Minecon724/mstats
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages 2 Wiki Activity Actions

fix: Fix admin auth

Browse source
This commit is contained in:
Minecon724 2025-02-16 20:47:03 +01:00
parent 55ead2192e
commit 1ad64f8e24
Signed by: Minecon724
GPG key ID: 3CCC4D267742C8E8
3 changed files with 33 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/main/java/eu/m724/mstats/Startup.java
View file

@ -1,14 +1,17 @@
package eu.m724.mstats; package eu.m724.mstats;
import eu.m724.mstats.api.service.PluginService; import eu.m724.mstats.api.service.PluginService;
import eu.m724.mstats.auth.AuthService;
import eu.m724.mstats.orm.PluginVersion; import eu.m724.mstats.orm.PluginVersion;
import eu.m724.mstats.orm.Server; import eu.m724.mstats.orm.Server;
import io.quarkus.logging.Log; import io.quarkus.logging.Log;
import io.quarkus.runtime.StartupEvent; import io.quarkus.runtime.StartupEvent;
import io.quarkus.scheduler.Scheduled; import io.quarkus.scheduler.Scheduled;
import io.smallrye.config.inject.ConfigProducer;
import jakarta.enterprise.event.Observes; import jakarta.enterprise.event.Observes;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.transaction.Transactional; import jakarta.transaction.Transactional;
import org.eclipse.microprofile.config.ConfigProvider;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import java.time.LocalDateTime; import java.time.LocalDateTime;
@ -17,8 +20,11 @@ public class Startup {
@Inject @Inject
PluginService pluginService; PluginService pluginService;
public void onStartup(@Observes StartupEvent event) { @Inject
AuthService authService;
public void onStartup(@Observes StartupEvent event) {
authService.init();
} }
// TODO move to a more appropriate class // TODO move to a more appropriate class

25
src/main/java/eu/m724/mstats/auth/AuthService.java
View file

@ -1,13 +1,19 @@
package eu.m724.mstats.auth; package eu.m724.mstats.auth;
import eu.m724.mstats.orm.Server; import eu.m724.mstats.orm.Server;
import io.quarkus.logging.Log;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import jakarta.transaction.Transactional; import jakarta.transaction.Transactional;
import org.eclipse.microprofile.config.ConfigProvider;
import java.util.Base64; import java.util.Base64;
import java.util.Optional;
import java.util.concurrent.ThreadLocalRandom;
@ApplicationScoped @ApplicationScoped
public class AuthService { public class AuthService {
private String adminToken;
@Transactional @Transactional
Server getServerByToken(String encoded) { Server getServerByToken(String encoded) {
try { try {
@ -17,4 +23,23 @@ public class AuthService {
return null; return null;
} }
} }
public void init() {
Optional<String> configuredToken = ConfigProvider.getConfig().getOptionalValue("mstats.admin.token", String.class);
if (configuredToken.isEmpty()) {
byte[] bytes = new byte[32];
ThreadLocalRandom.current().nextBytes(bytes);
this.adminToken = Base64.getEncoder().encodeToString(bytes);
} else {
this.adminToken = configuredToken.get();
}
Log.infof("Admin token: %s", this.adminToken);
}
String getAdminToken() {
return this.adminToken;
}
} }

23
src/main/java/eu/m724/mstats/auth/MyHttpAuthenticationMechanism.java
View file

@ -15,11 +15,7 @@ import jakarta.annotation.Priority;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.inject.Alternative; import jakarta.enterprise.inject.Alternative;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import org.eclipse.microprofile.config.ConfigProvider;
import java.util.Base64;
import java.util.Optional;
import java.util.concurrent.ThreadLocalRandom;
import java.util.function.Supplier; import java.util.function.Supplier;
@Alternative @Alternative
@ -29,30 +25,13 @@ public class MyHttpAuthenticationMechanism implements HttpAuthenticationMechanis
@Inject @Inject
AuthService authService; AuthService authService;
private final String adminToken;
public MyHttpAuthenticationMechanism() {
Optional<String> configuredToken = ConfigProvider.getConfig().getOptionalValue("database.name", String.class);
if (configuredToken.isEmpty()) {
byte[] bytes = new byte[32];
ThreadLocalRandom.current().nextBytes(bytes);
this.adminToken = Base64.getEncoder().encodeToString(bytes);
} else {
this.adminToken = configuredToken.get();
}
Log.infof("Admin token: %s", this.adminToken);
}
@Override @Override
public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) { public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
return Uni.createFrom().item((Supplier<SecurityIdentity>) () -> { return Uni.createFrom().item((Supplier<SecurityIdentity>) () -> {
String serverTokenEncoded = context.request().getHeader("X-Server-Token"); String serverTokenEncoded = context.request().getHeader("X-Server-Token");
if (serverTokenEncoded != null) { if (serverTokenEncoded != null) {
if (serverTokenEncoded.equals(this.adminToken)) { if (serverTokenEncoded.equals(authService.getAdminToken())) {
return QuarkusSecurityIdentity.builder() return QuarkusSecurityIdentity.builder()
.setPrincipal(new QuarkusPrincipal("Administrator")) .setPrincipal(new QuarkusPrincipal("Administrator"))
.addRole("admin") .addRole("admin")