[O] Reject unauthenticated aimedb requests

2024-03-05 14:47:02 -05:00 · 2024-03-05 14:47:02 -05:00 · b9c063c41e
parent 55804be70e
commit b9c063c41e
2 changed files with 23 additions and 11 deletions
--- a/src/main/java/icu/samnyan/aqua/net/db/AquaNetUser.kt
+++ b/src/main/java/icu/samnyan/aqua/net/db/AquaNetUser.kt
@ -1,10 +1,9 @@
 package icu.samnyan.aqua.net.db

 import com.fasterxml.jackson.annotation.JsonIgnore
-import ext.Str
-import ext.async
-import ext.isValidEmail
-import ext.minus
+import ext.*
+import icu.samnyan.aqua.sega.allnet.AllNetProps
+import icu.samnyan.aqua.sega.allnet.KeyChipRepo
 import icu.samnyan.aqua.sega.allnet.KeychipSession
 import icu.samnyan.aqua.sega.general.dao.CardRepository
 import icu.samnyan.aqua.sega.general.model.Card
@ -101,6 +100,8 @@ class AquaUserServices(
    val userRepo: AquaNetUserRepo,
    val cardRepo: CardRepository,
    val hasher: PasswordEncoder,
+    val keyChipRepo: KeyChipRepo,
+    val allNetProps: AllNetProps
 ) {
    companion object {
        val SETTING_FIELDS = AquaUserServices::class.functions
@ -121,6 +122,13 @@ class AquaUserServices(
            ?.let { callback(it) } ?: (404 - "Card not found")
        else byName(username) { callback(it.ghostCard) }

+    fun validKeychip(keychipId: Str): Bool {
+        if (!allNetProps.checkKeychip) return true
+        if (keychipId.isBlank()) return false
+        if (userRepo.findByKeychip(keychipId) != null || keyChipRepo.existsByKeychipId(keychipId)) return true
+        return false
+    }
+
    fun checkUsername(username: Str) = username.apply {
        // Check if username is valid
        if (length < 2) 400 - "Username must be at least 2 letters"
--- a/src/main/java/icu/samnyan/aqua/sega/aimedb/AimeDB.kt
+++ b/src/main/java/icu/samnyan/aqua/sega/aimedb/AimeDB.kt
@ -1,6 +1,7 @@
 package icu.samnyan.aqua.sega.aimedb

 import ext.toHex
+import icu.samnyan.aqua.net.db.AquaUserServices
 import icu.samnyan.aqua.sega.general.model.Card
 import icu.samnyan.aqua.sega.general.service.CardService
 import io.netty.buffer.ByteBuf
@ -22,7 +23,8 @@ import kotlin.jvm.optionals.getOrNull
@Component
@ChannelHandler.Sharable
 class AimeDB(
-    val cardService: CardService
+    val cardService: CardService,
+    val us: AquaUserServices,
 ): ChannelInboundHandlerAdapter() {
    val logger: Logger = LoggerFactory.getLogger(AimeDB::class.java)

@ -53,20 +55,22 @@ class AimeDB(
     * Handle the incoming request
     */
    override fun channelRead(ctx: ChannelHandlerContext, msg: Any) {
-        if (msg is Map<*, *>) {
+        if (msg !is Map<*, *>) return
+        try {
            val type = msg["type"] as Int
            val data = msg["data"] as ByteBuf
            val base = getBaseInfo(data)
-            val handler = handlers[type] ?: let {
-                logger.error("AimeDB: Unknown request type 0x${type.toString(16)}")
-                ctx.flush()
-                return
-            }
+            val handler = handlers[type] ?: return logger.error("AimeDB: Unknown request type 0x${type.toString(16)}")

            logger.info("AimeDB /${handler.name} : (game ${base.gameId}, keychip ${base.keychipId})")

+            // Check keychip
+            if (!us.validKeychip(base.keychipId)) return logger.warn("> Rejected: Keychip not found")
+
            handler.fn(data)?.let { ctx.write(it) }
+        } finally {
            ctx.flush()
+            ctx.close()
        }
    }