Merge branch 'develop' into fork_develop

This commit is contained in:
Dniel97 2023-02-28 23:45:34 +01:00
commit 435a098fe0
Signed by untrusted user: Dniel97
GPG Key ID: 6180B3C768FB2E08
7 changed files with 141 additions and 28 deletions

View File

@ -18,7 +18,7 @@ server {
}
}
# SSL titles
# SSL titles, comment out if you don't plan on accepting SSL titles
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
@ -57,4 +57,99 @@ server {
location / {
proxy_pass http://localhost:8444/;
}
}
# Pokken, comment this out if you don't plan on serving pokken.
server {
listen 443 ssl;
server_name pokken.hostname.here;
ssl_certificate /path/to/cert/pokken.pem;
ssl_certificate_key /path/to/cert/pokken.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers "ALL:@SECLEVEL=1";
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://localhost:8080/;
}
}
# CXB, comment this out if you don't plan on serving crossbeats.
server {
listen 443 ssl;
server_name cxb.hostname.here;
ssl_certificate /path/to/cert/cxb.pem;
ssl_certificate_key /path/to/cert/cxb.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers "ALL:@SECLEVEL=1";
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://localhost:8080/SDBT/104/;
}
}
# CXB, comment this out if you don't plan on serving crossbeats.
server {
listen 443 ssl;
server_name cxb.hostname.here;
ssl_certificate /path/to/cert/cxb.pem;
ssl_certificate_key /path/to/cert/cxb.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers "ALL:@SECLEVEL=1";
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://localhost:8080/SDBT/104/;
}
}
# Frontend, set to redirect to HTTPS. Comment out if you don't intend to use the frontend
server {
listen 80;
server_name frontend.hostname.here
location / {
return 301 https://$host$request_uri;
# If you don't want https redirection, comment the line above and uncomment the line below
# proxy_pass http://localhost:8090/;
}
}
# Frontend HTTPS. Comment out if you on't intend to use the frontend
server {
listen 443 ssl;
ssl_certificate /path/to/cert/frontend.pem;
ssl_certificate_key /path/to/cert/frontend.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
location / {
proxy_pass http://localhost:8090/;
}
}

View File

@ -1,8 +1,6 @@
server:
enable: True
loglevel: "info"
hostname: "localhost"
ssl_enable: False
port: 9000
port_matching: 9001
ssl_cert: cert/pokken.crt

View File

@ -1,7 +1,9 @@
from titles.pokken.index import PokkenServlet
from titles.pokken.const import PokkenConstants
from titles.pokken.database import PokkenData
index = PokkenServlet
database = PokkenData
use_default_title = True
include_protocol = True

View File

@ -12,14 +12,6 @@ class PokkenServerConfig():
def loglevel(self) -> int:
return CoreConfig.str_to_loglevel(CoreConfig.get_config_field(self.__config, 'pokken', 'server', 'loglevel', default="info"))
@property
def hostname(self) -> str:
return CoreConfig.get_config_field(self.__config, 'pokken', 'server', 'hostname', default="localhost")
@property
def ssl_enable(self) -> bool:
return CoreConfig.get_config_field(self.__config, 'pokken', 'server', 'ssl_enable', default=False)
@property
def port(self) -> int:
return CoreConfig.get_config_field(self.__config, 'pokken', 'server', 'port', default=9000)

View File

@ -0,0 +1,6 @@
from core.data import Data
from core.config import CoreConfig
class PokkenData(Data):
def __init__(self, cfg: CoreConfig) -> None:
super().__init__(cfg)

View File

@ -5,7 +5,8 @@ import yaml
import logging, coloredlogs
from logging.handlers import TimedRotatingFileHandler
from titles.pokken.proto import jackal_pb2
from google.protobuf import text_format
from os import path
from google.protobuf.message import DecodeError
from core.config import CoreConfig
from titles.pokken.config import PokkenConfig
@ -41,27 +42,46 @@ class PokkenServlet(resource.Resource):
self.base = PokkenBase(core_cfg, self.game_cfg)
def setup(self):
if self.game_cfg.server.enable:
if self.core_cfg.server.is_develop and self.game_cfg.server.ssl_enable:
"""
There's currently no point in having this server on because Twisted
won't play ball with both the fact that it's TLSv1.1, and because the
types of certs that pokken will accept are too flimsy for Twisted
so it will throw a fit. Currently leaving this here in case a bypass
is discovered in the future, but it's unlikly. For now, just use NGINX.
"""
if self.game_cfg.server.enable and self.core_cfg.server.is_develop:
key_exists = path.exists(self.game_cfg.server.ssl_key)
cert_exists = path.exists(self.game_cfg.server.ssl_cert)
if key_exists and cert_exists:
endpoints.serverFromString(reactor, f"ssl:{self.game_cfg.server.port}"\
f":interface={self.game_cfg.server.hostname}:privateKey={self.game_cfg.server.ssl_key}:"\
f":interface={self.core_cfg.server.listen_address}:privateKey={self.game_cfg.server.ssl_key}:"\
f"certKey={self.game_cfg.server.ssl_cert}")\
.listen(server.Site(PokkenServlet(self.core_cfg, self.config_dir)))
.listen(server.Site(self))
self.logger.info(f"Pokken title server ready on port {self.game_cfg.server.port}")
else:
endpoints.serverFromString(reactor, f"tcp:{self.game_cfg.server.port}"\
f":interface={self.game_cfg.server.hostname}")\
.listen(server.Site(PokkenServlet(self.core_cfg, self.config_dir)))
self.logger.error(f"Could not find cert at {self.game_cfg.server.ssl_key} or key at {self.game_cfg.server.ssl_cert}, Pokken not running.")
self.logger.info(f"Pokken title server ready on port {self.game_cfg.server.port}")
def render_POST(self, request: Request, version: int, endpoints: str) -> bytes:
req_url = request.uri.decode()
if req_url == "/matching":
def render_POST(self, request: Request, version: int = 0, endpoints: str = "") -> bytes:
if endpoints == "":
endpoints = request.uri.decode()
if endpoints.startswith("/matching"):
self.logger.info("Matching request")
content = request.content.getvalue()
if content == b"":
self.logger.info("Empty request")
return b""
pokken_request = jackal_pb2.Request()
pokken_request.ParseFromString(request.content.getvalue())
try:
pokken_request.ParseFromString(content)
except DecodeError as e:
self.logger.warn(f"{e} {content}")
return b""
endpoint = jackal_pb2.MessageType(pokken_request.type).name.lower()
self.logger.info(f"{endpoint} request")

View File

@ -810,9 +810,9 @@ class WaccaBase():
if "always_vip" in profile and profile["always_vip"] or self.game_config.mods.always_vip:
return UserVipStartResponse(int((self.srvtime + timedelta(days=req.days)).timestamp())).make()
profile["vip_expire_time"] = int((self.srvtime + timedelta(days=req.days)).timestamp())
self.data.profile.update_vip_time(req.profileId, self.srvtime + timedelta(days=req.days))
return UserVipStartResponse(profile["vip_expire_time"]).make()
vip_exp_time = (self.srvtime + timedelta(days=req.days))
self.data.profile.update_vip_time(req.profileId, vip_exp_time)
return UserVipStartResponse(int(vip_exp_time.timestamp())).make()
def util_put_items(self, profile_id: int, user_id: int, items_obtained: List[GenericItemRecv]) -> None:
if user_id is None or profile_id <= 0: