Merge pull request #79 from diamante0018/password-mongoose

fix(download): restore password verification
2024-01-20 14:55:26 +01:00 · 2024-01-20 14:55:26 +01:00 · f6b19d6bc8
commit f6b19d6bc8
parent fdcaf34347 a62479816d
2 changed files with 45 additions and 2 deletions
--- a/src/Components/Modules/Download.cpp
+++ b/src/Components/Modules/Download.cpp
@ -435,7 +435,7 @@ namespace Components
 		MongooseLogBuffer.push_back(c);
 	}
-	void Download::ReplyError(mg_connection* connection, int code)
+	void Download::ReplyError(mg_connection* connection, int code, std::string messageOverride)
 	{
 		std::string msg{};
 		switch(code)
@ -453,6 +453,11 @@ namespace Components
 			break;
 		}
 		if (!messageOverride.empty())
 		{
 			msg = messageOverride;
 		}
 		mg_http_reply(connection, code, "Content-Type: text/plain\r\n", "%s", msg.c_str());
 	}
@ -462,6 +467,31 @@ namespace Components
 		mg_http_reply(connection, 200, formatted.c_str(), "%s", data.c_str());
 	}
 	bool VerifyPassword([[maybe_unused]] mg_connection* c, [[maybe_unused]] const mg_http_message* hm)
 	{
 		const std::string g_password = *Game::g_password ? (*Game::g_password)->current.string : "";
 		if (g_password.empty()) return true;
 		// SHA256 hashes are 64 characters long but we're gonna be safe here
 		char buffer[128]{};
 		const auto len = mg_http_get_var(&hm->query, "password", buffer, sizeof(buffer));
 		if (len <= 0)
 		{
 			Download::ReplyError(c, 403, "Password Required");
 			return false;
 		}
 		const auto password = std::string(buffer, len);
 		if (password != Utils::String::DumpHex(Utils::Cryptography::SHA256::Compute(g_password), ""))
 		{
 			Download::ReplyError(c, 403, "Invalid Password");
 			return false;
 		}
 		return true;
 	}
 	std::optional<std::string> Download::InfoHandler([[maybe_unused]] mg_connection* c, [[maybe_unused]] const mg_http_message* hm)
 	{
 		if (!(*Game::com_sv_running)->current.enabled)
@ -524,6 +554,12 @@ namespace Components
 		static nlohmann::json jsonList;
 		static std::filesystem::path fsGamePre;
 		if (!VerifyPassword(c, hm))
 		{
 			// Custom reply done in VerifyPassword
 			return {};
 		}
 		const std::filesystem::path fsGame = (*Game::fs_gameDirVar)->current.string;
 		if (!fsGame.empty() && (fsGamePre != fsGame))
@ -572,6 +608,12 @@ namespace Components
 		static std::string mapNamePre;
 		static nlohmann::json jsonList;
 		if (!VerifyPassword(c, hm))
 		{
 			// Custom reply done in VerifyPassword
 			return {};
 		}
 		const std::string mapName = Party::IsInUserMapLobby() ? (*Game::ui_mapname)->current.string : Maps::GetUserMap()->getName();
 		if (!Maps::GetUserMap()->isValid() && !Party::IsInUserMapLobby())
 		{
--- a/src/Components/Modules/Download.hpp
+++ b/src/Components/Modules/Download.hpp
@ -17,6 +17,8 @@ namespace Components
 		static void InitiateClientDownload(const std::string& mod, bool needPassword, bool map = false);
 		static void InitiateMapDownload(const std::string& map, bool needPassword);
 		static void ReplyError(mg_connection* connection, int code, std::string messageOverride = {});
 		static Dvar::Var SV_wwwDownload;
 		static Dvar::Var SV_wwwBaseUrl;
@ -105,7 +107,6 @@ namespace Components
 		static bool DownloadFile(ClientDownload* download, unsigned int index);
 		static void LogFn(char c, void* param);
 		static void ReplyError(mg_connection* connection, int code);
 		static void Reply(mg_connection* connection, const std::string& contentType, const std::string& data);
 		static std::optional<std::string> FileHandler(mg_connection* c, const mg_http_message* hm);