_Bastler/partey_workadventure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'develop' into changeRegisterAccess

Browse Source 
Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com>

# Conflicts:
#	pusher/src/Services/AdminApi.ts
This commit is contained in:
Gregoire Parant
2022-03-17 09:54:24 +01:00
parent cfbf9dca23 3988559d2a
commit 5448596f01
1025 changed files with 16978 additions and 14921 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pusher/src/Controller/AdminController.ts
+68 -58
View File
@@ -1,45 +1,43 @@
import { BaseController } from "./BaseController";
import { HttpRequest, HttpResponse, TemplatedApp } from "uWebSockets.js";
import { ADMIN_API_TOKEN } from "../Enum/EnvironmentVariable";
import { apiClientRepository } from "../Services/ApiClientRepository";
import {
AdminRoomMessage,
WorldFullWarningToRoomMessage,
RefreshRoomPromptMessage,
} from "../Messages/generated/messages_pb";
import { adminToken } from "../Middleware/AdminToken";
import { BaseHttpController } from "./BaseHttpController";
export class AdminController extends BaseController {
constructor(private App: TemplatedApp) {
super();
this.App = App;
export class AdminController extends BaseHttpController {
routes() {
this.receiveGlobalMessagePrompt();
this.receiveRoomEditionPrompt();
}
/**
* @openapi
* /room/refresh:
* post:
* description: Forces anyone out of the room. The request must be authenticated with the "admin-token" header.
* parameters:
* - name: "admin-token"
* in: "header"
* required: true
* type: "string"
* description: TODO - move this to a classic "Authorization" header!
* - name: "roomId"
* in: "body"
* description: "The ID (full URL) to the room"
* required: true
* type: "string"
* responses:
* 200:
* description: Will always return "ok".
* example: "ok"
*/
receiveRoomEditionPrompt() {
this.App.options("/room/refresh", (res: HttpResponse, req: HttpRequest) => {
this.addCorsHeaders(res);
res.end();
});
// eslint-disable-next-line @typescript-eslint/no-misused-promises
this.App.post("/room/refresh", async (res: HttpResponse, req: HttpRequest) => {
res.onAborted(() => {
console.warn("/message request was aborted");
});
const token = req.getHeader("admin-token");
const body = await res.json();
if (ADMIN_API_TOKEN === "") {
res.writeStatus("401 Unauthorized").end("No token configured!");
return;
}
if (token !== ADMIN_API_TOKEN) {
console.error("Admin access refused for token: " + token);
res.writeStatus("401 Unauthorized").end("Incorrect token");
return;
}
this.app.post("/room/refresh", { middlewares: [adminToken] }, async (req, res) => {
const body = await req.json();
try {
if (typeof body.roomId !== "string") {
@@ -58,39 +56,53 @@ export class AdminController extends BaseController {
});
});
} catch (err) {
this.errorToResponse(err, res);
this.castErrorToResponse(err, res);
return;
}
res.writeStatus("200");
res.end("ok");
res.send("ok");
return;
});
}
/**
* @openapi
* /message:
* post:
* description: Sends a message (or a world full message) to a number of rooms.
* parameters:
* - name: "admin-token"
* in: "header"
* required: true
* type: "string"
* description: TODO - move this to a classic "Authorization" header!
* - name: "text"
* in: "body"
* description: "The text of the message"
* required: true
* type: "string"
* - name: "type"
* in: "body"
* description: Either "capacity" or "message
* required: true
* type: "string"
* - name: "targets"
* in: "body"
* description: The list of room IDs to target
* required: true
* type: array
* items:
* type: string
* example: "https://play.workadventu.re/@/foo/bar/baz"
* responses:
* 200:
* description: Will always return "ok".
* example: "ok"
*/
receiveGlobalMessagePrompt() {
this.App.options("/message", (res: HttpResponse, req: HttpRequest) => {
this.addCorsHeaders(res);
res.end();
});
// eslint-disable-next-line @typescript-eslint/no-misused-promises
this.App.post("/message", async (res: HttpResponse, req: HttpRequest) => {
res.onAborted(() => {
console.warn("/message request was aborted");
});
const token = req.getHeader("admin-token");
const body = await res.json();
if (ADMIN_API_TOKEN === "") {
res.writeStatus("401 Unauthorized").end("No token configured!");
return;
}
if (token !== ADMIN_API_TOKEN) {
console.error("Admin access refused for token: " + token);
res.writeStatus("401 Unauthorized").end("Incorrect token");
return;
}
this.app.post("/message", { middlewares: [adminToken] }, async (req, res) => {
const body = await req.json();
try {
if (typeof body.text !== "string") {
@@ -131,13 +143,11 @@ export class AdminController extends BaseController {
})
);
} catch (err) {
this.errorToResponse(err, res);
this.castErrorToResponse(err, res);
return;
}
res.writeStatus("200");
this.addCorsHeaders(res);
res.end("ok");
res.send("ok");
});
}
}
pusher/src/Controller/AuthenticateController.ts
+274 -112
View File
@@ -1,20 +1,18 @@
import { v4 } from "uuid";
import { HttpRequest, HttpResponse, TemplatedApp } from "uWebSockets.js";
import { BaseController } from "./BaseController";
import { BaseHttpController } from "./BaseHttpController";
import { adminApi, FetchMemberDataByUuidResponse } from "../Services/AdminApi";
import { AuthTokenData, jwtTokenManager } from "../Services/JWTTokenManager";
import { parse } from "query-string";
import { openIDClient } from "../Services/OpenIDClient";
import { DISABLE_ANONYMOUS, FRONT_URL } from "../Enum/EnvironmentVariable";
import { DISABLE_ANONYMOUS } from "../Enum/EnvironmentVariable";
import { RegisterData } from "../Messages/JsonMessages/RegisterData";
export interface TokenInterface {
userUuid: string;
}
export class AuthenticateController extends BaseController {
constructor(private App: TemplatedApp) {
super();
export class AuthenticateController extends BaseHttpController {
routes() {
this.openIDLogin();
this.openIDCallback();
this.register();
@@ -23,14 +21,41 @@ export class AuthenticateController extends BaseController {
}
openIDLogin() {
/**
* @openapi
* /login-screen:
* get:
* description: Redirects the user to the OpenID login screen
* parameters:
* - name: "nonce"
* in: "query"
* description: "todo"
* required: true
* type: "string"
* - name: "state"
* in: "query"
* description: "todo"
* required: true
* type: "string"
* - name: "playUri"
* in: "query"
* description: "todo"
* required: false
* type: "string"
* - name: "redirect"
* in: "query"
* description: "todo"
* required: false
* type: "string"
* responses:
* 302:
* description: Redirects the user to the OpenID login screen
*
*/
//eslint-disable-next-line @typescript-eslint/no-misused-promises
this.App.get("/login-screen", async (res: HttpResponse, req: HttpRequest) => {
res.onAborted(() => {
console.warn("/message request was aborted");
});
this.app.get("/login-screen", async (req, res) => {
try {
const { nonce, state, playUri, redirect } = parse(req.getQuery());
const { nonce, state, playUri, redirect } = parse(req.path_query);
if (!state || !nonce) {
throw new Error("missing state and nonce URL parameters");
}
@@ -41,24 +66,98 @@ export class AuthenticateController extends BaseController {
playUri as string | undefined,
redirect as string | undefined
);
res.writeStatus("302");
res.writeHeader("Location", loginUri);
return res.end();
res.status(302);
res.setHeader("Location", loginUri);
return res.send("");
} catch (e) {
console.error("openIDLogin => e", e);
return this.errorToResponse(e, res);
this.castErrorToResponse(e, res);
return;
}
});
}
openIDCallback() {
/**
* @openapi
* /login-callback:
* get:
* description: TODO
* parameters:
* - name: "code"
* in: "query"
* description: "todo"
* required: false
* type: "string"
* - name: "nonce"
* in: "query"
* description: "todo"
* required: false
* type: "string"
* - name: "token"
* in: "query"
* description: "todo"
* required: false
* type: "string"
* - name: "playUri"
* in: "query"
* description: "todo"
* required: true
* type: "string"
* responses:
* 200:
* description: NOTE - THERE ARE ADDITIONAL PROPERTIES NOT DISPLAYED HERE. THEY COME FROM THE CALL TO openIDClient.checkTokenAuth
* content:
* application/json:
* schema:
* type: object
* properties:
* authToken:
* type: string
* description: A new JWT token (if no token was passed in parameter), or returns the token that was passed in parameter if one was supplied
* username:
* type: string|undefined
* description: Contains the username stored in the JWT token passed in parameter. If no token was passed, contains the data from OpenID.
* example: John Doe
* locale:
* type: string|undefined
* description: Contains the locale stored in the JWT token passed in parameter. If no token was passed, contains the data from OpenID.
* example: fr_FR
* email:
* type: string
* description: TODO
* example: TODO
* userUuid:
* type: string
* description: TODO
* example: TODO
* visitCardUrl:
* type: string|null
* description: TODO
* example: TODO
* tags:
* type: array
* description: The list of tags of the user
* items:
* type: string
* example: speaker
* textures:
* type: array
* description: The list of textures of the user
* items:
* type: TODO
* example: TODO
* messages:
* type: array
* description: The list of messages to be displayed to the user
* items:
* type: TODO
* example: TODO
*/
//eslint-disable-next-line @typescript-eslint/no-misused-promises
this.App.get("/login-callback", async (res: HttpResponse, req: HttpRequest) => {
res.onAborted(() => {
console.warn("/message request was aborted");
});
const IPAddress = req.getHeader("x-forwarded-for");
const { code, nonce, token, playUri } = parse(req.getQuery());
this.app.get("/login-callback", async (req, res) => {
const IPAddress = req.header("x-forwarded-for");
const { code, nonce, token, playUri } = parse(req.path_query);
try {
//verify connected by token
if (token != undefined) {
@@ -77,21 +176,22 @@ export class AuthenticateController extends BaseController {
//if not nonce and code, user connected in anonymous
//get data with identifier and return token
if (!code && !nonce) {
res.writeStatus("200");
this.addCorsHeaders(res);
return res.end(JSON.stringify({ ...resUserData, authToken: token }));
return res.json({ ...resUserData, authToken: token });
}
console.error("Token cannot to be check on OpenId provider");
res.writeStatus("500");
res.writeHeader("Access-Control-Allow-Origin", FRONT_URL);
res.end("User cannot to be connected on openid provider");
res.status(500);
res.send("User cannot to be connected on openid provider");
return;
}
const resCheckTokenAuth = await openIDClient.checkTokenAuth(authTokenData.accessToken);
res.writeStatus("200");
this.addCorsHeaders(res);
return res.end(JSON.stringify({ ...resCheckTokenAuth, ...resUserData, authToken: token }));
return res.json({
...resCheckTokenAuth,
...resUserData,
authToken: token,
username: authTokenData?.username,
locale: authTokenData?.locale,
});
} catch (err) {
console.info("User was not connected", err);
}
@@ -104,37 +204,51 @@ export class AuthenticateController extends BaseController {
} catch (err) {
//if no access on openid provider, return error
console.error("User cannot to be connected on OpenId provider => ", err);
res.writeStatus("500");
res.writeHeader("Access-Control-Allow-Origin", FRONT_URL);
res.end("User cannot to be connected on openid provider");
res.status(500);
res.send("User cannot to be connected on openid provider");
return;
}
const email = userInfo.email || userInfo.sub;
if (!email) {
throw new Error("No email in the response");
}
const authToken = jwtTokenManager.createAuthToken(email, userInfo?.access_token);
const authToken = jwtTokenManager.createAuthToken(
email,
userInfo?.access_token,
userInfo?.username,
userInfo?.locale
);
//Get user data from Admin Back Office
//This is very important to create User Local in LocalStorage in WorkAdventure
const data = await this.getUserByUserIdentifier(email, playUri as string, IPAddress);
res.writeStatus("200");
this.addCorsHeaders(res);
return res.end(JSON.stringify({ ...data, authToken }));
return res.json({ ...data, authToken, username: userInfo?.username, locale: userInfo?.locale });
} catch (e) {
console.error("openIDCallback => ERROR", e);
return this.errorToResponse(e, res);
return this.castErrorToResponse(e, res);
}
});
/**
* @openapi
* /logout-callback:
* get:
* description: TODO
* parameters:
* - name: "token"
* in: "query"
* description: "todo"
* required: false
* type: "string"
* responses:
* 200:
* description: TODO
*
*/
// eslint-disable-next-line @typescript-eslint/no-misused-promises
this.App.get("/logout-callback", async (res: HttpResponse, req: HttpRequest) => {
res.onAborted(() => {
console.warn("/message request was aborted");
});
const { token } = parse(req.getQuery());
this.app.get("/logout-callback", async (req, res) => {
const { token } = parse(req.path_query);
try {
const authTokenData: AuthTokenData = jwtTokenManager.verifyJWTToken(token as string, false);
@@ -144,29 +258,65 @@ export class AuthenticateController extends BaseController {
await openIDClient.logoutUser(authTokenData.accessToken);
} catch (error) {
console.error("openIDCallback => logout-callback", error);
} finally {
res.writeStatus("200");
this.addCorsHeaders(res);
// eslint-disable-next-line no-unsafe-finally
return res.end();
}
return res.status(200).send("");
});
}
//Try to login with an admin token
/**
* @openapi
* /register:
* post:
* description: Try to login with an admin token
* parameters:
* - name: "organizationMemberToken"
* in: "body"
* description: "A token allowing a user to connect to a given world"
* required: true
* type: "string"
* responses:
* 200:
* description: The details of the logged user
* content:
* application/json:
* schema:
* type: object
* properties:
* authToken:
* type: string
* description: A unique identification JWT token
* userUuid:
* type: string
* description: Unique user ID
* email:
* type: string|null
* description: The email of the user
* example: john.doe@example.com
* roomUrl:
* type: string
* description: The room URL to connect to
* example: https://play.workadventu.re/@/foo/bar/baz
* organizationMemberToken:
* type: string|null
* description: TODO- unclear. It seems to be sent back from the request?
* example: ???
* mapUrlStart:
* type: string
* description: TODO- unclear. I cannot find any use of this
* example: ???
* messages:
* type: array
* description: The list of messages to be displayed when the user logs?
* example: ???
*/
private register() {
this.App.options("/register", (res: HttpResponse, req: HttpRequest) => {
this.addCorsHeaders(res);
res.end();
this.app.options("/register", {}, (req, res) => {
res.status(200).send("");
});
this.App.post("/register", (res: HttpResponse, req: HttpRequest) => {
this.app.post("/register", (req, res) => {
(async () => {
res.onAborted(() => {
console.warn("Login request was aborted");
});
const param = await res.json();
const param = await req.json();
//todo: what to do if the organizationMemberToken is already used?
const organizationMemberToken: string | null = param.organizationMemberToken;
@@ -179,69 +329,81 @@ export class AuthenticateController extends BaseController {
const email = data.email;
const roomUrl = data.roomUrl;
const mapUrlStart = data.mapUrlStart;
const textures = data.textures;
const authToken = jwtTokenManager.createAuthToken(email || userUuid);
res.writeStatus("200 OK");
this.addCorsHeaders(res);
res.end(
JSON.stringify({
authToken,
userUuid,
email,
roomUrl,
mapUrlStart,
organizationMemberToken,
textures,
} as RegisterData)
);
res.json({
authToken,
userUuid,
email,
roomUrl,
mapUrlStart,
organizationMemberToken,
} as RegisterData);
} catch (e) {
console.error("register => ERROR", e);
this.errorToResponse(e, res);
this.castErrorToResponse(e, res);
}
})();
});
}
//permit to login on application. Return token to connect on Websocket IO.
/**
* @openapi
* /anonymLogin:
* post:
* description: Generates an "anonymous" JWT token allowing to connect to WorkAdventure anonymously.
* responses:
* 200:
* description: The details of the logged user
* content:
* application/json:
* schema:
* type: object
* properties:
* authToken:
* type: string
* description: A unique identification JWT token
* userUuid:
* type: string
* description: Unique user ID
* 403:
* description: Anonymous login is disabled at the configuration level (environment variable DISABLE_ANONYMOUS = true)
*/
private anonymLogin() {
this.App.options("/anonymLogin", (res: HttpResponse, req: HttpRequest) => {
this.addCorsHeaders(res);
res.end();
});
this.App.post("/anonymLogin", (res: HttpResponse, req: HttpRequest) => {
res.onAborted(() => {
console.warn("Login request was aborted");
});
this.app.post("/anonymLogin", (req, res) => {
if (DISABLE_ANONYMOUS) {
res.writeStatus("403 FORBIDDEN");
res.end();
res.status(403);
return res;
} else {
const userUuid = v4();
const authToken = jwtTokenManager.createAuthToken(userUuid);
res.writeStatus("200 OK");
this.addCorsHeaders(res);
res.end(
JSON.stringify({
authToken,
userUuid,
})
);
return res.json({
authToken,
userUuid,
});
}
});
}
/**
* @openapi
* /profile-callback:
* get:
* description: ???
* parameters:
* - name: "token"
* in: "query"
* description: "A JWT authentication token ???"
* required: true
* type: "string"
* responses:
* 302:
* description: Redirects the user to the profile screen of the admin
*/
profileCallback() {
//eslint-disable-next-line @typescript-eslint/no-misused-promises
// @ts-ignore
// eslint-disable-next-line @typescript-eslint/no-misused-promises
this.App.get("/profile-callback", async (res: HttpResponse, req: HttpRequest) => {
res.onAborted(() => {
console.warn("/message request was aborted");
});
const { token } = parse(req.getQuery());
this.app.get("/profile-callback", async (req, res) => {
const { token } = parse(req.path_query);
try {
//verify connected by token
if (token != undefined) {
@@ -253,18 +415,18 @@ export class AuthenticateController extends BaseController {
await openIDClient.checkTokenAuth(authTokenData.accessToken);
//get login profile
res.writeStatus("302");
res.writeHeader("Location", adminApi.getProfileUrl(authTokenData.accessToken));
this.addCorsHeaders(res);
// eslint-disable-next-line no-unsafe-finally
return res.end();
res.status(302);
res.setHeader("Location", adminApi.getProfileUrl(authTokenData.accessToken));
res.send("");
return;
} catch (error) {
return this.errorToResponse(error, res);
this.castErrorToResponse(error, res);
return;
}
}
} catch (error) {
console.error("profileCallback => ERROR", error);
this.errorToResponse(error, res);
this.castErrorToResponse(error, res);
}
});
}
@@ -292,7 +454,7 @@ export class AuthenticateController extends BaseController {
userRoomToken: undefined,
};
try {
data = await adminApi.fetchMemberDataByUuid(email, playUri, IPAddress);
data = await adminApi.fetchMemberDataByUuid(email, playUri, IPAddress, []);
} catch (err) {
console.error("openIDCallback => fetchMemberDataByUuid", err);
}
pusher/src/Controller/BaseController.ts
-45
View File
@@ -1,45 +0,0 @@
import { HttpResponse } from "uWebSockets.js";
import { FRONT_URL } from "../Enum/EnvironmentVariable";
export class BaseController {
protected addCorsHeaders(res: HttpResponse): void {
res.writeHeader("access-control-allow-headers", "Origin, X-Requested-With, Content-Type, Accept");
res.writeHeader("access-control-allow-methods", "GET, POST, OPTIONS, PUT, PATCH, DELETE");
res.writeHeader("access-control-allow-origin", FRONT_URL);
}
/**
* Turns any exception into a HTTP response (and logs the error)
*/
// eslint-disable-next-line @typescript-eslint/no-explicit-any
protected errorToResponse(e: any, res: HttpResponse): void {
if (e && e.message) {
let url = e?.config?.url;
if (url !== undefined) {
url = " for URL: " + url;
} else {
url = "";
}
console.error("ERROR: " + e.message + url);
} else if (typeof e === "string") {
console.error(e);
}
if (e.stack) {
console.error(e.stack);
}
if (e.response) {
res.writeStatus(e.response.status + " " + e.response.statusText);
this.addCorsHeaders(res);
res.end(
"An error occurred: " +
e.response.status +
" " +
(e.response.data && e.response.data.message ? e.response.data.message : e.response.statusText)
);
} else {
res.writeStatus("500 Internal Server Error");
this.addCorsHeaders(res);
res.end("An error occurred");
}
}
}
pusher/src/Controller/BaseHttpController.ts
+47
View File
@@ -0,0 +1,47 @@
import { Server } from "hyper-express";
import Response from "hyper-express/types/components/http/Response";
import axios from "axios";
export class BaseHttpController {
constructor(protected app: Server) {
this.routes();
}
protected routes() {
/* Define routes on children */
}
protected castErrorToResponse(e: unknown, res: Response): void {
if (e instanceof Error) {
let url: string | undefined;
if (axios.isAxiosError(e)) {
url = e.config.url;
if (url !== undefined) {
url = " for URL: " + url;
} else {
url = "";
}
}
console.error("ERROR: " + e.message + url);
console.error(e.stack);
} else if (typeof e === "string") {
console.error(e);
}
if (axios.isAxiosError(e) && e.response) {
res.status(e.response.status);
res.send(
"An error occurred: " +
e.response.status +
" " +
(e.response.data && e.response.data.message ? e.response.data.message : e.response.statusText)
);
return;
} else {
res.status(500);
res.send("An error occurred");
return;
}
}
}
pusher/src/Controller/DebugController.ts
+25 -34
View File
@@ -1,51 +1,42 @@
import { ADMIN_API_TOKEN } from "../Enum/EnvironmentVariable";
import { IoSocketController } from "_Controller/IoSocketController";
import { stringify } from "circular-json";
import { HttpRequest, HttpResponse } from "uWebSockets.js";
import { parse } from "query-string";
import { App } from "../Server/sifrr.server";
import { socketManager } from "../Services/SocketManager";
import { BaseHttpController } from "./BaseHttpController";
export class DebugController {
constructor(private App: App) {
this.getDump();
}
getDump() {
this.App.get("/dump", (res: HttpResponse, req: HttpRequest) => {
const query = parse(req.getQuery());
export class DebugController extends BaseHttpController {
routes() {
this.app.get("/dump", (req, res) => {
const query = parse(req.path_query);
if (ADMIN_API_TOKEN === "") {
return res.writeStatus("401 Unauthorized").end("No token configured!");
return res.status(401).send("No token configured!");
}
if (query.token !== ADMIN_API_TOKEN) {
return res.writeStatus("401 Unauthorized").end("Invalid token sent!");
return res.status(401).send("Invalid token sent!");
}
const worlds = Object.fromEntries(socketManager.getWorlds().entries());
return res
.writeStatus("200 OK")
.writeHeader("Content-Type", "application/json")
.end(
stringify(worlds, (key: unknown, value: unknown) => {
if (value instanceof Map) {
const obj: any = {}; // eslint-disable-line @typescript-eslint/no-explicit-any
for (const [mapKey, mapValue] of value.entries()) {
obj[mapKey] = mapValue;
}
return obj;
} else if (value instanceof Set) {
const obj: Array<unknown> = [];
for (const [setKey, setValue] of value.entries()) {
obj.push(setValue);
}
return obj;
} else {
return value;
return res.json(
stringify(worlds, (key: unknown, value: unknown) => {
if (value instanceof Map) {
const obj: any = {}; // eslint-disable-line @typescript-eslint/no-explicit-any
for (const [mapKey, mapValue] of value.entries()) {
obj[mapKey] = mapValue;
}
})
);
return obj;
} else if (value instanceof Set) {
const obj: Array<unknown> = [];
for (const [setKey, setValue] of value.entries()) {
obj.push(setValue);
}
return obj;
} else {
return value;
}
})
);
});
}
}
pusher/src/Controller/IoSocketController.ts
+84 -18
View File
@@ -1,5 +1,5 @@
import { CharacterLayer, ExSocketInterface } from "../Model/Websocket/ExSocketInterface"; //TODO fix import by "_Model/.."
import { GameRoomPolicyTypes, PusherRoom } from "../Model/PusherRoom";
import { ExSocketInterface } from "../Model/Websocket/ExSocketInterface"; //TODO fix import by "_Model/.."
import { GameRoomPolicyTypes } from "../Model/PusherRoom";
import { PointInterface } from "../Model/Websocket/PointInterface";
import {
SetPlayerDetailsMessage,
@@ -23,7 +23,6 @@ import {
VariableMessage,
} from "../Messages/generated/messages_pb";
import { UserMovesMessage } from "../Messages/generated/messages_pb";
import { TemplatedApp } from "uWebSockets.js";
import { parse } from "query-string";
import { AdminSocketTokenData, jwtTokenManager, tokenInvalidException } from "../Services/JWTTokenManager";
import { adminApi, FetchMemberDataByUuidResponse } from "../Services/AdminApi";
@@ -32,15 +31,51 @@ import { emitInBatch } from "../Services/IoSocketHelpers";
import { ADMIN_API_URL, ADMIN_SOCKETS_TOKEN, DISABLE_ANONYMOUS, SOCKET_IDLE_TIMER } from "../Enum/EnvironmentVariable";
import { Zone } from "_Model/Zone";
import { ExAdminSocketInterface } from "_Model/Websocket/ExAdminSocketInterface";
import { CharacterTexture } from "../Messages/JsonMessages/CharacterTexture";
import { isAdminMessageInterface } from "../Model/Websocket/Admin/AdminMessages";
import Axios from "axios";
import { InvalidTokenError } from "../Controller/InvalidTokenError";
import HyperExpress from "hyper-express";
import { localWokaService } from "../Services/LocalWokaService";
import { WebSocket } from "uWebSockets.js";
import { WokaDetail } from "../Enum/PlayerTextures";
/**
* The object passed between the "open" and the "upgrade" methods when opening a websocket
*/
interface UpgradeData {
// Data passed here is accessible on the "websocket" socket object.
rejected: false;
token: string;
userUuid: string;
IPAddress: string;
roomId: string;
name: string;
companion: CompanionMessage | undefined;
characterLayers: WokaDetail[];
messages: unknown[];
tags: string[];
visitCardUrl: string | null;
userRoomToken: string | undefined;
position: PointInterface;
viewport: {
top: number;
right: number;
bottom: number;
left: number;
};
}
interface UpgradeFailedData {
rejected: true;
reason: "tokenInvalid" | "textureInvalid" | null;
message: string;
roomId: string;
}
export class IoSocketController {
private nextUserId: number = 1;
constructor(private readonly app: TemplatedApp) {
constructor(private readonly app: HyperExpress.compressors.TemplatedApp) {
this.ioConnection();
if (ADMIN_SOCKETS_TOKEN) {
this.adminRoomSocket();
@@ -244,7 +279,7 @@ export class IoSocketController {
let memberVisitCardUrl: string | null = null;
let memberMessages: unknown;
let memberUserRoomToken: string | undefined;
let memberTextures: CharacterTexture[] = [];
let memberTextures: WokaDetail[] = [];
const room = await socketManager.getOrCreateRoom(roomId);
let userData: FetchMemberDataByUuidResponse = {
email: userIdentifier,
@@ -256,10 +291,18 @@ export class IoSocketController {
anonymous: true,
userRoomToken: undefined,
};
let characterLayerObjs: WokaDetail[];
if (ADMIN_API_URL) {
try {
try {
userData = await adminApi.fetchMemberDataByUuid(userIdentifier, roomId, IPAddress);
userData = await adminApi.fetchMemberDataByUuid(
userIdentifier,
roomId,
IPAddress,
characterLayers
);
} catch (err) {
if (Axios.isAxiosError(err)) {
if (err?.response?.status == 404) {
@@ -308,6 +351,8 @@ export class IoSocketController {
) {
throw new Error("Use the login URL to connect");
}
characterLayerObjs = memberTextures;
} catch (e) {
console.log(
"access not granted for user " +
@@ -318,11 +363,31 @@ export class IoSocketController {
console.error(e);
throw new Error("User cannot access this world");
}
} else {
const fetchedTextures = await localWokaService.fetchWokaDetails(characterLayers);
if (fetchedTextures === undefined) {
// The textures we want to use do not exist!
// We need to go in error.
res.upgrade(
{
rejected: true,
reason: "textureInvalid",
message: "",
roomId,
} as UpgradeFailedData,
websocketKey,
websocketProtocol,
websocketExtensions,
context
);
return;
}
characterLayerObjs = fetchedTextures;
}
// Generate characterLayers objects from characterLayers string[]
const characterLayerObjs: CharacterLayer[] =
SocketManager.mergeCharacterLayersAndCustomTextures(characterLayers, memberTextures);
/*const characterLayerObjs: CharacterLayer[] =
SocketManager.mergeCharacterLayersAndCustomTextures(characterLayers, memberTextures);*/
if (upgradeAborted.aborted) {
console.log("Ouch! Client disconnected before we could upgrade it!");
@@ -334,7 +399,7 @@ export class IoSocketController {
res.upgrade(
{
// Data passed here is accessible on the "websocket" socket object.
url,
rejected: false,
token,
userUuid: userData.userUuid,
IPAddress,
@@ -346,7 +411,6 @@ export class IoSocketController {
tags: memberTags,
visitCardUrl: memberVisitCardUrl,
userRoomToken: memberUserRoomToken,
textures: memberTextures,
position: {
x: x,
y: y,
@@ -359,7 +423,7 @@ export class IoSocketController {
bottom,
left,
},
},
} as UpgradeData,
/* Spell these correctly */
websocketKey,
websocketProtocol,
@@ -374,7 +438,7 @@ export class IoSocketController {
reason: e instanceof InvalidTokenError ? tokenInvalidException : null,
message: e.message,
roomId,
},
} as UpgradeFailedData,
websocketKey,
websocketProtocol,
websocketExtensions,
@@ -387,7 +451,7 @@ export class IoSocketController {
reason: null,
message: "500 Internal Server Error",
roomId,
},
} as UpgradeFailedData,
websocketKey,
websocketProtocol,
websocketExtensions,
@@ -398,20 +462,23 @@ export class IoSocketController {
})();
},
/* Handlers */
open: (ws) => {
open: (_ws: WebSocket) => {
const ws = _ws as WebSocket & (UpgradeData | UpgradeFailedData);
if (ws.rejected === true) {
// If there is a room in the error, let's check if we need to clean it.
if (ws.roomId) {
socketManager.deleteRoomIfEmptyFromId(ws.roomId as string);
socketManager.deleteRoomIfEmptyFromId(ws.roomId);
}
//FIX ME to use status code
if (ws.reason === tokenInvalidException) {
socketManager.emitTokenExpiredMessage(ws);
} else if (ws.reason === "textureInvalid") {
socketManager.emitInvalidTextureMessage(ws);
} else if (ws.message === "World is full") {
socketManager.emitWorldFullMessage(ws);
} else {
socketManager.emitConnexionErrorMessage(ws, ws.message as string);
socketManager.emitConnexionErrorMessage(ws, ws.message);
}
setTimeout(() => ws.close(), 0);
return;
@@ -535,7 +602,6 @@ export class IoSocketController {
client.name = ws.name;
client.tags = ws.tags;
client.visitCardUrl = ws.visitCardUrl;
client.textures = ws.textures;
client.characterLayers = ws.characterLayers;
client.companion = ws.companion;
client.roomId = ws.roomId;
pusher/src/Controller/MapController.ts
+107 -54
View File
@@ -1,41 +1,101 @@
import { HttpRequest, HttpResponse, TemplatedApp } from "uWebSockets.js";
import { BaseController } from "./BaseController";
import { parse } from "query-string";
import { adminApi } from "../Services/AdminApi";
import { ADMIN_API_URL, DISABLE_ANONYMOUS, FRONT_URL } from "../Enum/EnvironmentVariable";
import { ADMIN_API_URL, DISABLE_ANONYMOUS } from "../Enum/EnvironmentVariable";
import { GameRoomPolicyTypes } from "../Model/PusherRoom";
import { isMapDetailsData, MapDetailsData } from "../Messages/JsonMessages/MapDetailsData";
import { socketManager } from "../Services/SocketManager";
import { AuthTokenData, jwtTokenManager } from "../Services/JWTTokenManager";
import { v4 } from "uuid";
import { InvalidTokenError } from "./InvalidTokenError";
import { parse } from "query-string";
import { BaseHttpController } from "./BaseHttpController";
export class MapController extends BaseController {
constructor(private App: TemplatedApp) {
super();
this.App = App;
this.getMapUrl();
}
export class MapController extends BaseHttpController {
// Returns a map mapping map name to file name of the map
getMapUrl() {
this.App.options("/map", (res: HttpResponse, req: HttpRequest) => {
this.addCorsHeaders(res);
res.end();
});
this.App.get("/map", (res: HttpResponse, req: HttpRequest) => {
res.onAborted(() => {
console.warn("/map request was aborted");
});
const query = parse(req.getQuery());
routes() {
/**
* @openapi
* /map:
* get:
* description: Returns a map mapping map name to file name of the map
* produces:
* - "application/json"
* parameters:
* - name: "playUri"
* in: "query"
* description: "The full URL of WorkAdventure to load this map"
* required: true
* type: "string"
* - name: "authToken"
* in: "query"
* description: "The authentication token"
* required: true
* type: "string"
* responses:
* 200:
* description: The details of the map
* content:
* application/json:
* schema:
* type: object
* required:
* - mapUrl
* - policy_type
* - tags
* - textures
* - authenticationMandatory
* - roomSlug
* - contactPage
* - group
* properties:
* mapUrl:
* type: string
* description: The full URL to the JSON map file
* example: https://myuser.github.io/myrepo/map.json
* policy_type:
* type: integer
* description: ANONYMOUS_POLICY = 1, MEMBERS_ONLY_POLICY = 2, USE_TAGS_POLICY= 3
* example: 1
* tags:
* type: array
* description: The list of tags required to enter this room
* items:
* type: string
* example: speaker
* authenticationMandatory:
* type: boolean|null
* description: Whether the authentication is mandatory or not for this map.
* example: true
* roomSlug:
* type: string
* description: The slug of the room
* deprecated: true
* example: foo
* contactPage:
* type: string|null
* description: The URL to the contact page
* example: https://mycompany.com/contact-us
* group:
* type: string|null
* description: The group this room is part of (maps the notion of "world" in WorkAdventure SAAS)
* example: myorg/myworld
* iframeAuthentication:
* type: string|null
* description: The URL of the authentication Iframe
* example: https://mycompany.com/authc
* expireOn:
* type: string|undefined
* description: The date (in ISO 8601 format) at which the room will expire
* example: 2022-11-05T08:15:30-05:00
* canReport:
* type: boolean|undefined
* description: Whether the "report" feature is enabled or not on this room
* example: true
*
*/
this.app.get("/map", (req, res) => {
const query = parse(req.path_query);
if (typeof query.playUri !== "string") {
console.error("Expected playUri parameter in /map endpoint");
res.writeStatus("400 Bad request");
this.addCorsHeaders(res);
res.end("Expected playUri parameter");
res.status(400);
res.send("Expected playUri parameter");
return;
}
@@ -45,28 +105,22 @@ export class MapController extends BaseController {
const match = /\/_\/[^/]+\/(.+)/.exec(roomUrl.pathname);
if (!match) {
res.writeStatus("404 Not Found");
this.addCorsHeaders(res);
res.end(JSON.stringify({}));
res.status(404);
res.json({});
return;
}
const mapUrl = roomUrl.protocol + "//" + match[1];
res.writeStatus("200 OK");
this.addCorsHeaders(res);
res.end(
JSON.stringify({
mapUrl,
policy_type: GameRoomPolicyTypes.ANONYMOUS_POLICY,
roomSlug: null, // Deprecated
group: null,
tags: [],
textures: [],
contactPage: null,
authenticationMandatory: DISABLE_ANONYMOUS,
} as MapDetailsData)
);
res.json({
mapUrl,
policy_type: GameRoomPolicyTypes.ANONYMOUS_POLICY,
roomSlug: null, // Deprecated
group: null,
tags: [],
contactPage: null,
authenticationMandatory: DISABLE_ANONYMOUS,
} as MapDetailsData);
return;
}
@@ -88,12 +142,12 @@ export class MapController extends BaseController {
} catch (e) {
if (e instanceof InvalidTokenError) {
// The token was not good, redirect user on login page
res.writeStatus("401 Unauthorized");
res.writeHeader("Access-Control-Allow-Origin", FRONT_URL);
res.end("Token decrypted error");
res.status(401);
res.send("Token decrypted error");
return;
} else {
return this.errorToResponse(e, res);
this.castErrorToResponse(e, res);
return;
}
}
}
@@ -104,11 +158,10 @@ export class MapController extends BaseController {
mapDetails.authenticationMandatory = true;
}
res.writeStatus("200 OK");
this.addCorsHeaders(res);
res.end(JSON.stringify(mapDetails));
res.json(mapDetails);
return;
} catch (e) {
this.errorToResponse(e, res);
this.castErrorToResponse(e, res);
}
})();
});
pusher/src/Controller/OpenIdProfileController.ts
+11 -23
View File
@@ -1,26 +1,13 @@
import { BaseController } from "./BaseController";
import { HttpRequest, HttpResponse, TemplatedApp } from "uWebSockets.js";
import { parse } from "query-string";
import { openIDClient } from "../Services/OpenIDClient";
import { AuthTokenData, jwtTokenManager } from "../Services/JWTTokenManager";
import { adminApi } from "../Services/AdminApi";
import { OPID_CLIENT_ISSUER } from "../Enum/EnvironmentVariable";
import { IntrospectionResponse } from "openid-client";
import { BaseHttpController } from "./BaseHttpController";
export class OpenIdProfileController extends BaseController {
constructor(private App: TemplatedApp) {
super();
this.profileOpenId();
}
profileOpenId() {
export class OpenIdProfileController extends BaseHttpController {
routes() {
//eslint-disable-next-line @typescript-eslint/no-misused-promises
this.App.get("/profile", async (res: HttpResponse, req: HttpRequest) => {
res.onAborted(() => {
console.warn("/message request was aborted");
});
const { accessToken } = parse(req.getQuery());
this.app.get("/profile", async (req, res) => {
const { accessToken } = parse(req.path_query);
if (!accessToken) {
throw Error("Access token expected cannot to be check on Hydra");
}
@@ -29,16 +16,17 @@ export class OpenIdProfileController extends BaseController {
if (!resCheckTokenAuth.email) {
throw new Error("Email was not found");
}
res.end(
res.send(
this.buildHtml(
OPID_CLIENT_ISSUER,
resCheckTokenAuth.email as string,
resCheckTokenAuth.picture as string | undefined
)
);
return;
} catch (error) {
console.error("profileCallback => ERROR", error);
this.errorToResponse(error, res);
this.castErrorToResponse(error, res);
}
});
}
@@ -64,13 +52,13 @@ export class OpenIdProfileController extends BaseController {
<body>
<div class="container">
<section>
<img src="${pictureUrl ? pictureUrl : "/images/profile"}">
<img src="${pictureUrl ? pictureUrl : "/images/profile"}">
</section>
<section>
Profile validated by domain: <span style="font-weight: bold">${domain}</span>
</section>
</section>
<section>
Your email: <span style="font-weight: bold">${email}</span>
Your email: <span style="font-weight: bold">${email}</span>
</section>
</div>
</body>
pusher/src/Controller/PrometheusController.ts
+13 -8
View File
@@ -1,18 +1,23 @@
import { App } from "../Server/sifrr.server";
import { HttpRequest, HttpResponse } from "uWebSockets.js";
import { register, collectDefaultMetrics } from "prom-client";
import { Server } from "hyper-express";
import { BaseHttpController } from "./BaseHttpController";
import Request from "hyper-express/types/components/http/Request";
import Response from "hyper-express/types/components/http/Response";
export class PrometheusController {
constructor(private App: App) {
export class PrometheusController extends BaseHttpController {
constructor(app: Server) {
super(app);
collectDefaultMetrics({
gcDurationBuckets: [0.001, 0.01, 0.1, 1, 2, 5], // These are the default buckets.
});
this.App.get("/metrics", this.metrics.bind(this));
}
private metrics(res: HttpResponse, req: HttpRequest): void {
res.writeHeader("Content-Type", register.contentType);
routes() {
this.app.get("/metrics", this.metrics.bind(this));
}
private metrics(req: Request, res: Response): void {
res.setHeader("Content-Type", register.contentType);
res.end(register.metrics());
}
}
pusher/src/Controller/SwaggerController.ts
+64
View File
@@ -0,0 +1,64 @@
import { BaseHttpController } from "./BaseHttpController";
import * as fs from "fs";
export class SwaggerController extends BaseHttpController {
routes() {
this.app.get("/openapi", (req, res) => {
// Let's load the module dynamically (it may not exist in prod because part of the -dev packages)
const swaggerJsdoc = require("swagger-jsdoc");
const options = {
swaggerDefinition: {
openapi: "3.0.0",
info: {
title: "WorkAdventure Pusher",
version: "1.0.0",
},
},
apis: ["./src/Controller/*.ts"],
};
res.json(swaggerJsdoc(options));
});
// Create a LiveDirectory instance to virtualize directory with our assets
// @ts-ignore
const LiveDirectory = require("live-directory");
const LiveAssets = new LiveDirectory({
path: __dirname + "/../../node_modules/swagger-ui-dist", // We want to provide the system path to the folder. Avoid using relative paths.
keep: {
extensions: [".css", ".js", ".json", ".png", ".jpg", ".jpeg", ".html"], // We only want to serve files with these extensions
},
ignore: (path: string) => {
return path.startsWith("."); // We want to ignore dotfiles for safety
},
});
// Create static serve route to serve index.html
this.app.get("/swagger-ui/", (request, response) => {
fs.readFile(__dirname + "/../../node_modules/swagger-ui-dist/index.html", "utf8", function (err, data) {
if (err) {
return response.status(500).send(err.message);
}
const result = data.replace(/https:\/\/petstore\.swagger\.io\/v2\/swagger.json/g, "/openapi");
response.send(result);
return;
});
});
// Create static serve route to serve frontend assets
this.app.get("/swagger-ui/*", (request, response) => {
// Strip away '/assets' from the request path to get asset relative path
// Lookup LiveFile instance from our LiveDirectory instance.
const path = request.path.replace("/swagger-ui", "");
const file = LiveAssets.get(path);
// Return a 404 if no asset/file exists on the derived path
if (file === undefined) return response.status(404).send("");
// Set appropriate mime-type and serve file buffer as response body
return response.type(file.extension).send(file.buffer);
});
}
}
pusher/src/Controller/WokaListController.ts
+48
View File
@@ -0,0 +1,48 @@
import { BaseHttpController } from "./BaseHttpController";
import { parse } from "query-string";
import { wokaService } from "../Services/WokaService";
import { jwtTokenManager } from "../Services/JWTTokenManager";
export class WokaListController extends BaseHttpController {
routes() {
this.app.options("/woka/list", {}, (req, res) => {
res.status(200).send("");
return;
});
// eslint-disable-next-line @typescript-eslint/no-misused-promises
this.app.get("/woka/list", {}, async (req, res) => {
const token = req.header("Authorization");
if (!token) {
res.status(401).send("Undefined authorization header");
return;
}
try {
const jwtData = jwtTokenManager.verifyJWTToken(token);
// Let's set the "uuid" param
req.params["uuid"] = jwtData.identifier;
} catch (e) {
console.error("Connection refused for token: " + token, e);
res.status(401).send("Invalid token sent");
return;
}
let { roomUrl } = parse(req.path_query);
if (typeof roomUrl !== "string") {
return res.status(400).send("missing roomUrl URL parameter");
}
roomUrl = decodeURIComponent(roomUrl);
const wokaList = await wokaService.getWokaList(roomUrl, req.params["uuid"]);
if (!wokaList) {
return res.status(500).send("Error on getting woka list");
}
return res.status(200).json(wokaList);
});
}
}