feat: realm owner checking

2024-09-16 15:02:53 -04:00 · 2024-05-21 22:43:39 +02:00 · 2024-05-21 22:43:39 +02:00 · ead8d901f3
commit ead8d901f3
parent f631b7519c
7 changed files with 79 additions and 5 deletions
--- a/MyMcRealms/Attributes/CheckRealmOwnerAttribute.cs
+++ b/MyMcRealms/Attributes/CheckRealmOwnerAttribute.cs
@ -0,0 +1,11 @@
+namespace MyMcRealms.Attributes
+{
+    [AttributeUsage(AttributeTargets.Method)]
+    public class CheckRealmOwnerAttribute : Attribute
+    {
+        public bool IsRealmOwner(string playerUUID, string ownerUUID)
+        {
+            return playerUUID == ownerUUID;
+        }
+    }
+}
--- a/MyMcRealms/Controllers/InvitesController.cs
+++ b/MyMcRealms/Controllers/InvitesController.cs
@ -11,6 +11,7 @@ namespace MyMcRealms.Controllers
    public class InvitesController : ControllerBase
    {
        [HttpPost("{wId}")]
+        [CheckRealmOwner]
        public async Task<ActionResult<WorldResponse>> InvitePlayer(int wId, PlayerRequest body)
        {
            string cookie = Request.Headers.Cookie;
@ -88,6 +89,7 @@ namespace MyMcRealms.Controllers
        }

        [HttpDelete("{wId}/invite/{uuid}")]
+        [CheckRealmOwner]
        public async Task<ActionResult<bool>> DeleteInvite(int wId, string uuid)
        {
            var _api = new MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY"));
--- a/MyMcRealms/Controllers/OpsController.cs
+++ b/MyMcRealms/Controllers/OpsController.cs
@ -10,6 +10,7 @@ namespace MyMcRealms.Controllers
    public class OpsController : ControllerBase
    {
        [HttpPost("{wId}/{uuid}")]
+        [CheckRealmOwner]
        public async Task<ActionResult<OpsResponse>> OpPlayer(int wId, string uuid)
        {
            var _api = new MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY"));
@ -40,6 +41,7 @@ namespace MyMcRealms.Controllers
        }

        [HttpDelete("{wId}/{uuid}")]
+        [CheckRealmOwner]
        public async Task<ActionResult<OpsResponse>> DeopPlayerAsync(int wId, string uuid)
        {
            var _api = new MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY"));
--- a/MyMcRealms/Controllers/SubscriptionsController.cs
+++ b/MyMcRealms/Controllers/SubscriptionsController.cs
@ -9,6 +9,7 @@ namespace Minecraft_Realms_Emulator.Controllers
    public class SubscriptionsController : ControllerBase
    {
        [HttpGet("{id}")]
+        [CheckRealmOwner]
        public ActionResult<string> GetSubscription(int id)
        {
            return BadRequest("No subscription for you :(");
--- a/MyMcRealms/Controllers/WorldsController.cs
+++ b/MyMcRealms/Controllers/WorldsController.cs
@ -80,17 +80,18 @@ namespace MyMcRealms.Controllers
            return Ok(servers);
        }

-        [HttpGet("{id}")]
-        public async Task<ActionResult<WorldResponse>> GetWorldById(int id)
+        [HttpGet("{wId}")]
+        [CheckRealmOwner]
+        public async Task<ActionResult<WorldResponse>> GetWorldById(int wId)
        {
            var _api = new MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY"));

-            var world = (await _api.GetAllServers()).Servers[id];
+            var world = (await _api.GetAllServers()).Servers[wId];

            var api = new MyMcAPI.Wrapper(world.OwnersToken);
            var whitelist = await api.GetWhitelist();

-            if (whitelist == null) return BadRequest($"Cannot get data for world {id}");
+            if (whitelist == null) return BadRequest($"Cannot get data for world {wId}");

            string worldOwnerName = world.Ops.ToArray().Length == 0 ? "Owner" : world.Ops[0].Name;
            string worldOwnerUuid = world.Ops.ToArray().Length == 0 ? "069a79f444e94726a5befca90e38aaf5" : world.Ops[0].Uuid;
@ -114,7 +115,7 @@ namespace MyMcRealms.Controllers

            WorldResponse response = new()
            {
-                Id = id,
+                Id = wId,
                Owner = worldOwnerName,
                OwnerUUID = worldOwnerUuid,
                Name = worldName,
@ -138,18 +139,21 @@ namespace MyMcRealms.Controllers
        }

        [HttpPost("{wId}")]
+        [CheckRealmOwner]
        public ActionResult<string> UpdateRealms(int wId)
        {
            return BadRequest("You can change the MOTD trough server.properties file");
        }

        [HttpPost("{wId}/reset")]
+        [CheckRealmOwner]
        public ActionResult<string> ChangeSlot(int id)
        {
            return BadRequest("lol nice try");
        }

        [HttpPut("{id}/open")]
+        [CheckRealmOwner]
        public async Task<ActionResult<bool>> Open(int id)
        {
            var _api = new MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY"));
@ -165,6 +169,7 @@ namespace MyMcRealms.Controllers
        }

        [HttpPut("{id}/close")]
+        [CheckRealmOwner]
        public async Task<ActionResult<bool>> Close(int id)
        {
            var _api = new MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY"));
@ -180,12 +185,14 @@ namespace MyMcRealms.Controllers
        }

        [HttpPost("{wId}/slot/{sId}")]
+        [CheckRealmOwner]
        public ActionResult<string> UpdateSlot(int wId, int sId)
        {
            return BadRequest("no.");
        }

        [HttpGet("{wId}/slot/{sId}/download")]
+        [CheckRealmOwner]
        public ActionResult<string> GetBackups(int wId, int sId)
        {
            return BadRequest("Wouldn't it be nice if you could download your world to singleplayer? Well I think that too");
--- a/MyMcRealms/Middlewares/CheckRealmOwnerMiddleware.cs
+++ b/MyMcRealms/Middlewares/CheckRealmOwnerMiddleware.cs
@ -0,0 +1,49 @@
+using MyMcRealms.Attributes;
+using MyMcRealms.MyMcAPI.Responses;
+
+namespace Minecraft_Realms_Emulator.Middlewares
+{
+    public class CheckRealmOwnerMiddleware(RequestDelegate next)
+    {
+        private readonly RequestDelegate _next = next;
+
+        public async Task Invoke(HttpContext httpContext)
+        {
+            var endpoint = httpContext.GetEndpoint();
+            var attribute = endpoint?.Metadata.GetMetadata<CheckRealmOwnerAttribute>();
+
+            if (attribute == null)
+            {
+                await _next(httpContext);
+                return;
+            }
+
+            string playerUUID = httpContext.Request.Headers.Cookie.ToString().Split(";")[0].Split(":")[2];
+
+            var servers = await new MyMcRealms.MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY")).GetAllServers();
+            Server server = servers.Servers.Find(s => servers.Servers.IndexOf(s) == int.Parse(httpContext.Request.RouteValues["wId"].ToString()));
+
+            if (server == null)
+            {
+                httpContext.Response.StatusCode = 404;
+                await httpContext.Response.WriteAsync("World not found");
+                return;
+            }
+
+            if (server.Ops.Count == 0) {
+                httpContext.Response.StatusCode = 403;
+                await httpContext.Response.WriteAsync("This world isn't owned by anyone");
+                return;
+            }
+
+            if (!attribute.IsRealmOwner(playerUUID, server.Ops[0].Uuid))
+            {
+                httpContext.Response.StatusCode = 403;
+                await httpContext.Response.WriteAsync("You don't own this world");
+                return;
+            }
+
+            await _next(httpContext);
+        }
+    }
+}
--- a/MyMcRealms/Program.cs
+++ b/MyMcRealms/Program.cs
@ -1,4 +1,5 @@
 using Microsoft.Extensions.FileProviders;
+using Minecraft_Realms_Emulator.Middlewares;
 using MyMcRealms.Middlewares;

 var builder = WebApplication.CreateBuilder(args);
@ -28,6 +29,7 @@ if (app.Environment.IsDevelopment())
 }

 app.UseMiddleware<MinecraftCookieMiddleware>();
+app.UseMiddleware<CheckRealmOwnerMiddleware>();

 app.MapControllers();
 app.UseStaticFiles();