From ead8d901f3142eba1fa91a7da0be0d6a64e4b4a4 Mon Sep 17 00:00:00 2001 From: CyberL1 Date: Tue, 21 May 2024 22:43:39 +0200 Subject: [PATCH] feat: realm owner checking --- .../Attributes/CheckRealmOwnerAttribute.cs | 11 +++++ MyMcRealms/Controllers/InvitesController.cs | 2 + MyMcRealms/Controllers/OpsController.cs | 2 + .../Controllers/SubscriptionsController.cs | 1 + MyMcRealms/Controllers/WorldsController.cs | 17 +++++-- .../Middlewares/CheckRealmOwnerMiddleware.cs | 49 +++++++++++++++++++ MyMcRealms/Program.cs | 2 + 7 files changed, 79 insertions(+), 5 deletions(-) create mode 100644 MyMcRealms/Attributes/CheckRealmOwnerAttribute.cs create mode 100644 MyMcRealms/Middlewares/CheckRealmOwnerMiddleware.cs diff --git a/MyMcRealms/Attributes/CheckRealmOwnerAttribute.cs b/MyMcRealms/Attributes/CheckRealmOwnerAttribute.cs new file mode 100644 index 0000000..2179691 --- /dev/null +++ b/MyMcRealms/Attributes/CheckRealmOwnerAttribute.cs @@ -0,0 +1,11 @@ +namespace MyMcRealms.Attributes +{ + [AttributeUsage(AttributeTargets.Method)] + public class CheckRealmOwnerAttribute : Attribute + { + public bool IsRealmOwner(string playerUUID, string ownerUUID) + { + return playerUUID == ownerUUID; + } + } +} diff --git a/MyMcRealms/Controllers/InvitesController.cs b/MyMcRealms/Controllers/InvitesController.cs index 601eef3..244886c 100644 --- a/MyMcRealms/Controllers/InvitesController.cs +++ b/MyMcRealms/Controllers/InvitesController.cs @@ -11,6 +11,7 @@ namespace MyMcRealms.Controllers public class InvitesController : ControllerBase { [HttpPost("{wId}")] + [CheckRealmOwner] public async Task> InvitePlayer(int wId, PlayerRequest body) { string cookie = Request.Headers.Cookie; @@ -88,6 +89,7 @@ namespace MyMcRealms.Controllers } [HttpDelete("{wId}/invite/{uuid}")] + [CheckRealmOwner] public async Task> DeleteInvite(int wId, string uuid) { var _api = new MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY")); diff --git a/MyMcRealms/Controllers/OpsController.cs b/MyMcRealms/Controllers/OpsController.cs index e538e98..23af1cb 100644 --- a/MyMcRealms/Controllers/OpsController.cs +++ b/MyMcRealms/Controllers/OpsController.cs @@ -10,6 +10,7 @@ namespace MyMcRealms.Controllers public class OpsController : ControllerBase { [HttpPost("{wId}/{uuid}")] + [CheckRealmOwner] public async Task> OpPlayer(int wId, string uuid) { var _api = new MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY")); @@ -40,6 +41,7 @@ namespace MyMcRealms.Controllers } [HttpDelete("{wId}/{uuid}")] + [CheckRealmOwner] public async Task> DeopPlayerAsync(int wId, string uuid) { var _api = new MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY")); diff --git a/MyMcRealms/Controllers/SubscriptionsController.cs b/MyMcRealms/Controllers/SubscriptionsController.cs index 87c8f9b..96cde63 100644 --- a/MyMcRealms/Controllers/SubscriptionsController.cs +++ b/MyMcRealms/Controllers/SubscriptionsController.cs @@ -9,6 +9,7 @@ namespace Minecraft_Realms_Emulator.Controllers public class SubscriptionsController : ControllerBase { [HttpGet("{id}")] + [CheckRealmOwner] public ActionResult GetSubscription(int id) { return BadRequest("No subscription for you :("); diff --git a/MyMcRealms/Controllers/WorldsController.cs b/MyMcRealms/Controllers/WorldsController.cs index 7bb7044..eb94cd3 100644 --- a/MyMcRealms/Controllers/WorldsController.cs +++ b/MyMcRealms/Controllers/WorldsController.cs @@ -80,17 +80,18 @@ namespace MyMcRealms.Controllers return Ok(servers); } - [HttpGet("{id}")] - public async Task> GetWorldById(int id) + [HttpGet("{wId}")] + [CheckRealmOwner] + public async Task> GetWorldById(int wId) { var _api = new MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY")); - var world = (await _api.GetAllServers()).Servers[id]; + var world = (await _api.GetAllServers()).Servers[wId]; var api = new MyMcAPI.Wrapper(world.OwnersToken); var whitelist = await api.GetWhitelist(); - if (whitelist == null) return BadRequest($"Cannot get data for world {id}"); + if (whitelist == null) return BadRequest($"Cannot get data for world {wId}"); string worldOwnerName = world.Ops.ToArray().Length == 0 ? "Owner" : world.Ops[0].Name; string worldOwnerUuid = world.Ops.ToArray().Length == 0 ? "069a79f444e94726a5befca90e38aaf5" : world.Ops[0].Uuid; @@ -114,7 +115,7 @@ namespace MyMcRealms.Controllers WorldResponse response = new() { - Id = id, + Id = wId, Owner = worldOwnerName, OwnerUUID = worldOwnerUuid, Name = worldName, @@ -138,18 +139,21 @@ namespace MyMcRealms.Controllers } [HttpPost("{wId}")] + [CheckRealmOwner] public ActionResult UpdateRealms(int wId) { return BadRequest("You can change the MOTD trough server.properties file"); } [HttpPost("{wId}/reset")] + [CheckRealmOwner] public ActionResult ChangeSlot(int id) { return BadRequest("lol nice try"); } [HttpPut("{id}/open")] + [CheckRealmOwner] public async Task> Open(int id) { var _api = new MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY")); @@ -165,6 +169,7 @@ namespace MyMcRealms.Controllers } [HttpPut("{id}/close")] + [CheckRealmOwner] public async Task> Close(int id) { var _api = new MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY")); @@ -180,12 +185,14 @@ namespace MyMcRealms.Controllers } [HttpPost("{wId}/slot/{sId}")] + [CheckRealmOwner] public ActionResult UpdateSlot(int wId, int sId) { return BadRequest("no."); } [HttpGet("{wId}/slot/{sId}/download")] + [CheckRealmOwner] public ActionResult GetBackups(int wId, int sId) { return BadRequest("Wouldn't it be nice if you could download your world to singleplayer? Well I think that too"); diff --git a/MyMcRealms/Middlewares/CheckRealmOwnerMiddleware.cs b/MyMcRealms/Middlewares/CheckRealmOwnerMiddleware.cs new file mode 100644 index 0000000..77f0c88 --- /dev/null +++ b/MyMcRealms/Middlewares/CheckRealmOwnerMiddleware.cs @@ -0,0 +1,49 @@ +using MyMcRealms.Attributes; +using MyMcRealms.MyMcAPI.Responses; + +namespace Minecraft_Realms_Emulator.Middlewares +{ + public class CheckRealmOwnerMiddleware(RequestDelegate next) + { + private readonly RequestDelegate _next = next; + + public async Task Invoke(HttpContext httpContext) + { + var endpoint = httpContext.GetEndpoint(); + var attribute = endpoint?.Metadata.GetMetadata(); + + if (attribute == null) + { + await _next(httpContext); + return; + } + + string playerUUID = httpContext.Request.Headers.Cookie.ToString().Split(";")[0].Split(":")[2]; + + var servers = await new MyMcRealms.MyMcAPI.Wrapper(Environment.GetEnvironmentVariable("MYMC_API_KEY")).GetAllServers(); + Server server = servers.Servers.Find(s => servers.Servers.IndexOf(s) == int.Parse(httpContext.Request.RouteValues["wId"].ToString())); + + if (server == null) + { + httpContext.Response.StatusCode = 404; + await httpContext.Response.WriteAsync("World not found"); + return; + } + + if (server.Ops.Count == 0) { + httpContext.Response.StatusCode = 403; + await httpContext.Response.WriteAsync("This world isn't owned by anyone"); + return; + } + + if (!attribute.IsRealmOwner(playerUUID, server.Ops[0].Uuid)) + { + httpContext.Response.StatusCode = 403; + await httpContext.Response.WriteAsync("You don't own this world"); + return; + } + + await _next(httpContext); + } + } +} diff --git a/MyMcRealms/Program.cs b/MyMcRealms/Program.cs index 644c807..0b8845b 100644 --- a/MyMcRealms/Program.cs +++ b/MyMcRealms/Program.cs @@ -1,4 +1,5 @@ using Microsoft.Extensions.FileProviders; +using Minecraft_Realms_Emulator.Middlewares; using MyMcRealms.Middlewares; var builder = WebApplication.CreateBuilder(args); @@ -28,6 +29,7 @@ if (app.Environment.IsDevelopment()) } app.UseMiddleware(); +app.UseMiddleware(); app.MapControllers(); app.UseStaticFiles();