123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207 |
- --
- -- Builtin authentication handler
- --
- -- Make the auth object private, deny access to mods
- local core_auth = core.auth
- core.auth = nil
- core.builtin_auth_handler = {
- get_auth = function(name)
- assert(type(name) == "string")
- local auth_entry = core_auth.read(name)
- -- If no such auth found, return nil
- if not auth_entry then
- return nil
- end
- -- Figure out what privileges the player should have.
- -- Take a copy of the privilege table
- local privileges = {}
- for priv, _ in pairs(auth_entry.privileges) do
- privileges[priv] = true
- end
- -- If singleplayer, give all privileges except those marked as give_to_singleplayer = false
- if core.is_singleplayer() then
- for priv, def in pairs(core.registered_privileges) do
- if def.give_to_singleplayer then
- privileges[priv] = true
- end
- end
- -- For the admin, give everything
- elseif name == core.settings:get("name") then
- for priv, def in pairs(core.registered_privileges) do
- if def.give_to_admin then
- privileges[priv] = true
- end
- end
- end
- -- All done
- return {
- password = auth_entry.password,
- privileges = privileges,
- last_login = auth_entry.last_login,
- }
- end,
- create_auth = function(name, password)
- assert(type(name) == "string")
- assert(type(password) == "string")
- core.log('info', "Built-in authentication handler adding player '"..name.."'")
- return core_auth.create({
- name = name,
- password = password,
- privileges = core.string_to_privs(core.settings:get("default_privs")),
- last_login = -1, -- Defer login time calculation until record_login (called by on_joinplayer)
- })
- end,
- delete_auth = function(name)
- assert(type(name) == "string")
- local auth_entry = core_auth.read(name)
- if not auth_entry then
- return false
- end
- core.log('info', "Built-in authentication handler deleting player '"..name.."'")
- return core_auth.delete(name)
- end,
- set_password = function(name, password)
- assert(type(name) == "string")
- assert(type(password) == "string")
- local auth_entry = core_auth.read(name)
- if not auth_entry then
- core.builtin_auth_handler.create_auth(name, password)
- else
- core.log('info', "Built-in authentication handler setting password of player '"..name.."'")
- auth_entry.password = password
- core_auth.save(auth_entry)
- end
- return true
- end,
- set_privileges = function(name, privileges)
- assert(type(name) == "string")
- assert(type(privileges) == "table")
- local auth_entry = core_auth.read(name)
- if not auth_entry then
- auth_entry = core.builtin_auth_handler.create_auth(name,
- core.get_password_hash(name,
- core.settings:get("default_password")))
- end
- local prev_privs = auth_entry.privileges
- auth_entry.privileges = privileges
- core_auth.save(auth_entry)
- for priv, value in pairs(privileges) do
- -- Warnings for improper API usage
- if value == false then
- core.log('deprecated', "`false` value given to `core.set_player_privs`, "..
- "this is almost certainly a bug, "..
- "granting a privilege rather than revoking it")
- elseif value ~= true then
- core.log('deprecated', "non-`true` value given to `core.set_player_privs`")
- end
- -- Run grant callbacks
- if prev_privs[priv] == nil then
- core.run_priv_callbacks(name, priv, nil, "grant")
- end
- end
- -- Run revoke callbacks
- for priv, _ in pairs(prev_privs) do
- if privileges[priv] == nil then
- core.run_priv_callbacks(name, priv, nil, "revoke")
- end
- end
- core.notify_authentication_modified(name)
- end,
- reload = function()
- core_auth.reload()
- return true
- end,
- record_login = function(name)
- assert(type(name) == "string")
- local auth_entry = core_auth.read(name)
- assert(auth_entry)
- auth_entry.last_login = os.time()
- core_auth.save(auth_entry)
- end,
- iterate = function()
- local names = {}
- local nameslist = core_auth.list_names()
- for k,v in pairs(nameslist) do
- names[v] = true
- end
- return pairs(names)
- end,
- }
- core.register_on_prejoinplayer(function(name, ip)
- if core.registered_auth_handler ~= nil then
- return -- Don't do anything if custom auth handler registered
- end
- local auth_entry = core_auth.read(name)
- if auth_entry ~= nil then
- return
- end
- local name_lower = name:lower()
- for k in core.builtin_auth_handler.iterate() do
- if k:lower() == name_lower then
- return string.format("\nCannot create new player called '%s'. "..
- "Another account called '%s' is already registered. "..
- "Please check the spelling if it's your account "..
- "or use a different nickname.", name, k)
- end
- end
- end)
- --
- -- Authentication API
- --
- function core.register_authentication_handler(handler)
- if core.registered_auth_handler then
- error("Add-on authentication handler already registered by "..core.registered_auth_handler_modname)
- end
- core.registered_auth_handler = handler
- core.registered_auth_handler_modname = core.get_current_modname()
- handler.mod_origin = core.registered_auth_handler_modname
- end
- function core.get_auth_handler()
- return core.registered_auth_handler or core.builtin_auth_handler
- end
- local function auth_pass(name)
- return function(...)
- local auth_handler = core.get_auth_handler()
- if auth_handler[name] then
- return auth_handler[name](...)
- end
- return false
- end
- end
- core.set_player_password = auth_pass("set_password")
- core.set_player_privs = auth_pass("set_privileges")
- core.remove_player_auth = auth_pass("delete_auth")
- core.auth_reload = auth_pass("reload")
- function core.change_player_privs(name, changes)
- local privs = core.get_player_privs(name)
- for priv, change in pairs(changes) do
- if change == true then
- privs[priv] = true
- elseif change == false then
- privs[priv] = nil
- else
- error("non-bool value given to `core.change_player_privs`")
- end
- end
- core.set_player_privs(name, privs)
- end
- local record_login = auth_pass("record_login")
- core.register_on_joinplayer(function(player)
- record_login(player:get_player_name())
- end)
|