author | unc0rr |
Tue, 04 Jun 2019 22:37:42 +0200 | |
changeset 15121 | 1a43b570cbe4 |
parent 15110 | 6a8c294f49c9 |
child 15163 | bcb98009ad39 |
permissions | -rw-r--r-- |
14456 | 1 |
use mysql; |
14779
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
2 |
use mysql::{error::DriverError, error::Error, from_row_opt, params}; |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
3 |
use openssl::sha::sha1; |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
4 |
|
15075 | 5 |
use crate::handlers::{AccountInfo, Sha1Digest}; |
14456 | 6 |
|
15103
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
7 |
const CHECK_ACCOUNT_EXISTS_QUERY: &str = |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
8 |
r"SELECT 1 FROM users WHERE users.name = :username LIMIT 1"; |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
9 |
|
14779
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
10 |
const GET_ACCOUNT_QUERY: &str = |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
11 |
r"SELECT CASE WHEN users.status = 1 THEN users.pass ELSE '' END, |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
12 |
(SELECT COUNT(users_roles.rid) FROM users_roles WHERE users.uid = users_roles.uid AND users_roles.rid = 3), |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
13 |
(SELECT COUNT(users_roles.rid) FROM users_roles WHERE users.uid = users_roles.uid AND users_roles.rid = 13) |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
14 |
FROM users WHERE users.name = :username"; |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
15 |
|
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
16 |
const STORE_STATS_QUERY: &str = r"INSERT INTO gameserver_stats |
15103
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
17 |
(players, rooms, last_update) |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
18 |
VALUES |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
19 |
(:players, :rooms, UNIX_TIMESTAMP())"; |
14456 | 20 |
|
14785
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
21 |
const GET_REPLAY_NAME_QUERY: &str = r"SELECT filename FROM achievements WHERE id = :id"; |
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
22 |
|
15121 | 23 |
pub struct ServerStatistics { |
14456 | 24 |
rooms: u32, |
25 |
players: u32, |
|
26 |
} |
|
27 |
||
15121 | 28 |
pub struct Achievements {} |
14456 | 29 |
|
14779
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
30 |
pub struct Database { |
14456 | 31 |
pool: Option<mysql::Pool>, |
32 |
} |
|
33 |
||
34 |
impl Database { |
|
14779
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
35 |
pub fn new() -> Self { |
14456 | 36 |
Self { pool: None } |
37 |
} |
|
38 |
||
14779
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
39 |
pub fn connect(&mut self, url: &str) -> Result<(), Error> { |
14456 | 40 |
self.pool = Some(mysql::Pool::new(url)?); |
41 |
||
42 |
Ok(()) |
|
43 |
} |
|
44 |
||
15103
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
45 |
pub fn is_registered(&mut self, nick: &str) -> Result<bool, Error> { |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
46 |
if let Some(pool) = &self.pool { |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
47 |
let is_registered = pool |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
48 |
.first_exec(CHECK_ACCOUNT_EXISTS_QUERY, params! { "username" => nick })? |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
49 |
.is_some(); |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
50 |
Ok(is_registered) |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
51 |
} else { |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
52 |
Err(DriverError::SetupError.into()) |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
53 |
} |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
54 |
} |
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
55 |
|
14779
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
56 |
pub fn get_account( |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
57 |
&mut self, |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
58 |
nick: &str, |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
59 |
protocol: u16, |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
60 |
password_hash: &str, |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
61 |
client_salt: &str, |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
62 |
server_salt: &str, |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
63 |
) -> Result<Option<AccountInfo>, Error> { |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
64 |
if let Some(pool) = &self.pool { |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
65 |
if let Some(row) = pool.first_exec(GET_ACCOUNT_QUERY, params! { "username" => nick })? { |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
66 |
let (mut password, is_admin, is_contributor) = |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
67 |
from_row_opt::<(String, i32, i32)>(row)?; |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
68 |
let client_hash = get_hash(protocol, &password, &client_salt, &server_salt); |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
69 |
let server_hash = get_hash(protocol, &password, &server_salt, &client_salt); |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
70 |
password.replace_range(.., "🦔🦔🦔🦔🦔🦔🦔🦔"); |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
71 |
|
15110 | 72 |
if password_hash == format!("{:x}", client_hash) { |
14779
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
73 |
Ok(Some(AccountInfo { |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
74 |
is_registered: true, |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
75 |
is_admin: is_admin == 1, |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
76 |
is_contributor: is_contributor == 1, |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
77 |
server_hash, |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
78 |
})) |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
79 |
} else { |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
80 |
Ok(None) |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
81 |
} |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
82 |
} else { |
15110 | 83 |
Ok(None) |
14779
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
84 |
} |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
85 |
} else { |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
86 |
Err(DriverError::SetupError.into()) |
14456 | 87 |
} |
88 |
} |
|
89 |
||
14779
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
90 |
pub fn store_stats(&mut self, stats: &ServerStatistics) -> Result<(), Error> { |
14456 | 91 |
if let Some(pool) = &self.pool { |
14779
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
92 |
for mut stmt in pool.prepare(STORE_STATS_QUERY).into_iter() { |
14457 | 93 |
stmt.execute(params! { |
94 |
"players" => stats.players, |
|
95 |
"rooms" => stats.rooms, |
|
96 |
})?; |
|
97 |
} |
|
14456 | 98 |
Ok(()) |
99 |
} else { |
|
100 |
Err(DriverError::SetupError.into()) |
|
101 |
} |
|
102 |
} |
|
103 |
||
14779
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
104 |
pub fn store_achievements(&mut self, achievements: &Achievements) -> Result<(), ()> { |
14456 | 105 |
Ok(()) |
106 |
} |
|
107 |
||
14785
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
108 |
pub fn get_replay_name(&mut self, replay_id: u32) -> Result<Option<String>, Error> { |
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
109 |
if let Some(pool) = &self.pool { |
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
110 |
if let Some(row) = |
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
111 |
pool.first_exec(GET_REPLAY_NAME_QUERY, params! { "id" => replay_id })? |
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
112 |
{ |
15103
823052e66611
check for account existence before asking passwords
alfadur
parents:
15075
diff
changeset
|
113 |
let filename = from_row_opt::<(String)>(row)?; |
14785
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
114 |
Ok(Some(filename)) |
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
115 |
} else { |
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
116 |
Ok(None) |
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
117 |
} |
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
118 |
} else { |
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
119 |
Err(DriverError::SetupError.into()) |
a1077e8d26f4
implement watch message apart from replay deserializing
alfadur
parents:
14779
diff
changeset
|
120 |
} |
14456 | 121 |
} |
122 |
} |
|
14779
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
123 |
|
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
124 |
fn get_hash(protocol_number: u16, web_password: &str, salt1: &str, salt2: &str) -> Sha1Digest { |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
125 |
let s = format!( |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
126 |
"{}{}{}{}{}", |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
127 |
salt1, salt2, web_password, protocol_number, "!hedgewars" |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
128 |
); |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
129 |
Sha1Digest::new(sha1(s.as_bytes())) |
f43ab2bd76ae
add a thread for internal server IO and implement account checking with it
alfadur
parents:
14457
diff
changeset
|
130 |
} |