Implement proper handbook authentication (pt. 1)

2025-12-17 09:25:06 +01:00 · 2023-05-16 02:38:01 -04:00
parent 79d417c3ca
commit f1cf6da178
28 changed files with 1019 additions and 53 deletions
--- a/src/main/java/emu/grasscutter/auth/DefaultAuthenticators.java
+++ b/src/main/java/emu/grasscutter/auth/DefaultAuthenticators.java
@@ -1,8 +1,5 @@
 package emu.grasscutter.auth;

-import static emu.grasscutter.config.Configuration.ACCOUNT;
-import static emu.grasscutter.utils.Language.translate;
-
 import at.favre.lib.crypto.bcrypt.BCrypt;
 import emu.grasscutter.Grasscutter;
 import emu.grasscutter.auth.AuthenticationSystem.AuthenticationRequest;
@@ -12,15 +9,21 @@ import emu.grasscutter.server.dispatch.IDispatcher;
 import emu.grasscutter.server.dispatch.PacketIds;
 import emu.grasscutter.server.http.objects.ComboTokenResJson;
 import emu.grasscutter.server.http.objects.LoginResultJson;
+import emu.grasscutter.utils.DispatchUtils;
 import emu.grasscutter.utils.FileUtils;
 import emu.grasscutter.utils.Utils;
+import io.javalin.http.ContentType;
+
+import javax.crypto.Cipher;
 import java.nio.charset.StandardCharsets;
 import java.security.KeyFactory;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.TimeUnit;
-import javax.crypto.Cipher;
+
+import static emu.grasscutter.config.Configuration.ACCOUNT;
+import static emu.grasscutter.utils.Language.translate;

 /** A class containing default authenticators. */
 public final class DefaultAuthenticators {
@@ -372,4 +375,61 @@ public final class DefaultAuthenticators {
            }
        }
    }
+
+    /** Handles authentication for the web GM Handbook. */
+    public static class HandbookAuthentication implements HandbookAuthenticator {
+        private final String authPage;
+
+        public HandbookAuthentication() {
+            try {
+                this.authPage = new String(
+                    FileUtils.readResource("/html/handbook_auth.html"));
+            } catch (Exception ignored) {
+                throw new RuntimeException("Failed to load handbook auth page.");
+            }
+        }
+
+        @Override
+        public void presentPage(AuthenticationRequest request) {
+            var ctx = request.getContext();
+            if (ctx == null) return;
+
+            // Respond with the handbook auth page.
+            ctx.contentType(ContentType.TEXT_HTML)
+                .result(this.authPage);
+        }
+
+        @Override
+        public Response authenticate(AuthenticationRequest request) {
+            var ctx = request.getContext();
+            if (ctx == null) return null;
+
+            // Get the body data.
+            var playerId = ctx.formParam("playerid");
+            if (playerId == null) {
+                return Response.builder().status(400)
+                        .body("Invalid player ID.").build();
+            }
+
+            try {
+                // Get the player's session token.
+                var sessionKey = DispatchUtils.fetchSessionKey(
+                    Integer.parseInt(playerId));
+                if (sessionKey == null) {
+                    return Response.builder().status(400)
+                        .body("Invalid player ID.").build();
+                }
+
+                // Check if the account is banned.
+                return Response.builder().status(200)
+                    .body(this.authPage.replace("{{VALUE}}", "true")
+                        .replace("{{SESSION_TOKEN}}", sessionKey)
+                        .replace("{{PLAYER_ID}}", playerId))
+                    .build();
+            } catch (NumberFormatException ignored) {
+                return Response.builder().status(500)
+                    .body("Invalid player ID.").build();
+            }
+        }
+    }
 }