diff --git a/src/Auth/AuthRpcActions.php b/src/Auth/AuthRpcActions.php new file mode 100644 index 0000000..84c1110 --- /dev/null +++ b/src/Auth/AuthRpcActions.php @@ -0,0 +1,63 @@ +isSuperUser()) + return true; + + $whitelist = $this->impersonateConfig->getArray(sprintf('allow.u%s', $impersonator->getId())); + return in_array($targetId, $whitelist, true); + } + + #[RpcProcedure('misuzu:auth:attemptMisuzuAuth')] + public function procAttemptMisuzuAuth(string $remoteAddr, string $token): array { + $tokenInfo = $this->authCtx->createAuthTokenPacker()->unpack($token); + if(!$tokenInfo->isEmpty()) + $token = $tokenInfo->getSessionToken(); + + $sessions = $this->authCtx->getSessions(); + try { + $sessionInfo = $sessions->getSession(sessionToken: $token); + } catch(RuntimeException $ex) { + return ['method' => 'misuzu', 'error' => 'token']; + } + + if($sessionInfo->hasExpired()) { + $sessions->deleteSessions(sessionInfos: $sessionInfo); + return ['method' => 'misuzu', 'error' => 'expired']; + } + + $sessions->recordSessionActivity(sessionInfo: $sessionInfo, remoteAddr: $remoteAddr); + + $users = $this->usersCtx->getUsers(); + $userInfo = $users->getUser($sessionInfo->getUserId(), 'id'); + if($tokenInfo->hasImpersonatedUserId() && $this->canImpersonateUserId($userInfo, $tokenInfo->getImpersonatedUserId())) { + $userInfoReal = $userInfo; + + try { + $userInfo = $users->getUser($tokenInfo->getImpersonatedUserId(), 'id'); + } catch(RuntimeException $ex) { + $userInfo = $userInfoReal; + } + } + + return [ + 'method' => 'misuzu', + 'type' => 'user', + 'user' => $userInfo->getId(), + 'expires' => $sessionInfo->getExpiresTime(), + ]; + } +} diff --git a/src/MisuzuContext.php b/src/MisuzuContext.php index 82df4b4..d6c9189 100644 --- a/src/MisuzuContext.php +++ b/src/MisuzuContext.php @@ -282,11 +282,23 @@ class MisuzuContext { $routingCtx->register(new LegacyRoutes($this->urls)); $rpcServer = new RpcServer; - $routingCtx->getRouter()->scopeTo('/_hanyuu')->register($rpcServer->createRouteHandler( + $routingCtx->getRouter()->register($rpcServer->createRouteHandler( + new HmacVerificationProvider(fn() => $this->config->getString('aleister.secret')) + )); + + $rpcServer->register(new Auth\AuthRpcActions( + $this->config->scopeTo('impersonate'), + $this->usersCtx, + $this->authCtx + )); + + // This RPC server will eventually despawn when Hanyuu fully owns auth + $hanyuuRpcServer = new RpcServer; + $routingCtx->getRouter()->scopeTo('/_hanyuu')->register($hanyuuRpcServer->createRouteHandler( new HmacVerificationProvider(fn() => $this->config->getString('hanyuu.secret')) )); - $rpcServer->register(new Hanyuu\HanyuuRpcActions( + $hanyuuRpcServer->register(new Hanyuu\HanyuuRpcActions( fn() => $this->config->getString('hanyuu.endpoint'), $this->config->scopeTo('impersonate'), $this->urls, diff --git a/src/SharpChat/SharpChatRoutes.php b/src/SharpChat/SharpChatRoutes.php index dd52f6d..65ce102 100644 --- a/src/SharpChat/SharpChatRoutes.php +++ b/src/SharpChat/SharpChatRoutes.php @@ -2,15 +2,15 @@ namespace Misuzu\SharpChat; use RuntimeException; -use Index\Colour\Colour; -use Index\Http\Routing\{HandlerAttribute,HttpDelete,HttpGet,HttpOptions,HttpPost,RouteHandler}; -use Syokuhou\IConfig; use Misuzu\RoutingContext; use Misuzu\Auth\{AuthContext,AuthInfo,Sessions}; use Misuzu\Emoticons\Emotes; use Misuzu\Perms\Permissions; use Misuzu\URLs\URLRegistry; use Misuzu\Users\{Bans,UsersContext,UserInfo}; +use Index\Colour\Colour; +use Index\Http\Routing\{HandlerAttribute,HttpDelete,HttpGet,HttpOptions,HttpPost,RouteHandler}; +use Syokuhou\IConfig; final class SharpChatRoutes extends RouteHandler { private string $hashKey;