chrly/http/skinsystem.go

package http

import (
	"crypto/rsa"
	"crypto/x509"
	"encoding/base64"
	"encoding/json"
	"encoding/pem"
	"github.com/elyby/chrly/utils"
	"io"
	"net/http"
	"strings"
	"time"

	"github.com/gorilla/mux"

	"github.com/elyby/chrly/api/mojang"
	"github.com/elyby/chrly/model"
)

var timeNow = time.Now

type SkinsRepository interface {
	FindSkinByUsername(username string) (*model.Skin, error)
	FindSkinByUserId(id int) (*model.Skin, error)
	SaveSkin(skin *model.Skin) error
	RemoveSkinByUserId(id int) error
	RemoveSkinByUsername(username string) error
}

type CapesRepository interface {
	FindCapeByUsername(username string) (*model.Cape, error)
}

type MojangTexturesProvider interface {
	GetForUsername(username string) (*mojang.SignedTexturesResponse, error)
}

type TexturesSigner interface {
	SignTextures(textures string) (string, error)
	GetPublicKey() (*rsa.PublicKey, error)
}

type Skinsystem struct {
	Emitter
	SkinsRepo               SkinsRepository
	CapesRepo               CapesRepository
	MojangTexturesProvider  MojangTexturesProvider
	TexturesSigner          TexturesSigner
	TexturesExtraParamName  string
	TexturesExtraParamValue string
}

type profile struct {
	Id              string
	Username        string
	Textures        *mojang.TexturesResponse
	CapeFile        io.Reader
	MojangTextures  string
	MojangSignature string
}

func (ctx *Skinsystem) Handler() *mux.Router {
	router := mux.NewRouter().StrictSlash(true)

	router.HandleFunc("/skins/{username}", ctx.skinHandler).Methods(http.MethodGet)
	router.HandleFunc("/cloaks/{username}", ctx.capeHandler).Methods(http.MethodGet).Name("cloaks")
	router.HandleFunc("/textures/{username}", ctx.texturesHandler).Methods(http.MethodGet)
	router.HandleFunc("/textures/signed/{username}", ctx.signedTexturesHandler).Methods(http.MethodGet)
	router.HandleFunc("/profile/{username}", ctx.profileHandler).Methods(http.MethodGet)
	// Legacy
	router.HandleFunc("/skins", ctx.skinGetHandler).Methods(http.MethodGet)
	router.HandleFunc("/cloaks", ctx.capeGetHandler).Methods(http.MethodGet)
	// Utils
	router.HandleFunc("/signature-verification-key.der", ctx.signatureVerificationKeyHandler).Methods(http.MethodGet)
	router.HandleFunc("/signature-verification-key.pem", ctx.signatureVerificationKeyHandler).Methods(http.MethodGet)

	return router
}

func (ctx *Skinsystem) skinHandler(response http.ResponseWriter, request *http.Request) {
	profile, err := ctx.getProfile(request, true)
	if err != nil {
		panic(err)
	}

	if profile == nil || profile.Textures == nil || profile.Textures.Skin == nil {
		response.WriteHeader(http.StatusNotFound)
		return
	}

	http.Redirect(response, request, profile.Textures.Skin.Url, 301)
}

func (ctx *Skinsystem) skinGetHandler(response http.ResponseWriter, request *http.Request) {
	username := request.URL.Query().Get("name")
	if username == "" {
		response.WriteHeader(http.StatusBadRequest)
		return
	}

	mux.Vars(request)["username"] = username

	ctx.skinHandler(response, request)
}

func (ctx *Skinsystem) capeHandler(response http.ResponseWriter, request *http.Request) {
	profile, err := ctx.getProfile(request, true)
	if err != nil {
		panic(err)
	}

	if profile == nil || profile.Textures == nil || (profile.CapeFile == nil && profile.Textures.Cape == nil) {
		response.WriteHeader(http.StatusNotFound)
		return
	}

	if profile.CapeFile == nil {
		http.Redirect(response, request, profile.Textures.Cape.Url, 301)
	} else {
		request.Header.Set("Content-Type", "image/png")
		_, _ = io.Copy(response, profile.CapeFile)
	}
}

func (ctx *Skinsystem) capeGetHandler(response http.ResponseWriter, request *http.Request) {
	username := request.URL.Query().Get("name")
	if username == "" {
		response.WriteHeader(http.StatusBadRequest)
		return
	}

	mux.Vars(request)["username"] = username

	ctx.capeHandler(response, request)
}

func (ctx *Skinsystem) texturesHandler(response http.ResponseWriter, request *http.Request) {
	profile, err := ctx.getProfile(request, true)
	if err != nil {
		panic(err)
	}

	if profile == nil || profile.Textures == nil || (profile.Textures.Skin == nil && profile.Textures.Cape == nil) {
		response.WriteHeader(http.StatusNoContent)
		return
	}

	responseData, _ := json.Marshal(profile.Textures)
	response.Header().Set("Content-Type", "application/json")
	_, _ = response.Write(responseData)
}

func (ctx *Skinsystem) signedTexturesHandler(response http.ResponseWriter, request *http.Request) {
	profile, err := ctx.getProfile(request, request.URL.Query().Get("proxy") != "")
	if err != nil {
		panic(err)
	}

	if profile == nil || profile.MojangTextures == "" {
		response.WriteHeader(http.StatusNoContent)
		return
	}

	profileResponse := &mojang.SignedTexturesResponse{
		Id:   profile.Id,
		Name: profile.Username,
		Props: []*mojang.Property{
			{
				Name:      "textures",
				Signature: profile.MojangSignature,
				Value:     profile.MojangTextures,
			},
			{
				Name:  ctx.TexturesExtraParamName,
				Value: ctx.TexturesExtraParamValue,
			},
		},
	}

	responseJson, _ := json.Marshal(profileResponse)
	response.Header().Set("Content-Type", "application/json")
	_, _ = response.Write(responseJson)
}

func (ctx *Skinsystem) profileHandler(response http.ResponseWriter, request *http.Request) {
	profile, err := ctx.getProfile(request, true)
	if err != nil {
		panic(err)
	}

	if profile == nil {
		response.WriteHeader(http.StatusNoContent)
		return
	}

	texturesPropContent := &mojang.TexturesProp{
		Timestamp:   utils.UnixMillisecond(timeNow()),
		ProfileID:   profile.Id,
		ProfileName: profile.Username,
		Textures:    profile.Textures,
	}

	texturesPropValueJson, _ := json.Marshal(texturesPropContent)
	texturesPropEncodedValue := base64.StdEncoding.EncodeToString(texturesPropValueJson)

	texturesProp := &mojang.Property{
		Name:  "textures",
		Value: texturesPropEncodedValue,
	}

	if request.URL.Query().Get("unsigned") == "false" {
		signature, err := ctx.TexturesSigner.SignTextures(texturesProp.Value)
		if err != nil {
			panic(err)
		}

		texturesProp.Signature = signature
	}

	profileResponse := &mojang.SignedTexturesResponse{
		Id:   profile.Id,
		Name: profile.Username,
		Props: []*mojang.Property{
			texturesProp,
			{
				Name:  ctx.TexturesExtraParamName,
				Value: ctx.TexturesExtraParamValue,
			},
		},
	}

	responseJson, _ := json.Marshal(profileResponse)
	response.Header().Set("Content-Type", "application/json")
	_, _ = response.Write(responseJson)
}

func (ctx *Skinsystem) signatureVerificationKeyHandler(response http.ResponseWriter, request *http.Request) {
	publicKey, err := ctx.TexturesSigner.GetPublicKey()
	if err != nil {
		panic(err)
	}

	asn1Bytes, err := x509.MarshalPKIXPublicKey(publicKey)
	if err != nil {
		panic(err)
	}

	if strings.HasSuffix(request.URL.Path, ".pem") {
		publicKeyBlock := pem.Block{
			Type:  "PUBLIC KEY",
			Bytes: asn1Bytes,
		}

		publicKeyPemBytes := pem.EncodeToMemory(&publicKeyBlock)

		response.Header().Set("Content-Disposition", "attachment; filename=\"yggdrasil_session_pubkey.pem\"")
		_, _ = response.Write(publicKeyPemBytes)
	} else {
		response.Header().Set("Content-Type", "application/octet-stream")
		response.Header().Set("Content-Disposition", "attachment; filename=\"yggdrasil_session_pubkey.der\"")
		_, _ = response.Write(asn1Bytes)
	}
}

// TODO: in v5 should be extracted into some ProfileProvider interface,
//       which will encapsulate all logics, declared in this method
func (ctx *Skinsystem) getProfile(request *http.Request, proxy bool) (*profile, error) {
	username := parseUsername(mux.Vars(request)["username"])

	skin, err := ctx.SkinsRepo.FindSkinByUsername(username)
	if err != nil {
		return nil, err
	}

	profile := &profile{
		Id:              "",
		Username:        "",
		Textures:        &mojang.TexturesResponse{}, // Field must be initialized to avoid "null" after json encoding
		CapeFile:        nil,
		MojangTextures:  "",
		MojangSignature: "",
	}

	if skin != nil {
		profile.Id = strings.Replace(skin.Uuid, "-", "", -1)
		profile.Username = skin.Username
	}

	if skin != nil && skin.SkinId != 0 {
		profile.Textures.Skin = &mojang.SkinTexturesResponse{
			Url: skin.Url,
		}

		if skin.IsSlim {
			profile.Textures.Skin.Metadata = &mojang.SkinTexturesMetadata{
				Model: "slim",
			}
		}

		cape, _ := ctx.CapesRepo.FindCapeByUsername(username)
		if cape != nil {
			profile.CapeFile = cape.File
			profile.Textures.Cape = &mojang.CapeTexturesResponse{
				// Use statically http since the application doesn't support TLS
				Url: "http://" + request.Host + "/cloaks/" + username,
			}
		}

		profile.MojangTextures = skin.MojangTextures
		profile.MojangSignature = skin.MojangSignature
	} else if proxy {
		mojangProfile, err := ctx.MojangTexturesProvider.GetForUsername(username)
		// If we at least know something about a user,
		// than we can ignore an error and return profile without textures
		if err != nil && profile.Id != "" {
			return profile, nil
		}

		if err != nil || mojangProfile == nil {
			return nil, err
		}

		decodedTextures, err := mojangProfile.DecodeTextures()
		if err != nil {
			return nil, err
		}

		// There might be no textures property
		if decodedTextures != nil {
			profile.Textures = decodedTextures.Textures
		}

		var texturesProp *mojang.Property
		for _, prop := range mojangProfile.Props {
			if prop.Name == "textures" {
				texturesProp = prop
				break
			}
		}

		if texturesProp != nil {
			profile.MojangTextures = texturesProp.Value
			profile.MojangSignature = texturesProp.Signature
		}

		// If user id is unknown at this point, then use values from Mojang profile
		if profile.Id == "" {
			profile.Id = mojangProfile.Id
			profile.Username = mojangProfile.Name
		}
	} else {
		return nil, nil
	}

	return profile, nil
}

func parseUsername(username string) string {
	return strings.TrimSuffix(username, ".png")
}