Basic live service:

- Matchmaking - Instance - Presence (albeit empty atm) Authentication fixes; differentiate between user and profile Default auth timeout is now 3 hours Add "operators" database key ("all users with operator permissions", or "developer" role set in token), add check in `Profile` Fix default profile image filename reference when not set account/me Log hile reporting, do stuff with the report later ("Server" user for commands, operators can check reports) Refresh login done by client automatically when token expires, requires extra work
2025-03-24 21:50:22 -04:00
parent 31f9cfdc1a
commit 616f5dd619
12 changed files with 298 additions and 42 deletions
--- a/src/apiutils.ts
+++ b/src/apiutils.ts
@@ -206,9 +206,7 @@ export class RateLimiter {
 export interface TokenBaseFormat {
    typ: AuthType;
    iss: string;
-    nbf: number;
    exp: number;
-    iat: number;
 }
 export type TokenFormat = UserTokenFormat | ProfileTokenFormat;

@@ -222,8 +220,21 @@ export async function Authentication(
        rs.json(genericResponseFormat(true, "Authorization required."));
    }

-    const token: string | undefined = rq.header("GalvanicAuth");
-    if (typeof token == "undefined") {
+    const userToken: string | undefined = rq.header("GalvanicAuth");
+    const profileToken: string | undefined = rq.header("Authorization");
+    let token: string;
+    if (typeof userToken == "undefined" && typeof profileToken == "undefined") {
+        returnUnauthorized();
+        return;
+    } else if (typeof userToken == 'string') token = userToken;
+    else if (typeof profileToken == 'string') {
+        const splitToken = profileToken.split(' ');
+        if (splitToken.length >= 2) token = splitToken[1];
+        else {
+            returnUnauthorized();
+            return;
+        }
+    } else {
        returnUnauthorized();
        return;
    }
@@ -239,15 +250,11 @@ export async function Authentication(

        const valid = ![
            decodedToken.iss == config.web.publichost,
-            decodedToken.nbf < Math.round(Date.now() / 1000),
-            decodedToken.exp > Math.round(Date.now() / 1000),
        ].includes(false);
        if (valid) {
-            if (decodedToken.typ == AuthType.Web) {
-                rs.locals.user = new User(decodedToken.sub);
-            } else if (decodedToken.typ == AuthType.Game) {
-                rs.locals.profile = new Profile(decodedToken.sub);
-            }
+            if (decodedToken.typ == AuthType.Web) rs.locals.user = new User(decodedToken.sub);
+            else if (decodedToken.typ == AuthType.Game) rs.locals.profile = new Profile(decodedToken.sub);
+
            nxt();
        } else {
            returnUnauthorized();