Esempio n. 1
0
func MainHandler(w http.ResponseWriter, r *http.Request) {
	if r.URL.Path != "/" {
		http.NotFound(w, r)
		return
	}

	var p *player.Player
	token, err := controllerhelpers.GetToken(r)

	if err == nil {
		p = controllerhelpers.GetPlayer(token)
	}

	errtempl := mainTempl.Execute(w, map[string]interface{}{
		"LoggedIn":  err == nil,
		"Player":    p,
		"MockLogin": config.Constants.MockupAuth,
		"BuildDate": version.BuildDate,
		"GitCommit": version.GitCommit,
		"GitBranch": version.GitBranch,
		"BuildInfo": fmt.Sprintf("Built using %s on %s (%s %s)", runtime.Version(), version.Hostname, runtime.GOOS, runtime.GOARCH),
	})
	if errtempl != nil {
		logrus.Error(err)
	}
}
Esempio n. 2
0
func TwitchLoginHandler(w http.ResponseWriter, r *http.Request) {
	token, err := controllerhelpers.GetToken(r)
	if err == http.ErrNoCookie {
		http.Error(w, "You are not logged in.", http.StatusUnauthorized)
		return
	} else if err != nil {
		http.Error(w, "Invalid jwt", http.StatusBadRequest)
		return
	}

	id := token.Claims.(*controllerhelpers.TF2StadiumClaims).PlayerID
	player, _ := player.GetPlayerByID(id)
	loginURL := url.URL{
		Scheme: "https",
		Host:   "api.twitch.tv",
		Path:   "kraken/oauth2/authorize",
	}

	//twitchRedirectURL := config.Constants.PublicAddress + "/" + "twitchAuth"
	twitchRedirectURL, _ := url.Parse(config.Constants.PublicAddress)
	twitchRedirectURL.Path = "twitchAuth"

	values := loginURL.Query()
	values.Set("response_type", "code")
	values.Set("client_id", config.Constants.TwitchClientID)
	values.Set("redirect_uri", twitchRedirectURL.String())
	values.Set("scope", "channel_check_subscription user_subscriptions channel_subscriptions user_read")
	values.Set("state", xsrftoken.Generate(config.Constants.CookieStoreSecret, player.SteamID, "GET"))
	loginURL.RawQuery = values.Encode()

	http.Redirect(w, r, loginURL.String(), http.StatusTemporaryRedirect)
}
Esempio n. 3
0
func TwitchLogoutHandler(w http.ResponseWriter, r *http.Request) {
	token, err := controllerhelpers.GetToken(r)
	if err == http.ErrNoCookie {
		http.Error(w, "You are not logged in.", http.StatusUnauthorized)
		return
	} else if err != nil {
		http.Error(w, "Invalid jwt", http.StatusBadRequest)
		return
	}

	id := token.Claims.(*controllerhelpers.TF2StadiumClaims).PlayerID

	player, _ := player.GetPlayerByID(id)
	player.TwitchName = ""
	player.TwitchAccessToken = ""
	player.Save()

	referer, ok := r.Header["Referer"]
	if ok {
		http.Redirect(w, r, referer[0], 303)
		return
	}

	http.Redirect(w, r, config.Constants.LoginRedirectPath, http.StatusTemporaryRedirect)
}
Esempio n. 4
0
func ResetMumblePassword(w http.ResponseWriter, r *http.Request) {
	token, err := chelpers.GetToken(r)
	if err != nil {
		http.Error(w, "You aren't logged in.", http.StatusForbidden)
		return
	}

	player := chelpers.GetPlayer(token)
	player.MumbleAuthkey = player.GenAuthKey()
	player.Save()

	newToken := chelpers.NewToken(player)
	cookie := &http.Cookie{
		Name:    "auth-jwt",
		Value:   newToken,
		Path:    "/",
		Domain:  config.Constants.CookieDomain,
		Expires: time.Now().Add(30 * 24 * time.Hour),
	}
	http.SetCookie(w, cookie)

	referer, ok := r.Header["Referer"]
	if ok {
		http.Redirect(w, r, referer[0], 303)
		return
	}

	http.Redirect(w, r, config.Constants.LoginRedirectPath, 303)
}
Esempio n. 5
0
func SocketHandler(w http.ResponseWriter, r *http.Request) {
	token, err := chelpers.GetToken(r)
	if err != nil && err != http.ErrNoCookie { //invalid jwt token
		logrus.Errorf("Error reading JWT: %v", err)
		token = nil
	}

	//check if player is in the whitelist
	if config.Constants.SteamIDWhitelist != "" {
		if token == nil {
			// player isn't logged in,
			// and access is restricted to logged in people
			http.Error(w, "Not logged in", http.StatusForbidden)
			return
		}

		if !chelpers.IsSteamIDWhitelisted(token.Claims.(*chelpers.TF2StadiumClaims).SteamID) {
			http.Error(w, "you're not in the beta", http.StatusForbidden)
			return
		}
	}

	var so *wsevent.Client

	if token != nil { //received valid jwt
		so, err = socket.AuthServer.NewClient(upgrader, w, r)
	} else {
		so, err = socket.UnauthServer.NewClient(upgrader, w, r)
	}

	if err != nil {
		return
	}

	so.Token = token

	//logrus.Debug("Connected to Socket")
	err = SocketInit(so)
	if err != nil {
		logrus.Error(err)
		so.Close()
		return
	}
}
Esempio n. 6
0
func TwitchAuthHandler(w http.ResponseWriter, r *http.Request) {
	token, err := controllerhelpers.GetToken(r)
	if err == http.ErrNoCookie {
		http.Error(w, "You are not logged in.", http.StatusUnauthorized)
		return
	} else if err != nil {
		http.Error(w, "Invalid jwt", http.StatusBadRequest)
		return
	}

	id := token.Claims.(*controllerhelpers.TF2StadiumClaims).PlayerID
	player, _ := player.GetPlayerByID(id)

	values := r.URL.Query()
	code := values.Get("code")
	if code == "" {
		http.Error(w, "No code given", http.StatusBadRequest)
		return
	}

	state := values.Get("state")
	if state == "" || !xsrftoken.Valid(state, config.Constants.CookieStoreSecret, player.SteamID, "GET") {
		http.Error(w, "Missing or Invalid XSRF token", http.StatusBadRequest)
		return
	}

	twitchRedirectURL, _ := url.Parse(config.Constants.PublicAddress)
	twitchRedirectURL.Path = "twitchAuth"

	// successful login, try getting access token now
	tokenURL := url.URL{
		Scheme: "https",
		Host:   "api.twitch.tv",
		Path:   "kraken/oauth2/token",
	}
	values = tokenURL.Query()
	values.Set("client_id", config.Constants.TwitchClientID)
	values.Set("client_secret", config.Constants.TwitchClientSecret)
	values.Set("grant_type", "authorization_code")
	values.Set("redirect_uri", twitchRedirectURL.String())
	values.Set("code", code)
	values.Set("state", state)

	req, err := http.NewRequest("POST", tokenURL.String(), strings.NewReader(values.Encode()))
	if err != nil {
		logrus.Error(err)
		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
		return
	}

	resp, err := helpers.HTTPClient.Do(req)
	if err != nil {
		logrus.Error(err)
		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
		return
	}

	reply := reply{}

	dec := json.NewDecoder(resp.Body)
	err = dec.Decode(&reply)
	if err != nil {
		logrus.Error(err)
		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
		return
	}

	info, err := getUserInfo(reply.AccessToken)
	if err != nil {
		logrus.Error(err)
		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
		return
	}

	player.TwitchName = info.Name
	player.TwitchAccessToken = reply.AccessToken
	player.Save()

	http.Redirect(w, r, config.Constants.LoginRedirectPath, http.StatusTemporaryRedirect)
}
Esempio n. 7
0
func BanPlayer(w http.ResponseWriter, r *http.Request) {
	err := r.ParseForm()
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
	}

	values := r.Form
	steamid := values.Get("steamid")
	reason := values.Get("reason")
	banType := values.Get("type")
	remove := values.Get("remove")
	token := values.Get("xsrf-token")
	if !xsrftoken.Valid(token, config.Constants.CookieStoreSecret, "admin", "POST") {
		http.Error(w, "invalid xsrf token", http.StatusBadRequest)
		return
	}

	ban, ok := map[string]player.BanType{
		"joinLobby":       player.BanJoin,
		"joinMumbleLobby": player.BanJoinMumble,
		"createLobby":     player.BanCreate,
		"chat":            player.BanChat,
		"full":            player.BanFull,
	}[banType]
	if !ok {
		http.Error(w, "Invalid ban type", http.StatusBadRequest)
		return
	}

	player, err := player.GetPlayerBySteamID(steamid)
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	if remove == "true" {
		err := player.Unban(ban)
		if err != nil {
			http.Error(w, err.Error(), http.StatusBadRequest)
		} else {
			fmt.Fprintf(w, "Player %s (%s) has been unbanned (%s)", player.Name, player.SteamID, ban.String())
		}
		return
	}

	until, err := time.Parse("2006-01-02 15:04", values.Get("date")+" "+values.Get("time"))
	if err != nil {
		http.Error(w, "invalid time format", http.StatusBadRequest)
		return
	} else if until.Sub(time.Now()) < 0 {
		http.Error(w, "invalid time", http.StatusBadRequest)
		return
	}

	jwt, _ := chelpers.GetToken(r)
	bannedByPlayer := chelpers.GetPlayer(jwt)

	err = player.BanUntil(until, ban, reason, bannedByPlayer.ID)
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	fmt.Fprintf(w, "Player %s (%s) has been banned (%s) till %v", player.Name, player.SteamID, ban.String(), until)
}