From 029b7230f53c6b9842b3abe396458da613337da7 Mon Sep 17 00:00:00 2001 From: CyberL1 Date: Tue, 21 May 2024 22:11:00 +0200 Subject: [PATCH] feat: check realm owner --- .../Attributes/CheckRealmOwnerAttribute.cs | 11 ++++++ .../Controllers/InvitesController.cs | 2 ++ .../Controllers/OpsController.cs | 2 ++ .../Controllers/SubscriptionsController.cs | 7 ++-- .../Controllers/WorldsController.cs | 15 ++++++-- .../Middlewares/CheckRealmOwnerMiddleware.cs | 35 +++++++++++++++++++ Minecraft-Realms-Emulator/Program.cs | 1 + 7 files changed, 67 insertions(+), 6 deletions(-) create mode 100644 Minecraft-Realms-Emulator/Attributes/CheckRealmOwnerAttribute.cs create mode 100644 Minecraft-Realms-Emulator/Middlewares/CheckRealmOwnerMiddleware.cs diff --git a/Minecraft-Realms-Emulator/Attributes/CheckRealmOwnerAttribute.cs b/Minecraft-Realms-Emulator/Attributes/CheckRealmOwnerAttribute.cs new file mode 100644 index 0000000..b29f66d --- /dev/null +++ b/Minecraft-Realms-Emulator/Attributes/CheckRealmOwnerAttribute.cs @@ -0,0 +1,11 @@ +namespace Minecraft_Realms_Emulator.Attributes +{ + [AttributeUsage(AttributeTargets.Method)] + public class CheckRealmOwnerAttribute : Attribute + { + public bool IsRealmOwner(string playerUUID, string ownerUUID) + { + return playerUUID == ownerUUID; + } + } +} diff --git a/Minecraft-Realms-Emulator/Controllers/InvitesController.cs b/Minecraft-Realms-Emulator/Controllers/InvitesController.cs index 76ca189..a0e8dd8 100644 --- a/Minecraft-Realms-Emulator/Controllers/InvitesController.cs +++ b/Minecraft-Realms-Emulator/Controllers/InvitesController.cs @@ -94,6 +94,7 @@ namespace Minecraft_Realms_Emulator.Controllers } [HttpPost("{wId}")] + [CheckRealmOwner] public async Task> InvitePlayer(int wId, PlayerRequest body) { string cookie = Request.Headers.Cookie; @@ -137,6 +138,7 @@ namespace Minecraft_Realms_Emulator.Controllers } [HttpDelete("{wId}/invite/{uuid}")] + [CheckRealmOwner] public async Task> DeleteInvite(int wId, string uuid) { var world = await _context.Worlds.FirstOrDefaultAsync(w => w.Id == wId); diff --git a/Minecraft-Realms-Emulator/Controllers/OpsController.cs b/Minecraft-Realms-Emulator/Controllers/OpsController.cs index 72f1338..f5437f4 100644 --- a/Minecraft-Realms-Emulator/Controllers/OpsController.cs +++ b/Minecraft-Realms-Emulator/Controllers/OpsController.cs @@ -18,6 +18,7 @@ namespace Minecraft_Realms_Emulator.Controllers } [HttpPost("{wId}/{uuid}")] + [CheckRealmOwner] public ActionResult OpPlayer(int wId, string uuid) { var ops = _context.Players.Where(p => p.World.Id == wId && p.Operator == true).ToList(); @@ -46,6 +47,7 @@ namespace Minecraft_Realms_Emulator.Controllers } [HttpDelete("{wId}/{uuid}")] + [CheckRealmOwner] public ActionResult DeopPlayer(int wId, string uuid) { var ops = _context.Players.Where(p => p.World.Id == wId && p.Operator == true).ToList(); diff --git a/Minecraft-Realms-Emulator/Controllers/SubscriptionsController.cs b/Minecraft-Realms-Emulator/Controllers/SubscriptionsController.cs index e29d145..6876866 100644 --- a/Minecraft-Realms-Emulator/Controllers/SubscriptionsController.cs +++ b/Minecraft-Realms-Emulator/Controllers/SubscriptionsController.cs @@ -17,10 +17,11 @@ namespace Minecraft_Realms_Emulator.Controllers { _context = context; } - [HttpGet("{id}")] - public async Task> Get(int id) + [HttpGet("{wId}")] + [CheckRealmOwner] + public async Task> Get(int wId) { - var world = await _context.Worlds.Include(w => w.Subscription).FirstOrDefaultAsync(w => w.Id == id); + var world = await _context.Worlds.Include(w => w.Subscription).FirstOrDefaultAsync(w => w.Id == wId); if (world?.Subscription == null) return NotFound("Subscription not found"); diff --git a/Minecraft-Realms-Emulator/Controllers/WorldsController.cs b/Minecraft-Realms-Emulator/Controllers/WorldsController.cs index cca05ee..d0240d4 100644 --- a/Minecraft-Realms-Emulator/Controllers/WorldsController.cs +++ b/Minecraft-Realms-Emulator/Controllers/WorldsController.cs @@ -138,13 +138,14 @@ namespace Minecraft_Realms_Emulator.Controllers return Ok(servers); } - [HttpGet("{id}")] - public async Task> GetWorldById(int id) + [HttpGet("{wId}")] + [CheckRealmOwner] + public async Task> GetWorldById(int wId) { string cookie = Request.Headers.Cookie; string gameVersion = cookie.Split(";")[2].Split("=")[1]; - var world = await _context.Worlds.Include(w => w.Players).Include(w => w.Subscription).Include(w => w.Slots).FirstOrDefaultAsync(w => w.Id == id); + var world = await _context.Worlds.Include(w => w.Players).Include(w => w.Subscription).Include(w => w.Slots).FirstOrDefaultAsync(w => w.Id == wId); if (world?.Subscription == null) return NotFound("World not found"); @@ -208,6 +209,7 @@ namespace Minecraft_Realms_Emulator.Controllers } [HttpPost("{id}/initialize")] + [CheckRealmOwner] public async Task> Initialize(int id, WorldCreateRequest body) { string cookie = Request.Headers.Cookie; @@ -268,6 +270,7 @@ namespace Minecraft_Realms_Emulator.Controllers } [HttpPost("{id}/reset")] + [CheckRealmOwner] public ActionResult Reset(int id) { Console.WriteLine($"Resetting world {id}"); @@ -291,6 +294,7 @@ namespace Minecraft_Realms_Emulator.Controllers } [HttpPut("{id}/close")] + [CheckRealmOwner] public async Task> Close(int id) { var worlds = await _context.Worlds.ToListAsync(); @@ -307,6 +311,7 @@ namespace Minecraft_Realms_Emulator.Controllers } [HttpPost("{id}")] + [CheckRealmOwner] public async Task> UpdateWorld(int id, WorldCreateRequest body) { var worlds = await _context.Worlds.ToListAsync(); @@ -324,6 +329,7 @@ namespace Minecraft_Realms_Emulator.Controllers } [HttpPost("{wId}/slot/{sId}")] + [CheckRealmOwner] public async Task> UpdateSlotAsync(int wId, int sId, SlotOptionsRequest body) { var slots = await _context.Slots.Where(s => s.World.Id == wId).ToListAsync(); @@ -346,6 +352,7 @@ namespace Minecraft_Realms_Emulator.Controllers } [HttpPut("{wId}/slot/{sId}")] + [CheckRealmOwner] public ActionResult SwitchSlot(int wId, int sId) { var world = _context.Worlds.Find(wId); @@ -386,6 +393,7 @@ namespace Minecraft_Realms_Emulator.Controllers } [HttpGet("{Id}/backups")] + [CheckRealmOwner] public async Task> GetBackups(int id) { var backups = await _context.Backups.Where(b => b.World.Id == id).ToListAsync(); @@ -407,6 +415,7 @@ namespace Minecraft_Realms_Emulator.Controllers } [HttpDelete("{wId}")] + [CheckRealmOwner] public ActionResult DeleteRealm(int wId) { var world = _context.Worlds.Find(wId); diff --git a/Minecraft-Realms-Emulator/Middlewares/CheckRealmOwnerMiddleware.cs b/Minecraft-Realms-Emulator/Middlewares/CheckRealmOwnerMiddleware.cs new file mode 100644 index 0000000..1b0dccc --- /dev/null +++ b/Minecraft-Realms-Emulator/Middlewares/CheckRealmOwnerMiddleware.cs @@ -0,0 +1,35 @@ +using Minecraft_Realms_Emulator.Attributes; +using Minecraft_Realms_Emulator.Data; +using Minecraft_Realms_Emulator.Entities; + +namespace Minecraft_Realms_Emulator.Middlewares +{ + public class CheckRealmOwnerMiddleware(RequestDelegate next) + { + private readonly RequestDelegate _next = next; + + public async Task Invoke(HttpContext httpContext, DataContext db) + { + var endpoint = httpContext.GetEndpoint(); + var attribute = endpoint?.Metadata.GetMetadata(); + + if (attribute == null) + { + await _next(httpContext); + return; + } + + string playerUUID = httpContext.Request.Headers.Cookie.ToString().Split(";")[0].Split(":")[2]; + World world = db.Worlds.Find(int.Parse(httpContext.Request.RouteValues["wId"].ToString())); + + if (world != null && !attribute.IsRealmOwner(playerUUID, world.OwnerUUID)) + { + httpContext.Response.StatusCode = 403; + await httpContext.Response.WriteAsync("You don't own this world"); + return; + } + + await _next(httpContext); + } + } +} diff --git a/Minecraft-Realms-Emulator/Program.cs b/Minecraft-Realms-Emulator/Program.cs index 6fec2a4..d250a68 100644 --- a/Minecraft-Realms-Emulator/Program.cs +++ b/Minecraft-Realms-Emulator/Program.cs @@ -42,6 +42,7 @@ if (app.Environment.IsDevelopment()) } app.UseMiddleware(); +app.UseMiddleware(); app.MapControllers();