Example #1
0
func SetupHTTPRoutes(server *wsevent.Server, noauth *wsevent.Server) {
	http.HandleFunc("/", controllers.MainHandler)
	http.HandleFunc("/openidcallback", controllers.LoginCallbackHandler)
	http.HandleFunc("/startLogin", controllers.LoginHandler)
	http.HandleFunc("/logout", controllers.LogoutHandler)
	if config.Constants.MockupAuth {
		http.HandleFunc("/startMockLogin/", controllers.MockLoginHandler)
	}
	http.HandleFunc("/websocket/", func(w http.ResponseWriter, r *http.Request) {
		if config.Constants.SteamIDWhitelist != "" {
			session, err := chelpers.GetSessionHTTP(r)

			allowed := true

			if err == nil {
				steamid, ok := session.Values["steam_id"]
				if !ok {
					allowed = false
				} else if !chelpers.IsSteamIDWhitelisted(steamid.(string)) {
					allowed = false
				}
			} else {
				allowed = false
			}
			if !allowed {
				http.Error(w, "Sorry, but you're not in the closed alpha", 403)
				return
			}
		}

		session, err := chelpers.GetSessionHTTP(r)
		var so *wsevent.Client

		if err == nil {
			_, ok := session.Values["steam_id"]
			if ok {
				so, err = server.NewClient(upgrader, w, r)
			} else {
				so, err = noauth.NewClient(upgrader, w, r)
			}
		} else {
			var estr = "Couldn't create WebSocket connection."
			//estr = err.Error()

			http.Error(w, estr, 500)
			return
		}

		if err != nil || so == nil {
			controllers.LogoutSession(w, r)
			return
		}

		//helpers.Logger.Debug("Connected to Socket")
		err = socket.SocketInit(server, noauth, so)
		if err != nil {
			controllers.LogoutSession(w, r)
		}
	})
}
Example #2
0
func SocketHandler(w http.ResponseWriter, r *http.Request) {
	//check if player is in the whitelist
	if config.Constants.SteamIDWhitelist != "" {
		allowed := false

		session, err := chelpers.GetSessionHTTP(r)
		if err == nil {
			steamid, ok := session.Values["steam_id"]
			allowed = ok && chelpers.IsSteamIDWhitelisted(steamid.(string))
		}
		if !allowed {
			http.Error(w, "Sorry, but you're not in the closed alpha", 403)
			return
		}
	}

	session, err := chelpers.GetSessionHTTP(r)
	var so *wsevent.Client

	if err == nil {
		_, ok := session.Values["steam_id"]
		if ok {
			so, err = socket.AuthServer.NewClient(upgrader, w, r)
		} else {
			so, err = socket.UnauthServer.NewClient(upgrader, w, r)
		}
		pprof.Clients.Add(1)

	} else {
		var estr = "Couldn't create WebSocket connection."
		//estr = err.Error()

		logrus.Error(err.Error())
		http.Error(w, estr, 500)
		return
	}

	if err != nil || so == nil {
		login.LogoutSession(w, r)
		return
	}

	//logrus.Debug("Connected to Socket")
	err = SocketInit(so)
	if err != nil {
		login.LogoutSession(w, r)
		so.Close()
	}
}
Example #3
0
func setSession(w http.ResponseWriter, r *http.Request, steamid string) {
	session, _ := controllerhelpers.GetSessionHTTP(r)
	session.Values["steam_id"] = steamid

	player := &models.Player{}
	err := database.DB.Where("steam_id = ?", steamid).First(player).Error

	var playErr error
	if err == gorm.RecordNotFound {
		player, playErr = models.NewPlayer(steamid)

		if playErr != nil {
			helpers.Logger.Debug(playErr.Error())
		}

		database.DB.Create(player)
	} else if err != nil {
		helpers.Logger.Debug("steamLogin.go:60 ", err)
	}

	session.Values["id"] = fmt.Sprint(player.ID)
	session.Values["role"] = player.Role

	session.Options.Domain = config.Constants.CookieDomain
	err = session.Save(r, w)
}
Example #4
0
func LogoutHandler(w http.ResponseWriter, r *http.Request) {
	session, _ := controllerhelpers.GetSessionHTTP(r)
	session.Options = &sessions.Options{MaxAge: -1}
	session.Save(r, w)

	http.Redirect(w, r, "/", 303)
}
Example #5
0
func MainHandler(w http.ResponseWriter, r *http.Request) {
	if controllerhelpers.IsLoggedInHTTP(r) {
		session, _ := controllerhelpers.GetSessionHTTP(r)
		var steamid = session.Values["steam_id"].(string)
		fmt.Fprintf(w, `<html><head></head><body>hello! You're logged in and your steam id is
			`+steamid+`. You can log out <a href='/logout'>here</a></body></html>`)
	} else {
		fmt.Fprintf(w, "<html><head></head><body>hello! You can log in <a href='/startLogin'>here</a></body></html>")
	}
}
Example #6
0
func verifyToken(r *http.Request, method string) error {
	token := r.Form.Get("xsrf-token")
	if token == "" {
		return errors.New("No XSRF token present in form")
	}

	session, _ := controllerhelpers.GetSessionHTTP(r)
	admin, _ := models.GetPlayerBySteamID(session.Values["steam_id"].(string))

	valid := xsrftoken.Valid(token, config.Constants.CookieStoreSecret, admin.SteamID, method)

	if !valid {
		return errors.New("XSRF token is invalid")
	}

	return nil
}
Example #7
0
func confirmReq(w http.ResponseWriter, r *http.Request, method, title string) {
	templ, err := template.ParseFiles("views/admin/templates/confirm.html")
	if err != nil {
		logrus.Error(err.Error())
		return
	}

	session, _ := controllerhelpers.GetSessionHTTP(r)
	admin, _ := models.GetPlayerBySteamID(session.Values["steam_id"].(string))
	token := xsrftoken.Generate(config.Constants.CookieStoreSecret, admin.SteamID, method)

	templ.Execute(w, struct {
		URL       string
		Title     string
		XSRFToken string
	}{r.URL.String(), title, token})
}
Example #8
0
func (Admin) AdminChangeRole(server *wsevent.Server, so *wsevent.Client, data []byte) []byte {
	reqerr := chelpers.FilterRequest(so, 0, true)

	if reqerr != nil {
		return reqerr.Encode()
	}
	var args struct {
		Steamid *string `json:"steamid"`
		Role    *string `json:"role"`
	}

	err := chelpers.GetParams(data, &args)
	if err != nil {
		return helpers.NewTPErrorFromError(err).Encode()
	}

	role, ok := helpers.RoleMap[*args.Role]
	if !ok || role == helpers.RoleAdmin {
		return helpers.NewTPError("Invalid role parameter", 0).Encode()
	}

	otherPlayer, err := models.GetPlayerBySteamId(*args.Steamid)
	if err != nil {
		return helpers.NewTPError("Player not found.", 0).Encode()
	}

	currPlayer, _ := chelpers.GetPlayerSocket(so.Id())

	models.LogAdminAction(currPlayer.ID, helpers.ActionChangeRole, otherPlayer.ID)

	// actual change happens
	otherPlayer.Role = role
	db.DB.Save(&otherPlayer)

	// rewrite session data. THIS WON'T WRITE A COOKIE SO IT ONLY WORKS WITH
	// STORES THAT STORE DATA IN COOKIES (AND NOT ONLY SESSION ID).
	session, sesserr := chelpers.GetSessionHTTP(so.Request())
	if sesserr == nil {
		session.Values["role"] = role
		session.Save(so.Request(), FakeResponseWriter{})
	}

	return chelpers.EmptySuccessJS
}
Example #9
0
func setSession(w http.ResponseWriter, r *http.Request, steamid string) error {
	session, _ := controllerhelpers.GetSessionHTTP(r)
	session.Values["steam_id"] = steamid

	player := &models.Player{}
	err := database.DB.Where("steam_id = ?", steamid).First(player).Error

	var playErr error
	if err == gorm.RecordNotFound {
		// Successful first-time login
		player, playErr = models.NewPlayer(steamid)

		if playErr != nil {
			return playErr
		}

		database.DB.Create(player)
	} else if err == nil {
		// Successful repeat login
		err = player.UpdatePlayerInfo()
		if err == nil {
			player.Save()
		} else {
			return err
		}
	} else if err != nil {
		// Failed login
		return err
	}

	session.Values["id"] = fmt.Sprint(player.ID)
	session.Values["role"] = player.Role

	session.Options.Domain = config.Constants.CookieDomain
	err = session.Save(r, w)
	return err
}
Example #10
0
File: admin.go Project: N1xx1/Helen
func AdminChangeRole(so socketio.Socket) func(string) string {
	return chelpers.FilterRequest(so, adminChangeRoleFilter,

		func(params map[string]interface{}) string {
			roleString := params["role"].(string)
			steamid := params["steamid"].(string)
			role, ok := helpers.RoleMap[roleString]
			if !ok || role == helpers.RoleAdmin {
				bytes, _ := chelpers.BuildFailureJSON("Invalid role parameter", 0).Encode()
				return string(bytes)
			}

			otherPlayer, err := models.GetPlayerBySteamId(steamid)
			if err != nil {
				bytes, _ := chelpers.BuildFailureJSON("Player not found.", 0).Encode()
				return string(bytes)
			}

			currPlayer, _ := chelpers.GetPlayerSocket(so.Id())

			models.LogAdminAction(currPlayer.ID, helpers.ActionChangeRole, otherPlayer.ID)

			// actual change happens
			otherPlayer.Role = role
			db.DB.Save(&otherPlayer)

			// rewrite session data. THiS WON'T WRITE A COOKIE SO IT ONLY WORKS WITH
			// STORES THAT STORE DATA IN COOKIES (AND NOT ONLY SESSION ID).
			session, sesserr := chelpers.GetSessionHTTP(so.Request())
			if sesserr == nil {
				session.Values["role"] = role
				session.Save(so.Request(), FakeResponseWriter{})
			}

			return chelpers.BuildEmptySuccessString()
		})
}
Example #11
0
func LoginCallbackHandler(w http.ResponseWriter, r *http.Request) {
	fullURL := config.Constants.Domain + r.URL.String()
	id, err := openid.Verify(fullURL, discoveryCache, nonceStore)
	if err != nil {
		helpers.Logger.Debug(err.Error())
		return
	}

	parts := strings.Split(id, "/")
	steamid := parts[len(parts)-1]

	session, _ := controllerhelpers.GetSessionHTTP(r)
	session.Values["steam_id"] = steamid

	player := &models.Player{}
	var playErr error
	err = database.DB.Where("steam_id = ?", steamid).First(player).Error

	if err == gorm.RecordNotFound {
		player, playErr = models.NewPlayer(steamid)

		if playErr != nil {
			helpers.Logger.Debug(playErr.Error())
		}

		database.DB.Create(player)
	} else if err != nil {
		helpers.Logger.Debug("steamLogin.go:60 ", err)
	}

	session.Values["id"] = fmt.Sprint(player.ID)

	err = session.Save(r, w)

	http.Redirect(w, r, config.Constants.LoginRedirectPath, 303)
}
Example #12
0
func LoginCallbackHandler(w http.ResponseWriter, r *http.Request) {
	regex := regexp.MustCompile(`http://steamcommunity.com/openid/id/(\d+)`)

	fullURL := config.Constants.Domain + r.URL.String()
	idURL, err := openid.Verify(fullURL, discoveryCache, nonceStore)
	if err != nil {
		helpers.Logger.Warning("%s", err.Error())
		return
	}

	parts := regex.FindStringSubmatch(idURL)
	if len(parts) != 2 {
		http.Error(w, "Steam Authentication failed, please try again.", 500)
		return
	}

	steamid := parts[1]

	if config.Constants.SteamIDWhitelist != "" &&
		!controllerhelpers.IsSteamIDWhitelisted(steamid) {
		//Use a more user-friendly message later
		http.Error(w, "Sorry, you're not in the closed alpha.", 403)
		return
	}
	err = setSession(w, r, steamid)
	if err != nil {
		session, _ := controllerhelpers.GetSessionHTTP(r)
		session.Options = &sessions.Options{MaxAge: -1}
		session.Save(r, w)

		helpers.Logger.Error(err.Error())
		http.Error(w, "Internal Server Error.", 500)
		return
	}
	http.Redirect(w, r, config.Constants.LoginRedirectPath, 303)
}
Example #13
0
func LogoutSession(w http.ResponseWriter, r *http.Request) {
	session, _ := controllerhelpers.GetSessionHTTP(r)
	session.Options = &sessions.Options{MaxAge: -1}
	session.Save(r, w)
}