391 lines
14 KiB
PHP
391 lines
14 KiB
PHP
<?php
|
|
namespace Misuzu\SharpChat;
|
|
|
|
use Index\Http\HttpFx;
|
|
use Misuzu\Config\IConfig;
|
|
use Misuzu\Config\CfgType;
|
|
|
|
// Replace
|
|
use Misuzu\AuthToken;
|
|
use Misuzu\Emoticon;
|
|
use Misuzu\Users\User;
|
|
use Misuzu\Users\UserSession;
|
|
use Misuzu\Users\UserWarning;
|
|
use Misuzu\Users\UserNotFoundException;
|
|
use Misuzu\Users\UserWarningCreationFailedException;
|
|
|
|
final class SharpChatRoutes {
|
|
private IConfig $config;
|
|
private string $hashKey = 'woomy';
|
|
|
|
public function __construct(HttpFx $router, IConfig $config) {
|
|
$this->config = $config;
|
|
|
|
$hashKey = $this->config->getValue('hashKey', CfgType::T_STR, '');
|
|
|
|
if(empty($hashKey)) {
|
|
$hashKeyPath = $this->config->getValue('hashKeyPath', CfgType::T_STR, '');
|
|
if(is_file($hashKeyPath))
|
|
$this->hashKey = file_get_contents($hashKeyPath);
|
|
} else {
|
|
$this->hashKey = $hashKey;
|
|
}
|
|
|
|
// Public endpoints
|
|
$router->get('/_sockchat/emotes', [$this, 'emotes']);
|
|
$router->get('/_sockchat/login', [$this, 'login']);
|
|
$router->options('/_sockchat/token', [$this, 'token']);
|
|
$router->get('/_sockchat/token', [$this, 'token']);
|
|
|
|
// Private endpoints
|
|
$router->get('/_sockchat/resolve', [$this, 'resolve']);
|
|
$router->post('/_sockchat/bump', [$this, 'bump']);
|
|
$router->post('/_sockchat/verify', [$this, 'verify']);
|
|
$router->get('/_sockchat/bans', [$this, 'bans']);
|
|
$router->get('/_sockchat/bans/check', [$this, 'checkBan']);
|
|
$router->post('/_sockchat/bans/create', [$this, 'createBan']);
|
|
$router->delete('/_sockchat/bans/remove', [$this, 'removeBan']);
|
|
}
|
|
|
|
public static function emotes($response, $request): array {
|
|
$response->setHeader('Access-Control-Allow-Origin', '*');
|
|
$response->setHeader('Access-Control-Allow-Methods', 'GET');
|
|
|
|
$raw = Emoticon::all();
|
|
$out = [];
|
|
|
|
foreach($raw as $emote) {
|
|
$strings = [];
|
|
|
|
foreach($emote->getStrings() as $string)
|
|
$strings[] = sprintf(':%s:', $string->emote_string);
|
|
|
|
$out[] = [
|
|
'Text' => $strings,
|
|
'Image' => $emote->getUrl(),
|
|
'Hierarchy' => $emote->getRank(),
|
|
];
|
|
}
|
|
|
|
return $out;
|
|
}
|
|
|
|
public static function login($response, $request): void {
|
|
$currentUser = User::getCurrent();
|
|
$configKey = $request->hasParam('legacy') ? 'chatPath.legacy' : 'chatPath.normal';
|
|
$chatPath = $this->config->getValue($configKey, CfgType::T_STR, '/');
|
|
|
|
$response->redirect(
|
|
$currentUser === null
|
|
? url('auth-login')
|
|
: $chatPath
|
|
);
|
|
}
|
|
|
|
public function token($response, $request) {
|
|
$host = $request->hasHeader('Host') ? $request->getHeaderFirstLine('Host') : '';
|
|
$origin = $request->hasHeader('Origin') ? $request->getHeaderFirstLine('Origin') : '';
|
|
$originHost = strtolower(parse_url($origin, PHP_URL_HOST) ?? '');
|
|
|
|
if(!empty($originHost) && $originHost !== $host) {
|
|
$whitelist = $this->config->getValue('origins', CfgType::T_ARR, []);
|
|
|
|
if(!in_array($originHost, $whitelist))
|
|
return 403;
|
|
|
|
$originProto = strtolower(parse_url($origin, PHP_URL_SCHEME));
|
|
$origin = $originProto . '://' . $originHost;
|
|
|
|
$response->setHeader('Access-Control-Allow-Origin', $origin);
|
|
$response->setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');
|
|
$response->setHeader('Access-Control-Allow-Credentials', 'true');
|
|
$response->setHeader('Vary', 'Origin');
|
|
}
|
|
|
|
if($request->getMethod() === 'OPTIONS')
|
|
return 204;
|
|
|
|
if(!UserSession::hasCurrent())
|
|
return ['ok' => false];
|
|
|
|
$session = UserSession::getCurrent();
|
|
$user = $session->getUser();
|
|
$token = AuthToken::create($user, $session);
|
|
|
|
return [
|
|
'ok' => true,
|
|
'usr' => $user->getId(),
|
|
'tkn' => $token->pack(),
|
|
];
|
|
}
|
|
|
|
public function resolve($response, $request): array {
|
|
$userHash = $request->hasHeader('X-SharpChat-Signature')
|
|
? $request->getHeaderFirstLine('X-SharpChat-Signature') : '';
|
|
$method = (string)$request->getParam('m');
|
|
$param = (string)$request->getParam('p');
|
|
$realHash = hash_hmac('sha256', "resolve#{$method}#{$param}", $this->hashKey);
|
|
|
|
if(!hash_equals($realHash, $userHash))
|
|
return [];
|
|
|
|
try {
|
|
switch($method) {
|
|
case 'id':
|
|
$userInfo = User::byId((int)$param);
|
|
break;
|
|
|
|
case 'name':
|
|
$userInfo = User::byUsername($param);
|
|
break;
|
|
}
|
|
} catch(UserNotFoundException $ex) {}
|
|
|
|
if(!isset($userInfo))
|
|
return [];
|
|
|
|
return [
|
|
'user_id' => $userInfo->getId(),
|
|
'username' => $userInfo->getUsername(),
|
|
'colour_raw' => $userInfo->getColour()->getRaw(),
|
|
'rank' => $rank = $userInfo->getRank(),
|
|
'perms' => SharpChatPerms::convert($userInfo),
|
|
];
|
|
}
|
|
|
|
public function bump($response, $request) {
|
|
if(!$request->isStringContent())
|
|
return 400;
|
|
|
|
$userHash = $request->hasHeader('X-SharpChat-Signature')
|
|
? $request->getHeaderFirstLine('X-SharpChat-Signature') : '';
|
|
$bumpString = (string)$request->getContent();
|
|
$realHash = hash_hmac('sha256', $bumpString, $this->hashKey);
|
|
|
|
if(!hash_equals($realHash, $userHash))
|
|
return;
|
|
|
|
$bumpInfo = json_decode($bumpString);
|
|
|
|
if(empty($bumpInfo))
|
|
return;
|
|
|
|
foreach($bumpInfo as $bumpUser)
|
|
try {
|
|
User::byId($bumpUser->id)->bumpActivity($bumpUser->ip);
|
|
} catch(UserNotFoundException $ex) {}
|
|
}
|
|
|
|
public function verify($response, $request): array {
|
|
if($request->isStreamContent())
|
|
$authInfo = json_decode((string)$request->getContent());
|
|
elseif($request->isJsonContent())
|
|
$authInfo = $request->getContent()->getContent(); // maybe change this api lol, this looks silly
|
|
else
|
|
return ['success' => false, 'reason' => 'request'];
|
|
|
|
$userHash = $request->hasHeader('X-SharpChat-Signature')
|
|
? $request->getHeaderFirstLine('X-SharpChat-Signature') : '';
|
|
|
|
if(strlen($userHash) !== 64)
|
|
return ['success' => false, 'reason' => 'length'];
|
|
|
|
if(!isset($authInfo->user_id, $authInfo->token, $authInfo->ip))
|
|
return ['success' => false, 'reason' => 'data'];
|
|
|
|
$realHash = hash_hmac('sha256', implode('#', [$authInfo->user_id, $authInfo->token, $authInfo->ip]), $this->hashKey);
|
|
|
|
if(!hash_equals($realHash, $userHash))
|
|
return ['success' => false, 'reason' => 'hash'];
|
|
|
|
try {
|
|
$userInfo = User::byId($authInfo->user_id);
|
|
} catch(UserNotFoundException $ex) {
|
|
return ['success' => false, 'reason' => 'user'];
|
|
}
|
|
|
|
$authMethod = mb_substr($authInfo->token, 0, 5);
|
|
|
|
if($authMethod === 'SESS:') {
|
|
$sessionToken = mb_substr($authInfo->token, 5);
|
|
|
|
$authToken = AuthToken::unpack($sessionToken);
|
|
if($authToken->isValid())
|
|
$sessionToken = $authToken->getSessionToken();
|
|
|
|
try {
|
|
$sessionInfo = UserSession::byToken($sessionToken);
|
|
} catch(UserSessionNotFoundException $ex) {
|
|
return ['success' => false, 'reason' => 'token'];
|
|
}
|
|
|
|
if($sessionInfo->getUserId() !== $userInfo->getId())
|
|
return ['success' => false, 'reason' => 'user'];
|
|
|
|
if($sessionInfo->hasExpired()) {
|
|
$sessionInfo->delete();
|
|
return ['success' => false, 'reason' => 'expired'];
|
|
}
|
|
|
|
$sessionInfo->bump();
|
|
} else {
|
|
return ['success' => false, 'reason' => 'unsupported'];
|
|
}
|
|
|
|
$userInfo->bumpActivity($authInfo->ip);
|
|
|
|
return [
|
|
'success' => true,
|
|
'user_id' => $userInfo->getId(),
|
|
'username' => $userInfo->getUsername(),
|
|
'colour_raw' => $userInfo->getColour()->getRaw(),
|
|
'rank' => $rank = $userInfo->getRank(),
|
|
'hierarchy' => $rank,
|
|
'is_silenced' => date('c', $userInfo->isSilenced() || $userInfo->isBanned() ? ($userInfo->isActiveWarningPermanent() ? strtotime('10 years') : $userInfo->getActiveWarningExpiration()) : 0),
|
|
'perms' => SharpChatPerms::convert($userInfo),
|
|
];
|
|
}
|
|
|
|
public function bans($response, $request): array {
|
|
$userHash = $request->hasHeader('X-SharpChat-Signature')
|
|
? $request->getHeaderFirstLine('X-SharpChat-Signature') : '';
|
|
$realHash = hash_hmac('sha256', 'givemethebeans', $this->hashKey);
|
|
|
|
if(!hash_equals($realHash, $userHash))
|
|
return [];
|
|
|
|
$warnings = UserWarning::byActive();
|
|
$bans = [];
|
|
|
|
foreach($warnings as $warning) {
|
|
if(!$warning->isBan() || $warning->hasExpired())
|
|
continue;
|
|
|
|
$isPermanent = $warning->isPermanent();
|
|
$userInfo = $warning->getUser();
|
|
$bans[] = [
|
|
'user_id' => $userInfo->getId(),
|
|
'id' => $userInfo->getId(),
|
|
'username' => $userInfo->getUsername(),
|
|
'colour_raw' => $userInfo->getColour()->getRaw(),
|
|
'rank' => $rank = $userInfo->getRank(),
|
|
'ip' => $warning->getUserRemoteAddress(),
|
|
'is_permanent' => $isPermanent,
|
|
'expires' => date('c', $isPermanent ? 0x7FFFFFFF : $warning->getExpirationTime()),
|
|
'perms' => SharpChatPerms::convert($userInfo),
|
|
];
|
|
}
|
|
|
|
return $bans;
|
|
}
|
|
|
|
public function checkBan($response, $request): array {
|
|
$userHash = $request->hasHeader('X-SharpChat-Signature')
|
|
? $request->getHeaderFirstLine('X-SharpChat-Signature') : '';
|
|
$ipAddress = (string)$request->getParam('a');
|
|
$userId = (int)$request->getParam('u', FILTER_SANITIZE_NUMBER_INT);
|
|
|
|
$realHash = hash_hmac('sha256', "check#{$ipAddress}#{$userId}", $this->hashKey);
|
|
if(!hash_equals($realHash, $userHash))
|
|
return [];
|
|
|
|
$response = [];
|
|
$warning = UserWarning::byRemoteAddressActive($ipAddress)
|
|
?? UserWarning::byUserIdActive($userId);
|
|
|
|
if($warning !== null) {
|
|
$response['warning'] = $warning->getId();
|
|
$response['id'] = $warning->getUserId();
|
|
$response['user_id'] = $warning->getUserId();
|
|
$response['ip'] = $warning->getUserRemoteAddress();
|
|
$response['is_permanent'] = $warning->isPermanent();
|
|
$response['expires'] = date('c', $response['is_permanent'] ? 0x7FFFFFFF : $warning->getExpirationTime());
|
|
} else {
|
|
$response['expires'] = date('c', 0);
|
|
$response['is_permanent'] = false;
|
|
}
|
|
|
|
return $response;
|
|
}
|
|
|
|
public function createBan($response, $request): int {
|
|
if(!$request->isFormContent())
|
|
return 400;
|
|
|
|
$userHash = $request->hasHeader('X-SharpChat-Signature')
|
|
? $request->getHeaderFirstLine('X-SharpChat-Signature') : '';
|
|
$content = $request->getContent();
|
|
$userId = (int)$content->getParam('u', FILTER_SANITIZE_NUMBER_INT);
|
|
$modId = (int)$content->getParam('m', FILTER_SANITIZE_NUMBER_INT);
|
|
$duration = (int)$content->getParam('d', FILTER_SANITIZE_NUMBER_INT);
|
|
$isPermanent = (int)$content->getParam('p', FILTER_SANITIZE_NUMBER_INT);
|
|
$reason = (string)$content->getParam('r');
|
|
|
|
$realHash = hash_hmac('sha256', "create#{$userId}#{$modId}#{$duration}#{$isPermanent}#{$reason}", $this->hashKey);
|
|
if(!hash_equals($realHash, $userHash))
|
|
return 403;
|
|
|
|
if(empty($reason))
|
|
$reason = 'Banned through chat.';
|
|
|
|
if($isPermanent)
|
|
$duration = -1;
|
|
elseif($duration < 1)
|
|
return 400;
|
|
|
|
try {
|
|
$userInfo = User::byId($userId);
|
|
} catch(UserNotFoundException $ex) {
|
|
return 404;
|
|
}
|
|
|
|
try {
|
|
$modInfo = User::byId($modId);
|
|
} catch(UserNotFoundException $ex) {
|
|
return 404;
|
|
}
|
|
|
|
try {
|
|
UserWarning::create(
|
|
$userInfo,
|
|
$modInfo,
|
|
UserWarning::TYPE_BAHN,
|
|
$duration,
|
|
$reason
|
|
);
|
|
} catch(UserWarningCreationFailedException $ex) {
|
|
return 500;
|
|
}
|
|
|
|
return 201;
|
|
}
|
|
|
|
public function removeBan($response, $request): int {
|
|
$userHash = $request->hasHeader('X-SharpChat-Signature')
|
|
? $request->getHeaderFirstLine('X-SharpChat-Signature') : '';
|
|
$type = (string)$request->getParam('t');
|
|
$subject = (string)$request->getParam('s');
|
|
|
|
$realHash = hash_hmac('sha256', "remove#{$type}#{$subject}", $this->hashKey);
|
|
if(!hash_equals($realHash, $userHash))
|
|
return 403;
|
|
|
|
$warning = null;
|
|
switch($type) {
|
|
case 'ip':
|
|
$warning = UserWarning::byRemoteAddressActive($subject);
|
|
break;
|
|
|
|
case 'user':
|
|
$warning = UserWarning::byUserIdActive((int)$subject);
|
|
break;
|
|
}
|
|
|
|
if($warning === null)
|
|
return 404;
|
|
|
|
$warning->delete();
|
|
|
|
return 204;
|
|
}
|
|
}
|