NEW: group tokens

collarmc · Oct 24, 2021 · 0c283fb · 0c283fb
1 parent ca5575e
commit 0c283fb
Show file tree

Hide file tree

Showing 21 changed files with 315 additions and 205 deletions.
diff --git a/server/src/main/java/com/collarmc/server/CollarServer.java b/server/src/main/java/com/collarmc/server/CollarServer.java
@@ -24,7 +24,6 @@
 import com.collarmc.security.messages.CipherException;
 import com.collarmc.security.mojang.MinecraftPlayer;
 import com.collarmc.security.mojang.Mojang;
-import com.collarmc.server.http.ApiToken;
 import com.collarmc.server.protocol.*;
 import io.github.bucket4j.Bandwidth;
 import io.github.bucket4j.Bucket;

diff --git a/server/src/main/java/com/collarmc/server/Services.java b/server/src/main/java/com/collarmc/server/Services.java
@@ -9,7 +9,7 @@
 import com.collarmc.server.security.hashing.PasswordHashing;
 import com.collarmc.server.security.mojang.MinecraftSessionVerifier;
 import com.collarmc.server.services.authentication.ServerAuthenticationService;
-import com.collarmc.server.services.authentication.TokenCrypter;
+import com.collarmc.security.TokenCrypter;
 import com.collarmc.server.services.friends.FriendsService;
 import com.collarmc.server.services.groups.GroupService;
 import com.collarmc.server.services.groups.GroupStore;
@@ -61,7 +61,7 @@ public Services(Configuration configuration) throws Exception {
         this.tokenCrypter = configuration.tokenCrypter;
         this.auth = new ServerAuthenticationService(profiles, passwordHashing, tokenCrypter, configuration.email, urlProvider);
         this.minecraftSessionVerifier = configuration.minecraftSessionVerifier;
-        this.groupStore = new GroupStore(profileCache, sessions, configuration.database);
+        this.groupStore = new GroupStore(profileCache, sessions, tokenCrypter, configuration.database);
         this.groups = new GroupService(groupStore, profileCache, sessions, identityStore.cipher());
         this.playerLocations = new PlayerLocationService(this);
         this.textures = new TextureService(configuration.database);

diff --git a/server/src/main/java/com/collarmc/server/WebServer.java b/server/src/main/java/com/collarmc/server/WebServer.java
@@ -5,6 +5,7 @@
 import com.collarmc.api.groups.GroupType;
 import com.collarmc.api.groups.MembershipRole;
 import com.collarmc.api.groups.http.CreateGroupTokenRequest;
+import com.collarmc.api.groups.http.UpdateGroupMembershipRequest;
 import com.collarmc.api.http.*;
 import com.collarmc.api.http.HttpException.BadRequestException;
 import com.collarmc.api.http.HttpException.NotFoundException;
@@ -18,9 +19,9 @@
 import com.collarmc.server.common.ServerStatus;
 import com.collarmc.server.common.ServerVersion;
 import com.collarmc.server.configuration.Configuration;
-import com.collarmc.server.http.ApiToken;
+import com.collarmc.security.ApiToken;
 import com.collarmc.server.http.HandlebarsTemplateEngine;
-import com.collarmc.server.services.authentication.TokenCrypter;
+import com.collarmc.security.TokenCrypter;
 import com.collarmc.api.groups.http.ValidateGroupTokenRequest;
 import com.collarmc.server.services.textures.TextureService;
 import com.collarmc.server.session.ClientRegistrationService;
@@ -210,7 +211,7 @@ public void start(Consumer<Services> callback) throws Exception {
                 });
 
                 path("/groups", () -> {
-                    get("/groups", (request, response) -> {
+                    get("/", (request, response) -> {
                         RequestContext context = from(request);
                         context.assertNotAnonymous();
                         return services.groupStore.findGroupsContaining(context.owner).collect(Collectors.toList());
@@ -228,6 +229,12 @@ public void start(Consumer<Services> callback) throws Exception {
                         CreateGroupTokenRequest req = services.jsonMapper.readValue(request.bodyAsBytes(), CreateGroupTokenRequest.class);
                         return services.groups.createGroupToken(context, req);
                     }, services.jsonMapper::writeValueAsString);
+                    post("/members/add", (request, response) -> {
+                        RequestContext context = from(request);
+                        context.assertNotAnonymous();
+                        UpdateGroupMembershipRequest req = services.jsonMapper.readValue(request.bodyAsBytes(), UpdateGroupMembershipRequest.class);
+                        return services.groups.updateMembers(context, req);
+                    }, services.jsonMapper::writeValueAsString);
                 });
 
                 path("/auth", () -> {

diff --git a/server/src/main/java/com/collarmc/server/configuration/Configuration.java b/server/src/main/java/com/collarmc/server/configuration/Configuration.java
@@ -8,11 +8,12 @@
 import com.collarmc.server.mail.LocalEmail;
 import com.collarmc.server.mail.MailGunEmail;
 import com.collarmc.server.mongo.Mongo;
+import com.collarmc.server.security.TokenCrypterImpl;
 import com.collarmc.server.security.hashing.PasswordHashing;
 import com.collarmc.server.security.mojang.MinecraftSessionVerifier;
 import com.collarmc.server.security.mojang.MojangMinecraftSessionVerifier;
 import com.collarmc.server.security.mojang.NojangMinecraftSessionVerifier;
-import com.collarmc.server.services.authentication.TokenCrypter;
+import com.collarmc.security.TokenCrypter;
 import com.mongodb.client.MongoDatabase;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -87,7 +88,7 @@ public static Configuration fromEnvironment() {
         return new Configuration(
                 Mongo.database(),
                 appUrlProvider,
-                new TokenCrypter(crypterPassword),
+                new TokenCrypterImpl(crypterPassword),
                 new PasswordHashing(passwordSalt),
                 useMojang ? new MojangMinecraftSessionVerifier(http) : new NojangMinecraftSessionVerifier(),
                 appUrlProvider.homeUrl(),
@@ -104,7 +105,7 @@ public static Configuration defaultConfiguration() {
         return new Configuration(
                 Mongo.database("mongodb://localhost/collar-dev"),
                 appUrlProvider,
-                new TokenCrypter("insecureTokenCrypterPassword"),
+                new TokenCrypterImpl("insecureTokenCrypterPassword"),
                 new PasswordHashing("VSZL*bR8-=r]r5P_"),
                 new NojangMinecraftSessionVerifier(),
                 "*",
@@ -120,7 +121,7 @@ public static Configuration testConfiguration(MongoDatabase db, MinecraftSession
         return new Configuration(
                 db,
                 appUrlProvider,
-                new TokenCrypter("insecureTokenCrypterPassword"),
+                new TokenCrypterImpl("insecureTokenCrypterPassword"),
                 new PasswordHashing("VSZL*bR8-=r]r5P_"),
                 sessionVerifier,
                 "*",

diff --git a/server/src/main/java/com/collarmc/server/http/ApiToken.java b/server/src/main/java/com/collarmc/server/http/ApiToken.java
diff --git a/server/src/main/java/com/collarmc/server/http/Cookie.java b/server/src/main/java/com/collarmc/server/http/Cookie.java
diff --git a/...services/authentication/TokenCrypter.java → ...rmc/server/security/TokenCrypterImpl.java b/...services/authentication/TokenCrypter.java → ...rmc/server/security/TokenCrypterImpl.java
@@ -1,21 +1,24 @@
-package com.collarmc.server.services.authentication;
+package com.collarmc.server.security;
 
 
+import com.collarmc.security.TokenCrypter;
 import org.jasypt.util.binary.AES256BinaryEncryptor;
 
-public class TokenCrypter {
+public class TokenCrypterImpl implements TokenCrypter {
 
     private final AES256BinaryEncryptor encryptor;
 
-    public TokenCrypter(String password) {
+    public TokenCrypterImpl(String password) {
         encryptor = new AES256BinaryEncryptor();
         encryptor.setPassword(password);
     }
 
+    @Override
     public byte[] decrypt(byte[] bytes) {
         return encryptor.decrypt(bytes);
     }
 
+    @Override
     public byte[] crypt(byte[] bytes) {
         return encryptor.encrypt(bytes);
     }

diff --git a/...rc/main/java/com/collarmc/server/services/authentication/ServerAuthenticationService.java b/...rc/main/java/com/collarmc/server/services/authentication/ServerAuthenticationService.java
@@ -9,9 +9,10 @@
 import com.collarmc.api.profiles.ProfileService.CreateProfileRequest;
 import com.collarmc.api.profiles.ProfileService.GetProfileRequest;
 import com.collarmc.api.profiles.ProfileService.UpdateProfileRequest;
-import com.collarmc.server.http.ApiToken;
+import com.collarmc.security.ApiToken;
 import com.collarmc.server.http.AppUrlProvider;
 import com.collarmc.server.mail.Email;
+import com.collarmc.security.TokenCrypter;
 import com.collarmc.server.security.hashing.PasswordHashing;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -20,6 +21,7 @@
 import java.util.Date;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 import java.util.concurrent.ForkJoinPool;
 import java.util.concurrent.TimeUnit;
 
@@ -161,7 +163,7 @@ public ResetPasswordResponse resetPassword(RequestContext context, ResetPassword
      * @return token
      */
     public String createToken(Profile profile) {
-        ApiToken apiToken = new ApiToken(profile.id, profile.roles);
+        ApiToken apiToken = new ApiToken(profile.id, profile.roles, Set.of());
         String token;
         try {
             token = apiToken.serialize(tokenCrypter);

diff --git a/server/src/main/java/com/collarmc/server/services/authentication/VerificationToken.java b/server/src/main/java/com/collarmc/server/services/authentication/VerificationToken.java
@@ -1,5 +1,6 @@
 package com.collarmc.server.services.authentication;
 
+import com.collarmc.security.TokenCrypter;
 import com.google.common.io.BaseEncoding;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;