From 2fff6ae41e0623fdb0d37565ba74a8488817fae2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20N=C3=A9grier?= Date: Tue, 14 Dec 2021 18:55:41 +0100 Subject: [PATCH] Improving code security by adding stricter typings --- front/src/Connexion/ConnectionManager.ts | 7 +++-- front/src/Connexion/Room.ts | 31 ++++++++++++------- front/src/Messages/JsonMessages/.gitignore | 2 ++ .../JsonMessages}/CharacterTexture.ts | 0 .../JsonMessages}/MapDetailsData.ts | 4 +-- .../JsonMessages}/RoomRedirect.ts | 0 messages/package.json | 7 +++-- messages/yarn.lock | 5 +++ .../src/Controller/AuthenticateController.ts | 4 +-- pusher/src/Controller/MapController.ts | 2 +- pusher/src/Messages/JsonMessages/.gitignore | 2 ++ pusher/src/Services/SocketManager.ts | 4 +-- 12 files changed, 45 insertions(+), 23 deletions(-) create mode 100644 front/src/Messages/JsonMessages/.gitignore rename {pusher/src/Services/AdminApi => messages/JsonMessages}/CharacterTexture.ts (100%) rename {pusher/src/Services/AdminApi => messages/JsonMessages}/MapDetailsData.ts (87%) rename {pusher/src/Services/AdminApi => messages/JsonMessages}/RoomRedirect.ts (100%) create mode 100644 pusher/src/Messages/JsonMessages/.gitignore diff --git a/front/src/Connexion/ConnectionManager.ts b/front/src/Connexion/ConnectionManager.ts index 05d84367..39bb079c 100644 --- a/front/src/Connexion/ConnectionManager.ts +++ b/front/src/Connexion/ConnectionManager.ts @@ -11,6 +11,7 @@ import { loginSceneVisibleIframeStore } from "../Stores/LoginSceneStore"; import { userIsConnected } from "../Stores/MenuStore"; import { analyticsClient } from "../Administration/AnalyticsClient"; import { axiosWithRetry } from "./AxiosUtils"; +import axios from "axios"; class ConnectionManager { private localUser!: LocalUser; @@ -192,11 +193,11 @@ class ConnectionManager { analyticsClient.loggedWithSso(); } catch (err) { console.error(err); - //if user must to be connect in current room or pusher error is not openid provier access error - //try to connected with function loadOpenIDScreen + // if the user must be connected in the current room or if the pusher error is not openid provider access error + // try to connect with function loadOpenIDScreen if ( this._currentRoom.authenticationMandatory || - (err.response?.data && err.response.data !== "User cannot to be connected on openid provier") + (axios.isAxiosError(err) && err.response?.data && err.response.data !== "User cannot to be connected on openid provider") ) { this.loadOpenIDScreen(); return Promise.reject(new Error("You will be redirect on login page")); diff --git a/front/src/Connexion/Room.ts b/front/src/Connexion/Room.ts index 044d8d67..15ac9502 100644 --- a/front/src/Connexion/Room.ts +++ b/front/src/Connexion/Room.ts @@ -5,6 +5,8 @@ import type { CharacterTexture } from "./LocalUser"; import { localUserStore } from "./LocalUserStore"; import axios from "axios"; import { axiosWithRetry } from "./AxiosUtils"; +import {isMapDetailsData} from "../../../pusher/src/Messages/JsonMessages/MapDetailsData"; +import {isRoomRedirect} from "../Messages/JsonMessages/RoomRedirect"; export class MapDetail { constructor(public readonly mapUrl: string, public readonly textures: CharacterTexture[] | undefined) {} @@ -101,27 +103,34 @@ export class Room { }); const data = result.data; - if (data.redirectUrl) { + + if (isRoomRedirect(data.redirectUrl)) { return { redirectUrl: data.redirectUrl as string, }; + } else if (isMapDetailsData(data)) { + console.log("Map ", this.id, " resolves to URL ", data.mapUrl); + this._mapUrl = data.mapUrl; + this._textures = data.textures; + this._group = data.group; + this._authenticationMandatory = + data.authenticationMandatory != null ? data.authenticationMandatory : DISABLE_ANONYMOUS; + this._iframeAuthentication = data.iframeAuthentication || OPID_LOGIN_SCREEN_PROVIDER; + this._contactPage = data.contactPage || CONTACT_URL; + return new MapDetail(data.mapUrl, data.textures); + } else { + throw new Error('Data received by the /map endpoint of the Pusher is not in a valid format.'); } - console.log("Map ", this.id, " resolves to URL ", data.mapUrl); - this._mapUrl = data.mapUrl; - this._textures = data.textures; - this._group = data.group; - this._authenticationMandatory = - data.authenticationMandatory != null ? data.authenticationMandatory : DISABLE_ANONYMOUS; - this._iframeAuthentication = data.iframeAuthentication || OPID_LOGIN_SCREEN_PROVIDER; - this._contactPage = data.contactPage || CONTACT_URL; - return new MapDetail(data.mapUrl, data.textures); + } catch (e) { if (axios.isAxiosError(e) && e.response?.status == 401 && e.response?.data === "Token decrypted error") { console.warn("JWT token sent could not be decrypted. Maybe it expired?"); localUserStore.setAuthToken(null); window.location.assign("/login"); - } else { + } else if (axios.isAxiosError(e)) { console.error("Error => getMapDetail", e, e.response); + } else { + console.error("Error => getMapDetail", e); } throw e; } diff --git a/front/src/Messages/JsonMessages/.gitignore b/front/src/Messages/JsonMessages/.gitignore new file mode 100644 index 00000000..d6b7ef32 --- /dev/null +++ b/front/src/Messages/JsonMessages/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/pusher/src/Services/AdminApi/CharacterTexture.ts b/messages/JsonMessages/CharacterTexture.ts similarity index 100% rename from pusher/src/Services/AdminApi/CharacterTexture.ts rename to messages/JsonMessages/CharacterTexture.ts diff --git a/pusher/src/Services/AdminApi/MapDetailsData.ts b/messages/JsonMessages/MapDetailsData.ts similarity index 87% rename from pusher/src/Services/AdminApi/MapDetailsData.ts rename to messages/JsonMessages/MapDetailsData.ts index 7a1f57ff..d359edf2 100644 --- a/pusher/src/Services/AdminApi/MapDetailsData.ts +++ b/messages/JsonMessages/MapDetailsData.ts @@ -1,7 +1,6 @@ import * as tg from "generic-type-guard"; -import { GameRoomPolicyTypes } from "_Model/PusherRoom"; import { isCharacterTexture } from "./CharacterTexture"; -import { isAny, isNumber } from "generic-type-guard"; +import { isNumber } from "generic-type-guard"; /*const isNumericEnum = (vs: T) => @@ -17,6 +16,7 @@ export const isMapDetailsData = new tg.IsInterface() textures: tg.isArray(isCharacterTexture), contactPage: tg.isUnion(tg.isString, tg.isUndefined), authenticationMandatory: tg.isUnion(tg.isBoolean, tg.isUndefined), + group: tg.isString, }) .get(); diff --git a/pusher/src/Services/AdminApi/RoomRedirect.ts b/messages/JsonMessages/RoomRedirect.ts similarity index 100% rename from pusher/src/Services/AdminApi/RoomRedirect.ts rename to messages/JsonMessages/RoomRedirect.ts diff --git a/messages/package.json b/messages/package.json index 636f4647..d4906977 100644 --- a/messages/package.json +++ b/messages/package.json @@ -7,10 +7,13 @@ "copy-to-back": "rm -rf ../back/src/Messages/generated && cp -rf generated/ ../back/src/Messages/generated", "copy-to-front": "rm -rf ../front/src/Messages/generated && cp -rf generated/ ../front/src/Messages/generated", "copy-to-pusher": "rm -rf ../pusher/src/Messages/generated && cp -rf generated/ ../pusher/src/Messages/generated", - "proto-all": "yarn run proto && yarn run copy-to-back && yarn run copy-to-front && yarn run copy-to-pusher", - "proto:watch": "yarn run proto-all; inotifywait -q -m -e close_write protos/messages.proto | while read -r filename event; do yarn run proto-all; done" + "json-copy-to-pusher": "rm -rf ../pusher/src/Messages/JsonMessages/* && cp -rf JsonMessages/* ../pusher/src/Messages/JsonMessages/", + "json-copy-to-front": "rm -rf ../front/src/Messages/JsonMessages/* && cp -rf JsonMessages/* ../front/src/Messages/JsonMessages/", + "proto-all": "yarn run proto && yarn run copy-to-back && yarn run copy-to-front && yarn run copy-to-pusher && yarn run json-copy-to-pusher && yarn run json-copy-to-front", + "proto:watch": "yarn run proto-all; inotifywait -q -m -e close_write protos/messages.proto JsonMessages/ | while read -r filename event; do yarn run proto-all; done" }, "dependencies": { + "generic-type-guard": "^3.5.0", "google-protobuf": "^3.13.0", "grpc": "^1.24.4" }, diff --git a/messages/yarn.lock b/messages/yarn.lock index 2c9d3000..2f4a00bf 100644 --- a/messages/yarn.lock +++ b/messages/yarn.lock @@ -1788,6 +1788,11 @@ gauge@~2.7.3: strip-ansi "^3.0.1" wide-align "^1.1.0" +generic-type-guard@^3.5.0: + version "3.5.0" + resolved "https://registry.yarnpkg.com/generic-type-guard/-/generic-type-guard-3.5.0.tgz#39de9f8fceee65d79e7540959f0e7b23210c07b6" + integrity sha512-OpgXv/sbRobhFboaSyN/Tsh97Sxt5pcfLLxCiYZgYIIWFFp+kn2EzAXiaQZKEVRlq1rOE/zh8cYhJXEwplbJiQ== + get-caller-file@^2.0.1: version "2.0.5" resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e" diff --git a/pusher/src/Controller/AuthenticateController.ts b/pusher/src/Controller/AuthenticateController.ts index 47d35fab..e2089c89 100644 --- a/pusher/src/Controller/AuthenticateController.ts +++ b/pusher/src/Controller/AuthenticateController.ts @@ -83,7 +83,7 @@ export class AuthenticateController extends BaseController { console.error("Token cannot to be check on OpenId provider"); res.writeStatus("500"); res.writeHeader("Access-Control-Allow-Origin", FRONT_URL); - res.end("User cannot to be connected on openid provier"); + res.end("User cannot to be connected on openid provider"); return; } @@ -105,7 +105,7 @@ export class AuthenticateController extends BaseController { console.error("User cannot to be connected on OpenId provider => ", err); res.writeStatus("500"); res.writeHeader("Access-Control-Allow-Origin", FRONT_URL); - res.end("User cannot to be connected on openid provier"); + res.end("User cannot to be connected on openid provider"); return; } const email = userInfo.email || userInfo.sub; diff --git a/pusher/src/Controller/MapController.ts b/pusher/src/Controller/MapController.ts index 23eef566..3277bd84 100644 --- a/pusher/src/Controller/MapController.ts +++ b/pusher/src/Controller/MapController.ts @@ -4,7 +4,7 @@ import { parse } from "query-string"; import { adminApi } from "../Services/AdminApi"; import { ADMIN_API_URL, DISABLE_ANONYMOUS, FRONT_URL } from "../Enum/EnvironmentVariable"; import { GameRoomPolicyTypes } from "../Model/PusherRoom"; -import { isMapDetailsData, MapDetailsData } from "../Services/AdminApi/MapDetailsData"; +import { isMapDetailsData, MapDetailsData } from "../Messages/JsonMessages/MapDetailsData"; import { socketManager } from "../Services/SocketManager"; import { AuthTokenData, jwtTokenManager } from "../Services/JWTTokenManager"; import { v4 } from "uuid"; diff --git a/pusher/src/Messages/JsonMessages/.gitignore b/pusher/src/Messages/JsonMessages/.gitignore new file mode 100644 index 00000000..d6b7ef32 --- /dev/null +++ b/pusher/src/Messages/JsonMessages/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/pusher/src/Services/SocketManager.ts b/pusher/src/Services/SocketManager.ts index 083840e4..f66e20fc 100644 --- a/pusher/src/Services/SocketManager.ts +++ b/pusher/src/Services/SocketManager.ts @@ -47,8 +47,8 @@ import { GroupDescriptor, UserDescriptor, ZoneEventListener } from "_Model/Zone" import Debug from "debug"; import { ExAdminSocketInterface } from "_Model/Websocket/ExAdminSocketInterface"; import { WebSocket } from "uWebSockets.js"; -import { isRoomRedirect } from "./AdminApi/RoomRedirect"; -import { CharacterTexture } from "./AdminApi/CharacterTexture"; +import { isRoomRedirect } from "../Messages/JsonMessages/RoomRedirect"; +import { CharacterTexture } from "../Messages/JsonMessages/CharacterTexture"; const debug = Debug("socket");