rogueserver/api/account.go

195 lines
4.8 KiB
Go
Raw Normal View History

2023-12-05 10:28:08 -08:00
package api
import (
2023-12-28 16:53:59 -08:00
"bytes"
"crypto/rand"
"database/sql"
2023-12-05 10:28:08 -08:00
"encoding/base64"
"encoding/hex"
2023-12-05 10:28:08 -08:00
"encoding/json"
"fmt"
"net/http"
"os"
2023-12-28 16:53:59 -08:00
"regexp"
2023-12-05 10:28:08 -08:00
"github.com/Flashfyre/pokerogue-server/db"
2023-12-28 16:53:59 -08:00
"golang.org/x/crypto/argon2"
2023-12-05 10:28:08 -08:00
)
2023-12-28 16:53:59 -08:00
const (
argonTime = 1
argonMemory = 256*1024
argonThreads = 4
argonKeyLength = 32
)
2023-12-28 18:20:46 -08:00
var isValidUsername = regexp.MustCompile(`^\w{1,16}$`).MatchString
2023-12-28 16:53:59 -08:00
2023-12-29 12:15:16 -08:00
// /account/info - get account info
2023-12-05 10:28:08 -08:00
type AccountInfoResponse struct{
Username string `json:"username"`
HasGameSession bool `json:"hasGameSession"`
2023-12-05 10:28:08 -08:00
}
2023-12-29 11:30:47 -08:00
func (s *Server) HandleAccountInfo(w http.ResponseWriter, r *http.Request) {
2023-12-31 13:12:20 -08:00
username, err := GetUsernameFromRequest(r)
2023-12-05 10:28:08 -08:00
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
uuid, err := GetUuidFromRequest(r) // lazy
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
_, err = os.Stat("userdata/" + hex.EncodeToString(uuid) + "/session.pzs")
response, err := json.Marshal(AccountInfoResponse{Username: username, HasGameSession: err != nil})
2023-12-05 10:28:08 -08:00
if err != nil {
http.Error(w, fmt.Sprintf("failed to marshal response json: %s", err), http.StatusInternalServerError)
return
}
w.Write(response)
}
2023-12-29 12:15:16 -08:00
// /account/register - register account
2023-12-05 10:28:08 -08:00
type AccountRegisterRequest GenericAuthRequest
2023-12-29 11:30:47 -08:00
func (s *Server) HandleAccountRegister(w http.ResponseWriter, r *http.Request) {
2023-12-05 10:28:08 -08:00
var request AccountRegisterRequest
err := json.NewDecoder(r.Body).Decode(&request)
if err != nil {
http.Error(w, fmt.Sprintf("failed to decode request body: %s", err), http.StatusBadRequest)
return
}
2023-12-28 18:17:09 -08:00
if !isValidUsername(request.Username) {
2023-12-28 16:53:59 -08:00
http.Error(w, "invalid username", http.StatusBadRequest)
return
}
if len(request.Password) < 6 {
http.Error(w, "invalid password", http.StatusBadRequest)
return
}
uuid := make([]byte, 16)
_, err = rand.Read(uuid)
if err != nil {
http.Error(w, fmt.Sprintf("failed to generate uuid: %s", err), http.StatusInternalServerError)
return
}
salt := make([]byte, 16)
_, err = rand.Read(salt)
if err != nil {
http.Error(w, fmt.Sprintf("failed to generate salt: %s", err), http.StatusInternalServerError)
return
}
err = db.AddAccountRecord(uuid, request.Username, argon2.IDKey([]byte(request.Password), salt, argonTime, argonMemory, argonThreads, argonKeyLength), salt)
if err != nil {
http.Error(w, fmt.Sprintf("failed to add account record: %s", err), http.StatusInternalServerError)
2023-12-28 16:53:59 -08:00
return
}
w.WriteHeader(http.StatusOK)
2023-12-05 10:28:08 -08:00
}
2023-12-29 12:15:16 -08:00
// /account/login - log into account
2023-12-05 10:28:08 -08:00
type AccountLoginRequest GenericAuthRequest
type AccountLoginResponse GenericAuthResponse
2023-12-29 11:30:47 -08:00
func (s *Server) HandleAccountLogin(w http.ResponseWriter, r *http.Request) {
2023-12-28 16:53:59 -08:00
var request AccountLoginRequest
err := json.NewDecoder(r.Body).Decode(&request)
if err != nil {
http.Error(w, fmt.Sprintf("failed to decode request body: %s", err), http.StatusBadRequest)
return
}
2023-12-28 18:17:09 -08:00
if !isValidUsername(request.Username) {
2023-12-28 16:53:59 -08:00
http.Error(w, "invalid username", http.StatusBadRequest)
return
}
if len(request.Password) < 6 {
http.Error(w, "invalid password", http.StatusBadRequest)
return
}
key, salt, err := db.GetAccountKeySaltFromUsername(request.Username)
if err != nil {
if err == sql.ErrNoRows {
http.Error(w, "account doesn't exist", http.StatusBadRequest)
return
}
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if !bytes.Equal(key, argon2.IDKey([]byte(request.Password), salt, argonTime, argonMemory, argonThreads, argonKeyLength)) {
http.Error(w, "password doesn't match", http.StatusBadRequest)
return
}
2023-12-29 12:01:04 -08:00
token := make([]byte, 32)
2023-12-28 16:53:59 -08:00
_, err = rand.Read(token)
if err != nil {
http.Error(w, fmt.Sprintf("failed to generate token: %s", err), http.StatusInternalServerError)
return
}
2023-12-05 10:28:08 -08:00
2023-12-28 16:53:59 -08:00
err = db.AddAccountSession(request.Username, token)
if err != nil {
http.Error(w, "failed to add account session", http.StatusInternalServerError)
return
}
response, err := json.Marshal(AccountLoginResponse{Token: base64.StdEncoding.EncodeToString(token)})
if err != nil {
http.Error(w, fmt.Sprintf("failed to marshal response json: %s", err), http.StatusInternalServerError)
return
}
w.Write(response)
2023-12-05 10:28:08 -08:00
}
2023-12-29 12:15:16 -08:00
// /account/logout - log out of account
2023-12-05 10:28:08 -08:00
2023-12-29 11:30:47 -08:00
func (s *Server) HandleAccountLogout(w http.ResponseWriter, r *http.Request) {
2023-12-28 16:53:59 -08:00
token, err := base64.StdEncoding.DecodeString(r.Header.Get("Authorization"))
if err != nil {
http.Error(w, fmt.Sprintf("failed to decode token: %s", err), http.StatusBadRequest)
return
}
if len(token) != 32 {
http.Error(w, "invalid token", http.StatusBadRequest)
return
}
err = db.RemoveSessionFromToken(token)
if err != nil {
if err == sql.ErrNoRows {
http.Error(w, "token not found", http.StatusBadRequest)
return
}
http.Error(w, "failed to remove account session", http.StatusInternalServerError)
return
}
2023-12-05 10:28:08 -08:00
2023-12-28 16:53:59 -08:00
w.WriteHeader(http.StatusOK)
2023-12-05 10:28:08 -08:00
}