Renamed signv2 to api and enabled it by default

2025-12-13 07:25:03 +01:00 · 2024-03-15 19:37:55 +00:00
parent 62a2fe9f73
commit d123182a2f
6 changed files with 57 additions and 57 deletions
--- a/server/api/api_server.go
+++ b/server/api/api_server.go
@@ -0,0 +1,92 @@
+package api
+
+import (
+	"context"
+	_config "erupe-ce/config"
+	"fmt"
+	"net/http"
+	"os"
+	"sync"
+	"time"
+
+	"github.com/gorilla/handlers"
+	"github.com/gorilla/mux"
+	"github.com/jmoiron/sqlx"
+	"go.uber.org/zap"
+)
+
+type Config struct {
+	Logger      *zap.Logger
+	DB          *sqlx.DB
+	ErupeConfig *_config.Config
+}
+
+// APIServer is Erupes Standard API interface
+type APIServer struct {
+	sync.Mutex
+	logger         *zap.Logger
+	erupeConfig    *_config.Config
+	db             *sqlx.DB
+	httpServer     *http.Server
+	isShuttingDown bool
+}
+
+// NewAPIServer creates a new Server type.
+func NewAPIServer(config *Config) *APIServer {
+	s := &APIServer{
+		logger:      config.Logger,
+		erupeConfig: config.ErupeConfig,
+		db:          config.DB,
+		httpServer:  &http.Server{},
+	}
+	return s
+}
+
+// Start starts the server in a new goroutine.
+func (s *APIServer) Start() error {
+	// Set up the routes responsible for serving the launcher HTML, serverlist, unique name check, and JP auth.
+	r := mux.NewRouter()
+	r.HandleFunc("/launcher", s.Launcher)
+	r.HandleFunc("/login", s.Login)
+	r.HandleFunc("/register", s.Register)
+	r.HandleFunc("/character/create", s.CreateCharacter)
+	r.HandleFunc("/character/delete", s.DeleteCharacter)
+	r.HandleFunc("/character/export", s.ExportSave)
+	r.HandleFunc("/api/ss/bbs/upload.php", s.ScreenShot)
+	r.HandleFunc("/api/ss/bbs/{id}", s.ScreenShotGet)
+	handler := handlers.CORS(handlers.AllowedHeaders([]string{"Content-Type"}))(r)
+	s.httpServer.Handler = handlers.LoggingHandler(os.Stdout, handler)
+	s.httpServer.Addr = fmt.Sprintf(":%d", s.erupeConfig.API.Port)
+
+	serveError := make(chan error, 1)
+	go func() {
+		if err := s.httpServer.ListenAndServe(); err != nil {
+			// Send error if any.
+			serveError <- err
+		}
+	}()
+
+	// Get the error from calling ListenAndServe, otherwise assume it's good after 250 milliseconds.
+	select {
+	case err := <-serveError:
+		return err
+	case <-time.After(250 * time.Millisecond):
+		return nil
+	}
+}
+
+// Shutdown exits the server gracefully.
+func (s *APIServer) Shutdown() {
+	s.logger.Debug("Shutting down")
+
+	s.Lock()
+	s.isShuttingDown = true
+	s.Unlock()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	if err := s.httpServer.Shutdown(ctx); err != nil {
+		// Just warn because we are shutting down the server anyway.
+		s.logger.Warn("Got error on httpServer shutdown", zap.Error(err))
+	}
+}
--- a/server/api/dbutils.go
+++ b/server/api/dbutils.go
@@ -0,0 +1,135 @@
+package api
+
+import (
+	"context"
+	"database/sql"
+	"erupe-ce/common/token"
+	"fmt"
+	"time"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+func (s *APIServer) createNewUser(ctx context.Context, username string, password string) (uint32, uint32, error) {
+	// Create salted hash of user password
+	passwordHash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return 0, 0, err
+	}
+
+	var (
+		id     uint32
+		rights uint32
+	)
+	err = s.db.QueryRowContext(
+		ctx, `
+		INSERT INTO users (username, password, return_expires)
+		VALUES ($1, $2, $3)
+		RETURNING id, rights
+		`,
+		username, string(passwordHash), time.Now().Add(time.Hour*24*30),
+	).Scan(&id, &rights)
+	return id, rights, err
+}
+
+func (s *APIServer) createLoginToken(ctx context.Context, uid uint32) (uint32, string, error) {
+	loginToken := token.Generate(16)
+	var tid uint32
+	err := s.db.QueryRowContext(ctx, "INSERT INTO sign_sessions (user_id, token) VALUES ($1, $2) RETURNING id", uid, loginToken).Scan(&tid)
+	if err != nil {
+		return 0, "", err
+	}
+	return tid, loginToken, nil
+}
+
+func (s *APIServer) userIDFromToken(ctx context.Context, token string) (uint32, error) {
+	var userID uint32
+	err := s.db.QueryRowContext(ctx, "SELECT user_id FROM sign_sessions WHERE token = $1", token).Scan(&userID)
+	if err == sql.ErrNoRows {
+		return 0, fmt.Errorf("invalid login token")
+	} else if err != nil {
+		return 0, err
+	}
+	return userID, nil
+}
+
+func (s *APIServer) createCharacter(ctx context.Context, userID uint32) (Character, error) {
+	var character Character
+	err := s.db.GetContext(ctx, &character,
+		"SELECT id, name, is_female, weapon_type, hr, gr, last_login FROM characters WHERE is_new_character = true AND user_id = $1 LIMIT 1",
+		userID,
+	)
+	if err == sql.ErrNoRows {
+		var count int
+		s.db.QueryRowContext(ctx, "SELECT COUNT(*) FROM characters WHERE user_id = $1", userID).Scan(&count)
+		if count >= 16 {
+			return character, fmt.Errorf("cannot have more than 16 characters")
+		}
+		err = s.db.GetContext(ctx, &character, `
+			INSERT INTO characters (
+				user_id, is_female, is_new_character, name, unk_desc_string,
+				hr, gr, weapon_type, last_login
+			)
+			VALUES ($1, false, true, '', '', 0, 0, 0, $2)
+			RETURNING id, name, is_female, weapon_type, hr, gr, last_login`,
+			userID, uint32(time.Now().Unix()),
+		)
+	}
+	return character, err
+}
+
+func (s *APIServer) deleteCharacter(ctx context.Context, userID uint32, charID uint32) error {
+	var isNew bool
+	err := s.db.QueryRow("SELECT is_new_character FROM characters WHERE id = $1", charID).Scan(&isNew)
+	if err != nil {
+		return err
+	}
+	if isNew {
+		_, err = s.db.Exec("DELETE FROM characters WHERE id = $1", charID)
+	} else {
+		_, err = s.db.Exec("UPDATE characters SET deleted = true WHERE id = $1", charID)
+	}
+	return err
+}
+
+func (s *APIServer) getCharactersForUser(ctx context.Context, uid uint32) ([]Character, error) {
+	var characters []Character
+	err := s.db.SelectContext(
+		ctx, &characters, `
+		SELECT id, name, is_female, weapon_type, hr, gr, last_login
+		FROM characters
+		WHERE user_id = $1 AND deleted = false AND is_new_character = false ORDER BY id ASC`,
+		uid,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return characters, nil
+}
+
+func (s *APIServer) getReturnExpiry(uid uint32) time.Time {
+	var returnExpiry, lastLogin time.Time
+	s.db.Get(&lastLogin, "SELECT COALESCE(last_login, now()) FROM users WHERE id=$1", uid)
+	if time.Now().Add((time.Hour * 24) * -90).After(lastLogin) {
+		returnExpiry = time.Now().Add(time.Hour * 24 * 30)
+		s.db.Exec("UPDATE users SET return_expires=$1 WHERE id=$2", returnExpiry, uid)
+	} else {
+		err := s.db.Get(&returnExpiry, "SELECT return_expires FROM users WHERE id=$1", uid)
+		if err != nil {
+			returnExpiry = time.Now()
+			s.db.Exec("UPDATE users SET return_expires=$1 WHERE id=$2", returnExpiry, uid)
+		}
+	}
+	s.db.Exec("UPDATE users SET last_login=$1 WHERE id=$2", time.Now(), uid)
+	return returnExpiry
+}
+
+func (s *APIServer) exportSave(ctx context.Context, uid uint32, cid uint32) (map[string]interface{}, error) {
+	row := s.db.QueryRowxContext(ctx, "SELECT * FROM characters WHERE id=$1 AND user_id=$2", cid, uid)
+	result := make(map[string]interface{})
+	err := row.MapScan(result)
+	if err != nil {
+		return nil, err
+	}
+	return result, nil
+}
--- a/server/api/endpoints.go
+++ b/server/api/endpoints.go
@@ -0,0 +1,396 @@
+package api
+
+import (
+	"database/sql"
+	"encoding/json"
+	"encoding/xml"
+	"errors"
+	_config "erupe-ce/config"
+	"erupe-ce/server/channelserver"
+	"fmt"
+	"image"
+	"image/jpeg"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/gorilla/mux"
+	"github.com/lib/pq"
+	"go.uber.org/zap"
+	"golang.org/x/crypto/bcrypt"
+)
+
+const (
+	NotificationDefault = iota
+	NotificationNew
+)
+
+type LauncherResponse struct {
+	Banners  []_config.APISignBanner  `json:"banners"`
+	Messages []_config.APISignMessage `json:"messages"`
+	Links    []_config.APISignLink    `json:"links"`
+}
+
+type User struct {
+	TokenID uint32 `json:"tokenId"`
+	Token   string `json:"token"`
+	Rights  uint32 `json:"rights"`
+}
+
+type Character struct {
+	ID        uint32 `json:"id"`
+	Name      string `json:"name"`
+	IsFemale  bool   `json:"isFemale" db:"is_female"`
+	Weapon    uint32 `json:"weapon" db:"weapon_type"`
+	HR        uint32 `json:"hr" db:"hr"`
+	GR        uint32 `json:"gr"`
+	LastLogin int32  `json:"lastLogin" db:"last_login"`
+}
+
+type MezFes struct {
+	ID           uint32   `json:"id"`
+	Start        uint32   `json:"start"`
+	End          uint32   `json:"end"`
+	SoloTickets  uint32   `json:"soloTickets"`
+	GroupTickets uint32   `json:"groupTickets"`
+	Stalls       []uint32 `json:"stalls"`
+}
+
+type AuthData struct {
+	CurrentTS     uint32      `json:"currentTs"`
+	ExpiryTS      uint32      `json:"expiryTs"`
+	EntranceCount uint32      `json:"entranceCount"`
+	Notices       []string    `json:"notices"`
+	User          User        `json:"user"`
+	Characters    []Character `json:"characters"`
+	MezFes        *MezFes     `json:"mezFes"`
+	PatchServer   string      `json:"patchServer"`
+}
+
+type ExportData struct {
+	Character map[string]interface{} `json:"character"`
+}
+
+func (s *APIServer) newAuthData(userID uint32, userRights uint32, userTokenID uint32, userToken string, characters []Character) AuthData {
+	resp := AuthData{
+		CurrentTS:     uint32(channelserver.TimeAdjusted().Unix()),
+		ExpiryTS:      uint32(s.getReturnExpiry(userID).Unix()),
+		EntranceCount: 1,
+		User: User{
+			Rights:  userRights,
+			TokenID: userTokenID,
+			Token:   userToken,
+		},
+		Characters:  characters,
+		PatchServer: s.erupeConfig.API.PatchServer,
+		Notices:     []string{},
+	}
+	if s.erupeConfig.DebugOptions.MaxLauncherHR {
+		for i := range resp.Characters {
+			resp.Characters[i].HR = 7
+		}
+	}
+	stalls := []uint32{10, 3, 6, 9, 4, 8, 5, 7}
+	if s.erupeConfig.GameplayOptions.MezFesSwitchMinigame {
+		stalls[4] = 2
+	}
+	resp.MezFes = &MezFes{
+		ID:           uint32(channelserver.TimeWeekStart().Unix()),
+		Start:        uint32(channelserver.TimeWeekStart().Add(-time.Duration(s.erupeConfig.GameplayOptions.MezFesDuration) * time.Second).Unix()),
+		End:          uint32(channelserver.TimeWeekNext().Unix()),
+		SoloTickets:  s.erupeConfig.GameplayOptions.MezFesSoloTickets,
+		GroupTickets: s.erupeConfig.GameplayOptions.MezFesGroupTickets,
+		Stalls:       stalls,
+	}
+	if !s.erupeConfig.HideLoginNotice {
+		resp.Notices = append(resp.Notices, strings.Join(s.erupeConfig.LoginNotices[:], "<PAGE>"))
+	}
+	return resp
+}
+
+func (s *APIServer) Launcher(w http.ResponseWriter, r *http.Request) {
+	var respData LauncherResponse
+	respData.Banners = s.erupeConfig.API.Banners
+	respData.Messages = s.erupeConfig.API.Messages
+	respData.Links = s.erupeConfig.API.Links
+	w.Header().Add("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(respData)
+}
+
+func (s *APIServer) Login(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	var reqData struct {
+		Username string `json:"username"`
+		Password string `json:"password"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&reqData); err != nil {
+		s.logger.Error("JSON decode error", zap.Error(err))
+		w.WriteHeader(400)
+		return
+	}
+	var (
+		userID     uint32
+		userRights uint32
+		password   string
+	)
+	err := s.db.QueryRow("SELECT id, password, rights FROM users WHERE username = $1", reqData.Username).Scan(&userID, &password, &userRights)
+	if err == sql.ErrNoRows {
+		w.WriteHeader(400)
+		w.Write([]byte("username-error"))
+		return
+	} else if err != nil {
+		s.logger.Warn("SQL query error", zap.Error(err))
+		w.WriteHeader(500)
+		return
+	}
+	if bcrypt.CompareHashAndPassword([]byte(password), []byte(reqData.Password)) != nil {
+		w.WriteHeader(400)
+		w.Write([]byte("password-error"))
+		return
+	}
+
+	userTokenID, userToken, err := s.createLoginToken(ctx, userID)
+	if err != nil {
+		s.logger.Warn("Error registering login token", zap.Error(err))
+		w.WriteHeader(500)
+		return
+	}
+	characters, err := s.getCharactersForUser(ctx, userID)
+	if err != nil {
+		s.logger.Warn("Error getting characters from DB", zap.Error(err))
+		w.WriteHeader(500)
+		return
+	}
+	if characters == nil {
+		characters = []Character{}
+	}
+	respData := s.newAuthData(userID, userRights, userTokenID, userToken, characters)
+	w.Header().Add("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(respData)
+}
+
+func (s *APIServer) Register(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	var reqData struct {
+		Username string `json:"username"`
+		Password string `json:"password"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&reqData); err != nil {
+		s.logger.Error("JSON decode error", zap.Error(err))
+		w.WriteHeader(400)
+		return
+	}
+	if reqData.Username == "" || reqData.Password == "" {
+		w.WriteHeader(400)
+		return
+	}
+	s.logger.Info("Creating account", zap.String("username", reqData.Username))
+	userID, userRights, err := s.createNewUser(ctx, reqData.Username, reqData.Password)
+	if err != nil {
+		var pqErr *pq.Error
+		if errors.As(err, &pqErr) && pqErr.Constraint == "users_username_key" {
+			w.WriteHeader(400)
+			w.Write([]byte("username-exists-error"))
+			return
+		}
+		s.logger.Error("Error checking user", zap.Error(err), zap.String("username", reqData.Username))
+		w.WriteHeader(500)
+		return
+	}
+
+	userTokenID, userToken, err := s.createLoginToken(ctx, userID)
+	if err != nil {
+		s.logger.Error("Error registering login token", zap.Error(err))
+		w.WriteHeader(500)
+		return
+	}
+	respData := s.newAuthData(userID, userRights, userTokenID, userToken, []Character{})
+	w.Header().Add("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(respData)
+}
+
+func (s *APIServer) CreateCharacter(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	var reqData struct {
+		Token string `json:"token"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&reqData); err != nil {
+		s.logger.Error("JSON decode error", zap.Error(err))
+		w.WriteHeader(400)
+		return
+	}
+
+	userID, err := s.userIDFromToken(ctx, reqData.Token)
+	if err != nil {
+		w.WriteHeader(401)
+		return
+	}
+	character, err := s.createCharacter(ctx, userID)
+	if err != nil {
+		s.logger.Error("Failed to create character", zap.Error(err), zap.String("token", reqData.Token))
+		w.WriteHeader(500)
+		return
+	}
+	if s.erupeConfig.DebugOptions.MaxLauncherHR {
+		character.HR = 7
+	}
+	w.Header().Add("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(character)
+}
+
+func (s *APIServer) DeleteCharacter(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	var reqData struct {
+		Token  string `json:"token"`
+		CharID uint32 `json:"charId"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&reqData); err != nil {
+		s.logger.Error("JSON decode error", zap.Error(err))
+		w.WriteHeader(400)
+		return
+	}
+	userID, err := s.userIDFromToken(ctx, reqData.Token)
+	if err != nil {
+		w.WriteHeader(401)
+		return
+	}
+	if err := s.deleteCharacter(ctx, userID, reqData.CharID); err != nil {
+		s.logger.Error("Failed to delete character", zap.Error(err), zap.String("token", reqData.Token), zap.Uint32("charID", reqData.CharID))
+		w.WriteHeader(500)
+		return
+	}
+	w.Header().Add("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(struct{}{})
+}
+
+func (s *APIServer) ExportSave(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	var reqData struct {
+		Token  string `json:"token"`
+		CharID uint32 `json:"charId"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&reqData); err != nil {
+		s.logger.Error("JSON decode error", zap.Error(err))
+		w.WriteHeader(400)
+		return
+	}
+	userID, err := s.userIDFromToken(ctx, reqData.Token)
+	if err != nil {
+		w.WriteHeader(401)
+		return
+	}
+	character, err := s.exportSave(ctx, userID, reqData.CharID)
+	if err != nil {
+		s.logger.Error("Failed to export save", zap.Error(err), zap.String("token", reqData.Token), zap.Uint32("charID", reqData.CharID))
+		w.WriteHeader(500)
+		return
+	}
+	save := ExportData{
+		Character: character,
+	}
+	w.Header().Add("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(save)
+}
+func (s *APIServer) ScreenShotGet(w http.ResponseWriter, r *http.Request) {
+	// Get the 'id' parameter from the URL
+	vars := mux.Vars(r)
+	token := vars["id"]
+	var tokenPattern = regexp.MustCompile(`[A-Za-z0-9]+`)
+
+	if !tokenPattern.MatchString(token) || token == "" {
+		http.Error(w, "Not Valid Token", http.StatusBadRequest)
+
+	}
+	// Open the image file
+	path := filepath.Join(s.erupeConfig.Screenshots.OutputDir, fmt.Sprintf("%s.jpg", token))
+	file, err := os.Open(path)
+	if err != nil {
+		http.Error(w, "Image not found", http.StatusNotFound)
+		return
+	}
+	defer file.Close()
+	// Set content type header to image/jpeg
+	w.Header().Set("Content-Type", "image/jpeg")
+	// Copy the image content to the response writer
+	if _, err := io.Copy(w, file); err != nil {
+		http.Error(w, "Unable to send image", http.StatusInternalServerError)
+		return
+	}
+}
+func (s *APIServer) ScreenShot(w http.ResponseWriter, r *http.Request) {
+	// Create a struct representing the XML result
+	type Result struct {
+		XMLName xml.Name `xml:"result"`
+		Code    string   `xml:"code"`
+	}
+	// Set the Content-Type header to specify that the response is in XML format
+	w.Header().Set("Content-Type", "text/xml")
+	result := Result{Code: "200"}
+	if !s.erupeConfig.Screenshots.Enabled {
+		result = Result{Code: "400"}
+	} else {
+
+		if r.Method != http.MethodPost {
+			result = Result{Code: "405"}
+		}
+		// Get File from Request
+		file, _, err := r.FormFile("img")
+		if err != nil {
+			result = Result{Code: "400"}
+		}
+		var tokenPattern = regexp.MustCompile(`[A-Za-z0-9]+`)
+		token := r.FormValue("token")
+		if !tokenPattern.MatchString(token) || token == "" {
+			result = Result{Code: "401"}
+
+		}
+
+		// Validate file
+		img, _, err := image.Decode(file)
+		if err != nil {
+			result = Result{Code: "400"}
+		}
+
+		dir := filepath.Join(s.erupeConfig.Screenshots.OutputDir)
+		path := filepath.Join(s.erupeConfig.Screenshots.OutputDir, fmt.Sprintf("%s.jpg", token))
+		_, err = os.Stat(dir)
+		if err != nil {
+			if os.IsNotExist(err) {
+				err = os.MkdirAll(dir, os.ModePerm)
+				if err != nil {
+					s.logger.Error("Error writing screenshot, could not create folder")
+					result = Result{Code: "500"}
+				}
+			} else {
+				s.logger.Error("Error writing screenshot")
+				result = Result{Code: "500"}
+			}
+		}
+		// Create or open the output file
+		outputFile, err := os.Create(path)
+		if err != nil {
+			result = Result{Code: "500"}
+		}
+		defer outputFile.Close()
+
+		// Encode the image and write it to the file
+		err = jpeg.Encode(outputFile, img, &jpeg.Options{Quality: s.erupeConfig.Screenshots.UploadQuality})
+		if err != nil {
+			s.logger.Error("Error writing screenshot, could not write file", zap.Error(err))
+			result = Result{Code: "500"}
+		}
+	}
+	// Marshal the struct into XML
+	xmlData, err := xml.Marshal(result)
+	if err != nil {
+		http.Error(w, "Unable to marshal XML", http.StatusInternalServerError)
+		return
+	}
+	// Write the XML response with a 200 status code
+	w.WriteHeader(http.StatusOK)
+	w.Write(xmlData)
+}