rust/hedgewars-server/src/server/database.rs
author alfadur
Mon, 03 Jun 2019 01:15:57 +0300
changeset 15103 823052e66611
parent 15075 e935b1ad23f3
child 15109 acd50a72af59
permissions -rw-r--r--
check for account existence before asking passwords
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
14456
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
     1
use mysql;
14779
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
     2
use mysql::{error::DriverError, error::Error, from_row_opt, params};
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
     3
use openssl::sha::sha1;
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
     4
15075
e935b1ad23f3 normalize type names
alfadur
parents: 15074
diff changeset
     5
use crate::handlers::{AccountInfo, Sha1Digest};
14456
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
     6
15103
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
     7
const CHECK_ACCOUNT_EXISTS_QUERY: &str =
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
     8
    r"SELECT 1 FROM users WHERE users.name = :username LIMIT 1";
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
     9
14779
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    10
const GET_ACCOUNT_QUERY: &str =
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    11
    r"SELECT CASE WHEN users.status = 1 THEN users.pass ELSE '' END,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    12
     (SELECT COUNT(users_roles.rid) FROM users_roles WHERE users.uid = users_roles.uid AND users_roles.rid = 3),
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    13
     (SELECT COUNT(users_roles.rid) FROM users_roles WHERE users.uid = users_roles.uid AND users_roles.rid = 13)
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    14
     FROM users WHERE users.name = :username";
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    15
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    16
const STORE_STATS_QUERY: &str = r"INSERT INTO gameserver_stats
15103
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    17
      (players, rooms, last_update)
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    18
      VALUES
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    19
      (:players, :rooms, UNIX_TIMESTAMP())";
14456
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    20
14785
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
    21
const GET_REPLAY_NAME_QUERY: &str = r"SELECT filename FROM achievements WHERE id = :id";
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
    22
14456
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    23
struct ServerStatistics {
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    24
    rooms: u32,
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    25
    players: u32,
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    26
}
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    27
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    28
struct Achievements {}
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    29
14779
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    30
pub struct Database {
14456
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    31
    pool: Option<mysql::Pool>,
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    32
}
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    33
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    34
impl Database {
14779
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    35
    pub fn new() -> Self {
14456
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    36
        Self { pool: None }
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    37
    }
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    38
14779
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    39
    pub fn connect(&mut self, url: &str) -> Result<(), Error> {
14456
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    40
        self.pool = Some(mysql::Pool::new(url)?);
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    41
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    42
        Ok(())
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    43
    }
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    44
15103
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    45
    pub fn is_registered(&mut self, nick: &str) -> Result<bool, Error> {
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    46
        if let Some(pool) = &self.pool {
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    47
            let is_registered = pool
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    48
                .first_exec(CHECK_ACCOUNT_EXISTS_QUERY, params! { "username" => nick })?
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    49
                .is_some();
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    50
            Ok(is_registered)
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    51
        } else {
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    52
            Err(DriverError::SetupError.into())
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    53
        }
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    54
    }
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
    55
14779
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    56
    pub fn get_account(
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    57
        &mut self,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    58
        nick: &str,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    59
        protocol: u16,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    60
        password_hash: &str,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    61
        client_salt: &str,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    62
        server_salt: &str,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    63
    ) -> Result<Option<AccountInfo>, Error> {
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    64
        if let Some(pool) = &self.pool {
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    65
            if let Some(row) = pool.first_exec(GET_ACCOUNT_QUERY, params! { "username" => nick })? {
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    66
                let (mut password, is_admin, is_contributor) =
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    67
                    from_row_opt::<(String, i32, i32)>(row)?;
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    68
                let client_hash = get_hash(protocol, &password, &client_salt, &server_salt);
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    69
                let server_hash = get_hash(protocol, &password, &server_salt, &client_salt);
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    70
                password.replace_range(.., "🦔🦔🦔🦔🦔🦔🦔🦔");
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    71
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    72
                if server_hash == client_hash {
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    73
                    Ok(Some(AccountInfo {
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    74
                        is_registered: true,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    75
                        is_admin: is_admin == 1,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    76
                        is_contributor: is_contributor == 1,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    77
                        server_hash,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    78
                    }))
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    79
                } else {
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    80
                    Ok(None)
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    81
                }
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    82
            } else {
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    83
                Ok(Some(AccountInfo {
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    84
                    is_registered: false,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    85
                    is_admin: false,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    86
                    is_contributor: false,
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    87
                    server_hash: Sha1Digest::new([0; 20]),
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    88
                }))
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    89
            }
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    90
        } else {
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    91
            Err(DriverError::SetupError.into())
14456
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    92
        }
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    93
    }
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    94
14779
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    95
    pub fn store_stats(&mut self, stats: &ServerStatistics) -> Result<(), Error> {
14456
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
    96
        if let Some(pool) = &self.pool {
14779
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
    97
            for mut stmt in pool.prepare(STORE_STATS_QUERY).into_iter() {
14457
98ef2913ec73 Apply rustfmt to all files
unc0rr
parents: 14456
diff changeset
    98
                stmt.execute(params! {
98ef2913ec73 Apply rustfmt to all files
unc0rr
parents: 14456
diff changeset
    99
                    "players" => stats.players,
98ef2913ec73 Apply rustfmt to all files
unc0rr
parents: 14456
diff changeset
   100
                    "rooms" => stats.rooms,
98ef2913ec73 Apply rustfmt to all files
unc0rr
parents: 14456
diff changeset
   101
                })?;
98ef2913ec73 Apply rustfmt to all files
unc0rr
parents: 14456
diff changeset
   102
            }
14456
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
   103
            Ok(())
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
   104
        } else {
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
   105
            Err(DriverError::SetupError.into())
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
   106
        }
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
   107
    }
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
   108
14779
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
   109
    pub fn store_achievements(&mut self, achievements: &Achievements) -> Result<(), ()> {
14456
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
   110
        Ok(())
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
   111
    }
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
   112
14785
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
   113
    pub fn get_replay_name(&mut self, replay_id: u32) -> Result<Option<String>, Error> {
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
   114
        if let Some(pool) = &self.pool {
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
   115
            if let Some(row) =
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
   116
                pool.first_exec(GET_REPLAY_NAME_QUERY, params! { "id" => replay_id })?
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
   117
            {
15103
823052e66611 check for account existence before asking passwords
alfadur
parents: 15075
diff changeset
   118
                let filename = from_row_opt::<(String)>(row)?;
14785
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
   119
                Ok(Some(filename))
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
   120
            } else {
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
   121
                Ok(None)
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
   122
            }
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
   123
        } else {
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
   124
            Err(DriverError::SetupError.into())
a1077e8d26f4 implement watch message apart from replay deserializing
alfadur
parents: 14779
diff changeset
   125
        }
14456
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
   126
    }
a077aac9df01 Start database interaction implementation
unc0rr
parents:
diff changeset
   127
}
14779
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
   128
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
   129
fn get_hash(protocol_number: u16, web_password: &str, salt1: &str, salt2: &str) -> Sha1Digest {
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
   130
    let s = format!(
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
   131
        "{}{}{}{}{}",
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
   132
        salt1, salt2, web_password, protocol_number, "!hedgewars"
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
   133
    );
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
   134
    Sha1Digest::new(sha1(s.as_bytes()))
f43ab2bd76ae add a thread for internal server IO and implement account checking with it
alfadur
parents: 14457
diff changeset
   135
}