StrafesNET/maps-service
7
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

Revert "submissions: refactor auth to only make requests when needed"

Browse Source 
This reverts commit 8bf2c92df3f65a6bd7afa14420651c919f3dbfeb.
This commit is contained in:
Quaternions 2024-12-28 22:08:28 -08:00
parent c04ba33f9c
commit be75903226
4 changed files with 67 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/service/script_policy.go
View File

@ -19,11 +19,7 @@ func (svc *Service) CreateScriptPolicy(ctx context.Context, req *api.ScriptPolic
return nil, ErrUserInfo return nil, ErrUserInfo
} }
has_role, err := userInfo.HasRoleScriptWrite() if !userInfo.Roles.ScriptWrite {
if err != nil {
return nil, err
}
if !has_role {
return nil, ErrPermissionDenied return nil, ErrPermissionDenied
} }
@ -104,11 +100,7 @@ func (svc *Service) DeleteScriptPolicy(ctx context.Context, params api.DeleteScr
return ErrUserInfo return ErrUserInfo
} }
has_role, err := userInfo.HasRoleScriptWrite() if !userInfo.Roles.ScriptWrite {
if err != nil {
return err
}
if !has_role {
return ErrPermissionDenied return ErrPermissionDenied
} }
@ -152,11 +144,7 @@ func (svc *Service) UpdateScriptPolicy(ctx context.Context, req *api.ScriptPolic
return ErrUserInfo return ErrUserInfo
} }
has_role, err := userInfo.HasRoleScriptWrite() if !userInfo.Roles.ScriptWrite {
if err != nil {
return err
}
if !has_role {
return ErrPermissionDenied return ErrPermissionDenied
} }

18
pkg/service/scripts.go
View File

@ -19,11 +19,7 @@ func (svc *Service) CreateScript(ctx context.Context, req *api.ScriptCreate) (*a
return nil, ErrUserInfo return nil, ErrUserInfo
} }
has_role, err := userInfo.HasRoleScriptWrite() if !userInfo.Roles.ScriptWrite {
if err != nil {
return nil, err
}
if !has_role {
return nil, ErrPermissionDenied return nil, ErrPermissionDenied
} }
@ -100,11 +96,7 @@ func (svc *Service) DeleteScript(ctx context.Context, params api.DeleteScriptPar
return ErrUserInfo return ErrUserInfo
} }
has_role, err := userInfo.HasRoleScriptWrite() if !userInfo.Roles.ScriptWrite {
if err != nil {
return err
}
if !has_role {
return ErrPermissionDenied return ErrPermissionDenied
} }
@ -149,11 +141,7 @@ func (svc *Service) UpdateScript(ctx context.Context, req *api.ScriptUpdate, par
return ErrUserInfo return ErrUserInfo
} }
has_role, err := userInfo.HasRoleScriptWrite() if !userInfo.Roles.ScriptWrite {
if err != nil {
return err
}
if !has_role {
return ErrPermissionDenied return ErrPermissionDenied
} }

109
pkg/service/security.go
View File

@ -14,71 +14,34 @@ var (
ErrInvalidSession = errors.New("Session invalid") ErrInvalidSession = errors.New("Session invalid")
) )
type Role int32
var ( var (
// has ScriptWrite // has ScriptWrite
RoleQuat Role = 255 RoleQuat int32 = 255
// has SubmissionPublish // has SubmissionPublish
RoleMapAdmin Role = 128 RoleMapAdmin int32 = 128
// has SubmissionReview // has SubmissionReview
RoleMapCouncil Role = 64 RoleMapCouncil int32 = 64
) )
type Roles struct {
// human roles
SubmissionRelease bool
SubmissionReview bool
ScriptWrite bool
// Thumbnail bool
// MapDownload
// automated roles
Maptest bool
}
type UserInfo struct { type UserInfo struct {
// Would love to know a better way to do this Roles Roles
svc *SecurityHandler UserID uint64
ctx *context.Context
sessionId string
} }
func (usr UserInfo) GetUserID() (uint64, error) { func (usr UserInfo) IsSubmitter(submitter uint64) bool {
session, err := usr.svc.Client.GetSessionUser(*usr.ctx, &auth.IdMessage{ return usr.UserID == submitter
SessionID: usr.sessionId,
})
if err != nil {
return 0, err
}
return session.UserID, nil
}
func (usr UserInfo) IsSubmitter(submitter uint64) (bool, error) {
userId, err := usr.GetUserID()
if err != nil {
return false, err
}
return userId == submitter, nil
}
func (usr UserInfo) hasRole(role Role) (bool, error) {
roles, err := usr.svc.Client.GetGroupRole(*usr.ctx, &auth.IdMessage{
SessionID: usr.sessionId,
})
if err != nil {
return false, err
}
for _, r := range roles.Roles {
if int32(role) <= r.Rank {
return true, nil
}
}
return false, nil
}
// RoleThumbnail
// RoleMapDownload
func (usr UserInfo) HasRoleSubmissionRelease() (bool, error) {
return usr.hasRole(RoleMapAdmin)
}
func (usr UserInfo) HasRoleSubmissionReview() (bool, error) {
return usr.hasRole(RoleMapCouncil)
}
func (usr UserInfo) HasRoleScriptWrite() (bool, error) {
return usr.hasRole(RoleQuat)
}
/// Not implemented
func (usr UserInfo) HasRoleMaptest() (bool, error) {
println("HasRoleMaptest is not implemented!")
return false, nil
} }
type SecurityHandler struct { type SecurityHandler struct {
@ -91,6 +54,20 @@ func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName a
return nil, ErrMissingSessionID return nil, ErrMissingSessionID
} }
session, err := svc.Client.GetSessionUser(ctx, &auth.IdMessage{
SessionID: sessionId,
})
if err != nil {
return nil, err
}
role, err := svc.Client.GetGroupRole(ctx, &auth.IdMessage{
SessionID: sessionId,
})
if err != nil {
return nil, err
}
validate, err := svc.Client.ValidateSession(ctx, &auth.IdMessage{ validate, err := svc.Client.ValidateSession(ctx, &auth.IdMessage{
SessionID: sessionId, SessionID: sessionId,
}) })
@ -101,10 +78,24 @@ func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName a
return nil, ErrInvalidSession return nil, ErrInvalidSession
} }
roles := Roles{}
// fix this when roblox udpates group roles
for _, r := range role.Roles {
if RoleQuat <= r.Rank {
roles.ScriptWrite = true
}
if RoleMapAdmin <= r.Rank {
roles.SubmissionRelease = true
}
if RoleMapCouncil <= r.Rank {
roles.SubmissionReview = true
}
}
newCtx := context.WithValue(ctx, "UserInfo", UserInfo{ newCtx := context.WithValue(ctx, "UserInfo", UserInfo{
svc: &svc, Roles: roles,
ctx: &ctx, UserID: session.UserID,
sessionId: sessionId,
}) })
return newCtx, nil return newCtx, nil

56
pkg/service/submissions.go
View File

@ -42,10 +42,7 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *api.Submissio
return nil, ErrUserInfo return nil, ErrUserInfo
} }
userId, err := userInfo.GetUserID() userId := userInfo.UserID
if err != nil {
return nil, err
}
// Check if user's submissions in the creation phase exceeds the limit // Check if user's submissions in the creation phase exceeds the limit
{ {
@ -204,18 +201,15 @@ func (svc *Service) SetSubmissionCompleted(ctx context.Context, params api.SetSu
return ErrUserInfo return ErrUserInfo
} }
has_role, err := userInfo.HasRoleMaptest()
if err != nil {
return err
}
// check if caller has MaptestGame role (request must originate from a maptest roblox game) // check if caller has MaptestGame role (request must originate from a maptest roblox game)
if !has_role { if !userInfo.Roles.Maptest {
return ErrPermissionDenied return ErrPermissionDenied
} }
pmap := datastore.Optional() pmap := datastore.Optional()
pmap.Add("completed", true) pmap.Add("completed", true)
return svc.DB.Submissions().Update(ctx, params.SubmissionID, pmap) err := svc.DB.Submissions().Update(ctx, params.SubmissionID, pmap)
return err
} }
// UpdateSubmissionModel implements patchSubmissionModel operation. // UpdateSubmissionModel implements patchSubmissionModel operation.
@ -235,12 +229,8 @@ func (svc *Service) UpdateSubmissionModel(ctx context.Context, params api.Update
return err return err
} }
has_role, err := userInfo.IsSubmitter(uint64(submission.Submitter))
if err != nil {
return err
}
// check if caller is the submitter // check if caller is the submitter
if !has_role { if !userInfo.IsSubmitter(uint64(submission.Submitter)) {
return ErrPermissionDenied return ErrPermissionDenied
} }
@ -264,12 +254,8 @@ func (svc *Service) ActionSubmissionReject(ctx context.Context, params api.Actio
return ErrUserInfo return ErrUserInfo
} }
has_role, err := userInfo.HasRoleSubmissionReview()
if err != nil {
return err
}
// check if caller has required role // check if caller has required role
if !has_role { if !userInfo.Roles.SubmissionReview {
return ErrPermissionDenied return ErrPermissionDenied
} }
@ -290,12 +276,8 @@ func (svc *Service) ActionSubmissionRequestChanges(ctx context.Context, params a
return ErrUserInfo return ErrUserInfo
} }
has_role, err := userInfo.HasRoleSubmissionReview()
if err != nil {
return err
}
// check if caller has required role // check if caller has required role
if !has_role { if !userInfo.Roles.SubmissionReview {
return ErrPermissionDenied return ErrPermissionDenied
} }
@ -322,12 +304,8 @@ func (svc *Service) ActionSubmissionRevoke(ctx context.Context, params api.Actio
return err return err
} }
has_role, err := userInfo.IsSubmitter(uint64(submission.Submitter))
if err != nil {
return err
}
// check if caller is the submitter // check if caller is the submitter
if !has_role { if !userInfo.IsSubmitter(uint64(submission.Submitter)) {
return ErrPermissionDenied return ErrPermissionDenied
} }
@ -354,12 +332,8 @@ func (svc *Service) ActionSubmissionSubmit(ctx context.Context, params api.Actio
return err return err
} }
has_role, err := userInfo.IsSubmitter(uint64(submission.Submitter))
if err != nil {
return err
}
// check if caller is the submitter // check if caller is the submitter
if !has_role { if !userInfo.IsSubmitter(uint64(submission.Submitter)) {
return ErrPermissionDenied return ErrPermissionDenied
} }
@ -380,12 +354,8 @@ func (svc *Service) ActionSubmissionTriggerUpload(ctx context.Context, params ap
return ErrUserInfo return ErrUserInfo
} }
has_role, err := userInfo.HasRoleSubmissionRelease()
if err != nil {
return err
}
// check if caller has required role // check if caller has required role
if !has_role { if !userInfo.Roles.SubmissionRelease {
return ErrPermissionDenied return ErrPermissionDenied
} }
@ -445,12 +415,8 @@ func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params
return ErrUserInfo return ErrUserInfo
} }
has_role, err := userInfo.HasRoleSubmissionReview()
if err != nil {
return err
}
// check if caller has required role // check if caller has required role
if !has_role { if !userInfo.Roles.SubmissionReview {
return ErrPermissionDenied return ErrPermissionDenied
} }