mirror of
https://github.com/elyby/accounts.git
synced 2025-05-31 14:11:46 +05:30
Cleanup session server module
This commit is contained in:
@ -1,4 +1,6 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace api\modules\session\models;
|
||||
|
||||
use api\modules\session\exceptions\ForbiddenOperationException;
|
||||
@ -11,8 +13,8 @@ use common\helpers\StringHelper;
|
||||
use common\models\Account;
|
||||
use common\models\MinecraftAccessKey;
|
||||
use Ramsey\Uuid\Uuid;
|
||||
use Webmozart\Assert\Assert;
|
||||
use Yii;
|
||||
use yii\base\ErrorException;
|
||||
use yii\base\Model;
|
||||
use yii\web\UnauthorizedHttpException;
|
||||
|
||||
@ -35,15 +37,14 @@ class JoinForm extends Model {
|
||||
private $protocol;
|
||||
|
||||
public function __construct(JoinInterface $protocol, array $config = []) {
|
||||
parent::__construct($config);
|
||||
$this->protocol = $protocol;
|
||||
$this->accessToken = $protocol->getAccessToken();
|
||||
$this->selectedProfile = $protocol->getSelectedProfile();
|
||||
$this->serverId = $protocol->getServerId();
|
||||
|
||||
parent::__construct($config);
|
||||
}
|
||||
|
||||
public function rules() {
|
||||
public function rules(): array {
|
||||
return [
|
||||
[['accessToken', 'serverId'], RequiredValidator::class],
|
||||
[['accessToken', 'selectedProfile'], 'validateUuid'],
|
||||
@ -51,7 +52,12 @@ class JoinForm extends Model {
|
||||
];
|
||||
}
|
||||
|
||||
public function join() {
|
||||
/**
|
||||
* @return bool
|
||||
* @throws IllegalArgumentException
|
||||
* @throws ForbiddenOperationException
|
||||
*/
|
||||
public function join(): bool {
|
||||
$serverId = $this->serverId;
|
||||
$accessToken = $this->accessToken;
|
||||
Session::info("User with access_token = '{$accessToken}' trying join to server with server_id = '{$serverId}'.");
|
||||
@ -62,9 +68,7 @@ class JoinForm extends Model {
|
||||
|
||||
$account = $this->getAccount();
|
||||
$sessionModel = new SessionModel($account->username, $serverId);
|
||||
if (!$sessionModel->save()) {
|
||||
throw new ErrorException('Cannot save join session model');
|
||||
}
|
||||
Assert::true($sessionModel->save());
|
||||
|
||||
Session::info("User with access_token = '{$accessToken}' and nickname = '{$account->username}' successfully joined to server_id = '{$serverId}'.");
|
||||
Yii::$app->statsd->inc('sessionserver.join.success');
|
||||
@ -72,7 +76,14 @@ class JoinForm extends Model {
|
||||
return true;
|
||||
}
|
||||
|
||||
public function validate($attributeNames = null, $clearErrors = true) {
|
||||
/**
|
||||
* @param string $attributeNames
|
||||
* @param bool $clearErrors
|
||||
*
|
||||
* @return bool
|
||||
* @throws IllegalArgumentException
|
||||
*/
|
||||
public function validate($attributeNames = null, $clearErrors = true): bool {
|
||||
if (!$this->protocol->validate()) {
|
||||
throw new IllegalArgumentException();
|
||||
}
|
||||
@ -80,7 +91,12 @@ class JoinForm extends Model {
|
||||
return parent::validate($attributeNames, $clearErrors);
|
||||
}
|
||||
|
||||
public function validateUuid($attribute) {
|
||||
/**
|
||||
* @param string $attribute
|
||||
*
|
||||
* @throws IllegalArgumentException
|
||||
*/
|
||||
public function validateUuid(string $attribute): void {
|
||||
if ($this->hasErrors($attribute)) {
|
||||
return;
|
||||
}
|
||||
@ -91,18 +107,19 @@ class JoinForm extends Model {
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws \api\modules\session\exceptions\SessionServerException
|
||||
* @throws \api\modules\session\exceptions\ForbiddenOperationException
|
||||
*/
|
||||
public function validateAccessToken() {
|
||||
public function validateAccessToken(): void {
|
||||
$accessToken = $this->accessToken;
|
||||
/** @var MinecraftAccessKey|null $accessModel */
|
||||
$accessModel = MinecraftAccessKey::findOne($accessToken);
|
||||
$accessModel = MinecraftAccessKey::findOne(['access_token' => $accessToken]);
|
||||
if ($accessModel !== null) {
|
||||
Yii::$app->statsd->inc('sessionserver.authentication.legacy_minecraft_protocol');
|
||||
/** @var MinecraftAccessKey|\api\components\OAuth2\Entities\AccessTokenEntity $accessModel */
|
||||
if ($accessModel->isExpired()) {
|
||||
Session::error("User with access_token = '{$accessToken}' failed join by expired access_token.");
|
||||
Yii::$app->statsd->inc('sessionserver.authentication.legacy_minecraft_protocol_token_expired');
|
||||
|
||||
throw new ForbiddenOperationException('Expired access_token.');
|
||||
}
|
||||
|
||||
@ -117,6 +134,7 @@ class JoinForm extends Model {
|
||||
if ($identity === null) {
|
||||
Session::error("User with access_token = '{$accessToken}' failed join by wrong access_token.");
|
||||
Yii::$app->statsd->inc('sessionserver.join.fail_wrong_token');
|
||||
|
||||
throw new ForbiddenOperationException('Invalid access_token.');
|
||||
}
|
||||
|
||||
@ -124,6 +142,7 @@ class JoinForm extends Model {
|
||||
if (!Yii::$app->user->can(P::MINECRAFT_SERVER_SESSION)) {
|
||||
Session::error("User with access_token = '{$accessToken}' doesn't have enough scopes to make join.");
|
||||
Yii::$app->statsd->inc('sessionserver.authentication.oauth2_not_enough_scopes');
|
||||
|
||||
throw new ForbiddenOperationException('The token does not have required scope.');
|
||||
}
|
||||
|
||||
@ -135,12 +154,14 @@ class JoinForm extends Model {
|
||||
if ($isUuid && $account->uuid !== $this->normalizeUUID($selectedProfile)) {
|
||||
Session::error("User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}', but access_token issued to account with id = '{$account->uuid}'.");
|
||||
Yii::$app->statsd->inc('sessionserver.join.fail_uuid_mismatch');
|
||||
|
||||
throw new ForbiddenOperationException('Wrong selected_profile.');
|
||||
}
|
||||
|
||||
if (!$isUuid && mb_strtolower($account->username) !== mb_strtolower($selectedProfile)) {
|
||||
Session::error("User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}', but access_token issued to account with username = '{$account->username}'.");
|
||||
Yii::$app->statsd->inc('sessionserver.join.fail_username_mismatch');
|
||||
|
||||
throw new ForbiddenOperationException('Invalid credentials');
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user