Removed old formats of and unused SharpChat endpoints.
This commit is contained in:
parent
e6c826a7d7
commit
473d5f22b5
1 changed files with 7 additions and 122 deletions
|
|
@ -19,21 +19,12 @@ use Misuzu\Users\UserSessionNotFoundException;
|
|||
final class SharpChatRoutes {
|
||||
private IConfig $config;
|
||||
private Emotes $emotes;
|
||||
private string $hashKey = 'woomy';
|
||||
private string $hashKey;
|
||||
|
||||
public function __construct(IRouter $router, IConfig $config, Emotes $emotes) {
|
||||
$this->config = $config;
|
||||
$this->emotes = $emotes;
|
||||
|
||||
$hashKey = $this->config->getString('hashKey', '');
|
||||
|
||||
if(empty($hashKey)) {
|
||||
$hashKeyPath = $this->config->getString('hashKeyPath', '');
|
||||
if(is_file($hashKeyPath))
|
||||
$this->hashKey = file_get_contents($hashKeyPath);
|
||||
} else {
|
||||
$this->hashKey = $hashKey;
|
||||
}
|
||||
$this->hashKey = $this->config->getString('hashKey', 'woomy');
|
||||
|
||||
// Simplify default error pages
|
||||
if($router instanceof HttpFx)
|
||||
|
|
@ -62,10 +53,8 @@ final class SharpChatRoutes {
|
|||
$router->get('/_sockchat/token', [$this, 'getToken']);
|
||||
|
||||
// Private endpoints
|
||||
$router->get('/_sockchat/resolve', [$this, 'getResolve']);
|
||||
$router->post('/_sockchat/bump', [$this, 'postBump']);
|
||||
$router->post('/_sockchat/verify', [$this, 'postVerify']);
|
||||
$router->get('/_sockchat/bans', [$this, 'getBans']);
|
||||
$router->get('/_sockchat/bans/list', [$this, 'getBanList']);
|
||||
$router->get('/_sockchat/bans/check', [$this, 'getBanCheck']);
|
||||
$router->post('/_sockchat/bans/create', [$this, 'postBanCreate']);
|
||||
|
|
@ -150,40 +139,6 @@ final class SharpChatRoutes {
|
|||
];
|
||||
}
|
||||
|
||||
public function getResolve($response, $request): array {
|
||||
$userHash = $request->hasHeader('X-SharpChat-Signature')
|
||||
? $request->getHeaderFirstLine('X-SharpChat-Signature') : '';
|
||||
$method = (string)$request->getParam('m');
|
||||
$param = (string)$request->getParam('p');
|
||||
$realHash = hash_hmac('sha256', "resolve#{$method}#{$param}", $this->hashKey);
|
||||
|
||||
if(!hash_equals($realHash, $userHash))
|
||||
return [];
|
||||
|
||||
try {
|
||||
switch($method) {
|
||||
case 'id':
|
||||
$userInfo = User::byId((int)$param);
|
||||
break;
|
||||
|
||||
case 'name':
|
||||
$userInfo = User::byUsername($param);
|
||||
break;
|
||||
}
|
||||
} catch(UserNotFoundException $ex) {}
|
||||
|
||||
if(!isset($userInfo))
|
||||
return [];
|
||||
|
||||
return [
|
||||
'user_id' => $userInfo->getId(),
|
||||
'username' => $userInfo->getUsername(),
|
||||
'colour_raw' => Colour::toMisuzu($userInfo->getColour()),
|
||||
'rank' => $rank = $userInfo->getRank(),
|
||||
'perms' => SharpChatPerms::convert($userInfo),
|
||||
];
|
||||
}
|
||||
|
||||
public function postBump($response, $request) {
|
||||
if(!$request->hasHeader('X-SharpChat-Signature'))
|
||||
return 400;
|
||||
|
|
@ -200,30 +155,14 @@ final class SharpChatRoutes {
|
|||
|
||||
foreach($bumpList as $userId => $ipAddr)
|
||||
$signature .= "#{$userId}:{$ipAddr}";
|
||||
} else {
|
||||
$bumpString = (string)$request->getContent();
|
||||
$signature = $bumpString;
|
||||
$userTime = 0;
|
||||
$bumpList = [];
|
||||
}
|
||||
} else return 400;
|
||||
|
||||
$userHash = (string)$request->getHeaderFirstLine('X-SharpChat-Signature');
|
||||
$realHash = hash_hmac('sha256', $signature, $this->hashKey);
|
||||
if(!hash_equals($realHash, $userHash))
|
||||
return 403;
|
||||
|
||||
if(empty($bumpString)) {
|
||||
if($userTime < time() - 60)
|
||||
return 403;
|
||||
} else {
|
||||
$bumpInfo = json_decode($bumpString);
|
||||
if(empty($bumpInfo))
|
||||
return;
|
||||
|
||||
foreach($bumpInfo as $bumpUser)
|
||||
if(!empty($bumpUser->id) && !empty($bumpUser->ip))
|
||||
$bumpList[$bumpUser->id] = $bumpUser->ip;
|
||||
}
|
||||
if($userTime < time() - 60)
|
||||
return 403;
|
||||
|
||||
foreach($bumpList as $userId => $ipAddr)
|
||||
User::byId($userId)->bumpActivity($ipAddr);
|
||||
|
|
@ -233,11 +172,7 @@ final class SharpChatRoutes {
|
|||
if(!$request->hasHeader('X-SharpChat-Signature'))
|
||||
return 400;
|
||||
|
||||
if($request->isStreamContent())
|
||||
$authInfo = json_decode((string)$request->getContent());
|
||||
elseif($request->isJsonContent())
|
||||
$authInfo = $request->getContent()->getContent(); // maybe change this api lol, this looks silly
|
||||
elseif($request->isFormContent()) {
|
||||
if($request->isFormContent()) {
|
||||
$content = $request->getContent();
|
||||
$authMethod = (string)$content->getParam('method');
|
||||
$authToken = (string)$content->getParam('token');
|
||||
|
|
@ -249,27 +184,10 @@ final class SharpChatRoutes {
|
|||
if(strlen($userHash) !== 64)
|
||||
return ['success' => false, 'reason' => 'length'];
|
||||
|
||||
if(!empty($authInfo->token) && !empty($authInfo->ip)) {
|
||||
// user_id is discarded now
|
||||
// tokens should be entirely unique anyway
|
||||
|
||||
$tokenParts = explode(':', $authInfo->token, 2);
|
||||
if(count($tokenParts) < 2) {
|
||||
$authMethod = '';
|
||||
$authToken = $tokenParts[0];
|
||||
} else [$authMethod, $authToken] = $tokenParts;
|
||||
|
||||
$ipAddress = $authInfo->ip;
|
||||
$sigUserId = $authInfo->user_id ?? 0; // still need it for the signature
|
||||
$signature = "{$sigUserId}#{$authInfo->token}#{$authInfo->ip}";
|
||||
}
|
||||
|
||||
if(empty($authMethod) || empty($authToken) || empty($ipAddress))
|
||||
return ['success' => false, 'reason' => 'data'];
|
||||
|
||||
if(empty($signature))
|
||||
$signature = "verify#{$authMethod}#{$authToken}#{$ipAddress}";
|
||||
|
||||
$signature = "verify#{$authMethod}#{$authToken}#{$ipAddress}";
|
||||
$realHash = hash_hmac('sha256', $signature, $this->hashKey);
|
||||
if(!hash_equals($realHash, $userHash))
|
||||
return ['success' => false, 'reason' => 'hash'];
|
||||
|
|
@ -323,39 +241,6 @@ final class SharpChatRoutes {
|
|||
];
|
||||
}
|
||||
|
||||
public function getBans($response, $request): array {
|
||||
$userHash = $request->hasHeader('X-SharpChat-Signature')
|
||||
? $request->getHeaderFirstLine('X-SharpChat-Signature') : '';
|
||||
$realHash = hash_hmac('sha256', 'givemethebeans', $this->hashKey);
|
||||
|
||||
if(!hash_equals($realHash, $userHash))
|
||||
return [];
|
||||
|
||||
$warnings = UserWarning::byActive();
|
||||
$bans = [];
|
||||
|
||||
foreach($warnings as $warning) {
|
||||
if(!$warning->isBan() || $warning->hasExpired())
|
||||
continue;
|
||||
|
||||
$isPermanent = $warning->isPermanent();
|
||||
$userInfo = $warning->getUser();
|
||||
$bans[] = [
|
||||
'user_id' => $userInfo->getId(),
|
||||
'id' => $userInfo->getId(),
|
||||
'username' => $userInfo->getUsername(),
|
||||
'colour_raw' => Colour::toMisuzu($userInfo->getColour()),
|
||||
'rank' => $rank = $userInfo->getRank(),
|
||||
'ip' => $warning->getUserRemoteAddress(),
|
||||
'is_permanent' => $isPermanent,
|
||||
'expires' => date('c', $isPermanent ? 0x7FFFFFFF : $warning->getExpirationTime()),
|
||||
'perms' => SharpChatPerms::convert($userInfo),
|
||||
];
|
||||
}
|
||||
|
||||
return $bans;
|
||||
}
|
||||
|
||||
public function getBanList($response, $request) {
|
||||
if(!$request->hasHeader('X-SharpChat-Signature'))
|
||||
return 400;
|
||||
|
|
|
|||
Loading…
Reference in a new issue