.factory.annotation.Autowired; @@ -21,7 +21,7 @@ public class RconController { } @PostMapping - @NeedValidCookie + @CheckWebAccess @CheckPermitionFlag(flag = "m") public ResponseEntity rcon(HttpServletRequest request, @RequestParam String srv, diff --git a/src/main/java/app/controllers/user/DetailController.java b/src/main/java/app/controllers/user/DetailController.java index 518e8e0..1c44e74 100644 --- a/src/main/java/app/controllers/user/DetailController.java +++ b/src/main/java/app/controllers/user/DetailController.java @@ -1,7 +1,7 @@ package app.controllers.user; import app.annotations.interfaces.CheckPermitionFlag; -import app.annotations.interfaces.NeedValidCookie; +import app.annotations.interfaces.CheckWebAccess; import app.entities.other.SteamID; import app.services.ProfileService; import jakarta.servlet.http.HttpServletRequest; @@ -24,7 +24,7 @@ public class DetailController { } @GetMapping - @NeedValidCookie + @CheckWebAccess @CheckPermitionFlag(flag = "z") public ResponseEntity GetUser(HttpServletRequest request, @RequestParam String steam64) { @@ -32,7 +32,7 @@ public class DetailController { } @GetMapping("/steam") - @NeedValidCookie + @CheckWebAccess @CheckPermitionFlag(flag = "z") public ResponseEntity GetSteam(HttpServletRequest request, @RequestParam String any) { diff --git a/src/main/java/app/controllers/user/ProfileController.java b/src/main/java/app/controllers/user/ProfileController.java index 052b45e..9700160 100644 --- a/src/main/java/app/controllers/user/ProfileController.java +++ b/src/main/java/app/controllers/user/ProfileController.java @@ -1,13 +1,10 @@ package app.controllers.user; -import app.annotations.interfaces.CheckPermitionFlag; -import app.annotations.interfaces.NeedValidCookie; +import app.annotations.interfaces.CheckWebAccess; import app.entities.SocialAuth; -import app.entities.other.SteamID; import app.services.ProfileService; import app.services.ReportService; import app.services.db.FreeVIPService; -import app.utils.SaltedCookie; import app.utils.SteamIDConverter; import jakarta.servlet.http.HttpServletRequest; import org.springframework.beans.factory.annotation.Autowired; @@ -32,7 +29,7 @@ public class ProfileController { } @GetMapping - @NeedValidCookie + @CheckWebAccess public ResponseEntity GetCurrentUser(HttpServletRequest request, @CookieValue(value = "steam64", defaultValue = "") String steam64, @RequestParam(value = "requests", defaultValue = "") String requests @@ -45,7 +42,7 @@ public class ProfileController { } @PostMapping("/freevip") - @NeedValidCookie + @CheckWebAccess public ResponseEntity GetFreeVIP(HttpServletRequest request, @CookieValue(value = "steam64", defaultValue = "") String steam64, SocialAuth socialAuth) { @@ -57,7 +54,7 @@ public class ProfileController { } @PostMapping("/report") - @NeedValidCookie + @CheckWebAccess public ResponseEntity ReportUser(HttpServletRequest request, @CookieValue(value = "steam64", defaultValue = "") String steam64, @RequestParam(value = "steam64", defaultValue = "") String reported_steam64, diff --git a/src/main/java/app/utils/SaltedCookie.java b/src/main/java/app/utils/SaltedCookie.java index 46d4859..36a9bd0 100644 --- a/src/main/java/app/utils/SaltedCookie.java +++ b/src/main/java/app/utils/SaltedCookie.java @@ -9,6 +9,9 @@ public class SaltedCookie { @Value("${backend.auth.salt}") private String salt; + @Value("${backend.secret_key}") + private String secret_key; + public String Hashed(String value) { return DigestUtils.md5DigestAsHex(String.format("%s+%s", value, salt).getBytes()); } @@ -20,4 +23,8 @@ public class SaltedCookie { public boolean Validate(Long value, String hashed_value) { return Validate(value.toString(), hashed_value); } + + public boolean ValidateSecretKey(String secret_key) { + return this.secret_key.equals(secret_key); + } } diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 9cb9f29..aa472bb 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -24,6 +24,7 @@ org: enabled: true backend: + secret_key: ${SECRET_KEY} servers_file: ${SERVERS_FILE} geoip_file: ${GEOIP_FILE} updates: