diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 7e7c9014..25d2b0cd 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -120,6 +120,7 @@ jobs: uses: thecodingmachine/deeployer@master env: KUBE_CONFIG_FILE: ${{ secrets.KUBE_CONFIG_FILE }} + ADMIN_API_TOKEN: ${{ secrets.ADMIN_API_TOKEN }} with: namespace: workadventure-${{ env.GITHUB_REF_SLUG }} diff --git a/back/src/Controller/IoSocketController.ts b/back/src/Controller/IoSocketController.ts index 84bdd6b8..edb4bc81 100644 --- a/back/src/Controller/IoSocketController.ts +++ b/back/src/Controller/IoSocketController.ts @@ -148,12 +148,14 @@ export class IoSocketController { const userUuid = await jwtTokenManager.getUserUuidFromToken(token); console.log('uuid', userUuid); + let memberTags: string[] = []; if (roomIdentifier.anonymous === false) { - const isGranted = await adminApi.memberIsGrantedAccessToRoom(userUuid, roomIdentifier); - if (!isGranted) { + const grants = await adminApi.memberIsGrantedAccessToRoom(userUuid, roomIdentifier); + if (!grants.granted) { console.log('access not granted for user '+userUuid+' and room '+roomId); throw new Error('Client cannot acces this ressource.') } else { + memberTags = grants.memberTags; console.log('access granted for user '+userUuid+' and room '+roomId); } } @@ -184,7 +186,8 @@ export class IoSocketController { right, bottom, left - } + }, + tags: memberTags }, /* Spell these correctly */ websocketKey, @@ -221,6 +224,7 @@ export class IoSocketController { client.name = ws.name; client.characterLayers = ws.characterLayers; client.roomId = ws.roomId; + client.tags = ws.tags; this.sockets.set(client.userId, client); @@ -358,6 +362,7 @@ export class IoSocketController { } roomJoinedMessage.setCurrentuserid(client.userId); + roomJoinedMessage.setTagList(client.tags); const serverToClientMessage = new ServerToClientMessage(); serverToClientMessage.setRoomjoinedmessage(roomJoinedMessage); diff --git a/back/src/Model/RoomIdentifier.ts b/back/src/Model/RoomIdentifier.ts index 2cba16fd..d1516264 100644 --- a/back/src/Model/RoomIdentifier.ts +++ b/back/src/Model/RoomIdentifier.ts @@ -1,14 +1,25 @@ export class RoomIdentifier { - public anonymous: boolean; - public id:string + public readonly anonymous: boolean; + public readonly id:string + public readonly organizationSlug: string|undefined; + public readonly worldSlug: string|undefined; + public readonly roomSlug: string|undefined; constructor(roomID: string) { if (roomID.startsWith('_/')) { this.anonymous = true; } else if(roomID.startsWith('@/')) { this.anonymous = false; + + const match = /@\/([^/]+)\/([^/]+)\/(.+)/.exec(roomID); + if (!match) { + throw new Error('Could not extract info from "'+roomID+'"'); + } + this.organizationSlug = match[1]; + this.worldSlug = match[2]; + this.roomSlug = match[3]; } else { throw new Error('Incorrect room ID: '+roomID); } - this.id = roomID; //todo: extract more data from the id (like room slug, organization name, etc); + this.id = roomID; } -} \ No newline at end of file +} diff --git a/back/src/Model/Websocket/ExSocketInterface.ts b/back/src/Model/Websocket/ExSocketInterface.ts index d70205ef..a41d34bb 100644 --- a/back/src/Model/Websocket/ExSocketInterface.ts +++ b/back/src/Model/Websocket/ExSocketInterface.ts @@ -7,7 +7,7 @@ import {WebSocket} from "uWebSockets.js" export interface ExSocketInterface extends WebSocket, Identificable { token: string; roomId: string; - userId: number; // A temporary (autoincremented) identifier for this user + //userId: number; // A temporary (autoincremented) identifier for this user userUuid: string; // A unique identifier for this user name: string; characterLayers: string[]; @@ -19,5 +19,6 @@ export interface ExSocketInterface extends WebSocket, Identificable { emitInBatch: (payload: SubMessage) => void; batchedMessages: BatchMessage; batchTimeout: NodeJS.Timeout|null; - disconnecting: boolean + disconnecting: boolean, + tags: string[] } diff --git a/back/src/Services/AdminApi.ts b/back/src/Services/AdminApi.ts index 9e64296c..605af738 100644 --- a/back/src/Services/AdminApi.ts +++ b/back/src/Services/AdminApi.ts @@ -10,6 +10,11 @@ export interface AdminApiData { userUuid: string } +export interface GrantedApiData { + granted: boolean, + memberTags: string[] +} + class AdminApi { async fetchMapDetails(organizationSlug: string, worldSlug: string, roomSlug: string|undefined): Promise { @@ -46,19 +51,21 @@ class AdminApi { return res.data; } - async memberIsGrantedAccessToRoom(memberId: string, roomIdentifier: RoomIdentifier): Promise { + async memberIsGrantedAccessToRoom(memberId: string, roomIdentifier: RoomIdentifier): Promise { if (!ADMIN_API_URL) { return Promise.reject('No admin backoffice set!'); } try { - //todo: send more specialized data instead of the whole id const res = await Axios.get(ADMIN_API_URL+'/api/member/is-granted-access', - { headers: {"Authorization" : `${ADMIN_API_TOKEN}`}, params: {memberId, roomIdentifier: roomIdentifier.id} } + { headers: {"Authorization" : `${ADMIN_API_TOKEN}`}, params: {memberId, organizationSlug: roomIdentifier.organizationSlug, worldSlug: roomIdentifier.worldSlug, roomSlug: roomIdentifier.roomSlug} } ) - return !!res.data; + return res.data; } catch (e) { console.log(e.message) - return false; + return { + granted: false, + memberTags: [] + }; } } } diff --git a/deeployer.libsonnet b/deeployer.libsonnet index 74606da4..df04399a 100644 --- a/deeployer.libsonnet +++ b/deeployer.libsonnet @@ -14,7 +14,9 @@ }, "ports": [8080], "env": { - "SECRET_KEY": "tempSecretKeyNeedsToChange" + "SECRET_KEY": "tempSecretKeyNeedsToChange", + "ADMIN_API_TOKEN": env.ADMIN_API_TOKEN, + "ADMIN_API_URL": "https://admin."+url } }, "front": { diff --git a/front/dist/.htaccess b/front/dist/.htaccess index 53979e53..72c4d724 100644 --- a/front/dist/.htaccess +++ b/front/dist/.htaccess @@ -20,4 +20,5 @@ RewriteBase / # We only want to let Apache serve files and not directories. # Rewrite all other queries starting with _ to index.ts. RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule "^_/" "/index.html" [L] +RewriteRule "^[_@]/" "/index.html" [L] +RewriteRule "^register/" "/index.html" [L] diff --git a/front/src/Connexion/Room.ts b/front/src/Connexion/Room.ts index 01509aa3..308ea5a2 100644 --- a/front/src/Connexion/Room.ts +++ b/front/src/Connexion/Room.ts @@ -66,7 +66,7 @@ export class Room { this.instance = match[1]; return this.instance; } else { - const match = /_\/([^/]+)\/([^/]+)\/.+/.exec(this.id); + const match = /@\/([^/]+)\/([^/]+)\/.+/.exec(this.id); if (!match) throw new Error('Could not extract instance from "'+this.id+'"'); this.instance = match[1]+'/'+match[2]; return this.instance; diff --git a/front/src/Connexion/RoomConnection.ts b/front/src/Connexion/RoomConnection.ts index 4b07da31..a9b830d3 100644 --- a/front/src/Connexion/RoomConnection.ts +++ b/front/src/Connexion/RoomConnection.ts @@ -45,6 +45,7 @@ export class RoomConnection implements RoomConnection { private listeners: Map = new Map(); private static websocketFactory: null|((url: string)=>any) = null; // eslint-disable-line @typescript-eslint/no-explicit-any private closed: boolean = false; + private tags: string[] = []; public static setWebsocketFactory(websocketFactory: (url: string)=>any): void { // eslint-disable-line @typescript-eslint/no-explicit-any RoomConnection.websocketFactory = websocketFactory; @@ -126,6 +127,7 @@ export class RoomConnection implements RoomConnection { } this.userId = roomJoinedMessage.getCurrentuserid(); + this.tags = roomJoinedMessage.getTagList(); this.dispatch(EventMessage.START_ROOM, { users, @@ -498,4 +500,8 @@ export class RoomConnection implements RoomConnection { this.socket.send(clientToServerMessage.serializeBinary().buffer); } + + public hasTag(tag: string): boolean { + return this.tags.includes(tag); + } } diff --git a/front/src/Phaser/Game/GameScene.ts b/front/src/Phaser/Game/GameScene.ts index c9b093cf..d993571f 100644 --- a/front/src/Phaser/Game/GameScene.ts +++ b/front/src/Phaser/Game/GameScene.ts @@ -385,9 +385,6 @@ export class GameScene extends ResizableScene implements CenterListener { //create input to move this.userInputManager = new UserInputManager(this); - //TODO check right of user - this.ConsoleGlobalMessageManager = new ConsoleGlobalMessageManager(this.connection, this.userInputManager); - //notify game manager can to create currentUser in map this.createCurrentPlayer(); @@ -518,6 +515,10 @@ export class GameScene extends ResizableScene implements CenterListener { connection.onStartRoom((roomJoinedMessage: RoomJoinedMessageInterface) => { this.initUsersPosition(roomJoinedMessage.users); this.connectionAnswerPromiseResolve(roomJoinedMessage); + // Analyze tags to find if we are admin. If yes, show console. + if (this.connection.hasTag('admin')) { + this.ConsoleGlobalMessageManager = new ConsoleGlobalMessageManager(this.connection, this.userInputManager); + } }); connection.onUserJoins((message: MessageUserJoined) => { diff --git a/messages/messages.proto b/messages/messages.proto index ba8edd98..6e00e42a 100644 --- a/messages/messages.proto +++ b/messages/messages.proto @@ -145,6 +145,7 @@ message RoomJoinedMessage { repeated GroupUpdateMessage group = 2; repeated ItemStateMessage item = 3; int32 currentUserId = 4; + repeated string tag = 5; } message WebRtcStartMessage {