OpenWF/SpaceNinjaServer
12
6
Fork 15
Code Issues 46 Pull Requests 6 Actions Packages Projects Releases Activity

feat: add administrators, require administrator perms to change server config in webui (#628)

Browse Source
This commit is contained in:
Sainan 2024-12-23 22:44:01 +01:00 committed by GitHub
parent eeaac6f07e
commit 103e9bc431
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
11 changed files with 174 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config.json.example
View File

@ -8,6 +8,7 @@
"myAddress": "localhost", "myAddress": "localhost",
"httpPort": 80, "httpPort": 80,
"httpsPort": 443, "httpsPort": 443,
"administratorNames": [],
"autoCreateAccount": true, "autoCreateAccount": true,
"skipStoryModeChoice": true, "skipStoryModeChoice": true,
"skipTutorial": true, "skipTutorial": true,

13
src/controllers/api/loginController.ts
View File

@ -6,7 +6,7 @@ import buildConfig from "@/static/data/buildConfig.json";
import { toLoginRequest } from "@/src/helpers/loginHelpers"; import { toLoginRequest } from "@/src/helpers/loginHelpers";
import { Account } from "@/src/models/loginModel"; import { Account } from "@/src/models/loginModel";
import { createAccount, isCorrectPassword } from "@/src/services/loginService"; import { createAccount, isCorrectPassword, isNameTaken } from "@/src/services/loginService";
import { IDatabaseAccountJson, ILoginResponse } from "@/src/types/loginTypes"; import { IDatabaseAccountJson, ILoginResponse } from "@/src/types/loginTypes";
import { DTLS, groups, HUB, platformCDNs } from "@/static/fixed_responses/login_static"; import { DTLS, groups, HUB, platformCDNs } from "@/static/fixed_responses/login_static";
import { logger } from "@/src/utils/logger"; import { logger } from "@/src/utils/logger";
@ -26,10 +26,19 @@ export const loginController: RequestHandler = async (request, response) => {
if (!account && config.autoCreateAccount && loginRequest.ClientType != "webui") { if (!account && config.autoCreateAccount && loginRequest.ClientType != "webui") {
try { try {
const nameFromEmail = loginRequest.email.substring(0, loginRequest.email.indexOf("@"));
let name = nameFromEmail;
if (await isNameTaken(name)) {
let suffix = 0;
do {
++suffix;
name = nameFromEmail + suffix;
} while (await isNameTaken(name));
}
const newAccount = await createAccount({ const newAccount = await createAccount({
email: loginRequest.email, email: loginRequest.email,
password: loginRequest.password, password: loginRequest.password,
DisplayName: loginRequest.email.substring(0, loginRequest.email.indexOf("@")), DisplayName: name,
CountryCode: loginRequest.lang.toUpperCase(), CountryCode: loginRequest.lang.toUpperCase(),
ClientType: loginRequest.ClientType, ClientType: loginRequest.ClientType,
CrossPlatformAllowed: true, CrossPlatformAllowed: true,

8
src/controllers/custom/createAccountController.ts
View File

@ -1,14 +1,16 @@
import { toCreateAccount, toDatabaseAccount } from "@/src/helpers/customHelpers/customHelpers"; import { toCreateAccount, toDatabaseAccount } from "@/src/helpers/customHelpers/customHelpers";
import { createAccount } from "@/src/services/loginService"; import { createAccount, isNameTaken } from "@/src/services/loginService";
import { RequestHandler } from "express"; import { RequestHandler } from "express";
const createAccountController: RequestHandler = async (req, res) => { const createAccountController: RequestHandler = async (req, res) => {
const createAccountData = toCreateAccount(req.body); const createAccountData = toCreateAccount(req.body);
if (await isNameTaken(createAccountData.DisplayName)) {
res.status(409).json("Name already in use");
} else {
const databaseAccount = toDatabaseAccount(createAccountData); const databaseAccount = toDatabaseAccount(createAccountData);
const account = await createAccount(databaseAccount); const account = await createAccount(databaseAccount);
res.json(account); res.json(account);
}
}; };
export { createAccountController }; export { createAccountController };

8
src/controllers/custom/getConfigDataController.ts
View File

@ -1,8 +1,14 @@
import { RequestHandler } from "express"; import { RequestHandler } from "express";
import { config } from "@/src/services/configService"; import { config } from "@/src/services/configService";
import { getAccountForRequest, isAdministrator } from "@/src/services/loginService";
const getConfigDataController: RequestHandler = (_req, res) => { const getConfigDataController: RequestHandler = async (req, res) => {
const account = await getAccountForRequest(req);
if (isAdministrator(account)) {
res.json(config); res.json(config);
} else {
res.status(401).end();
}
}; };
export { getConfigDataController }; export { getConfigDataController };

6
src/controllers/custom/renameAccountController.ts
View File

@ -1,12 +1,16 @@
import { RequestHandler } from "express"; import { RequestHandler } from "express";
import { getAccountForRequest } from "@/src/services/loginService"; import { getAccountForRequest, isNameTaken } from "@/src/services/loginService";
export const renameAccountController: RequestHandler = async (req, res) => { export const renameAccountController: RequestHandler = async (req, res) => {
const account = await getAccountForRequest(req); const account = await getAccountForRequest(req);
if (typeof req.query.newname == "string") { if (typeof req.query.newname == "string") {
if (await isNameTaken(req.query.newname)) {
res.status(409).json("Name already in use");
} else {
account.DisplayName = req.query.newname; account.DisplayName = req.query.newname;
await account.save(); await account.save();
res.end(); res.end();
}
} else { } else {
res.status(400).end(); res.status(400).end();
} }

6
src/controllers/custom/updateConfigDataController.ts
View File

@ -1,9 +1,15 @@
import { RequestHandler } from "express"; import { RequestHandler } from "express";
import { updateConfig } from "@/src/services/configService"; import { updateConfig } from "@/src/services/configService";
import { getAccountForRequest, isAdministrator } from "@/src/services/loginService";
const updateConfigDataController: RequestHandler = async (req, res) => { const updateConfigDataController: RequestHandler = async (req, res) => {
const account = await getAccountForRequest(req);
if (isAdministrator(account)) {
await updateConfig(String(req.body)); await updateConfig(String(req.body));
res.end(); res.end();
} else {
res.status(401).end();
}
}; };
export { updateConfigDataController }; export { updateConfigDataController };

2
src/models/loginModel.ts
View File

@ -24,7 +24,7 @@ const databaseAccountSchema = new Schema<IDatabaseAccountJson>(
{ {
email: { type: String, required: true, unique: true }, email: { type: String, required: true, unique: true },
password: { type: String, required: true }, password: { type: String, required: true },
DisplayName: { type: String, required: true }, DisplayName: { type: String, required: true, unique: true },
CountryCode: { type: String, required: true }, CountryCode: { type: String, required: true },
ClientType: { type: String }, ClientType: { type: String },
CrossPlatformAllowed: { type: Boolean, required: true }, CrossPlatformAllowed: { type: Boolean, required: true },

8
src/services/configService.ts
View File

@ -14,6 +14,13 @@ fs.watchFile(configPath, () => {
amnesia = false; amnesia = false;
} else { } else {
logger.info("Detected a change to config.json, reloading its contents."); logger.info("Detected a change to config.json, reloading its contents.");
// Set all values to undefined now so if the new config.json omits some fields that were previously present, it's correct in-memory.
for (const key of Object.keys(config)) {
// eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-member-access
(config as any)[key] = undefined;
}
Object.assign(config, JSON.parse(fs.readFileSync(configPath, "utf-8"))); Object.assign(config, JSON.parse(fs.readFileSync(configPath, "utf-8")));
} }
}); });
@ -25,6 +32,7 @@ interface IConfig {
httpPort?: number; httpPort?: number;
httpsPort?: number; httpsPort?: number;
myIrcAddresses?: string[]; myIrcAddresses?: string[];
administratorNames?: string[];
autoCreateAccount?: boolean; autoCreateAccount?: boolean;
skipStoryModeChoice?: boolean; skipStoryModeChoice?: boolean;
skipTutorial?: boolean; skipTutorial?: boolean;

24
src/services/loginService.ts
View File

@ -2,16 +2,21 @@ import { Account } from "@/src/models/loginModel";
import { createInventory } from "@/src/services/inventoryService"; import { createInventory } from "@/src/services/inventoryService";
import { IDatabaseAccount, IDatabaseAccountJson } from "@/src/types/loginTypes"; import { IDatabaseAccount, IDatabaseAccountJson } from "@/src/types/loginTypes";
import { createShip } from "./shipService"; import { createShip } from "./shipService";
import { Types } from "mongoose"; import { Document, Types } from "mongoose";
import { Loadout } from "@/src/models/inventoryModels/loadoutModel"; import { Loadout } from "@/src/models/inventoryModels/loadoutModel";
import { PersonalRooms } from "@/src/models/personalRoomsModel"; import { PersonalRooms } from "@/src/models/personalRoomsModel";
import new_personal_rooms from "@/static/fixed_responses/personalRooms.json"; import new_personal_rooms from "@/static/fixed_responses/personalRooms.json";
import { Request } from "express"; import { Request } from "express";
import { config } from "@/src/services/configService";
export const isCorrectPassword = (requestPassword: string, databasePassword: string): boolean => { export const isCorrectPassword = (requestPassword: string, databasePassword: string): boolean => {
return requestPassword === databasePassword; return requestPassword === databasePassword;
}; };
export const isNameTaken = async (name: string): Promise<boolean> => {
return !!(await Account.findOne({ DisplayName: name }));
};
export const createAccount = async (accountData: IDatabaseAccount): Promise<IDatabaseAccountJson> => { export const createAccount = async (accountData: IDatabaseAccount): Promise<IDatabaseAccountJson> => {
const account = new Account(accountData); const account = new Account(accountData);
try { try {
@ -44,20 +49,21 @@ export const createPersonalRooms = async (accountId: Types.ObjectId, shipId: Typ
await personalRooms.save(); await personalRooms.save();
}; };
export const getAccountForRequest = async (req: Request) => { // eslint-disable-next-line @typescript-eslint/ban-types
type TAccountDocument = Document<unknown, {}, IDatabaseAccountJson> &
IDatabaseAccountJson & { _id: Types.ObjectId; __v: number };
export const getAccountForRequest = async (req: Request): Promise<TAccountDocument> => {
if (!req.query.accountId) { if (!req.query.accountId) {
throw new Error("Request is missing accountId parameter"); throw new Error("Request is missing accountId parameter");
} }
if (!req.query.nonce || parseInt(req.query.nonce as string) === 0) { if (!req.query.nonce || parseInt(req.query.nonce as string) === 0) {
throw new Error("Request is missing nonce parameter"); throw new Error("Request is missing nonce parameter");
} }
const account = await Account.findOne( const account = await Account.findOne({
{
_id: req.query.accountId, _id: req.query.accountId,
Nonce: req.query.nonce Nonce: req.query.nonce
}, });
"_id"
);
if (!account) { if (!account) {
throw new Error("Invalid accountId-nonce pair"); throw new Error("Invalid accountId-nonce pair");
} }
@ -67,3 +73,7 @@ export const getAccountForRequest = async (req: Request) => {
export const getAccountIdForRequest = async (req: Request): Promise<string> => { export const getAccountIdForRequest = async (req: Request): Promise<string> => {
return (await getAccountForRequest(req))._id.toString(); return (await getAccountForRequest(req))._id.toString();
}; };
export const isAdministrator = (account: TAccountDocument): boolean => {
return !!config.administratorNames?.find(x => x == account.DisplayName);
};

9
static/webui/index.html
View File

@ -198,7 +198,11 @@
<div class="col-lg-4"> <div class="col-lg-4">
<div class="card mb-4"> <div class="card mb-4">
<h5 class="card-header">Server</h5> <h5 class="card-header">Server</h5>
<form class="card-body" onsubmit="doChangeSettings();return false;"> <div class="card-body">
<div id="server-settings-no-perms" class="d-none">
<p>You must be an administrator to use this feature. To become an administrator, add <code>"<span class="displayname"></span>"</code> to <code>administratorNames</code> in the config.json.</p>
</div>
<form id="server-settings" class="d-none" onsubmit="doChangeSettings();return false;">
<div class="form-check"> <div class="form-check">
<input class="form-check-input" type="checkbox" id="skipStoryModeChoice" /> <input class="form-check-input" type="checkbox" id="skipStoryModeChoice" />
<label class="form-check-label" for="skipStoryModeChoice">Skip Story Mode Choice</label> <label class="form-check-label" for="skipStoryModeChoice">Skip Story Mode Choice</label>
@ -263,12 +267,13 @@
<label class="form-label" for="spoofMasteryRank"> <label class="form-label" for="spoofMasteryRank">
Spoofed Mastery Rank (-1 to disable) Spoofed Mastery Rank (-1 to disable)
</label> </label>
<input class="form-control" id="spoofMasteryRank" type="number" min="-1" /> <input class="form-control" id="spoofMasteryRank" type="number" min="-1" max="65535" />
</div> </div>
<button class="btn btn-primary mt-3" type="submit">Save Settings</button> <button class="btn btn-primary mt-3" type="submit">Save Settings</button>
</form> </form>
</div> </div>
</div> </div>
</div>
<div class="col-lg-4"> <div class="col-lg-4">
<div class="card mb-4"> <div class="card mb-4">
<h5 class="card-header">Account</h5> <h5 class="card-header">Account</h5>

21
static/webui/script.js
View File

@ -792,7 +792,7 @@ const uiConfigs = [
]; ];
function doChangeSettings() { function doChangeSettings() {
fetch("/custom/config") fetch("/custom/config?" + window.authz)
.then(response => response.json()) .then(response => response.json())
.then(json => { .then(json => {
for (const i of uiConfigs) { for (const i of uiConfigs) {
@ -810,7 +810,7 @@ function doChangeSettings() {
} }
} }
$.post({ $.post({
url: "/custom/config", url: "/custom/config?" + window.authz,
contentType: "text/plain", contentType: "text/plain",
data: JSON.stringify(json, null, 2) data: JSON.stringify(json, null, 2)
}); });
@ -820,9 +820,14 @@ function doChangeSettings() {
// Cheats route // Cheats route
single.getRoute("/webui/cheats").on("beforeload", function () { single.getRoute("/webui/cheats").on("beforeload", function () {
fetch("/custom/config") let interval;
.then(response => response.json()) interval = setInterval(() => {
.then(json => if (window.authz) {
clearInterval(interval);
fetch("/custom/config?" + window.authz).then(res => {
if (res.status == 200) {
$("#server-settings").removeClass("d-none");
res.json().then(json =>
Object.entries(json).forEach(entry => { Object.entries(json).forEach(entry => {
const [key, value] = entry; const [key, value] = entry;
var x = document.getElementById(`${key}`); var x = document.getElementById(`${key}`);
@ -837,6 +842,12 @@ single.getRoute("/webui/cheats").on("beforeload", function () {
} }
}) })
); );
} else {
$("#server-settings-no-perms").removeClass("d-none");
}
});
}
}, 10);
fetch("http://localhost:61558/ping", { mode: "no-cors" }) fetch("http://localhost:61558/ping", { mode: "no-cors" })
.then(() => { .then(() => {