Skip to content

S
srvpro
Commit 90ade2ad authored by nanahira's avatar nanahira
Browse files
Options

update admin account system

parent a4096a16
Show whitespace changes
Inline Side-by-side
Showing with 550 additions and 31 deletions
.gitignore
View file @ 90ade2ad
......@@ -19,6 +19,7 @@ config.user.bak
/ssl
/ygosrv233
/challonge
/logs
test*
*.heapsnapshot
......
data/default_data.json
View file @ 90ade2ad
......@@ -31,5 +31,49 @@
"chat_color": {
"file": "./config/chat_color.json",
"save_list": {}
},
"users": {
"file": "./config/admin_user.json",
"permission_examples": {
"sudo": {
"get_rooms": true,
"duel_log": true,
"download_replay": true,
"clear_duel_log": true,
"deck_dashboard_read": true,
"deck_dashboard_write": true,
"shout": true,
"stop": true,
"change_settings": true,
"ban_user": true,
"kick_user": true,
"start_death": true,
"pre_dashboard": true,
"update_dashboard": true
},
"judge": {
"get_rooms": true,
"duel_log": true,
"download_replay": true,
"deck_dashboard_read": true,
"deck_dashboard_write": true,
"shout": true,
"kick_user": true,
"start_death": true
},
"streamer": {
"get_rooms": true,
"duel_log": true,
"download_replay": true,
"deck_dashboard_read": true
}
},
"users": {
"root": {
"password": "123456",
"enabled": false,
"permissions": "sudo"
}
}
}
}
ygopro-auth.coffee 0 → 100644
View file @ 90ade2ad
fs = require 'fs'
loadJSON = require('load-json-file').sync
moment = require 'moment'
moment.locale('zh-cn', {
relativeTime: {
future: '%s内',
past: '%s前',
s: '%d秒',
m: '1分钟',
mm: '%d分钟',
h: '1小时',
hh: '%d小时',
d: '1天',
dd: '%d天',
M: '1个月',
MM: '%d个月',
y: '1年',
yy: '%d年'
}
})
if not fs.existsSync('./logs')
fs.mkdirSync('./logs')
add_log = (message) ->
mt = moment()
text = mt.format('YYYY-MM-DD HH:mm:ss') + " --> " + message + "\n"
console.log(text)
res = false
try
fs.appendFileSync("./logs/"+mt.format('YYYY-MM-DD')+".log", text)
res = true
catch
res = false
return
default_data = loadJSON('./data/default_data.json')
setting_save = (settings) ->
fs.writeFileSync(settings.file, JSON.stringify(settings, null, 2))
return
default_data = loadJSON('./data/default_data.json')
try
users = loadJSON('./config/admin_user.json')
catch
users = default_data.users
setting_save(users)
save = () ->
setting_save(users)
return
reload = () ->
user_backup = users
try
users = loadJSON('./config/admin_user.json')
catch
users = user_backup
add_log("Invalid user data JSON")
return
check_permission = (user, permission_required) ->
_permission = user.permissions
permission = _permission
if typeof(permission) != 'object'
permission = users.permission_examples[_permission]
if !permission
add_log("Permision not set:"+_permission)
return false
return permission[permission_required]
@auth = (name, pass, permission_required, action = 'unknown') ->
reload()
user = users.users[name]
if !user
add_log("Unknown user login. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
return false
if user.password != pass
add_log("Unauthorized user login. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
return false
if !user.enabled
add_log("Disabled user login. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
return false
if !check_permission(user, permission_required)
add_log("Permission denied. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
return false
add_log("Operation success. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
return true
@add_user = (name, pass, enabled, permissions) ->
reload()
if users.users[name]
return false
users.users[name] = {
"password": pass,
"enabled": enabled,
"permissions": permissions
}
save()
return true
@delete_user = (name) ->
reload()
if !users.users[name]
return false
delete users.users[name]
save()
return true
@update_user = (name, key, value) ->
reload()
if !users.users[name]
return false
users.users[name][key] = value
save()
return true
ygopro-auth.js 0 → 100644
View file @ 90ade2ad
// Generated by CoffeeScript 1.12.7
(function() {
var add_log, check_permission, default_data, fs, loadJSON, moment, reload, save, setting_save, users;
fs = require('fs');
loadJSON = require('load-json-file').sync;
moment = require('moment');
moment.locale('zh-cn', {
relativeTime: {
future: '%s内',
past: '%s前',
s: '%d秒',
m: '1分钟',
mm: '%d分钟',
h: '1小时',
hh: '%d小时',
d: '1天',
dd: '%d天',
M: '1个月',
MM: '%d个月',
y: '1年',
yy: '%d年'
}
});
if (!fs.existsSync('./logs')) {
fs.mkdirSync('./logs');
}
add_log = function(message) {
var mt, res, text;
mt = moment();
text = mt.format('YYYY-MM-DD HH:mm:ss') + " --> " + message + "\n";
console.log(text);
res = false;
try {
fs.appendFileSync("./logs/" + mt.format('YYYY-MM-DD') + ".log", text);
res = true;
} catch (error) {
res = false;
}
};
default_data = loadJSON('./data/default_data.json');
setting_save = function(settings) {
fs.writeFileSync(settings.file, JSON.stringify(settings, null, 2));
};
default_data = loadJSON('./data/default_data.json');
try {
users = loadJSON('./config/admin_user.json');
} catch (error) {
users = default_data.users;
setting_save(users);
}
save = function() {
setting_save(users);
};
reload = function() {
var user_backup;
user_backup = users;
try {
users = loadJSON('./config/admin_user.json');
} catch (error) {
users = user_backup;
add_log("Invalid user data JSON");
}
};
check_permission = function(user, permission_required) {
var _permission, permission;
_permission = user.permissions;
permission = _permission;
if (typeof permission !== 'object') {
permission = users.permission_examples[_permission];
}
if (!permission) {
add_log("Permision not set:" + _permission);
return false;
}
return permission[permission_required];
};
this.auth = function(name, pass, permission_required, action) {
var user;
if (action == null) {
action = 'unknown';
}
reload();
user = users.users[name];
if (!user) {
add_log("Unknown user login. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
return false;
}
if (user.password !== pass) {
add_log("Unauthorized user login. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
return false;
}
if (!user.enabled) {
add_log("Disabled user login. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
return false;
}
if (!check_permission(user, permission_required)) {
add_log("Permission denied. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
return false;
}
add_log("Operation success. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
return true;
};
this.add_user = function(name, pass, enabled, permissions) {
reload();
if (users.users[name]) {
return false;
}
users.users[name] = {
"password": pass,
"enabled": enabled,
"permissions": permissions
};
save();
return true;
};
this.delete_user = function(name) {
reload();
if (!users.users[name]) {
return false;
}
delete users.users[name];
save();
return true;
};
this.update_user = function(name, key, value) {
reload();
if (!users.users[name]) {
return false;
}
users.users[name][key] = value;
save();
return true;
};
}).call(this);
ygopro-pre.js
View file @ 90ade2ad
......@@ -17,6 +17,8 @@ var moment = require('moment');
moment.locale('zh-cn');
var loadJSON = require('load-json-file').sync;
var auth = require('./ygopro-auth.js');
var constants = loadJSON('./data/constants.json');
var settings = loadJSON('./config/config.json');
......@@ -404,7 +406,7 @@ var packDatas = function () {
http.createServer(function (req, res) {
var u = url.parse(req.url, true);
if (u.query.password !== config.password) {
if (!auth.auth(u.query.username, u.query.password, "pre_dashboard", "pre_dashboard")) {
res.writeHead(403);
res.end("Auth Failed.");
return;
......@@ -462,4 +464,3 @@ http.createServer(function (req, res) {
}
}).listen(config.port);
ygopro-server.coffee
View file @ 90ade2ad
......@@ -157,6 +157,8 @@ catch
config = {}
settings = global.settings = merge(default_config, config, { arrayMerge: (destination, source) -> source })
auth = require './ygopro-auth.js'
#import old configs
imported = false
#reset http.quick_death_rule from true to 1
......@@ -168,6 +170,41 @@ if settings.modules.cloud_replay.redis_port
settings.modules.cloud_replay.redis.port = settings.modules.cloud_replay.redis_port
delete settings.modules.cloud_replay.redis_port
imported = true
#import the old passwords to new admin user system
if settings.modules.http.password
auth.add_user("olduser", settings.modules.http.password, true, {
"get_rooms": true,
"shout": true,
"stop": true,
"change_settings": true,
"ban_user": true,
"kick_user": true,
"start_death": true
})
delete settings.modules.http.password
imported = true
if settings.modules.tournament_mode.password
auth.add_user("tournament", settings.modules.tournament_mode.password, true, {
"duel_log": true,
"download_replay": true,
"clear_duel_log": true,
"deck_dashboard_read": true,
"deck_dashboard_write": true,
})
delete settings.modules.tournament_mode.password
imported = true
if settings.modules.pre_util.password
auth.add_user("pre", settings.modules.pre_util.password, true, {
"pre_dashboard": true
})
delete settings.modules.pre_util.password
imported = true
if settings.modules.update_util.password
auth.add_user("update", settings.modules.update_util.password, true, {
"update_dashboard": true
})
delete settings.modules.update_util.password
imported = true
#finish
if imported
setting_save(settings)
......@@ -3205,10 +3242,11 @@ if settings.modules.http
requestListener = (request, response)->
parseQueryString = true
u = url.parse(request.url, parseQueryString)
pass_validated = u.query.pass == settings.modules.http.password
#pass_validated = u.query.pass == settings.modules.http.password
#console.log(u.query.username, u.query.pass)
if u.pathname == '/api/getrooms'
if !pass_validated and !settings.modules.http.public_roomlist
if !settings.modules.http.public_roomlist and !auth.auth(u.query.username, u.query.pass, "get_rooms", "get_rooms")
response.writeHead(200)
response.end(addCallback(u.query.callback, '{"rooms":[{"roomid":"0","roomname":"密码错误","needpass":"true"}]}'))
else
......@@ -3234,7 +3272,7 @@ if settings.modules.http
response.end(addCallback(u.query.callback, roomsjson))
else if u.pathname == '/api/duellog' and settings.modules.tournament_mode.enabled
if !(u.query.pass == settings.modules.tournament_mode.password)
if !auth.auth(u.query.username, u.query.pass, "duel_log", "duel_log")
response.writeHead(200)
response.end(addCallback(u.query.callback, "[{name:'密码错误'}]"))
return
......@@ -3244,7 +3282,7 @@ if settings.modules.http
response.end(addCallback(u.query.callback, duellog))
else if u.pathname == '/api/archive.zip' and settings.modules.tournament_mode.enabled
if !(u.query.pass == settings.modules.tournament_mode.password)
if !auth.auth(u.query.username, u.query.pass, "download_replay", "download_replay_archive")
response.writeHead(403)
response.end("Invalid password.")
return
......@@ -3287,7 +3325,7 @@ if settings.modules.http
response.end("Failed reading replays. " + error)
else if u.pathname == '/api/clearlog' and settings.modules.tournament_mode.enabled
if !(u.query.pass == settings.modules.tournament_mode.password)
if !auth.auth(u.query.username, u.query.pass, "clear_duel_log", "clear_duel_log")
response.writeHead(200)
response.end(addCallback(u.query.callback, "[{name:'密码错误'}]"))
return
......@@ -3303,7 +3341,7 @@ if settings.modules.http
response.end(addCallback(u.query.callback, "[{name:'Success'}]"))
else if _.startsWith(u.pathname, '/api/replay') and settings.modules.tournament_mode.enabled
if !(u.query.pass == settings.modules.tournament_mode.password)
if !auth.auth(u.query.username, u.query.pass, "download_replay", "download_replay")
response.writeHead(403)
response.end("密码错误")
return
......@@ -3321,18 +3359,26 @@ if settings.modules.http
)
else if u.pathname == '/api/message'
if !pass_validated
#if !pass_validated
# response.writeHead(200)
# response.end(addCallback(u.query.callback, "['密码错误', 0]"))
# return
if u.query.shout
if !auth.auth(u.query.username, u.query.pass, "shout", "shout")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
if u.query.shout
for room in ROOM_all when room and room.established
ygopro.stoc_send_chat_to_room(room, u.query.shout, ygopro.constants.COLORS.YELLOW)
response.writeHead(200)
response.end(addCallback(u.query.callback, "['shout ok', '" + u.query.shout + "']"))
else if u.query.stop
if !auth.auth(u.query.username, u.query.pass, "stop", "stop")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
if u.query.stop == 'false'
u.query.stop = false
setting_change(settings, 'modules:stop', u.query.stop)
......@@ -3340,30 +3386,54 @@ if settings.modules.http
response.end(addCallback(u.query.callback, "['stop ok', '" + u.query.stop + "']"))
else if u.query.welcome
if !auth.auth(u.query.username, u.query.pass, "change_settings", "change_welcome")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
setting_change(settings, 'modules:welcome', u.query.welcome)
response.writeHead(200)
response.end(addCallback(u.query.callback, "['welcome ok', '" + u.query.welcome + "']"))
else if u.query.getwelcome
if !auth.auth(u.query.username, u.query.pass, "change_settings", "get_welcome")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
response.writeHead(200)
response.end(addCallback(u.query.callback, "['get ok', '" + settings.modules.welcome + "']"))
else if u.query.loadtips
if !auth.auth(u.query.username, u.query.pass, "change_settings", "change_tips")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
load_tips()
response.writeHead(200)
response.end(addCallback(u.query.callback, "['loading tip', '" + settings.modules.tips.get + "']"))
else if u.query.loaddialogues
if !auth.auth(u.query.username, u.query.pass, "change_settings", "change_dialogues")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
load_dialogues()
response.writeHead(200)
response.end(addCallback(u.query.callback, "['loading dialogues', '" + settings.modules.dialogues.get + "']"))
else if u.query.ban
if !auth.auth(u.query.username, u.query.pass, "ban_user", "ban_user")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
ban_user(u.query.ban)
response.writeHead(200)
response.end(addCallback(u.query.callback, "['ban ok', '" + u.query.ban + "']"))
else if u.query.kick
if !auth.auth(u.query.username, u.query.pass, "kick_user", "kick_user")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
kick_room_found = false
for room in ROOM_all when room and room.established and (u.query.kick == "all" or u.query.kick == room.process_pid.toString() or u.query.kick == room.name)
kick_room_found = true
......@@ -3381,6 +3451,10 @@ if settings.modules.http
response.end(addCallback(u.query.callback, "['room not found', '" + u.query.kick + "']"))
else if u.query.death
if !auth.auth(u.query.username, u.query.pass, "start_death", "start_death")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
death_room_found = false
for room in ROOM_all when room and room.established and room.started and !room.death and (u.query.death == "all" or u.query.death == room.process_pid.toString() or u.query.death == room.name)
death_room_found = true
......@@ -3426,6 +3500,10 @@ if settings.modules.http
response.end(addCallback(u.query.callback, "['room not found', '" + u.query.death + "']"))
else if u.query.deathcancel
if !auth.auth(u.query.username, u.query.pass, "start_death", "cancel_death")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
death_room_found = false
for room in ROOM_all when room and room.established and room.started and room.death and (u.query.deathcancel == "all" or u.query.deathcancel == room.process_pid.toString())
death_room_found = true
......
ygopro-server.js
View file @ 90ade2ad
// Generated by CoffeeScript 1.12.7
(function() {
var CLIENT_get_authorize_key, CLIENT_get_kick_reconnect_target, CLIENT_heartbeat_register, CLIENT_heartbeat_unregister, CLIENT_import_data, CLIENT_is_able_to_kick_reconnect, CLIENT_is_able_to_reconnect, CLIENT_is_banned_by_mc, CLIENT_is_player, CLIENT_kick, CLIENT_kick_reconnect, CLIENT_pre_reconnect, CLIENT_reconnect, CLIENT_reconnect_register, CLIENT_reconnect_unregister, CLIENT_send_pre_reconnect_info, CLIENT_send_reconnect_info, CLIENT_send_replays, Cloud_replay_ids, ROOM_all, ROOM_bad_ip, ROOM_ban_player, ROOM_clear_disconnect, ROOM_connected_ip, ROOM_find_by_name, ROOM_find_by_port, ROOM_find_by_title, ROOM_find_or_create_ai, ROOM_find_or_create_by_name, ROOM_find_or_create_random, ROOM_player_flee, ROOM_player_get_score, ROOM_player_lose, ROOM_player_win, ROOM_players_banned, ROOM_players_oppentlist, ROOM_players_scores, ROOM_unwelcome, ROOM_validate, Room, SERVER_clear_disconnect, SOCKET_flush_data, _, addCallback, badwords, ban_user, bunyan, challonge, challonge_cache, challonge_module_name, challonge_queue_callbacks, chat_color, config, cppversion, crypto, date, default_config, default_data, dialogues, disconnect_list, duel_log, e, exec, execFile, fs, geoip, get_callback, get_memory_usage, http, http_server, https, https_server, import_datas, imported, is_requesting, j, l, len, len1, lflists, list, loadJSON, load_dialogues, load_tips, log, long_resolve_cards, memory_usage, merge, moment, net, oldbadwords, oldconfig, olddialogues, oldduellog, oldtips, options, os, path, pgClient, pg_client, pg_query, redis, redisdb, ref, ref1, refresh_challonge_cache, release_disconnect, report_to_big_brother, request, requestListener, roomlist, setting_change, setting_save, settings, spawn, spawnSync, spawn_windbot, tips, url, users_cache, wait_room_start, wait_room_start_arena, windbot_looplimit, windbots, ygopro, zlib;
var CLIENT_get_authorize_key, CLIENT_get_kick_reconnect_target, CLIENT_heartbeat_register, CLIENT_heartbeat_unregister, CLIENT_import_data, CLIENT_is_able_to_kick_reconnect, CLIENT_is_able_to_reconnect, CLIENT_is_banned_by_mc, CLIENT_is_player, CLIENT_kick, CLIENT_kick_reconnect, CLIENT_pre_reconnect, CLIENT_reconnect, CLIENT_reconnect_register, CLIENT_reconnect_unregister, CLIENT_send_pre_reconnect_info, CLIENT_send_reconnect_info, CLIENT_send_replays, Cloud_replay_ids, ROOM_all, ROOM_bad_ip, ROOM_ban_player, ROOM_clear_disconnect, ROOM_connected_ip, ROOM_find_by_name, ROOM_find_by_port, ROOM_find_by_title, ROOM_find_or_create_ai, ROOM_find_or_create_by_name, ROOM_find_or_create_random, ROOM_player_flee, ROOM_player_get_score, ROOM_player_lose, ROOM_player_win, ROOM_players_banned, ROOM_players_oppentlist, ROOM_players_scores, ROOM_unwelcome, ROOM_validate, Room, SERVER_clear_disconnect, SOCKET_flush_data, _, addCallback, auth, badwords, ban_user, bunyan, challonge, challonge_cache, challonge_module_name, challonge_queue_callbacks, chat_color, config, cppversion, crypto, date, default_config, default_data, dialogues, disconnect_list, duel_log, e, exec, execFile, fs, geoip, get_callback, get_memory_usage, http, http_server, https, https_server, import_datas, imported, is_requesting, j, l, len, len1, lflists, list, loadJSON, load_dialogues, load_tips, log, long_resolve_cards, memory_usage, merge, moment, net, oldbadwords, oldconfig, olddialogues, oldduellog, oldtips, options, os, path, pgClient, pg_client, pg_query, redis, redisdb, ref, ref1, refresh_challonge_cache, release_disconnect, report_to_big_brother, request, requestListener, roomlist, setting_change, setting_save, settings, spawn, spawnSync, spawn_windbot, tips, url, users_cache, wait_room_start, wait_room_start_arena, windbot_looplimit, windbots, ygopro, zlib;
net = require('net');
......@@ -166,6 +166,8 @@
}
});
auth = require('./ygopro-auth.js');
imported = false;
if (settings.modules.http.quick_death_rule === true) {
......@@ -179,6 +181,48 @@
imported = true;
}
if (settings.modules.http.password) {
auth.add_user("olduser", settings.modules.http.password, true, {
"get_rooms": true,
"shout": true,
"stop": true,
"change_settings": true,
"ban_user": true,
"kick_user": true,
"start_death": true
});
delete settings.modules.http.password;
imported = true;
}
if (settings.modules.tournament_mode.password) {
auth.add_user("tournament", settings.modules.tournament_mode.password, true, {
"duel_log": true,
"download_replay": true,
"clear_duel_log": true,
"deck_dashbaord_read": true,
"deck_dashboard_write": true
});
delete settings.modules.tournament_mode.password;
imported = true;
}
if (settings.modules.pre_util.password) {
auth.add_user("pre", settings.modules.pre_util.password, true, {
"pre_dashboard": true
});
delete settings.modules.pre_util.password;
imported = true;
}
if (settings.modules.update_util.password) {
auth.add_user("update", settings.modules.update_util.password, true, {
"update_dashboard": true
});
delete settings.modules.update_util.password;
imported = true;
}
if (imported) {
setting_save(settings);
}
......@@ -4099,12 +4143,11 @@
return callback + "( " + text + " );";
};
requestListener = function(request, response) {
var archive_args, archive_name, archive_process, check, death_room_found, duellog, error, filename, getpath, kick_room_found, len2, len3, len4, len5, len6, m, n, o, oppo_pos, p, parseQueryString, pass_validated, player, q, ref2, replay, room, roomsjson, u, win_pos;
var archive_args, archive_name, archive_process, check, death_room_found, duellog, error, filename, getpath, kick_room_found, len2, len3, len4, len5, len6, m, n, o, oppo_pos, p, parseQueryString, player, q, ref2, replay, room, roomsjson, u, win_pos;
parseQueryString = true;
u = url.parse(request.url, parseQueryString);
pass_validated = u.query.pass === settings.modules.http.password;
if (u.pathname === '/api/getrooms') {
if (!pass_validated && !settings.modules.http.public_roomlist) {
if (!settings.modules.http.public_roomlist && !auth.auth(u.query.username, u.query.pass, "get_rooms", "get_rooms")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, '{"rooms":[{"roomid":"0","roomname":"密码错误","needpass":"true"}]}'));
} else {
......@@ -4153,7 +4196,7 @@
response.end(addCallback(u.query.callback, roomsjson));
}
} else if (u.pathname === '/api/duellog' && settings.modules.tournament_mode.enabled) {
if (!(u.query.pass === settings.modules.tournament_mode.password)) {
if (!auth.auth(u.query.username, u.query.pass, "duel_log", "duel_log")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "[{name:'密码错误'}]"));
return;
......@@ -4163,7 +4206,7 @@
response.end(addCallback(u.query.callback, duellog));
}
} else if (u.pathname === '/api/archive.zip' && settings.modules.tournament_mode.enabled) {
if (!(u.query.pass === settings.modules.tournament_mode.password)) {
if (!auth.auth(u.query.username, u.query.pass, "download_replay", "download_replay_archive")) {
response.writeHead(403);
response.end("Invalid password.");
return;
......@@ -4227,7 +4270,7 @@
}
}
} else if (u.pathname === '/api/clearlog' && settings.modules.tournament_mode.enabled) {
if (!(u.query.pass === settings.modules.tournament_mode.password)) {
if (!auth.auth(u.query.username, u.query.pass, "clear_duel_log", "clear_duel_log")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "[{name:'密码错误'}]"));
return;
......@@ -4245,7 +4288,7 @@
response.end(addCallback(u.query.callback, "[{name:'Success'}]"));
}
} else if (_.startsWith(u.pathname, '/api/replay') && settings.modules.tournament_mode.enabled) {
if (!(u.query.pass === settings.modules.tournament_mode.password)) {
if (!auth.auth(u.query.username, u.query.pass, "download_replay", "download_replay")) {
response.writeHead(403);
response.end("密码错误");
return;
......@@ -4266,12 +4309,12 @@
});
}
} else if (u.pathname === '/api/message') {
if (!pass_validated) {
if (u.query.shout) {
if (!auth.auth(u.query.username, u.query.pass, "shout", "shout")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
}
if (u.query.shout) {
for (n = 0, len3 = ROOM_all.length; n < len3; n++) {
room = ROOM_all[n];
if (room && room.established) {
......@@ -4281,6 +4324,11 @@
response.writeHead(200);
response.end(addCallback(u.query.callback, "['shout ok', '" + u.query.shout + "']"));
} else if (u.query.stop) {
if (!auth.auth(u.query.username, u.query.pass, "stop", "stop")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
}
if (u.query.stop === 'false') {
u.query.stop = false;
}
......@@ -4288,25 +4336,55 @@
response.writeHead(200);
response.end(addCallback(u.query.callback, "['stop ok', '" + u.query.stop + "']"));
} else if (u.query.welcome) {
if (!auth.auth(u.query.username, u.query.pass, "change_settings", "change_welcome")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
}
setting_change(settings, 'modules:welcome', u.query.welcome);
response.writeHead(200);
response.end(addCallback(u.query.callback, "['welcome ok', '" + u.query.welcome + "']"));
} else if (u.query.getwelcome) {
if (!auth.auth(u.query.username, u.query.pass, "change_settings", "get_welcome")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
}
response.writeHead(200);
response.end(addCallback(u.query.callback, "['get ok', '" + settings.modules.welcome + "']"));
} else if (u.query.loadtips) {
if (!auth.auth(u.query.username, u.query.pass, "change_settings", "change_tips")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
}
load_tips();
response.writeHead(200);
response.end(addCallback(u.query.callback, "['loading tip', '" + settings.modules.tips.get + "']"));
} else if (u.query.loaddialogues) {
if (!auth.auth(u.query.username, u.query.pass, "change_settings", "change_dialogues")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
}
load_dialogues();
response.writeHead(200);
response.end(addCallback(u.query.callback, "['loading dialogues', '" + settings.modules.dialogues.get + "']"));
} else if (u.query.ban) {
if (!auth.auth(u.query.username, u.query.pass, "ban_user", "ban_user")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
}
ban_user(u.query.ban);
response.writeHead(200);
response.end(addCallback(u.query.callback, "['ban ok', '" + u.query.ban + "']"));
} else if (u.query.kick) {
if (!auth.auth(u.query.username, u.query.pass, "kick_user", "kick_user")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
}
kick_room_found = false;
for (o = 0, len4 = ROOM_all.length; o < len4; o++) {
room = ROOM_all[o];
......@@ -4330,6 +4408,11 @@
response.end(addCallback(u.query.callback, "['room not found', '" + u.query.kick + "']"));
}
} else if (u.query.death) {
if (!auth.auth(u.query.username, u.query.pass, "start_death", "start_death")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
}
death_room_found = false;
for (p = 0, len5 = ROOM_all.length; p < len5; p++) {
room = ROOM_all[p];
......@@ -4395,6 +4478,11 @@
response.end(addCallback(u.query.callback, "['room not found', '" + u.query.death + "']"));
}
} else if (u.query.deathcancel) {
if (!auth.auth(u.query.username, u.query.pass, "start_death", "cancel_death")) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
}
death_room_found = false;
for (q = 0, len6 = ROOM_all.length; q < len6; q++) {
room = ROOM_all[q];
......
ygopro-tournament.js
View file @ 90ade2ad
......@@ -16,6 +16,8 @@ _.str = require('underscore.string');
_.mixin(_.str.exports());
var loadJSON = require('load-json-file').sync;
var auth = require('./ygopro-auth.js');
var settings = loadJSON('./config/config.json');
config=settings.modules.tournament_mode;
challonge_config=settings.modules.challonge;
......@@ -215,13 +217,18 @@ var receiveDecks = function(files) {
http.createServer(function (req, res) {
var u = url.parse(req.url, true);
if (u.query.password !== config.password) {
/*if (u.query.password !== config.password) {
res.writeHead(403);
res.end("Auth Failed.");
return;
}
}*/
if (u.pathname === '/api/upload_decks' && req.method.toLowerCase() == 'post') {
if (!auth.auth(u.query.username, u.query.password, "deck_dashboard_write", "upload_deck")) {
res.writeHead(403);
res.end("Auth Failed.");
return;
}
var form = new formidable.IncomingForm();
form.parse(req, function(err, fields, files) {
res.writeHead(200, {
......@@ -234,6 +241,11 @@ http.createServer(function (req, res) {
});
}
else if (u.pathname === '/api/msg') {
if (!auth.auth(u.query.username, u.query.password, "deck_dashboard_read", "login_deck_dashboard")) {
res.writeHead(403);
res.end("Auth Failed.");
return;
}
res.writeHead(200, {
"Access-Control-Allow-origin": "*",
"Content-Type": "text/event-stream",
......@@ -250,25 +262,50 @@ http.createServer(function (req, res) {
sendResponse("已连接。");
}
else if (u.pathname === '/api/get_bg') {
if (!auth.auth(u.query.username, u.query.password, "deck_dashboard_read", "login_deck_dashboard")) {
res.writeHead(403);
res.end("Auth Failed.");
return;
}
res.writeHead(200);
res.end(u.query.callback+'('+JSON.stringify(config.wallpapers[Math.floor(Math.random() * config.wallpapers.length)])+');');
}
else if (u.pathname === '/api/get_decks') {
if (!auth.auth(u.query.username, u.query.password, "deck_dashboard_read", "get_decks")) {
res.writeHead(403);
res.end("Auth Failed.");
return;
}
res.writeHead(200);
var decklist=getDecks();
res.end(u.query.callback+'('+JSON.stringify(decklist)+');');
}
else if (u.pathname === '/api/del_deck') {
if (!auth.auth(u.query.username, u.query.password, "deck_dashboard_write", "delete_deck")) {
res.writeHead(403);
res.end("Auth Failed.");
return;
}
res.writeHead(200);
var result=delDeck(u.query.msg);
res.end(u.query.callback+'("'+result+'");');
}
else if (u.pathname === '/api/clear_decks') {
if (!auth.auth(u.query.username, u.query.password, "deck_dashboard_write", "clear_decks")) {
res.writeHead(403);
res.end("Auth Failed.");
return;
}
res.writeHead(200);
clearDecks();
res.end(u.query.callback+'("已删除全部卡组。");');
}
else if (u.pathname === '/api/upload_to_challonge') {
if (!auth.auth(u.query.username, u.query.password, "deck_dashboard_write", "upload_to_challonge")) {
res.writeHead(403);
res.end("Auth Failed.");
return;
}
res.writeHead(200);
var result=UploadToChallonge();
res.end(u.query.callback+'("操作完成。");');
......@@ -279,4 +316,3 @@ http.createServer(function (req, res) {
}
}).listen(config.port);
ygopro-update.js
View file @ 90ade2ad
......@@ -18,6 +18,8 @@ var moment = require('moment');
moment.locale('zh-cn');
var loadJSON = require('load-json-file').sync;
var auth = require('./ygopro-auth.js');
var constants = loadJSON('./data/constants.json');
var settings = loadJSON('./config/config.json');
......@@ -209,7 +211,7 @@ var pushHTMLs = function() {
http.createServer(function (req, res) {
var u = url.parse(req.url, true);
if (u.query.password !== config.password) {
if (!auth.auth(u.query.username, u.query.password, "update_dashboard", "update_dashboard")) {
res.writeHead(403);
res.end("Auth Failed.");
return;
......@@ -270,4 +272,3 @@ http.createServer(function (req, res) {
}
}).listen(config.port);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment