Add --no-register flag and register-account CLI
Build and Push Docker images to Docker Hub / build-and-push (push) Has been cancelled

Author: https://github.com/REUSS-dev
This commit is contained in:
AnyUnion
2026-05-04 21:14:27 +07:00
committed by GitHub
parent b414db7339
commit 5645740099
12 changed files with 205 additions and 38 deletions
+103
View File
@@ -0,0 +1,103 @@
package auth
import (
"database/sql"
"errors"
"fmt"
"time"
"golang.org/x/crypto/bcrypt"
)
var (
ErrUserExists = errors.New("username already taken")
ErrInvalidCreds = errors.New("invalid username or password")
)
type AuthUser struct {
ID int64
Username string
}
type AuthStore struct {
db *sql.DB
}
func NewAuthStore(db *sql.DB) (*AuthStore, error) {
_, err := db.Exec(`
CREATE TABLE IF NOT EXISTS auth_users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT NOT NULL UNIQUE,
password BLOB NOT NULL,
created_at TEXT NOT NULL
)
`)
if err != nil {
return nil, fmt.Errorf("create auth_users table: %w", err)
}
return &AuthStore{db: db}, nil
}
func (s *AuthStore) CreateUser(username, password string) (AuthUser, error) {
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
return AuthUser{}, fmt.Errorf("hash password: %w", err)
}
res, err := s.db.Exec(
`INSERT INTO auth_users (username, password, created_at) VALUES (?, ?, ?)`,
username, hash, time.Now().UTC().Format(time.RFC3339),
)
if err != nil {
if isUniqueViolation(err) {
return AuthUser{}, ErrUserExists
}
return AuthUser{}, fmt.Errorf("insert user: %w", err)
}
id, _ := res.LastInsertId()
return AuthUser{ID: id, Username: username}, nil
}
func (s *AuthStore) VerifyUser(username, password string) (AuthUser, error) {
var id int64
var hash []byte
err := s.db.QueryRow(
`SELECT id, password FROM auth_users WHERE username = ?`, username,
).Scan(&id, &hash)
if err != nil {
return AuthUser{}, ErrInvalidCreds
}
if err := bcrypt.CompareHashAndPassword(hash, []byte(password)); err != nil {
return AuthUser{}, ErrInvalidCreds
}
return AuthUser{ID: id, Username: username}, nil
}
func (s *AuthStore) UserExists(username string) bool {
var n int
err := s.db.QueryRow(`SELECT 1 FROM auth_users WHERE username = ?`, username).Scan(&n)
return err == nil
}
func isUniqueViolation(err error) bool {
return err != nil && (errors.Is(err, sql.ErrNoRows) ||
// modernc.org/sqlite returns error strings containing "UNIQUE constraint failed"
fmt.Sprintf("%v", err) == fmt.Sprintf("%v", err) &&
contains(err.Error(), "UNIQUE constraint failed"))
}
func contains(s, substr string) bool {
return len(s) >= len(substr) && searchStr(s, substr)
}
func searchStr(s, sub string) bool {
for i := 0; i <= len(s)-len(sub); i++ {
if s[i:i+len(sub)] == sub {
return true
}
}
return false
}
+102
View File
@@ -0,0 +1,102 @@
package auth
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"time"
)
const TokenTTL = 24 * time.Hour
var (
ErrTokenInvalid = errors.New("invalid token")
ErrTokenExpired = errors.New("token expired")
)
type TokenClaims struct {
Sub int64 `json:"sub"`
Name string `json:"name"`
Iat int64 `json:"iat"`
Exp int64 `json:"exp"`
}
type TokenService struct {
secret []byte
}
func NewTokenService(secret []byte) *TokenService {
return &TokenService{secret: secret}
}
func (t *TokenService) Generate(user AuthUser) (string, error) {
now := time.Now().Unix()
claims := TokenClaims{
Sub: user.ID,
Name: user.Username,
Iat: now,
Exp: now + int64(TokenTTL.Seconds()),
}
payload, err := json.Marshal(claims)
if err != nil {
return "", fmt.Errorf("marshal claims: %w", err)
}
enc := base64.RawURLEncoding
payloadB64 := enc.EncodeToString(payload)
mac := hmac.New(sha256.New, t.secret)
mac.Write(payload)
sig := enc.EncodeToString(mac.Sum(nil))
return payloadB64 + "." + sig, nil
}
func (t *TokenService) Validate(token string) (TokenClaims, error) {
dot := -1
for i := range token {
if token[i] == '.' {
dot = i
break
}
}
if dot < 0 {
return TokenClaims{}, ErrTokenInvalid
}
payloadB64 := token[:dot]
sigB64 := token[dot+1:]
enc := base64.RawURLEncoding
payload, err := enc.DecodeString(payloadB64)
if err != nil {
return TokenClaims{}, ErrTokenInvalid
}
sig, err := enc.DecodeString(sigB64)
if err != nil {
return TokenClaims{}, ErrTokenInvalid
}
mac := hmac.New(sha256.New, t.secret)
mac.Write(payload)
if !hmac.Equal(mac.Sum(nil), sig) {
return TokenClaims{}, ErrTokenInvalid
}
var claims TokenClaims
if err := json.Unmarshal(payload, &claims); err != nil {
return TokenClaims{}, ErrTokenInvalid
}
if time.Now().Unix() > claims.Exp {
return TokenClaims{}, ErrTokenExpired
}
return claims, nil
}
+21 -6
View File
@@ -12,6 +12,7 @@ import (
"google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/peer"
"google.golang.org/grpc/status"
"google.golang.org/protobuf/types/known/emptypb"
"google.golang.org/protobuf/types/known/timestamppb"
@@ -23,19 +24,30 @@ import (
type UserServiceServer struct {
pb.UnimplementedUserServiceServer
users store.UserRepository
sessions store.SessionRepository
authURL string
users store.UserRepository
sessions store.SessionRepository
authURL string
noRegister bool
}
func NewUserServiceServer(users store.UserRepository, sessions store.SessionRepository, authURL string) *UserServiceServer {
func NewUserServiceServer(users store.UserRepository, sessions store.SessionRepository, authURL string, noRegister bool) *UserServiceServer {
if authURL != "" && !strings.Contains(authURL, "://") {
authURL = "http://" + authURL
}
return &UserServiceServer{users: users, sessions: sessions, authURL: authURL}
return &UserServiceServer{users: users, sessions: sessions, authURL: authURL, noRegister: noRegister}
}
func (s *UserServiceServer) RegisterUser(ctx context.Context, req *pb.RegisterUserRequest) (*pb.RegisterUserResponse, error) {
if s.noRegister {
ip := "invalid"
if p, ok := peer.FromContext(ctx); ok {
ip = p.Addr.String()
}
return nil, fmt.Errorf("Denied user registration: ip=%s uuid=%s", ip, req.Uuid)
}
platform := model.ClientPlatformFromContext(ctx)
userId, err := s.users.CreateUser(req.Uuid, platform)
if err != nil {
@@ -89,11 +101,14 @@ func (s *UserServiceServer) GameStart(ctx context.Context, _ *emptypb.Empty) (*p
func (s *UserServiceServer) TransferUser(ctx context.Context, req *pb.TransferUserRequest) (*pb.TransferUserResponse, error) {
platform := model.ClientPlatformFromContext(ctx)
log.Printf("[UserService] TransferUser: platform=%s", platform)
userId, err := s.users.CreateUser(req.Uuid, platform)
userId, err := s.users.GetUserByUUID(req.Uuid)
if err != nil {
return nil, fmt.Errorf("create user: %w", err)
}
return &pb.TransferUserResponse{
UserId: userId,
Signature: "transferred-sig",
-6
View File
@@ -15,12 +15,6 @@ func (s *SQLiteStore) CreateUser(uuid string, platform model.ClientPlatform) (in
}
defer tx.Rollback()
var existingId int64
err = tx.QueryRow(`SELECT user_id FROM users WHERE uuid = ?`, uuid).Scan(&existingId)
if err == nil {
return existingId, nil
}
nowMillis := s.clock().UnixMilli()
res, err := tx.Exec(`INSERT INTO users (uuid, player_id, os_type, platform_type, user_restriction_type,