feat: check realm owner

This commit is contained in:
CyberL1 2024-05-21 22:11:00 +02:00
parent 5115c608d7
commit 029b7230f5
7 changed files with 67 additions and 6 deletions

View File

@ -0,0 +1,11 @@
namespace Minecraft_Realms_Emulator.Attributes
{
[AttributeUsage(AttributeTargets.Method)]
public class CheckRealmOwnerAttribute : Attribute
{
public bool IsRealmOwner(string playerUUID, string ownerUUID)
{
return playerUUID == ownerUUID;
}
}
}

View File

@ -94,6 +94,7 @@ namespace Minecraft_Realms_Emulator.Controllers
} }
[HttpPost("{wId}")] [HttpPost("{wId}")]
[CheckRealmOwner]
public async Task<ActionResult<World>> InvitePlayer(int wId, PlayerRequest body) public async Task<ActionResult<World>> InvitePlayer(int wId, PlayerRequest body)
{ {
string cookie = Request.Headers.Cookie; string cookie = Request.Headers.Cookie;
@ -137,6 +138,7 @@ namespace Minecraft_Realms_Emulator.Controllers
} }
[HttpDelete("{wId}/invite/{uuid}")] [HttpDelete("{wId}/invite/{uuid}")]
[CheckRealmOwner]
public async Task<ActionResult<bool>> DeleteInvite(int wId, string uuid) public async Task<ActionResult<bool>> DeleteInvite(int wId, string uuid)
{ {
var world = await _context.Worlds.FirstOrDefaultAsync(w => w.Id == wId); var world = await _context.Worlds.FirstOrDefaultAsync(w => w.Id == wId);

View File

@ -18,6 +18,7 @@ namespace Minecraft_Realms_Emulator.Controllers
} }
[HttpPost("{wId}/{uuid}")] [HttpPost("{wId}/{uuid}")]
[CheckRealmOwner]
public ActionResult<OpsResponse> OpPlayer(int wId, string uuid) public ActionResult<OpsResponse> OpPlayer(int wId, string uuid)
{ {
var ops = _context.Players.Where(p => p.World.Id == wId && p.Operator == true).ToList(); var ops = _context.Players.Where(p => p.World.Id == wId && p.Operator == true).ToList();
@ -46,6 +47,7 @@ namespace Minecraft_Realms_Emulator.Controllers
} }
[HttpDelete("{wId}/{uuid}")] [HttpDelete("{wId}/{uuid}")]
[CheckRealmOwner]
public ActionResult<OpsResponse> DeopPlayer(int wId, string uuid) public ActionResult<OpsResponse> DeopPlayer(int wId, string uuid)
{ {
var ops = _context.Players.Where(p => p.World.Id == wId && p.Operator == true).ToList(); var ops = _context.Players.Where(p => p.World.Id == wId && p.Operator == true).ToList();

View File

@ -17,10 +17,11 @@ namespace Minecraft_Realms_Emulator.Controllers
{ {
_context = context; _context = context;
} }
[HttpGet("{id}")] [HttpGet("{wId}")]
public async Task<ActionResult<SubscriptionResponse>> Get(int id) [CheckRealmOwner]
public async Task<ActionResult<SubscriptionResponse>> Get(int wId)
{ {
var world = await _context.Worlds.Include(w => w.Subscription).FirstOrDefaultAsync(w => w.Id == id); var world = await _context.Worlds.Include(w => w.Subscription).FirstOrDefaultAsync(w => w.Id == wId);
if (world?.Subscription == null) return NotFound("Subscription not found"); if (world?.Subscription == null) return NotFound("Subscription not found");

View File

@ -138,13 +138,14 @@ namespace Minecraft_Realms_Emulator.Controllers
return Ok(servers); return Ok(servers);
} }
[HttpGet("{id}")] [HttpGet("{wId}")]
public async Task<ActionResult<WorldResponse>> GetWorldById(int id) [CheckRealmOwner]
public async Task<ActionResult<WorldResponse>> GetWorldById(int wId)
{ {
string cookie = Request.Headers.Cookie; string cookie = Request.Headers.Cookie;
string gameVersion = cookie.Split(";")[2].Split("=")[1]; string gameVersion = cookie.Split(";")[2].Split("=")[1];
var world = await _context.Worlds.Include(w => w.Players).Include(w => w.Subscription).Include(w => w.Slots).FirstOrDefaultAsync(w => w.Id == id); var world = await _context.Worlds.Include(w => w.Players).Include(w => w.Subscription).Include(w => w.Slots).FirstOrDefaultAsync(w => w.Id == wId);
if (world?.Subscription == null) return NotFound("World not found"); if (world?.Subscription == null) return NotFound("World not found");
@ -208,6 +209,7 @@ namespace Minecraft_Realms_Emulator.Controllers
} }
[HttpPost("{id}/initialize")] [HttpPost("{id}/initialize")]
[CheckRealmOwner]
public async Task<ActionResult<World>> Initialize(int id, WorldCreateRequest body) public async Task<ActionResult<World>> Initialize(int id, WorldCreateRequest body)
{ {
string cookie = Request.Headers.Cookie; string cookie = Request.Headers.Cookie;
@ -268,6 +270,7 @@ namespace Minecraft_Realms_Emulator.Controllers
} }
[HttpPost("{id}/reset")] [HttpPost("{id}/reset")]
[CheckRealmOwner]
public ActionResult<bool> Reset(int id) public ActionResult<bool> Reset(int id)
{ {
Console.WriteLine($"Resetting world {id}"); Console.WriteLine($"Resetting world {id}");
@ -291,6 +294,7 @@ namespace Minecraft_Realms_Emulator.Controllers
} }
[HttpPut("{id}/close")] [HttpPut("{id}/close")]
[CheckRealmOwner]
public async Task<ActionResult<bool>> Close(int id) public async Task<ActionResult<bool>> Close(int id)
{ {
var worlds = await _context.Worlds.ToListAsync(); var worlds = await _context.Worlds.ToListAsync();
@ -307,6 +311,7 @@ namespace Minecraft_Realms_Emulator.Controllers
} }
[HttpPost("{id}")] [HttpPost("{id}")]
[CheckRealmOwner]
public async Task<ActionResult<bool>> UpdateWorld(int id, WorldCreateRequest body) public async Task<ActionResult<bool>> UpdateWorld(int id, WorldCreateRequest body)
{ {
var worlds = await _context.Worlds.ToListAsync(); var worlds = await _context.Worlds.ToListAsync();
@ -324,6 +329,7 @@ namespace Minecraft_Realms_Emulator.Controllers
} }
[HttpPost("{wId}/slot/{sId}")] [HttpPost("{wId}/slot/{sId}")]
[CheckRealmOwner]
public async Task<ActionResult<bool>> UpdateSlotAsync(int wId, int sId, SlotOptionsRequest body) public async Task<ActionResult<bool>> UpdateSlotAsync(int wId, int sId, SlotOptionsRequest body)
{ {
var slots = await _context.Slots.Where(s => s.World.Id == wId).ToListAsync(); var slots = await _context.Slots.Where(s => s.World.Id == wId).ToListAsync();
@ -346,6 +352,7 @@ namespace Minecraft_Realms_Emulator.Controllers
} }
[HttpPut("{wId}/slot/{sId}")] [HttpPut("{wId}/slot/{sId}")]
[CheckRealmOwner]
public ActionResult<bool> SwitchSlot(int wId, int sId) public ActionResult<bool> SwitchSlot(int wId, int sId)
{ {
var world = _context.Worlds.Find(wId); var world = _context.Worlds.Find(wId);
@ -386,6 +393,7 @@ namespace Minecraft_Realms_Emulator.Controllers
} }
[HttpGet("{Id}/backups")] [HttpGet("{Id}/backups")]
[CheckRealmOwner]
public async Task<ActionResult<BackupsResponse>> GetBackups(int id) public async Task<ActionResult<BackupsResponse>> GetBackups(int id)
{ {
var backups = await _context.Backups.Where(b => b.World.Id == id).ToListAsync(); var backups = await _context.Backups.Where(b => b.World.Id == id).ToListAsync();
@ -407,6 +415,7 @@ namespace Minecraft_Realms_Emulator.Controllers
} }
[HttpDelete("{wId}")] [HttpDelete("{wId}")]
[CheckRealmOwner]
public ActionResult<bool> DeleteRealm(int wId) public ActionResult<bool> DeleteRealm(int wId)
{ {
var world = _context.Worlds.Find(wId); var world = _context.Worlds.Find(wId);

View File

@ -0,0 +1,35 @@
using Minecraft_Realms_Emulator.Attributes;
using Minecraft_Realms_Emulator.Data;
using Minecraft_Realms_Emulator.Entities;
namespace Minecraft_Realms_Emulator.Middlewares
{
public class CheckRealmOwnerMiddleware(RequestDelegate next)
{
private readonly RequestDelegate _next = next;
public async Task Invoke(HttpContext httpContext, DataContext db)
{
var endpoint = httpContext.GetEndpoint();
var attribute = endpoint?.Metadata.GetMetadata<CheckRealmOwnerAttribute>();
if (attribute == null)
{
await _next(httpContext);
return;
}
string playerUUID = httpContext.Request.Headers.Cookie.ToString().Split(";")[0].Split(":")[2];
World world = db.Worlds.Find(int.Parse(httpContext.Request.RouteValues["wId"].ToString()));
if (world != null && !attribute.IsRealmOwner(playerUUID, world.OwnerUUID))
{
httpContext.Response.StatusCode = 403;
await httpContext.Response.WriteAsync("You don't own this world");
return;
}
await _next(httpContext);
}
}
}

View File

@ -42,6 +42,7 @@ if (app.Environment.IsDevelopment())
} }
app.UseMiddleware<MinecraftCookieMiddleware>(); app.UseMiddleware<MinecraftCookieMiddleware>();
app.UseMiddleware<CheckRealmOwnerMiddleware>();
app.MapControllers(); app.MapControllers();