2015-03-03 22:10:12 +00:00
|
|
|
import base64
|
|
|
|
from direct.directnotify.DirectNotifyGlobal import directNotify
|
|
|
|
import json
|
|
|
|
import time
|
|
|
|
|
|
|
|
from Crypto.Cipher import AES
|
|
|
|
|
|
|
|
|
|
|
|
UNKNOWN = 700
|
|
|
|
USER = 100
|
|
|
|
COMMUNITY_MANAGER = 200
|
|
|
|
MODERATOR = 300
|
|
|
|
ARTIST = 400
|
|
|
|
PROGRAMMER = 500
|
|
|
|
ADMINISTRATOR = 600
|
2015-04-27 11:35:09 +00:00
|
|
|
SYSTEM_ADMINISTRATOR = 700
|
|
|
|
|
2015-03-03 22:10:12 +00:00
|
|
|
|
|
|
|
class RPCMethod:
|
|
|
|
def __init__(self, accessLevel=UNKNOWN):
|
|
|
|
self.accessLevel = accessLevel
|
|
|
|
|
|
|
|
def __call__(self, method):
|
|
|
|
method.accessLevel = self.accessLevel
|
|
|
|
return method
|
|
|
|
|
|
|
|
|
|
|
|
rpcmethod = RPCMethod
|
|
|
|
|
|
|
|
|
|
|
|
class ToontownRPCHandlerBase:
|
|
|
|
notify = directNotify.newCategory('ToontownRPCHandlerBase')
|
|
|
|
|
|
|
|
def __init__(self, air):
|
|
|
|
self.air = air
|
|
|
|
|
|
|
|
def authenticate(self, token, method):
|
|
|
|
"""
|
|
|
|
Ensure the provided token is valid, and meets the access level
|
|
|
|
requirements of the method.
|
|
|
|
"""
|
|
|
|
# First, base64 decode the token:
|
|
|
|
try:
|
|
|
|
token = base64.b64decode(token)
|
|
|
|
except TypeError:
|
|
|
|
return (-32001, 'Token decode failure')
|
|
|
|
|
|
|
|
# Ensure this token is a valid size:
|
|
|
|
if (not token) or ((len(token) % 16) != 0):
|
|
|
|
return (-32002, 'Invalid token length')
|
|
|
|
|
|
|
|
# Next, decrypt the token using AES-128 in CBC mode:
|
|
|
|
rpcServerSecret = config.GetString('rpc-server-secret', '6163636f756e7473')
|
|
|
|
|
|
|
|
# Ensure that our secret is the correct size:
|
|
|
|
if len(rpcServerSecret) > AES.block_size:
|
|
|
|
self.notify.error('rpc-server-secret is too big!')
|
|
|
|
elif len(rpcServerSecret) < AES.block_size:
|
|
|
|
self.notify.error('rpc-server-secret is too small!')
|
|
|
|
|
|
|
|
# Take the initialization vector off the front of the token:
|
|
|
|
iv = token[:AES.block_size]
|
|
|
|
|
|
|
|
# Truncate the token to get our cipher text:
|
|
|
|
cipherText = token[AES.block_size:]
|
|
|
|
|
|
|
|
# Decrypt!
|
|
|
|
cipher = AES.new(rpcServerSecret, mode=AES.MODE_CBC, IV=iv)
|
|
|
|
try:
|
|
|
|
token = json.loads(cipher.decrypt(cipherText).replace('\x00', ''))
|
|
|
|
if ('timestamp' not in token) or (not isinstance(token['timestamp'], int)):
|
|
|
|
raise ValueError
|
|
|
|
if ('accesslevel' not in token) or (not isinstance(token['accesslevel'], int)):
|
|
|
|
raise ValueError
|
|
|
|
except ValueError:
|
|
|
|
return (-32003, 'Invalid token')
|
|
|
|
|
|
|
|
# Next, check if this token has expired:
|
|
|
|
period = config.GetInt('rpc-token-period', 5)
|
|
|
|
delta = int(time.time()) - token['timestamp']
|
|
|
|
if delta > period:
|
|
|
|
return (-32004, 'Token expired')
|
|
|
|
|
|
|
|
if token['accesslevel'] < method.accessLevel:
|
|
|
|
return (-32005, 'Insufficient access')
|