flashii/misuzu
flashii/misuzu
1
1
Fork 0
Code Issues Pull requests Releases 159 Wiki Activity Actions

Stinky fix for impersonation in chat auth.

Browse source
This commit is contained in:
flash 2024-02-20 23:56:43 +00:00
parent 89ef9d9ad1
commit cb0c64f8ed
2 changed files with 15 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/MisuzuContext.php
View file

@ -263,6 +263,7 @@ class MisuzuContext {
$routingCtx->register(new \Misuzu\SharpChat\SharpChatRoutes( $routingCtx->register(new \Misuzu\SharpChat\SharpChatRoutes(
$this->config->scopeTo('sockChat'), $this->config->scopeTo('sockChat'),
$this->config->scopeTo('impersonate'),
$this->urls, $this->urls,
$this->usersCtx, $this->usersCtx,
$this->authCtx, $this->authCtx,

24
src/SharpChat/SharpChatRoutes.php
View file

@ -3,25 +3,21 @@ namespace Misuzu\SharpChat;
use RuntimeException; use RuntimeException;
use Index\Colour\Colour; use Index\Colour\Colour;
use Index\Routing\IRouter; use Index\Routing\{IRouter,IRouteHandler,Route};
use Index\Routing\IRouteHandler;
use Index\Routing\Route;
use Syokuhou\IConfig; use Syokuhou\IConfig;
use Misuzu\RoutingContext; use Misuzu\RoutingContext;
use Misuzu\Auth\AuthContext; use Misuzu\Auth\{AuthContext,AuthInfo,Sessions};
use Misuzu\Auth\AuthInfo;
use Misuzu\Auth\Sessions;
use Misuzu\Emoticons\Emotes; use Misuzu\Emoticons\Emotes;
use Misuzu\Perms\Permissions; use Misuzu\Perms\Permissions;
use Misuzu\URLs\URLRegistry; use Misuzu\URLs\URLRegistry;
use Misuzu\Users\Bans; use Misuzu\Users\{Bans,UsersContext,UserInfo};
use Misuzu\Users\UsersContext;
final class SharpChatRoutes implements IRouteHandler { final class SharpChatRoutes implements IRouteHandler {
private string $hashKey; private string $hashKey;
public function __construct( public function __construct(
private IConfig $config, private IConfig $config,
private IConfig $impersonateConfig, // this sucks lol
private URLRegistry $urls, private URLRegistry $urls,
private UsersContext $usersCtx, private UsersContext $usersCtx,
private AuthContext $authCtx, private AuthContext $authCtx,
@ -79,6 +75,14 @@ final class SharpChatRoutes implements IRouteHandler {
)); ));
} }
private function canImpersonateUserId(UserInfo $impersonator, string $targetId): bool {
if($impersonator->isSuperUser())
return true;
$whitelist = $impersonateConfig->getArray(sprintf('allow.u%s', $impersonator->getId()));
return in_array($targetId, $whitelist, true);
}
#[Route('OPTIONS', '/_sockchat/token')] #[Route('OPTIONS', '/_sockchat/token')]
#[Route('GET', '/_sockchat/token')] #[Route('GET', '/_sockchat/token')]
public function getToken($response, $request) { public function getToken($response, $request) {
@ -121,7 +125,7 @@ final class SharpChatRoutes implements IRouteHandler {
return ['ok' => false, 'err' => 'user']; return ['ok' => false, 'err' => 'user'];
$userInfo = $this->usersCtx->getUsers()->getUser($sessionInfo->getUserId(), 'id'); $userInfo = $this->usersCtx->getUsers()->getUser($sessionInfo->getUserId(), 'id');
$userId = $tokenInfo->hasImpersonatedUserId() && $userInfo->isSuperUser() $userId = $tokenInfo->hasImpersonatedUserId() && $this->canImpersonateUserId($userInfo, $tokenInfo->getImpersonatedUserId())
? $tokenInfo->getImpersonatedUserId() ? $tokenInfo->getImpersonatedUserId()
: $userInfo->getId(); : $userInfo->getId();
@ -215,7 +219,7 @@ final class SharpChatRoutes implements IRouteHandler {
$this->authCtx->getSessions()->recordSessionActivity(sessionInfo: $sessionInfo, remoteAddr: $ipAddress); $this->authCtx->getSessions()->recordSessionActivity(sessionInfo: $sessionInfo, remoteAddr: $ipAddress);
$userInfo = $this->usersCtx->getUsers()->getUser($sessionInfo->getUserId(), 'id'); $userInfo = $this->usersCtx->getUsers()->getUser($sessionInfo->getUserId(), 'id');
if($tokenInfo->hasImpersonatedUserId() && $userInfo->isSuperUser()) { if($tokenInfo->hasImpersonatedUserId() && $this->canImpersonateUserId($userInfo, $tokenInfo->getImpersonatedUserId())) {
$userInfoReal = $userInfo; $userInfoReal = $userInfo;
try { try {