fix(download): restore password verification

This commit is contained in:
Diavolo 2024-01-13 13:15:16 +01:00
parent 3f271ec1ed
commit d1dd4af6af
No known key found for this signature in database
GPG Key ID: FA77F074E98D98A5

View File

@ -462,6 +462,40 @@ namespace Components
mg_http_reply(connection, 200, formatted.c_str(), "%s", data.c_str()); mg_http_reply(connection, 200, formatted.c_str(), "%s", data.c_str());
} }
bool VerifyPassword([[maybe_unused]] mg_connection* c, [[maybe_unused]] const mg_http_message* hm)
{
const std::string g_password = *Game::g_password ? (*Game::g_password)->current.string : "";
if (g_password.empty()) return true;
// SHA256 hashes are 64 characters long but we're gonna be safe here
char buffer[128]{};
const auto len = mg_http_get_var(&hm->query, "password", buffer, sizeof(buffer));
const auto reply = [&c](const char* s) -> void
{
mg_printf(c, "%s", "HTTP/1.1 403 Forbidden\r\n");
mg_printf(c, "%s", "Content-Type: text/plain\r\n");
mg_printf(c, "Connection: close\r\n");
mg_printf(c, "%s", "\r\n");
mg_printf(c, "%s", s);
};
if (len <= 0)
{
reply("Password Required");
return false;
}
const auto password = std::string(buffer, len);
if (password != Utils::String::DumpHex(Utils::Cryptography::SHA256::Compute(g_password), ""))
{
reply("Invalid Password");
return false;
}
return true;
}
std::optional<std::string> Download::InfoHandler([[maybe_unused]] mg_connection* c, [[maybe_unused]] const mg_http_message* hm) std::optional<std::string> Download::InfoHandler([[maybe_unused]] mg_connection* c, [[maybe_unused]] const mg_http_message* hm)
{ {
if (!(*Game::com_sv_running)->current.enabled) if (!(*Game::com_sv_running)->current.enabled)
@ -524,6 +558,12 @@ namespace Components
static nlohmann::json jsonList; static nlohmann::json jsonList;
static std::filesystem::path fsGamePre; static std::filesystem::path fsGamePre;
if (!VerifyPassword(c, hm))
{
// Custom reply done in VerifyPassword
return {};
}
const std::filesystem::path fsGame = (*Game::fs_gameDirVar)->current.string; const std::filesystem::path fsGame = (*Game::fs_gameDirVar)->current.string;
if (!fsGame.empty() && (fsGamePre != fsGame)) if (!fsGame.empty() && (fsGamePre != fsGame))
@ -572,6 +612,12 @@ namespace Components
static std::string mapNamePre; static std::string mapNamePre;
static nlohmann::json jsonList; static nlohmann::json jsonList;
if (!VerifyPassword(c, hm))
{
// Custom reply done in VerifyPassword
return {};
}
const std::string mapName = Party::IsInUserMapLobby() ? (*Game::ui_mapname)->current.string : Maps::GetUserMap()->getName(); const std::string mapName = Party::IsInUserMapLobby() ? (*Game::ui_mapname)->current.string : Maps::GetUserMap()->getName();
if (!Maps::GetUserMap()->isValid() && !Party::IsInUserMapLobby()) if (!Maps::GetUserMap()->isValid() && !Party::IsInUserMapLobby())
{ {