Token verification

2025-12-24 13:11:29 +00:00 · 2014-08-18 20:27:15 -07:00 · 2014-08-18 20:27:15 -07:00 · ca86763c2b
commit ca86763c2b
parent a602640188
6 changed files with 59 additions and 8 deletions
--- a/common/shareddb.cpp
+++ b/common/shareddb.cpp
@ -2179,3 +2179,35 @@ void SharedDatabase::SetBotInspectMessage(uint32 botid, const InspectMessage_Str

 	safe_delete_array(query);
 }
+
+bool SharedDatabase::VerifyToken(std::string token, int& status) {
+	char errbuf[MYSQL_ERRMSG_SIZE];
+	char *query = 0;
+	MYSQL_RES *result;
+	MYSQL_ROW row;
+	bool res = false;
+	status = 0;
+	if(token.length() > 64) {
+		token = token.substr(0, 64);
+	}
+
+	token = EscapeString(token);
+	
+	if (RunQuery(query, MakeAnyLenString(&query, "SELECT status FROM tokens WHERE token='%s'", token.c_str()), errbuf, &result)) {
+		safe_delete_array(query);
+
+		row = mysql_fetch_row(result);
+		if(row) {
+			status = atoi(row[0]);
+			res = true;
+		}
+
+		mysql_free_result(result);
+	}
+	else {
+		std::cerr << "Error in SharedDatabase::VerifyToken query '" << query << "' " << errbuf << std::endl;
+		safe_delete_array(query);
+	}
+	
+	return res;
+}
--- a/common/shareddb.h
+++ b/common/shareddb.h
@ -75,6 +75,9 @@ public:
 	ItemInst* CreateItem(const Item_Struct* item, int16 charges=0, uint32 aug1=0, uint32 aug2=0, uint32 aug3=0, uint32 aug4=0, uint32 aug5=0);
 	ItemInst* CreateBaseItem(const Item_Struct* item, int16 charges=0);

+	// Web Token Verification
+	bool VerifyToken(std::string token, int& status);
+	
 	/*
 	* Shared Memory crap
 	*/
--- a/web_interface/method_handler.cpp
+++ b/web_interface/method_handler.cpp
@ -35,9 +35,9 @@ void handle_method_token_auth(per_session_data_eqemu *session, rapidjson::Docume
 	
 	session->auth = document["params"][(rapidjson::SizeType)0].GetString();
 	if (!CheckTokenAuthorization(session)) {
-		WriteWebCallResponseBoolean(session, document, "false", false);
+		WriteWebCallResponseBoolean(session, document, false, false);
 	} else {
-		WriteWebCallResponseBoolean(session, document, "true", false);
+		WriteWebCallResponseBoolean(session, document, true, false);
 	}
 }

--- a/web_interface/remote_call.cpp
+++ b/web_interface/remote_call.cpp
@ -1,6 +1,8 @@
 #include "web_interface.h"
 #include "remote_call.h"

+extern SharedDatabase *db;
+
 void WriteWebCallResponseString(per_session_data_eqemu *session, rapidjson::Document &doc, std::string result, bool error, bool send_no_id) {
 	if (doc.HasMember("id") || send_no_id) {
 		rapidjson::StringBuffer s;
@ -95,10 +97,13 @@ void WriteWebCallResponseBoolean(per_session_data_eqemu *session, rapidjson::Doc
 }

 int CheckTokenAuthorization(per_session_data_eqemu *session) {
-	//todo: actually check this against a table of tokens that is updated periodically
-	//right now i have just one entry harded coded for testing purposes
-	if (session->auth.compare("c5b80ec8-4174-4c4c-d332-dbf3c3a551fc") == 0) {
-		return 255;
+	if(db) {
+		int status;
+		if(db->VerifyToken(session->auth, status)) {
+			return status;
+		} else {
+			return 0;
+		}
 	}

 	return 0;
--- a/web_interface/web_interface.cpp
+++ b/web_interface/web_interface.cpp
@ -7,6 +7,7 @@ TimeoutManager timeout_manager;
 const EQEmuConfig *config = nullptr;
 WorldServer *worldserver = nullptr;
 libwebsocket_context *context = nullptr;
+SharedDatabase *db = nullptr;
 std::map<std::string, per_session_data_eqemu*> sessions;
 std::map<std::string, std::pair<int, MethodHandler>> authorized_methods;
 std::map<std::string, MethodHandler> unauthorized_methods;
@ -15,7 +16,7 @@ void CatchSignal(int sig_num) {
 	run = false;
 	if(worldserver)
 		worldserver->Disconnect();
-		
+	
 	if(context)
 		libwebsocket_cancel_service(context);
 }
@ -169,7 +170,15 @@ int main() {
 		return 1;
 	}

-	worldserver = new WorldServer(config->SharedKey); 
+	db = new SharedDatabase();
+	_log(WEB_INTERFACE__TRACE, "Connecting to database...");
+	if(!db->Connect(config->DatabaseHost.c_str(), config->DatabaseUsername.c_str(),
+		config->DatabasePassword.c_str(), config->DatabaseDB.c_str(), config->DatabasePort)) {
+		_log(WEB_INTERFACE__TRACE, "Unable to connect to the database, cannot continue without a database connection");
+		return 1;
+	}
+
+	worldserver = new WorldServer(config->SharedKey);
 	worldserver->Connect();
 	writable_socket_timer.Start(10);

@ -193,6 +202,7 @@ int main() {
 	}

 	safe_delete(worldserver);
+	safe_delete(db);
 	libwebsocket_context_destroy(context);

 	return 0;
--- a/web_interface/web_interface.h
+++ b/web_interface/web_interface.h
@ -29,6 +29,7 @@
 #include "../common/web_interface_utils.h"
 #include "../common/StringUtil.h"
 #include "../common/uuid.h"
+#include "../common/shareddb.h"
 #include "worldserver.h"
 #include "lib/libwebsockets.h"
 #include "rapidjson/document.h"