Topic/update groups

client/src/main/java/com/collarmc/client/api/http/RESTClient.java

@@ -2,8 +2,9 @@
 
 import com.collarmc.api.authentication.AuthenticationService.LoginRequest;
 import com.collarmc.api.authentication.AuthenticationService.LoginResponse;
-import com.collarmc.api.groups.http.CreateGroupTokenRequest;
-import com.collarmc.api.groups.http.CreateGroupTokenResponse;
+import com.collarmc.api.groups.http.CreateGroupManagementTokenResponse;
+import com.collarmc.api.groups.http.CreateGroupMembershipTokenRequest;
+import com.collarmc.api.groups.http.CreateGroupMembershipTokenResponse;
 import com.collarmc.api.groups.Group;
 import com.collarmc.api.groups.http.ValidateGroupTokenRequest;
 import com.collarmc.api.http.HttpException;
@@ -56,16 +57,29 @@ public List<Group> groups(String apiToken) {
     }
 
     /**
-     * Creates a group token used to verify that
+     * Creates a token used to verify that a collar player is member of a group
      * @param apiToken of the user
      * @param group id of group
      * @return response
      */
-    public CreateGroupTokenResponse createGroupMembershipToken(String apiToken, UUID group) {
-        Request authorization = Request.url(url("groups", "token"))
+    public CreateGroupMembershipTokenResponse createGroupMembershipToken(String apiToken, UUID group) {
+        Request authorization = Request.url(url("groups", "token/membership"))
                 .addHeader("Authorization", "Bearer " + apiToken)
-                .postJson(new CreateGroupTokenRequest(group));
-        return http.execute(authorization, Response.json(CreateGroupTokenResponse.class));
+                .postJson(new CreateGroupMembershipTokenRequest(group));
+        return http.execute(authorization, Response.json(CreateGroupMembershipTokenResponse.class));
+    }
+
+    /**
+     * Creates a token used to manage a collar group
+     * @param apiToken of the user
+     * @param group id of group
+     * @return response
+     */
+    public CreateGroupManagementTokenResponse createGroupManagementToken(String apiToken, UUID group) {
+        Request authorization = Request.url(url("groups", "token/management"))
+                .addHeader("Authorization", "Bearer " + apiToken)
+                .postJson(new CreateGroupMembershipTokenRequest(group));
+        return http.execute(authorization, Response.json(CreateGroupManagementTokenResponse.class));
     }
 
     /**

server/src/main/java/com/collarmc/server/CollarServer.java

@@ -24,7 +24,6 @@
 import com.collarmc.security.messages.CipherException;
 import com.collarmc.security.mojang.MinecraftPlayer;
 import com.collarmc.security.mojang.Mojang;
-import com.collarmc.server.http.ApiToken;
 import com.collarmc.server.protocol.*;
 import io.github.bucket4j.Bandwidth;
 import io.github.bucket4j.Bucket;

server/src/main/java/com/collarmc/server/Services.java

@@ -9,7 +9,7 @@
 import com.collarmc.server.security.hashing.PasswordHashing;
 import com.collarmc.server.security.mojang.MinecraftSessionVerifier;
 import com.collarmc.server.services.authentication.ServerAuthenticationService;
-import com.collarmc.server.services.authentication.TokenCrypter;
+import com.collarmc.security.TokenCrypter;
 import com.collarmc.server.services.friends.FriendsService;
 import com.collarmc.server.services.groups.GroupService;
 import com.collarmc.server.services.groups.GroupStore;
@@ -61,7 +61,7 @@ public Services(Configuration configuration) throws Exception {
         this.tokenCrypter = configuration.tokenCrypter;
         this.auth = new ServerAuthenticationService(profiles, passwordHashing, tokenCrypter, configuration.email, urlProvider);
         this.minecraftSessionVerifier = configuration.minecraftSessionVerifier;
-        this.groupStore = new GroupStore(profileCache, sessions, configuration.database);
+        this.groupStore = new GroupStore(profileCache, sessions, tokenCrypter, configuration.database);
         this.groups = new GroupService(groupStore, profileCache, sessions, identityStore.cipher());
         this.playerLocations = new PlayerLocationService(this);
         this.textures = new TextureService(configuration.database);

server/src/main/java/com/collarmc/server/WebServer.java

@@ -4,7 +4,7 @@
 import com.collarmc.api.groups.Group;
 import com.collarmc.api.groups.GroupType;
 import com.collarmc.api.groups.MembershipRole;
-import com.collarmc.api.groups.http.CreateGroupTokenRequest;
+import com.collarmc.api.groups.http.*;
 import com.collarmc.api.http.*;
 import com.collarmc.api.http.HttpException.BadRequestException;
 import com.collarmc.api.http.HttpException.NotFoundException;
@@ -18,10 +18,9 @@
 import com.collarmc.server.common.ServerStatus;
 import com.collarmc.server.common.ServerVersion;
 import com.collarmc.server.configuration.Configuration;
-import com.collarmc.server.http.ApiToken;
+import com.collarmc.security.ApiToken;
 import com.collarmc.server.http.HandlebarsTemplateEngine;
-import com.collarmc.server.services.authentication.TokenCrypter;
-import com.collarmc.api.groups.http.ValidateGroupTokenRequest;
+import com.collarmc.security.TokenCrypter;
 import com.collarmc.server.services.textures.TextureService;
 import com.collarmc.server.session.ClientRegistrationService;
 import com.collarmc.server.session.ClientRegistrationService.RegisterClientRequest;
@@ -210,7 +209,7 @@ public void start(Consumer<Services> callback) throws Exception {
                 });
 
                 path("/groups", () -> {
-                    get("/groups", (request, response) -> {
+                    get("/", (request, response) -> {
                         RequestContext context = from(request);
                         context.assertNotAnonymous();
                         return services.groupStore.findGroupsContaining(context.owner).collect(Collectors.toList());
@@ -222,11 +221,23 @@ public void start(Consumer<Services> callback) throws Exception {
                         services.groups.validateGroupToken(req);
                         return "OK";
                     }, services.jsonMapper::writeValueAsString);
-                    post("/token", (request, response) -> {
+                    post("/token/membership", (request, response) -> {
+                        RequestContext context = from(request);
+                        context.assertNotAnonymous();
+                        CreateGroupMembershipTokenRequest req = services.jsonMapper.readValue(request.bodyAsBytes(), CreateGroupMembershipTokenRequest.class);
+                        return services.groups.createGroupMembershipToken(context, req);
+                    }, services.jsonMapper::writeValueAsString);
+                    post("/token/management", (request, response) -> {
+                        RequestContext context = from(request);
+                        context.assertNotAnonymous();
+                        CreateGroupManagementTokenRequest req = services.jsonMapper.readValue(request.bodyAsBytes(), CreateGroupManagementTokenRequest.class);
+                        return services.groups.createGroupManagementToken(context, req);
+                    }, services.jsonMapper::writeValueAsString);
+                    post("/members/add", (request, response) -> {
                         RequestContext context = from(request);
                         context.assertNotAnonymous();
-                        CreateGroupTokenRequest req = services.jsonMapper.readValue(request.bodyAsBytes(), CreateGroupTokenRequest.class);
-                        return services.groups.createGroupToken(context, req);
+                        UpdateGroupMembershipRequest req = services.jsonMapper.readValue(request.bodyAsBytes(), UpdateGroupMembershipRequest.class);
+                        return services.groups.updateMembers(context, req);
                     }, services.jsonMapper::writeValueAsString);
                 });
 

server/src/main/java/com/collarmc/server/configuration/Configuration.java

@@ -8,11 +8,12 @@
 import com.collarmc.server.mail.LocalEmail;
 import com.collarmc.server.mail.MailGunEmail;
 import com.collarmc.server.mongo.Mongo;
+import com.collarmc.server.security.TokenCrypterImpl;
 import com.collarmc.server.security.hashing.PasswordHashing;
 import com.collarmc.server.security.mojang.MinecraftSessionVerifier;
 import com.collarmc.server.security.mojang.MojangMinecraftSessionVerifier;
 import com.collarmc.server.security.mojang.NojangMinecraftSessionVerifier;
-import com.collarmc.server.services.authentication.TokenCrypter;
+import com.collarmc.security.TokenCrypter;
 import com.mongodb.client.MongoDatabase;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -87,7 +88,7 @@ public static Configuration fromEnvironment() {
         return new Configuration(
                 Mongo.database(),
                 appUrlProvider,
-                new TokenCrypter(crypterPassword),
+                new TokenCrypterImpl(crypterPassword),
                 new PasswordHashing(passwordSalt),
                 useMojang ? new MojangMinecraftSessionVerifier(http) : new NojangMinecraftSessionVerifier(),
                 appUrlProvider.homeUrl(),
@@ -104,7 +105,7 @@ public static Configuration defaultConfiguration() {
         return new Configuration(
                 Mongo.database("mongodb://localhost/collar-dev"),
                 appUrlProvider,
-                new TokenCrypter("insecureTokenCrypterPassword"),
+                new TokenCrypterImpl("insecureTokenCrypterPassword"),
                 new PasswordHashing("VSZL*bR8-=r]r5P_"),
                 new NojangMinecraftSessionVerifier(),
                 "*",
@@ -120,7 +121,7 @@ public static Configuration testConfiguration(MongoDatabase db, MinecraftSession
         return new Configuration(
                 db,
                 appUrlProvider,
-                new TokenCrypter("insecureTokenCrypterPassword"),
+                new TokenCrypterImpl("insecureTokenCrypterPassword"),
                 new PasswordHashing("VSZL*bR8-=r]r5P_"),
                 sessionVerifier,
                 "*",

server/src/main/java/com/collarmc/server/services/authentication/TokenCrypter.java → server/src/main/java/com/collarmc/server/security/TokenCrypterImpl.java

@@ -1,21 +1,24 @@
-package com.collarmc.server.services.authentication;
+package com.collarmc.server.security;
 
 
+import com.collarmc.security.TokenCrypter;
 import org.jasypt.util.binary.AES256BinaryEncryptor;
 
-public class TokenCrypter {
+public class TokenCrypterImpl implements TokenCrypter {
 
     private final AES256BinaryEncryptor encryptor;
 
-    public TokenCrypter(String password) {
+    public TokenCrypterImpl(String password) {
         encryptor = new AES256BinaryEncryptor();
         encryptor.setPassword(password);
     }
 
+    @Override
     public byte[] decrypt(byte[] bytes) {
         return encryptor.decrypt(bytes);
     }
 
+    @Override
     public byte[] crypt(byte[] bytes) {
         return encryptor.encrypt(bytes);
     }

server/src/main/java/com/collarmc/server/services/authentication/ServerAuthenticationService.java

@@ -9,9 +9,10 @@
 import com.collarmc.api.profiles.ProfileService.CreateProfileRequest;
 import com.collarmc.api.profiles.ProfileService.GetProfileRequest;
 import com.collarmc.api.profiles.ProfileService.UpdateProfileRequest;
-import com.collarmc.server.http.ApiToken;
+import com.collarmc.security.ApiToken;
 import com.collarmc.server.http.AppUrlProvider;
 import com.collarmc.server.mail.Email;
+import com.collarmc.security.TokenCrypter;
 import com.collarmc.server.security.hashing.PasswordHashing;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -20,6 +21,7 @@
 import java.util.Date;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 import java.util.concurrent.ForkJoinPool;
 import java.util.concurrent.TimeUnit;
 
@@ -161,7 +163,7 @@ public ResetPasswordResponse resetPassword(RequestContext context, ResetPassword
      * @return token
      */
     public String createToken(Profile profile) {
-        ApiToken apiToken = new ApiToken(profile.id, profile.roles);
+        ApiToken apiToken = new ApiToken(profile.id, profile.roles, Set.of());
         String token;
         try {
             token = apiToken.serialize(tokenCrypter);