Many changes. Commit before I break down.
- Authentication middleware uses Zod - PhotonRegionId in config - DB key changes and additions - WebSocket for SignalR mock - Presence additions * Needs modification for playerIds (do not store `Profile` in a set, this will cause sync issues) - Profile settings - Profile Device Class - Zod properly checks for issuer in token - Room scene type bug - Setting key import started - Instancing changes - PlayerReporting API route - Deduplicated auth/connect/token - match/player/login begin - WebSocket hands off connection to SignalR handler
This commit is contained in:
@@ -76,6 +76,10 @@ type genericResponse = {
|
||||
data?: object
|
||||
}
|
||||
|
||||
export function generateMask(...num: number[]) {
|
||||
return num.reduce((sum, val) => sum + val, 0);
|
||||
}
|
||||
|
||||
export function genericResponseFormat(
|
||||
failure: boolean,
|
||||
msg?: string,
|
||||
@@ -118,7 +122,7 @@ export function emptyArrayResponse(_rq: express.Request, rs: express.Response) {
|
||||
rs.json([]);
|
||||
}
|
||||
|
||||
export function getSrcIpDefault(rq: express.Request) {
|
||||
export function getSrcIpDefault(rq: express.Request): string {
|
||||
const cfIp = rq.header("cf-connecting-ip");
|
||||
if (cfIp !== undefined) return cfIp;
|
||||
|
||||
@@ -208,6 +212,24 @@ export interface TokenBaseFormat {
|
||||
}
|
||||
export type TokenFormat = UserTokenFormat | ProfileTokenFormat;
|
||||
|
||||
const TokenBaseSchema = z.object({
|
||||
typ: z.nativeEnum(AuthType),
|
||||
iss: z.string().url(),
|
||||
exp: z.number()
|
||||
});
|
||||
export const UserTokenSchema = TokenBaseSchema.extend({
|
||||
sub: z.string(),
|
||||
typ: z.literal(AuthType.Web)
|
||||
});
|
||||
export const ProfileTokenSchema = TokenBaseSchema.extend({
|
||||
sub: z.number(),
|
||||
typ: z.literal(AuthType.Game)
|
||||
});
|
||||
export const TokenSchema = z.discriminatedUnion('typ', [
|
||||
UserTokenSchema,
|
||||
ProfileTokenSchema
|
||||
]);
|
||||
|
||||
export async function Authentication(
|
||||
rq: express.Request,
|
||||
rs: express.Response,
|
||||
@@ -238,16 +260,15 @@ export async function Authentication(
|
||||
}
|
||||
|
||||
try {
|
||||
const decodedToken = await decode<TokenFormat>(
|
||||
token,
|
||||
config.auth.secret,
|
||||
{
|
||||
algorithm: "HS512",
|
||||
},
|
||||
);
|
||||
const decodedToken = await decode<TokenFormat>(token, config.auth.secret, {algorithm: "HS512"});
|
||||
const schemaResult = TokenSchema.safeParse(decodedToken);
|
||||
if (!schemaResult.success) {
|
||||
returnUnauthorized();
|
||||
return;
|
||||
}
|
||||
|
||||
const valid = ![
|
||||
decodedToken.iss == config.web.publichost,
|
||||
const valid = ![ // used to contain more conditions, now is only 1
|
||||
decodedToken.iss == `${config.web.securepublichost ? 'https' : 'http'}://${config.web.publichost}`,
|
||||
].includes(false);
|
||||
if (valid) {
|
||||
if (decodedToken.typ == AuthType.Web) rs.locals.user = new User(decodedToken.sub);
|
||||
|
||||
Reference in New Issue
Block a user