Merge branch 'develop' into fork_develop

This commit is contained in:
Dniel97 2023-02-28 23:45:34 +01:00
commit 435a098fe0
Signed by untrusted user: Dniel97
GPG Key ID: 6180B3C768FB2E08
7 changed files with 141 additions and 28 deletions

View File

@ -18,7 +18,7 @@ server {
} }
} }
# SSL titles # SSL titles, comment out if you don't plan on accepting SSL titles
server { server {
listen 443 ssl default_server; listen 443 ssl default_server;
listen [::]:443 ssl default_server; listen [::]:443 ssl default_server;
@ -58,3 +58,98 @@ server {
proxy_pass http://localhost:8444/; proxy_pass http://localhost:8444/;
} }
} }
# Pokken, comment this out if you don't plan on serving pokken.
server {
listen 443 ssl;
server_name pokken.hostname.here;
ssl_certificate /path/to/cert/pokken.pem;
ssl_certificate_key /path/to/cert/pokken.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers "ALL:@SECLEVEL=1";
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://localhost:8080/;
}
}
# CXB, comment this out if you don't plan on serving crossbeats.
server {
listen 443 ssl;
server_name cxb.hostname.here;
ssl_certificate /path/to/cert/cxb.pem;
ssl_certificate_key /path/to/cert/cxb.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers "ALL:@SECLEVEL=1";
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://localhost:8080/SDBT/104/;
}
}
# CXB, comment this out if you don't plan on serving crossbeats.
server {
listen 443 ssl;
server_name cxb.hostname.here;
ssl_certificate /path/to/cert/cxb.pem;
ssl_certificate_key /path/to/cert/cxb.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers "ALL:@SECLEVEL=1";
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://localhost:8080/SDBT/104/;
}
}
# Frontend, set to redirect to HTTPS. Comment out if you don't intend to use the frontend
server {
listen 80;
server_name frontend.hostname.here
location / {
return 301 https://$host$request_uri;
# If you don't want https redirection, comment the line above and uncomment the line below
# proxy_pass http://localhost:8090/;
}
}
# Frontend HTTPS. Comment out if you on't intend to use the frontend
server {
listen 443 ssl;
ssl_certificate /path/to/cert/frontend.pem;
ssl_certificate_key /path/to/cert/frontend.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
location / {
proxy_pass http://localhost:8090/;
}
}

View File

@ -1,8 +1,6 @@
server: server:
enable: True enable: True
loglevel: "info" loglevel: "info"
hostname: "localhost"
ssl_enable: False
port: 9000 port: 9000
port_matching: 9001 port_matching: 9001
ssl_cert: cert/pokken.crt ssl_cert: cert/pokken.crt

View File

@ -1,7 +1,9 @@
from titles.pokken.index import PokkenServlet from titles.pokken.index import PokkenServlet
from titles.pokken.const import PokkenConstants from titles.pokken.const import PokkenConstants
from titles.pokken.database import PokkenData
index = PokkenServlet index = PokkenServlet
database = PokkenData
use_default_title = True use_default_title = True
include_protocol = True include_protocol = True

View File

@ -12,14 +12,6 @@ class PokkenServerConfig():
def loglevel(self) -> int: def loglevel(self) -> int:
return CoreConfig.str_to_loglevel(CoreConfig.get_config_field(self.__config, 'pokken', 'server', 'loglevel', default="info")) return CoreConfig.str_to_loglevel(CoreConfig.get_config_field(self.__config, 'pokken', 'server', 'loglevel', default="info"))
@property
def hostname(self) -> str:
return CoreConfig.get_config_field(self.__config, 'pokken', 'server', 'hostname', default="localhost")
@property
def ssl_enable(self) -> bool:
return CoreConfig.get_config_field(self.__config, 'pokken', 'server', 'ssl_enable', default=False)
@property @property
def port(self) -> int: def port(self) -> int:
return CoreConfig.get_config_field(self.__config, 'pokken', 'server', 'port', default=9000) return CoreConfig.get_config_field(self.__config, 'pokken', 'server', 'port', default=9000)

View File

@ -0,0 +1,6 @@
from core.data import Data
from core.config import CoreConfig
class PokkenData(Data):
def __init__(self, cfg: CoreConfig) -> None:
super().__init__(cfg)

View File

@ -5,7 +5,8 @@ import yaml
import logging, coloredlogs import logging, coloredlogs
from logging.handlers import TimedRotatingFileHandler from logging.handlers import TimedRotatingFileHandler
from titles.pokken.proto import jackal_pb2 from titles.pokken.proto import jackal_pb2
from google.protobuf import text_format from os import path
from google.protobuf.message import DecodeError
from core.config import CoreConfig from core.config import CoreConfig
from titles.pokken.config import PokkenConfig from titles.pokken.config import PokkenConfig
@ -41,27 +42,46 @@ class PokkenServlet(resource.Resource):
self.base = PokkenBase(core_cfg, self.game_cfg) self.base = PokkenBase(core_cfg, self.game_cfg)
def setup(self): def setup(self):
if self.game_cfg.server.enable: """
if self.core_cfg.server.is_develop and self.game_cfg.server.ssl_enable: There's currently no point in having this server on because Twisted
endpoints.serverFromString(reactor, f"ssl:{self.game_cfg.server.port}"\ won't play ball with both the fact that it's TLSv1.1, and because the
f":interface={self.game_cfg.server.hostname}:privateKey={self.game_cfg.server.ssl_key}:"\ types of certs that pokken will accept are too flimsy for Twisted
f"certKey={self.game_cfg.server.ssl_cert}")\ so it will throw a fit. Currently leaving this here in case a bypass
.listen(server.Site(PokkenServlet(self.core_cfg, self.config_dir))) is discovered in the future, but it's unlikly. For now, just use NGINX.
"""
if self.game_cfg.server.enable and self.core_cfg.server.is_develop:
key_exists = path.exists(self.game_cfg.server.ssl_key)
cert_exists = path.exists(self.game_cfg.server.ssl_cert)
else: if key_exists and cert_exists:
endpoints.serverFromString(reactor, f"tcp:{self.game_cfg.server.port}"\ endpoints.serverFromString(reactor, f"ssl:{self.game_cfg.server.port}"\
f":interface={self.game_cfg.server.hostname}")\ f":interface={self.core_cfg.server.listen_address}:privateKey={self.game_cfg.server.ssl_key}:"\
.listen(server.Site(PokkenServlet(self.core_cfg, self.config_dir))) f"certKey={self.game_cfg.server.ssl_cert}")\
.listen(server.Site(self))
self.logger.info(f"Pokken title server ready on port {self.game_cfg.server.port}") self.logger.info(f"Pokken title server ready on port {self.game_cfg.server.port}")
def render_POST(self, request: Request, version: int, endpoints: str) -> bytes: else:
req_url = request.uri.decode() self.logger.error(f"Could not find cert at {self.game_cfg.server.ssl_key} or key at {self.game_cfg.server.ssl_cert}, Pokken not running.")
if req_url == "/matching":
def render_POST(self, request: Request, version: int = 0, endpoints: str = "") -> bytes:
if endpoints == "":
endpoints = request.uri.decode()
if endpoints.startswith("/matching"):
self.logger.info("Matching request") self.logger.info("Matching request")
content = request.content.getvalue()
if content == b"":
self.logger.info("Empty request")
return b""
pokken_request = jackal_pb2.Request() pokken_request = jackal_pb2.Request()
pokken_request.ParseFromString(request.content.getvalue()) try:
pokken_request.ParseFromString(content)
except DecodeError as e:
self.logger.warn(f"{e} {content}")
return b""
endpoint = jackal_pb2.MessageType(pokken_request.type).name.lower() endpoint = jackal_pb2.MessageType(pokken_request.type).name.lower()
self.logger.info(f"{endpoint} request") self.logger.info(f"{endpoint} request")

View File

@ -810,9 +810,9 @@ class WaccaBase():
if "always_vip" in profile and profile["always_vip"] or self.game_config.mods.always_vip: if "always_vip" in profile and profile["always_vip"] or self.game_config.mods.always_vip:
return UserVipStartResponse(int((self.srvtime + timedelta(days=req.days)).timestamp())).make() return UserVipStartResponse(int((self.srvtime + timedelta(days=req.days)).timestamp())).make()
profile["vip_expire_time"] = int((self.srvtime + timedelta(days=req.days)).timestamp()) vip_exp_time = (self.srvtime + timedelta(days=req.days))
self.data.profile.update_vip_time(req.profileId, self.srvtime + timedelta(days=req.days)) self.data.profile.update_vip_time(req.profileId, vip_exp_time)
return UserVipStartResponse(profile["vip_expire_time"]).make() return UserVipStartResponse(int(vip_exp_time.timestamp())).make()
def util_put_items(self, profile_id: int, user_id: int, items_obtained: List[GenericItemRecv]) -> None: def util_put_items(self, profile_id: int, user_id: int, items_obtained: List[GenericItemRecv]) -> None:
if user_id is None or profile_id <= 0: if user_id is None or profile_id <= 0: