RLGWebD: rlgwebd.js comparison

comparison rlgwebd.js @ 39:e8ac0e3d2614

RLG-Web: separate logging in and starting a game. The user now logs in with a username and password, receiving a token which is then used for any actions requiring authentication. Starting a game is one such action. Games use a different set of id keys. This allows users to supply their passwords once and then play any number of successive games. Also, newly registered users do not need to supply their passwords again.

author	John "Elwin" Edwards <elwin@sdf.org>
date	Thu, 07 Jun 2012 15:43:06 -0700
parents	353be34de307
children	f7116eb3f791

comparison

equal deleted inserted replaced

-:b06a14876645
+:e8ac0e3d2614
 var dropToUID = 501;
 var dropToGID = 501;
 var serveStaticRoot = "/var/www/"; // inside the chroot
 var playtimeout = 3600000; // Idle time before games are autosaved, in ms
-/* Global state */
+/* Data on the games available. */
-var sessions = {};
-var allowlogin = true;
 var games = {
 "rogue3": {
 "name": "Rogue V3",
 "uname": "rogue3",
 "path": "/bin/rogue3"
 "uname": "srogue",
 "path": "/bin/srogue"
 }
 };
+/* Global state */
+var logins = {};
+var sessions = {};
+var allowlogin = true;
 /* Constructor for TermSessions.  Note that it opens the terminal and
 * adds itself to the sessions dict. It currently assumes the user has
 * been authenticated.
 */
 function TermSession(game, user, files, dims) {
 return null;
 }
 this.player = user;
 /* This order seems to best avoid race conditions... */
 this.alive = false;
-this.sessid = randkey();
+this.sessid = randkey(2);
 while (this.sessid in sessions) {
-this.sessid = randkey();
+this.sessid = randkey(2);
 }
 /* Grab a spot in the sessions table. */
 sessions[this.sessid] = this;
 /* State for messaging. */
 this.nsend = 0;
 sd = dd.toISOString();
 sd = sd.slice(0, sd.indexOf("."));
 return sd.replace("T", ".");
 }
-function randkey() {
+function randkey(words) {
-rnum = Math.floor(Math.random() * 65536 * 65536);
+if (!words || !(words > 0))
-hexstr = rnum.toString(16);
+words = 1;
-while (hexstr.length < 8)
+function rand32() {
-hexstr = "0" + hexstr;
+rnum = Math.floor(Math.random() * 65536 * 65536);
-return hexstr;
+hexstr = rnum.toString(16);
+while (hexstr.length < 8)
+hexstr = "0" + hexstr;
+return hexstr;
+}
+var key = "";
+for (var i = 0; i < words; i++)
+key += rand32();
+return key;
 }
 function tslog() {
 arguments[0] = new Date().toISOString() + ": " + String(arguments[0]);
 console.log.apply(console, arguments);
 function login(req, res, formdata) {
 if (!allowlogin) {
 sendError(res, 6, null);
 return;
 }
-if (!("game" in formdata)) {
+if (!("name" in formdata)) {
-sendError(res, 2, "No game specified.");
-return;
-}
-else if (!("name" in formdata)) {
 sendError(res, 2, "Username not given.");
 return;
 }
 else if (!("pw" in formdata)) {
 sendError(res, 2, "Password not given.");
 return;
 }
-var username = formdata["name"];
+var username = String(formdata["name"]);
-var password = formdata["pw"];
+var password = String(formdata["pw"]);
+function checkit(code, signal) {
+/* Checks the exit status, see sqlickrypt.c for details. */
+if (code != 0) {
+sendError(res, 3);
+if (code == 1)
+tslog("Password check failed for user %s", username);
+else if (code == 2)
+tslog("Attempted login by nonexistent user %s", username);
+else
+tslog("Login failed: sqlickrypt error %d", code);
+return;
+}
+var lkey = randkey(2);
+while (lkey in logins)
+lkey = randkey(2);
+logins[lkey] = {"name": username, "ts": new Date()};
+res.writeHead(200, {'Content-Type': 'application/json'});
+var reply = {"t": "l", "k": lkey, "u": username};
+res.write(JSON.stringify(reply));
+res.end();
+tslog("%s has logged in (key %s)", username, lkey);
+return;
+}
+/* Launch the sqlickrypt utility to check the password. */
+var pwchecker = child_process.spawn("/bin/sqlickrypt", ["check"]);
+pwchecker.on("exit", checkit);
+pwchecker.stdin.end(username + '\n' + password + '\n', "utf8");
+return;
+}
+function startgame(req, res, formdata) {
+if (!allowlogin) {
+sendError(res, 6, null);
+return;
+}
+if (!("key" in formdata)) {
+sendError(res, 2, "No key given.");
+return;
+}
+else if (!("game" in formdata)) {
+sendError(res, 2, "No game specified.");
+return;
+}
+var lkey = String(formdata["key"]);
+if (!(lkey in logins)) {
+sendError(res, 1, null);
+return;
+}
+else {
+logins[lkey].ts = new Date();
+}
+var username = logins[lkey].name;
 var gname = formdata["game"];
 var dims = [formdata["h"], formdata["w"]];
 if (!(gname in games)) {
 sendError(res, 2, "No such game: " + gname);
 tslog("Request for nonexistant game \"%s\"", gname);
 return;
 }
+// check for an existing game
 var progressdir = "/dgldir/inprogress-" + games[gname].uname;
+fs.readdir(progressdir, function(err, files) {
-// This sets up the game once starting is approved.
+if (!err) {
-function startgame() {
+var fre = RegExp("^" + username + ":");
+for (var i = 0; i < files.length; i++) {
+if (files[i].match(fre)) {
+sendError(res, 4, null);
+tslog("%s is already playing %s", username, gname);
+return;
+}
+}
+}
+// Game starting has been approved.
 var ts = timestamp();
 var lockfile = path.join(progressdir, username + ":node:" + ts + ".ttyrec");
 var ttyrec = path.join("/dgldir/ttyrec", username, gname, ts + ".ttyrec");
 var nsession = new TermSession(gname, username, [lockfile, ttyrec], dims);
 if (nsession) {
 }
 else {
 sendError(res, 5, "Failed to open TTY");
 tslog("Unable to allocate TTY for %s", gname);
 }
-}
+});
-function checkit(code, signal) {
-// check the password
-if (code != 0) {
-sendError(res, 3);
-if (code == 1)
-tslog("Password check failed for user %s", username);
-else if (code == 2)
-tslog("Attempted login by nonexistent user %s", username);
-else
-tslog("Login failed: sqlickrypt error %d", code);
-return;
-}
-// check for an existing game
-fs.readdir(progressdir, function(err, files) {
-if (!err) {
-var fre = RegExp("^" + username + ":");
-for (var i = 0; i < files.length; i++) {
-if (files[i].match(fre)) {
-sendError(res, 4, null);
-tslog("%s is already playing %s", username, gname);
-return;
-}
-}
-}
-// If progressdir isn't readable, start a new game anyway.
-startgame();
-});
-}
-/* Launch the sqlickrypt utility to check the password. */
-var checker = child_process.spawn("/bin/sqlickrypt", ["check"]);
-checker.on("exit", checkit);
-checker.stdin.end(username + '\n' + password + '\n', "utf8");
-return;
 }
 /* Sets things up for a new user, like dgamelaunch's commands[register] */
 function regsetup(username) {
 function regsetup_l2(err) {
 email = "nobody@nowhere.not";
 }
 else
 email = formdata["email"];
 function checkreg(code, signal) {
-if (code == 4) {
+if (code === 0) {
-sendError(res, 2, "Invalid characters in name or email.");
+var lkey = randkey(2);
-tslog("Attempted registration: %s %s", uname, email);
+while (lkey in logins)
-}
+lkey = randkey(2);
-else if (code == 1) {
+logins[lkey] = {"name": uname, "ts": new Date()};
-sendError(res, 2, "Username " + uname + " is already being used.");
+var reply = {"t": "r", "k": lkey, "u": uname};
-tslog("Attempted duplicate registration: %s", uname);
-}
-else if (code != 0) {
-sendError(res, 0, null);
-tslog("sqlickrypt register failed with code %d", code);
-}
-else {
 res.writeHead(200, {'Content-Type': 'application/json'});
-var reply = {"t": "r", "d": uname};
 res.write(JSON.stringify(reply));
 res.end();
 tslog("Added new user: %s", uname);
 regsetup(uname);
 }
+else if (code == 4) {
+sendError(res, 2, "Invalid characters in name or email.");
+tslog("Attempted registration: %s %s", uname, email);
+}
+else if (code == 1) {
+sendError(res, 2, "Username " + uname + " is already being used.");
+tslog("Attempted duplicate registration: %s", uname);
+}
+else {
+sendError(res, 0, null);
+tslog("sqlickrypt register failed with code %d", code);
+}
 }
 var child_adder = child_process.spawn("/bin/sqlickrypt", ["register"]);
 child_adder.on("exit", checkreg);
 child_adder.stdin.end(uname + '\n' + passwd + '\n' + email + '\n', "utf8");
 return;
 }
-function logout(term, res) {
+function endgame(term, res) {
 if (!term.alive) {
-sendError(res, 1, null);
+sendError(res, 7, null);
 return;
 }
 term.close();
 var resheaders = {'Content-Type': 'application/json'};
 res.writeHead(200, resheaders);
 res.writeHead(200, { "Content-Type": "application/json" });
 res.write(JSON.stringify(reply));
 res.end();
 }
 else {
-sendError(res, 1, null);
+sendError(res, 7, null);
 }
 }
 function statusmsg(req, res) {
 var reply = {"s": allowlogin, "g": []};
 res.end();
 }
 var errorcodes = [ "Generic Error", "Not logged in", "Invalid data",
 "Login failed", "Already playing", "Game launch failed",
-"Server shutting down" ];
+"Server shutting down", "Game not in progress" ];
 function sendError(res, ecode, msg) {
 res.writeHead(200, { "Content-Type": "application/json" });
 var edict = {"t": "E"};
 if (!(ecode < errorcodes.length && ecode > 0))
 var cterm = findTermSession(formdata);
 /* First figure out if the client is POSTing to a command interface. */
 if (req.method == 'POST') {
 if (target == '/feed') {
 if (!cterm) {
-sendError(res, 1, null);
+sendError(res, 7, null);
 return;
 }
 if (formdata.t == "q") {
 /* The client wants to terminate the process. */
-logout(cterm, res);
+endgame(cterm, res);
 }
 else if (formdata.t == "d" && typeof(formdata.d) == "string") {
 /* process the keys */
 hexstr = formdata.d.replace(/[^0-9a-f]/gi, "");
 if (hexstr.length % 2 != 0) {
 login(req, res, formdata);
 }
 else if (target == "/addacct") {
 register(req, res, formdata);
 }
+else if (target == "/play") {
+startgame(req, res, formdata);
+}
 else {
 res.writeHead(405, resheaders);
 res.end();
 }
 }
 res.writeHead(200, {"Content-Type": "application/json"});
 res.end();
 return;
 }
 if (!cterm) {
-sendError(res, 1, null);
+sendError(res, 7, null);
 return;
 }
 readFeed(res, cterm);
 }
 else if (target == '/status') {