storage_server.py 33 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687
  1. """DWC Network Server Emulator
  2. Copyright (C) 2014 polaris-
  3. Copyright (C) 2014 AdmiralCurtiss
  4. Copyright (C) 2014 msoucy
  5. Copyright (C) 2018 Sepalani
  6. This program is free software: you can redistribute it and/or modify
  7. it under the terms of the GNU Affero General Public License as
  8. published by the Free Software Foundation, either version 3 of the
  9. License, or (at your option) any later version.
  10. This program is distributed in the hope that it will be useful,
  11. but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. GNU Affero General Public License for more details.
  14. You should have received a copy of the GNU Affero General Public License
  15. along with this program. If not, see <http://www.gnu.org/licenses/>.
  16. """
  17. import os
  18. import random
  19. import logging
  20. import http.server
  21. import cgi
  22. import urllib.parse
  23. import sqlite3
  24. import xml.dom.minidom as minidom
  25. import other.utils as utils
  26. import gamespy.gs_database as gs_database
  27. import dwc_config
  28. from io import BytesIO
  29. # Paths to ProxyPass: /SakeStorageServer, /SakeFileServer
  30. logger = dwc_config.get_logger('StorageServer')
  31. address = dwc_config.get_ip_port('StorageServer')
  32. def escape_xml(s):
  33. s = s.replace( "&", "&amp;" )
  34. s = s.replace( '"', "&quot;" )
  35. s = s.replace( "'", "&apos;" )
  36. s = s.replace( "<", "&lt;" )
  37. s = s.replace( ">", "&gt;" )
  38. return s
  39. class StorageServer(object):
  40. def start(self):
  41. httpd = StorageHTTPServer((address[0], address[1]), StorageHTTPServerHandler)
  42. logger.log(logging.INFO, "Now listening for connections on %s:%d...", address[0], address[1])
  43. httpd.serve_forever()
  44. class StorageHTTPServer(http.server.HTTPServer):
  45. def __init__(self, server_address, RequestHandlerClass):
  46. http.server.HTTPServer.__init__(self, server_address, RequestHandlerClass)
  47. self.gamespydb = gs_database.GamespyDatabase()
  48. self.db = sqlite3.connect('storage.db')
  49. self.tables = {}
  50. self.valid_sql_terms = ['LIKE', '=', 'AND', 'OR']
  51. logger.log(logging.INFO, "Checking for and creating database tables...")
  52. cursor = self.db.cursor()
  53. if not self.table_exists('typedata'):
  54. cursor.execute('CREATE TABLE typedata (tbl TEXT, col TEXT, type TEXT)')
  55. if not self.table_exists('filepaths'):
  56. cursor.execute('CREATE TABLE filepaths (fileid INTEGER PRIMARY KEY AUTOINCREMENT, gameid INT, playerid INT, path TEXT)')
  57. PK = 'INTEGER PRIMARY KEY AUTOINCREMENT'
  58. self.create_or_alter_table_if_not_exists(
  59. 'g1443_bbdx_player',
  60. ['recordid', 'stat'],
  61. [PK, 'INT' ],
  62. ['int', 'int' ])
  63. self.create_or_alter_table_if_not_exists(
  64. 'g1443_bbdx_info',
  65. ['serialid', 'stat', 'message' ],
  66. ['INT', 'INT', 'TEXT' ],
  67. ['int', 'int', 'unicodeString'])
  68. self.create_or_alter_table_if_not_exists(
  69. 'g1443_bbdx_search',
  70. ['recordid', 'song_name', 'creator_name', 'average_rating', 'serialid', 'filestore', 'is_lyric', 'num_ratings', 'jasrac_code', 'artist_name'],
  71. [PK, 'TEXT', 'TEXT', 'REAL', 'INT', 'INT', 'INT', 'INT', 'TEXT', 'TEXT' ],
  72. ['int', 'asciiString', 'asciiString', 'float', 'int', 'int', 'boolean', 'int', 'asciiString', 'asciiString'])
  73. # Mario Kart Wii
  74. self.create_or_alter_table_if_not_exists(
  75. 'g1687_FriendInfo',
  76. ['recordid', 'ownerid', 'info' ],
  77. [PK, 'INT', 'TEXT' ],
  78. ['int', 'int', 'binaryData'])
  79. self.create_or_alter_table_if_not_exists(
  80. 'g1687_StoredGhostData',
  81. ['recordid', 'fileid', 'profile', 'region', 'gameid', 'course' ],
  82. [PK, 'INT', 'INT', 'INT', 'INT', 'INT' ],
  83. ['int', 'int', 'int', 'int', 'int', 'int' ])
  84. # WarioWare DIY
  85. self.create_or_alter_table_if_not_exists(
  86. 'g2050_contest',
  87. ['recordid', 'ownerid', 'm_no', 'm_file_id'],
  88. [PK, 'INT', 'INT', 'INT' ],
  89. ['int', 'int', 'int', 'int' ])
  90. self.create_or_alter_table_if_not_exists(
  91. 'g2050_contest_eu',
  92. ['recordid', 'ownerid', 'm_no', 'm_file_id'],
  93. [PK, 'INT', 'INT', 'INT' ],
  94. ['int', 'int', 'int', 'int' ])
  95. self.create_or_alter_table_if_not_exists(
  96. 'g2050_contest_us',
  97. ['recordid', 'ownerid', 'm_no', 'm_file_id'],
  98. [PK, 'INT', 'INT', 'INT' ],
  99. ['int', 'int', 'int', 'int' ])
  100. self.create_or_alter_table_if_not_exists(
  101. 'g2050_box',
  102. ['recordid', 'ownerid', 'm_enable', 'm_type', 'm_index', 'm_file_id', 'm_header', 'm_file_id___size', 'm_file_id___create_time', 'm_file_id___downloads'],
  103. [PK, 'INT', 'INT', 'INT', 'INT', 'INT', 'TEXT', 'INT', 'DATETIME', 'INT' ],
  104. ['int', 'int', 'boolean', 'int', 'int', 'int', 'binaryData', 'int', 'dateAndTime', 'int' ])
  105. cursor.execute('CREATE TRIGGER IF NOT EXISTS g2050ti_box AFTER INSERT ON g2050_box BEGIN UPDATE g2050_box SET m_file_id___create_time = strftime(\'%Y-%m-%dT%H:%M:%f\', \'now\'), m_file_id___size = 0, m_file_id___downloads = 0 WHERE recordid = NEW.recordid; END')
  106. cursor.execute('CREATE TRIGGER IF NOT EXISTS g2050tu_box AFTER UPDATE ON g2050_box BEGIN UPDATE g2050_box SET m_file_id___create_time = strftime(\'%Y-%m-%dT%H:%M:%f\', \'now\') WHERE recordid = NEW.recordid; END')
  107. self.create_or_alter_table_if_not_exists(
  108. 'g2050_box_us_eu',
  109. ['recordid', 'ownerid', 'm_enable', 'm_type', 'm_index', 'm_file_id', 'm_header', 'm_file_id___size', 'm_file_id___create_time', 'm_file_id___downloads'],
  110. [PK, 'INT', 'INT', 'INT', 'INT', 'INT', 'TEXT', 'INT', 'DATETIME', 'INT' ],
  111. ['int', 'int', 'boolean', 'int', 'int', 'int', 'binaryData', 'int', 'dateAndTime', 'int' ])
  112. cursor.execute('CREATE TRIGGER IF NOT EXISTS g2050ti_box_us_eu AFTER INSERT ON g2050_box_us_eu BEGIN UPDATE g2050_box_us_eu SET m_file_id___create_time = strftime(\'%Y-%m-%dT%H:%M:%f\', \'now\'), m_file_id___size = 0, m_file_id___downloads = 0 WHERE recordid = NEW.recordid; END')
  113. cursor.execute('CREATE TRIGGER IF NOT EXISTS g2050tu_box_us_eu AFTER UPDATE ON g2050_box_us_eu BEGIN UPDATE g2050_box_us_eu SET m_file_id___create_time = strftime(\'%Y-%m-%dT%H:%M:%f\', \'now\') WHERE recordid = NEW.recordid; END')
  114. self.create_or_alter_table_if_not_exists(
  115. 'g2649_bbdx_player',
  116. ['recordid', 'stat'],
  117. [PK, 'INT' ],
  118. ['int', 'int' ])
  119. self.create_or_alter_table_if_not_exists(
  120. 'g2649_bbdx_info',
  121. ['serialid', 'stat', 'message' ],
  122. ['INT', 'INT', 'TEXT' ],
  123. ['int', 'int', 'unicodeString'])
  124. self.create_or_alter_table_if_not_exists(
  125. 'g2649_bbdx_search',
  126. ['recordid', 'song_name', 'creator_name', 'average_rating', 'serialid', 'filestore', 'is_lyric', 'num_ratings', 'song_code', 'artist_name'],
  127. [PK, 'TEXT', 'TEXT', 'REAL', 'INT', 'INT', 'INT', 'INT', 'TEXT', 'TEXT' ],
  128. ['int', 'asciiString', 'asciiString', 'float', 'int', 'int', 'boolean', 'int', 'asciiString', 'asciiString'])
  129. # Playground
  130. self.create_or_alter_table_if_not_exists(
  131. 'g2999_tblRegionInfo',
  132. ['recordid', 'region', 'allowed_regions', 'min_ratings' ],
  133. [PK, 'INT', 'INT', 'INT' ],
  134. ['int', 'byte', 'int', 'int' ])
  135. # Super Smash Bros. Brawl
  136. self.create_or_alter_table_if_not_exists(
  137. 'g1658_submit',
  138. ['recordid', 'ownerid', 'data'],
  139. [PK, 'INT', 'INT'],
  140. ['int', 'int', 'int']
  141. )
  142. self.create_or_alter_table_if_not_exists(
  143. 'g1658_watching',
  144. ['recordid', 'ownerid', 'data'],
  145. [PK, 'INT', 'INT'],
  146. ['int', 'int', 'int']
  147. )
  148. # Trackmania Wii
  149. self.create_or_alter_table_if_not_exists(
  150. 'g2793_player',
  151. ['recordid', 'ownerid', 'ladder', 'avatar', 'mii', 'name', 'wins', 'loses', 'count', 'row'],
  152. [PK, 'INT', 'INT', 'INT', 'INT', 'TEXT', 'INT', 'INT', 'INT', 'INT'],
  153. ['int', 'int', 'int', 'int', 'int', 'asciiString', 'int', 'int', 'int', 'int']
  154. )
  155. self.create_or_alter_table_if_not_exists(
  156. 'g2793_solo',
  157. ['recordid', 'ownerid', 'trackID', 'time', 'ghostID', 'ghostTime', 'date', 'ghostSize', 'row'],
  158. [PK, 'INT', 'INT', 'REAL', 'INT', 'REAL', 'INT', 'INT', 'INT'],
  159. ['int', 'int', 'int', 'float', 'int', 'float', 'int', 'int', 'int']
  160. )
  161. self.create_or_alter_table_if_not_exists(
  162. 'g2793_custom',
  163. ['recordid', 'ownerid', 'name', 'author', 'date', 'env', 'trackFile', 'trackSize', 'goldFile', 'goldSize', 'silverFile', 'silverSize', 'bronzeFile', 'bronzeSize', 'isValidated'],
  164. [PK, 'INT', 'TEXT', 'TEXT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT'],
  165. ['int', 'int', 'asciiString', 'asciiString', 'int', 'int', 'int', 'int', 'int', 'int', 'int', 'int', 'int', 'int', 'int']
  166. )
  167. self.create_or_alter_table_if_not_exists(
  168. 'g2793_customDLC',
  169. ['recordid', 'ownerid', 'name', 'author', 'date', 'env', 'trackFile', 'trackSize', 'goldFile', 'goldSize', 'silverFile', 'silverSize', 'bronzeFile', 'bronzeSize', 'isValidated', 'isDLC'],
  170. [PK, 'INT', 'TEXT', 'TEXT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT', 'INT'],
  171. ['int', 'int', 'asciiString', 'asciiString', 'int', 'int', 'int', 'int', 'int', 'int', 'int', 'int', 'int', 'int', 'int', 'int']
  172. )
  173. # load column info into memory, unfortunately there's no simple way
  174. # to check for column-existence so get that data in advance
  175. cursor.execute("SELECT name FROM sqlite_master WHERE type='table'")
  176. tabledata = cursor.fetchall()
  177. for t in tabledata:
  178. cursor.execute("PRAGMA table_info(%s)" % t[0]) # yeah I know but parameters don't work in pragmas, and inserting table names like that should be safe
  179. columns = cursor.fetchall()
  180. self.tables[t[0]] = [c[1] for c in columns]
  181. self.db.commit()
  182. def table_exists(self, name):
  183. cursor = self.db.cursor()
  184. cursor.execute("SELECT Count(1) FROM sqlite_master WHERE type='table' AND name=?", (name,))
  185. exists = cursor.fetchone()[0]
  186. return True if exists else False
  187. def column_exists(self, table, column):
  188. cursor = self.db.cursor()
  189. cursor.execute("PRAGMA table_info(%s)" % table)
  190. data = cursor.fetchall()
  191. for row in data:
  192. if column == row[1]:
  193. return True
  194. return False
  195. def create_or_alter_table_if_not_exists(self, table, columns, sqlTypes, sakeTypes):
  196. # this is certainly not the most efficient way to create a table, but it should work and makes that mess in the init function more readable
  197. if not self.table_exists(table):
  198. cursor = self.db.cursor()
  199. cursor.execute('CREATE TABLE ' + table + ' (' + columns[0] + ' ' + sqlTypes[0] + ')')
  200. cursor.execute('INSERT INTO typedata (tbl, col, type) VALUES (?, ?, ?)', (table, columns[0], sakeTypes[0] + 'Value'))
  201. for i, col in enumerate(columns):
  202. self.create_column_if_not_exists(table, columns[i], sqlTypes[i], sakeTypes[i] + 'Value')
  203. return
  204. def create_column_if_not_exists(self, table, column, sqlType, sakeType):
  205. if not self.column_exists(table, column):
  206. cursor = self.db.cursor()
  207. cursor.execute('ALTER TABLE ' + table + ' ADD COLUMN ' + column + ' ' + sqlType)
  208. cursor.execute('INSERT INTO typedata (tbl, col, type) VALUES (?, ?, ?)', (table, column, sakeType))
  209. return
  210. def get_typedata(self, table, column):
  211. try:
  212. cursor = self.db.cursor()
  213. cursor.execute("SELECT type FROM typedata WHERE tbl=? AND col=?", (table,column))
  214. return cursor.fetchone()[0]
  215. except TypeError:
  216. return 'UNKNOWN'
  217. class IllegalColumnAccessException(Exception):
  218. pass
  219. class FilterSyntaxException(Exception):
  220. pass
  221. class StorageHTTPServerHandler(http.server.BaseHTTPRequestHandler):
  222. def confirm_columns(self, columndata, table):
  223. '''Check if the columns the user wants to access actually exist, which should prevent SQL Injection'''
  224. columns = []
  225. for c in columndata:
  226. colname = c.firstChild.data.replace('.', '___') # fake the attributes that the actual sake databases have
  227. if colname not in self.server.tables[table]:
  228. raise IllegalColumnAccessException("Unknown column access '%s' in table '%s'" % (colname, table))
  229. columns.append(colname)
  230. return columns
  231. def tokenize_filter(self, filter):
  232. # TODO: Actual proper tokenization
  233. return filter.split()
  234. def parse_filter(self, table, filter):
  235. # I think I need to read up on how to properly parse SQL-like data, but this should do for the stuff I've seen from games so far.
  236. out = ''
  237. if ';' in filter:
  238. raise FilterSyntaxException("Semicolon in filter '%s'" & filter)
  239. if '\\' in filter:
  240. raise FilterSyntaxException("Backslash in filter '%s'" & filter)
  241. brace_count = filter.count('(')
  242. if brace_count != filter.count(')'):
  243. raise FilterSyntaxException("Mismatching brace count in filter '%s'" & filter)
  244. filter = self.tokenize_filter(filter)
  245. for f in filter:
  246. if f in self.server.tables[table]:
  247. # is a table name
  248. out += f + ' '
  249. elif f.upper() in self.server.valid_sql_terms:
  250. # is some SQL term such as LIKE, AND, OR, etc.
  251. out += f + ' '
  252. elif ( f.startswith("'") and f.endswith("'") ) or ( f.startswith('"') and f.endswith('"') ):
  253. # is a string
  254. out += f + ' '
  255. else:
  256. # is nothing valid, abort and return the statement so far
  257. out = out.strip()
  258. # try to make the output still valid by removing trailing connecting tokens
  259. last_space = out.rfind(' ')
  260. if last_space >= 0:
  261. last_token = out[last_space + 1 : ]
  262. if last_token in self.server.valid_sql_terms:
  263. out = out[ : last_space ]
  264. return out
  265. return out
  266. def append_filter(self, filter, table, statement, where_appended):
  267. try:
  268. filters = self.parse_filter(table, filter)
  269. if filters:
  270. if not where_appended:
  271. statement += ' WHERE '
  272. where_appended = True
  273. else:
  274. statement += ' AND '
  275. statement += ' ( '
  276. statement += filters
  277. statement += ' ) '
  278. except FilterSyntaxException as e:
  279. logger.log(logging.WARNING, "FilterSyntaxException: %s by %s", e.message, self.client_address)
  280. pass
  281. return statement, where_appended
  282. def do_POST(self):
  283. # Alright, in case anyone is wondering: Yes, I am faking a SOAP service
  284. # instead of using an actual one. That's because I've tried to do this
  285. # with several actual python SOAP services and none of them give me the
  286. # ability to return the exact format that I want.
  287. # (Or make any kind of sense in case of ZSI...)
  288. if self.path == "/SakeStorageServer/StorageServer.asmx":
  289. length = int(self.headers.get('content-length', -1))
  290. action = self.headers['SOAPAction']
  291. post = self.rfile.read(length)
  292. logger.log(logging.DEBUG, "SakeStorageServer SOAPAction %s", action)
  293. logger.log(logging.DEBUG, post)
  294. shortaction = action[action.rfind('/')+1:-1]
  295. ret = '<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body>'
  296. if "<!DOCTYPE" in post.upper():
  297. logger.log(logging.ERROR, "User tried to redefine a DOCTYPE")
  298. return
  299. dom = minidom.parseString(post)
  300. data = dom.getElementsByTagName('SOAP-ENV:Body')[0].getElementsByTagName('ns1:' + shortaction)[0]
  301. gameid = str(int(data.getElementsByTagName('ns1:gameid')[0].firstChild.data))
  302. tableid = data.getElementsByTagName('ns1:tableid')[0].firstChild.data
  303. loginticket = data.getElementsByTagName('ns1:loginTicket')[0].firstChild.data
  304. table = 'g' + gameid + '_' + tableid
  305. if not self.server.table_exists(table):
  306. logger.log(logging.WARNING, "Unknown table access '%s' in %s by %s", table, shortaction, self.client_address)
  307. return
  308. ret += '<' + shortaction + 'Response xmlns="http://gamespy.net/sake">'
  309. ret += '<' + shortaction + 'Result>Success</' + shortaction + 'Result>'
  310. if shortaction == 'SearchForRecords' or shortaction == 'GetMyRecords' or shortaction == 'GetSpecificRecords':
  311. columndata = data.getElementsByTagName('ns1:fields')[0].getElementsByTagName('ns1:string')
  312. try:
  313. columns = self.confirm_columns(columndata, table)
  314. except IllegalColumnAccessException as e:
  315. logger.log(logging.WARNING, "IllegalColumnAccess: %s in %s by %s", e.message, shortaction, self.client_address)
  316. return
  317. # build SELECT statement, yes I know one shouldn't do this but I cross-checked the table name and all the columns above so it should be fine
  318. statement = 'SELECT '
  319. statement += ",".join(columns)
  320. statement += ' FROM ' + table
  321. where_appended = False
  322. if shortaction == 'SearchForRecords':
  323. # this is ugly as hell but SearchForRecords can request specific ownerids like this
  324. owneriddata = data.getElementsByTagName('ns1:ownerids')
  325. if owneriddata and owneriddata[0] and owneriddata[0].firstChild:
  326. oids = owneriddata[0].getElementsByTagName('ns1:int')
  327. if not where_appended:
  328. statement += ' WHERE '
  329. where_appended = True
  330. else:
  331. statement += ' AND '
  332. statement += ' ( '
  333. statement += ' OR '.join('ownerid = '+str(int(oid.firstChild.data)) for oid in oids)
  334. statement += ' ) '
  335. elif shortaction == 'GetMyRecords':
  336. profileid = self.server.gamespydb.get_profileid_from_loginticket(loginticket)
  337. if not where_appended:
  338. statement += ' WHERE '
  339. where_appended = True
  340. else:
  341. statement += ' AND '
  342. statement += ' ( ownerid = ' + str(profileid) + ' ) '
  343. elif shortaction == 'GetSpecificRecords':
  344. recordids = data.getElementsByTagName('ns1:recordids')[0].getElementsByTagName('ns1:int')
  345. # limit to requested records
  346. if not where_appended:
  347. statement += ' WHERE '
  348. where_appended = True
  349. else:
  350. statement += ' AND '
  351. statement += ' ( '
  352. statement += ' OR '.join('recordid = '+str(int(r.firstChild.data)) for r in recordids)
  353. statement += ' ) '
  354. # if there's a filter, evaluate it
  355. filterdata = data.getElementsByTagName('ns1:filter')
  356. if filterdata and filterdata[0] and filterdata[0].firstChild:
  357. statement, where_appended = self.append_filter(filterdata[0].firstChild.data, table, statement, where_appended)
  358. # if only a subset of the data is wanted
  359. limit_offset_data = data.getElementsByTagName('ns1:offset')
  360. limit_max_data = data.getElementsByTagName('ns1:max')
  361. limits = []
  362. if limit_offset_data and limit_offset_data[0] and limit_offset_data[0].firstChild:
  363. limits.append(str(int(limit_offset_data[0].firstChild.data)))
  364. if limit_max_data and limit_max_data[0] and limit_max_data[0].firstChild:
  365. limits.append(str(int(limit_max_data[0].firstChild.data)))
  366. if limits:
  367. statement += ' LIMIT ' + ','.join(limits)
  368. logger.log(logging.DEBUG, statement)
  369. cursor = self.server.db.cursor()
  370. cursor.execute(statement)
  371. rows = cursor.fetchall()
  372. if rows:
  373. ret += '<values>'
  374. for r in rows:
  375. ret += '<ArrayOfRecordValue>'
  376. for i, c in enumerate(r):
  377. type = self.server.get_typedata(table, columns[i])
  378. ret += '<RecordValue>'
  379. ret += '<' + type + '>'
  380. if c is not None:
  381. if type == 'booleanValue':
  382. ret += '<value>' + ('true' if c else 'false') + '</value>'
  383. else:
  384. ret += '<value>' + escape_xml(str(c)) + '</value>'
  385. else:
  386. ret += '<value/>'
  387. ret += '</' + type + '>'
  388. ret += '</RecordValue>'
  389. ret += '</ArrayOfRecordValue>'
  390. ret += '</values>'
  391. else:
  392. ret += '<values/>'
  393. elif shortaction == 'GetRecordCount':
  394. statement = 'SELECT COUNT(1) FROM ' + table
  395. filterdata = data.getElementsByTagName('ns1:filter')
  396. if filterdata and filterdata[0] and filterdata[0].firstChild:
  397. statement, where_appended = self.append_filter(filterdata[0].firstChild.data, table, statement, False)
  398. logger.log(logging.DEBUG, statement)
  399. cursor = self.server.db.cursor()
  400. cursor.execute(statement)
  401. count = cursor.fetchone()[0]
  402. ret += '<count>' + str(count) + '</count>'
  403. elif shortaction == 'UpdateRecord' or shortaction == 'CreateRecord':
  404. if shortaction == 'UpdateRecord':
  405. recordid = int(data.getElementsByTagName('ns1:recordid')[0].firstChild.data)
  406. profileid = self.server.gamespydb.get_profileid_from_loginticket(loginticket)
  407. values = data.getElementsByTagName('ns1:values')[0]
  408. recordfields = values.getElementsByTagName('ns1:RecordField')
  409. columndata = [rf.getElementsByTagName('ns1:name')[0]
  410. for rf in recordfields]
  411. try:
  412. columns = self.confirm_columns(columndata, table)
  413. except IllegalColumnAccessException as e:
  414. logger.log(logging.WARNING, "IllegalColumnAccess: %s in %s by %s", e.message, shortaction, self.client_address)
  415. return
  416. rowdata = []
  417. for i, rf in enumerate(recordfields):
  418. type = self.server.get_typedata(table, columns[i])
  419. value = rf.getElementsByTagName('ns1:value')[0].getElementsByTagName('ns1:' + type)[0].getElementsByTagName('ns1:value')[0].firstChild.data
  420. if type == 'intValue' or type == 'booleanValue':
  421. rowdata.append( int(value) )
  422. elif type == 'floatValue':
  423. rowdata.append( float(value) )
  424. else:
  425. rowdata.append( value )
  426. if shortaction == 'UpdateRecord':
  427. statement = 'UPDATE ' + table + ' SET '
  428. statement += ', '.join(c+' = ?' for c in columns)
  429. statement += ' WHERE recordid = ? AND ownerid = ?'
  430. rowdata.append( recordid )
  431. rowdata.append( profileid )
  432. elif shortaction == 'CreateRecord':
  433. statement = 'INSERT INTO ' + table + ' ('
  434. statement += ', '.join(columns)
  435. statement += ', ownerid) VALUES ('
  436. statement += '?, '*len(columns)
  437. statement += '?)'
  438. rowdata.append( profileid )
  439. else:
  440. logger.log(logging.ERROR, 'Illegal Action %s in database insert/update path!', shortaction)
  441. return
  442. cursor = self.server.db.cursor()
  443. cursor.execute(statement, tuple(rowdata))
  444. recordid = cursor.lastrowid
  445. if shortaction == 'CreateRecord':
  446. ret += '<recordid>' + str(recordid) + '</recordid>'
  447. # Alright, so this kinda sucks, but we have no good way of automatically inserting
  448. # or updating the file's .size attribute, so we have to manually check if any column
  449. # has that, and update it accordingly.
  450. # I have no idea if this will work with all games but it seems to work in WarioWare.
  451. for i, col in enumerate(columns):
  452. attrcol = col + '___size'
  453. if attrcol in self.server.tables[table]:
  454. if rowdata[i] == 0: # is a delete command, just set filesize to 0
  455. filesize = 0
  456. else:
  457. cursor.execute('SELECT path FROM filepaths WHERE fileid = ?', (int(rowdata[i]),))
  458. try:
  459. filename = cursor.fetchone()[0]
  460. filesize = os.path.getsize(filename)
  461. except:
  462. filesize = 0
  463. cursor.execute('UPDATE ' + table + ' SET ' + attrcol + ' = ? WHERE recordid = ?', (filesize, recordid))
  464. self.server.db.commit()
  465. ret += '</' + shortaction + 'Response>'
  466. ret += '</soap:Body></soap:Envelope>'
  467. self.send_response(200)
  468. self.send_header('Content-Type', 'text/xml; charset=utf-8')
  469. self.end_headers()
  470. logger.log(logging.DEBUG, "%s response to %s", action, self.client_address)
  471. #logger.log(logging.DEBUG, ret)
  472. self.wfile.write(ret)
  473. elif self.path.startswith("/SakeFileServer/upload.aspx?"):
  474. retcode = 0
  475. params = urllib.parse.parse_qs(self.path[self.path.find('?')+1:])
  476. gameid = int(params['gameid'][0])
  477. playerid = int(params['pid'][0])
  478. logger.log(logging.DEBUG, "SakeFileServer Upload Request in game %s, user %s", gameid, playerid)
  479. ctype, pdict = cgi.parse_header(self.headers['Content-Type'])
  480. multipart_data = self.rfile.read(int(self.headers.get('Content-Length', -1)))
  481. filedata = cgi.parse_multipart(BytesIO(multipart_data), pdict)
  482. data = filedata.get('data')
  483. if data is not None:
  484. data = data[0]
  485. else:
  486. for key in filedata:
  487. if not filedata[key]:
  488. continue
  489. data = filedata[key][0]
  490. break
  491. filesize = -1 if data is None else len(data)
  492. # make sure users don't upload huge files, dunno what an actual sensible maximum is
  493. # but 64 KB seems reasonable for what I've seen in WarioWare
  494. if data is not None and filesize <= 65536:
  495. # Apparently the real Sake doesn't care about the gameid/playerid, just the fileid
  496. # but for better categorization I think I'm still gonna leave folder-per-game/player thing
  497. userdir = 'usercontent/' + str(gameid) + '/' + str(playerid)
  498. if not os.path.exists(userdir):
  499. os.makedirs(userdir)
  500. # get next fileid from database
  501. cursor = self.server.db.cursor()
  502. cursor.execute('INSERT INTO filepaths (gameid, playerid) VALUES (?, ?)', (gameid, playerid))
  503. fileid = cursor.lastrowid
  504. path = userdir + '/' + str(fileid)
  505. cursor.execute('UPDATE filepaths SET path = ? WHERE fileid = ?', (path, fileid))
  506. with open(path, 'wb') as fi:
  507. fi.write(data)
  508. elif data is not None:
  509. logger.log(logging.WARNING, "Tried to upload big file, rejected. (%s bytes)", filesize)
  510. fileid = 0
  511. retcode = 1
  512. else:
  513. logger.log(logging.ERROR, "Failed to read data")
  514. fileid = 0
  515. retcode = 1
  516. self.send_response(200)
  517. if retcode == 0:
  518. self.send_header('Sake-File-Id', str(fileid))
  519. self.send_header('Sake-File-Result', str(retcode))
  520. self.end_headers()
  521. logger.log(logging.DEBUG, "SakeFileServer Upload Reply Sake-File-Id %s (%d bytes)", fileid, filesize)
  522. self.wfile.write('')
  523. else:
  524. logger.log(logging.INFO, "[NOT IMPLEMENTED] Got POST request %s from %s", self.path, self.client_address)
  525. def do_GET(self):
  526. if self.path.startswith("/SakeFileServer/download.aspx?"):
  527. params = urllib.parse.parse_qs(self.path[self.path.find('?')+1:])
  528. retcode = 0
  529. ret = ''
  530. if 'pid' not in params or 'fileid' not in params or 'gameid' not in params:
  531. logger.log(logging.DEBUG, "Could not find expected parameters")
  532. retcode = 3
  533. else:
  534. fileid = int(params['fileid'][0])
  535. gameid = int(params['gameid'][0])
  536. playerid = int(params['pid'][0])
  537. logger.log(logging.DEBUG, "SakeFileServer Download Request in game %s, user %s, file %s", gameid, playerid, fileid)
  538. cursor = self.server.db.cursor()
  539. cursor.execute('SELECT path FROM filepaths WHERE fileid = ?', (fileid,))
  540. try:
  541. filename = cursor.fetchone()[0]
  542. if os.path.exists(filename):
  543. with open(filename, 'rb') as fi:
  544. ret = fi.read()
  545. else:
  546. logger.log(logging.ERROR, "User is trying to access file that should exist according to DB, but doesn't! (%s)", filename)
  547. except:
  548. logger.log(logging.WARNING, "User is trying to access non-existing file!")
  549. ret = '1234' # apparently some games use the download command just to increment the "downloads" counter, and get the actual file from dls1
  550. #retcode = 4
  551. filelen = len(ret)
  552. self.send_response(200)
  553. self.send_header('Sake-File-Result', str(retcode))
  554. self.send_header('Content-Type', 'text/html')
  555. self.send_header('Content-Length', filelen)
  556. self.end_headers()
  557. logger.log(logging.DEBUG, "Returning download request with file of %s bytes", filelen)
  558. self.wfile.write(ret)
  559. else:
  560. logger.log(logging.INFO, "[NOT IMPLEMENTED] Got GET request %s from %s", self.path, self.client_address)
  561. if __name__ == "__main__":
  562. storage_server = StorageServer()
  563. storage_server.start()