Kraut.World/server
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Migrating away from the notion of public/private URL in WorkAdventure Github repository

Browse source 
The notion of public/private repositories (with /_/ and /@/ URLs) is specific to the SAAS version of WorkAdventure.
It would be better to avoid leaking the organization/world/room structure of the private SAAS URLs inside the WorkAdventure Github project.

Rather than sending http://admin_host/api/map?organizationSlug=...&worldSlug=...&roomSlug=...., we are now sending /api/map&playUri=...
where playUri is the full URL of the current game.
This allows the backend to act as a complete router.
The front (and the pusher) will be able to completely ignore the specifics of URL building (with /@/ and /_/ URLs, etc...)
Those details will live only in the admin server, which is way cleaner (and way more powerful).
This commit is contained in:
David Négrier 2021-07-13 19:09:07 +02:00
parent f2ca7b2b16
commit c9fa9b9a92
20 changed files with 292 additions and 343 deletions
Download patch file Download diff file Expand all files Collapse all files

8
pusher/src/Controller/AuthenticateController.ts
View file

@ -39,9 +39,7 @@ export class AuthenticateController extends BaseController {
if (typeof organizationMemberToken != "string") throw new Error("No organization token");
const data = await adminApi.fetchMemberDataByToken(organizationMemberToken);
const userUuid = data.userUuid;
const organizationSlug = data.organizationSlug;
const worldSlug = data.worldSlug;
const roomSlug = data.roomSlug;
const roomUrl = data.roomUrl;
const mapUrlStart = data.mapUrlStart;
const textures = data.textures;
@ -52,9 +50,7 @@ export class AuthenticateController extends BaseController {
JSON.stringify({
authToken,
userUuid,
organizationSlug,
worldSlug,
roomSlug,
roomUrl,
mapUrlStart,
organizationMemberToken,
textures,

2
pusher/src/Controller/IoSocketController.ts
View file

@ -221,14 +221,12 @@ export class IoSocketController {
memberVisitCardUrl = userData.visitCardUrl;
memberTextures = userData.textures;
if (
!room.public &&
room.policyType === GameRoomPolicyTypes.USE_TAGS_POLICY &&
(userData.anonymous === true || !room.canAccess(memberTags))
) {
throw new Error("Insufficient privileges to access this room");
}
if (
!room.public &&
room.policyType === GameRoomPolicyTypes.MEMBERS_ONLY_POLICY &&
userData.anonymous === true
) {

52
pusher/src/Controller/MapController.ts
View file

@ -1,7 +1,9 @@
import { HttpRequest, HttpResponse, TemplatedApp } from "uWebSockets.js";
import { BaseController } from "./BaseController";
import { parse } from "query-string";
import { adminApi } from "../Services/AdminApi";
import { adminApi, MapDetailsData } from "../Services/AdminApi";
import { ADMIN_API_URL } from "../Enum/EnvironmentVariable";
import { GameRoomPolicyTypes } from "../Model/PusherRoom";
export class MapController extends BaseController {
constructor(private App: TemplatedApp) {
@ -25,35 +27,45 @@ export class MapController extends BaseController {
const query = parse(req.getQuery());
if (typeof query.organizationSlug !== "string") {
console.error("Expected organizationSlug parameter");
if (typeof query.playUri !== "string") {
console.error("Expected playUri parameter in /map endpoint");
res.writeStatus("400 Bad request");
this.addCorsHeaders(res);
res.end("Expected organizationSlug parameter");
res.end("Expected playUri parameter");
return;
}
if (typeof query.worldSlug !== "string") {
console.error("Expected worldSlug parameter");
res.writeStatus("400 Bad request");
// If no admin URL is set, let's react on '/_/[instance]/[map url]' URLs
if (!ADMIN_API_URL) {
const roomUrl = new URL(query.playUri);
const match = /\/_\/[^/]+\/(.+)/.exec(roomUrl.pathname);
if (!match) {
res.writeStatus("404 Not Found");
this.addCorsHeaders(res);
res.end(JSON.stringify({}));
return;
}
const mapUrl = roomUrl.protocol + "//" + match[1];
res.writeStatus("200 OK");
this.addCorsHeaders(res);
res.end("Expected worldSlug parameter");
return;
}
if (typeof query.roomSlug !== "string" && query.roomSlug !== undefined) {
console.error("Expected only one roomSlug parameter");
res.writeStatus("400 Bad request");
this.addCorsHeaders(res);
res.end("Expected only one roomSlug parameter");
res.end(
JSON.stringify({
mapUrl,
policy_type: GameRoomPolicyTypes.ANONYMOUS_POLICY,
roomSlug: "", // Deprecated
tags: [],
} as MapDetailsData)
);
return;
}
(async () => {
try {
const mapDetails = await adminApi.fetchMapDetails(
query.organizationSlug as string,
query.worldSlug as string,
query.roomSlug as string | undefined
);
const mapDetails = await adminApi.fetchMapDetails(query.playUri as string);
res.writeStatus("200 OK");
this.addCorsHeaders(res);

23
pusher/src/Model/PusherRoom.ts
View file

@ -1,42 +1,27 @@
import { ExSocketInterface } from "_Model/Websocket/ExSocketInterface";
import { PositionDispatcher } from "./PositionDispatcher";
import { ViewportInterface } from "_Model/Websocket/ViewportMessage";
import { extractDataFromPrivateRoomId, extractRoomSlugPublicRoomId, isRoomAnonymous } from "./RoomIdentifier";
import { arrayIntersect } from "../Services/ArrayHelper";
import { ZoneEventListener } from "_Model/Zone";
export enum GameRoomPolicyTypes {
ANONYMUS_POLICY = 1,
ANONYMOUS_POLICY = 1,
MEMBERS_ONLY_POLICY,
USE_TAGS_POLICY,
}
export class PusherRoom {
private readonly positionNotifier: PositionDispatcher;
public readonly public: boolean;
public tags: string[];
public policyType: GameRoomPolicyTypes;
public readonly roomSlug: string;
public readonly worldSlug: string = "";
public readonly organizationSlug: string = "";
private versionNumber: number = 1;
constructor(public readonly roomId: string, private socketListener: ZoneEventListener) {
this.public = isRoomAnonymous(roomId);
constructor(public readonly roomUrl: string, private socketListener: ZoneEventListener) {
this.tags = [];
this.policyType = GameRoomPolicyTypes.ANONYMUS_POLICY;
if (this.public) {
this.roomSlug = extractRoomSlugPublicRoomId(this.roomId);
} else {
const { organizationSlug, worldSlug, roomSlug } = extractDataFromPrivateRoomId(this.roomId);
this.roomSlug = roomSlug;
this.organizationSlug = organizationSlug;
this.worldSlug = worldSlug;
}
this.policyType = GameRoomPolicyTypes.ANONYMOUS_POLICY;
// A zone is 10 sprites wide.
this.positionNotifier = new PositionDispatcher(this.roomId, 320, 320, this.socketListener);
this.positionNotifier = new PositionDispatcher(this.roomUrl, 320, 320, this.socketListener);
}
public setViewport(socket: ExSocketInterface, viewport: ViewportInterface): void {

30
pusher/src/Model/RoomIdentifier.ts
View file

@ -1,30 +0,0 @@
//helper functions to parse room IDs
export const isRoomAnonymous = (roomID: string): boolean => {
if (roomID.startsWith("_/")) {
return true;
} else if (roomID.startsWith("@/")) {
return false;
} else {
throw new Error("Incorrect room ID: " + roomID);
}
};
export const extractRoomSlugPublicRoomId = (roomId: string): string => {
const idParts = roomId.split("/");
if (idParts.length < 3) throw new Error("Incorrect roomId: " + roomId);
return idParts.slice(2).join("/");
};
export interface extractDataFromPrivateRoomIdResponse {
organizationSlug: string;
worldSlug: string;
roomSlug: string;
}
export const extractDataFromPrivateRoomId = (roomId: string): extractDataFromPrivateRoomIdResponse => {
const idParts = roomId.split("/");
if (idParts.length < 4) throw new Error("Incorrect roomId: " + roomId);
const organizationSlug = idParts[1];
const worldSlug = idParts[2];
const roomSlug = idParts[3];
return { organizationSlug, worldSlug, roomSlug };
};

37
pusher/src/Services/AdminApi.ts
View file

@ -3,9 +3,7 @@ import Axios from "axios";
import { GameRoomPolicyTypes } from "_Model/PusherRoom";
export interface AdminApiData {
organizationSlug: string;
worldSlug: string;
roomSlug: string;
roomUrl: string;
mapUrlStart: string;
tags: string[];
policy_type: number;
@ -43,24 +41,15 @@ export interface FetchMemberDataByUuidResponse {
}
class AdminApi {
async fetchMapDetails(
organizationSlug: string,
worldSlug: string,
roomSlug: string | undefined
): Promise<MapDetailsData> {
async fetchMapDetails(playUri: string): Promise<MapDetailsData> {
if (!ADMIN_API_URL) {
return Promise.reject(new Error("No admin backoffice set!"));
}
const params: { organizationSlug: string; worldSlug: string; roomSlug?: string } = {
organizationSlug,
worldSlug,
const params: { playUri: string } = {
playUri,
};
if (roomSlug) {
params.roomSlug = roomSlug;
}
const res = await Axios.get(ADMIN_API_URL + "/api/map", {
headers: { Authorization: `${ADMIN_API_TOKEN}` },
params,
@ -121,26 +110,20 @@ class AdminApi {
);
}
async verifyBanUser(
organizationMemberToken: string,
ipAddress: string,
organization: string,
world: string
): Promise<AdminBannedData> {
async verifyBanUser(userUuid: string, ipAddress: string, roomUrl: string): Promise<AdminBannedData> {
if (!ADMIN_API_URL) {
return Promise.reject(new Error("No admin backoffice set!"));
}
//todo: this call can fail if the corresponding world is not activated or if the token is invalid. Handle that case.
return Axios.get(
ADMIN_API_URL +
"/api/check-moderate-user/" +
organization +
"/" +
world +
"/api/ban" +
"?ipAddress=" +
ipAddress +
encodeURIComponent(ipAddress) +
"&token=" +
organizationMemberToken,
encodeURIComponent(userUuid) +
"&roomUrl=" +
encodeURIComponent(roomUrl),
{ headers: { Authorization: `${ADMIN_API_TOKEN}` } }
).then((data) => {
return data.data;

20
pusher/src/Services/JWTTokenManager.ts
View file

@ -9,7 +9,7 @@ class JWTTokenManager {
return Jwt.sign({ userUuid: userUuid }, SECRET_KEY, { expiresIn: "200d" }); //todo: add a mechanic to refresh or recreate token
}
public async getUserUuidFromToken(token: unknown, ipAddress?: string, room?: string): Promise<string> {
public async getUserUuidFromToken(token: unknown, ipAddress?: string, roomUrl?: string): Promise<string> {
if (!token) {
throw new Error("An authentication error happened, a user tried to connect without a token.");
}
@ -50,8 +50,8 @@ class JWTTokenManager {
if (ADMIN_API_URL) {
//verify user in admin
let promise = new Promise((resolve) => resolve());
if (ipAddress && room) {
promise = this.verifyBanUser(tokenInterface.userUuid, ipAddress, room);
if (ipAddress && roomUrl) {
promise = this.verifyBanUser(tokenInterface.userUuid, ipAddress, roomUrl);
}
promise
.then(() => {
@ -79,19 +79,9 @@ class JWTTokenManager {
});
}
private verifyBanUser(userUuid: string, ipAddress: string, room: string): Promise<AdminBannedData> {
const parts = room.split("/");
if (parts.length < 3 || parts[0] !== "@") {
return Promise.resolve({
is_banned: false,
message: "",
});
}
const organization = parts[1];
const world = parts[2];
private verifyBanUser(userUuid: string, ipAddress: string, roomUrl: string): Promise<AdminBannedData> {
return adminApi
.verifyBanUser(userUuid, ipAddress, organization, world)
.verifyBanUser(userUuid, ipAddress, roomUrl)
.then((data: AdminBannedData) => {
if (data && data.is_banned) {
throw new Error("User was banned");

27
pusher/src/Services/SocketManager.ts
View file

@ -32,7 +32,7 @@ import {
EmotePromptMessage,
} from "../Messages/generated/messages_pb";
import { ProtobufUtils } from "../Model/Websocket/ProtobufUtils";
import { JITSI_ISS, SECRET_JITSI_KEY } from "../Enum/EnvironmentVariable";
import { ADMIN_API_URL, JITSI_ISS, SECRET_JITSI_KEY } from "../Enum/EnvironmentVariable";
import { adminApi, CharacterTexture } from "./AdminApi";
import { emitInBatch } from "./IoSocketHelpers";
import Jwt from "jsonwebtoken";
@ -358,23 +358,24 @@ export class SocketManager implements ZoneEventListener {
}
}
async getOrCreateRoom(roomId: string): Promise<PusherRoom> {
async getOrCreateRoom(roomUrl: string): Promise<PusherRoom> {
//check and create new world for a room
let world = this.rooms.get(roomId);
if (world === undefined) {
world = new PusherRoom(roomId, this);
if (!world.public) {
await this.updateRoomWithAdminData(world);
let room = this.rooms.get(roomUrl);
if (room === undefined) {
room = new PusherRoom(roomUrl, this);
if (ADMIN_API_URL) {
await this.updateRoomWithAdminData(room);
}
this.rooms.set(roomId, world);
this.rooms.set(roomUrl, room);
}
return Promise.resolve(world);
return room;
}
public async updateRoomWithAdminData(world: PusherRoom): Promise<void> {
const data = await adminApi.fetchMapDetails(world.organizationSlug, world.worldSlug, world.roomSlug);
world.tags = data.tags;
world.policyType = Number(data.policy_type);
public async updateRoomWithAdminData(room: PusherRoom): Promise<void> {
const data = await adminApi.fetchMapDetails(room.roomUrl);
room.tags = data.tags;
room.policyType = Number(data.policy_type);
}
emitPlayGlobalMessage(client: ExSocketInterface, playglobalmessage: PlayGlobalMessage) {

19
pusher/tests/RoomIdentifierTest.ts
View file

@ -1,19 +0,0 @@
import {extractDataFromPrivateRoomId, extractRoomSlugPublicRoomId, isRoomAnonymous} from "../src/Model/RoomIdentifier";
describe("RoomIdentifier", () => {
it("should flag public id as anonymous", () => {
expect(isRoomAnonymous('_/global/test')).toBe(true);
});
it("should flag public id as not anonymous", () => {
expect(isRoomAnonymous('@/afup/afup2020/1floor')).toBe(false);
});
it("should extract roomSlug from public ID", () => {
expect(extractRoomSlugPublicRoomId('_/global/npeguin/test.json')).toBe('npeguin/test.json');
});
it("should extract correct from private ID", () => {
const {organizationSlug, worldSlug, roomSlug} = extractDataFromPrivateRoomId('@/afup/afup2020/1floor');
expect(organizationSlug).toBe('afup');
expect(worldSlug).toBe('afup2020');
expect(roomSlug).toBe('1floor');
});
})