Fix WebServer responses for users with permission level 1

This commit is contained in:
Rsl1122 2017-07-29 20:35:49 +03:00
parent 74dd2261c9
commit e6d7428c7f
5 changed files with 36 additions and 34 deletions

View File

@ -28,7 +28,6 @@ public enum Settings {
SECURITY_IP_UUID("Settings.WebServer.Security.DisplayIPsAndUUIDs"),
GRAPH_PLAYERS_USEMAXPLAYERS_SCALE("Customization.Graphs.PlayersOnlineGraph.UseMaxPlayersAsScale"),
PLAYERLIST_SHOW_IMAGES("Customization.SmallHeadImagesOnAnalysisPlayerlist"),
EXTERNAL_WEBSERVER("Settings.WebServer.UsingExternalWebServer"),
// Integer
ANALYSIS_MINUTES_FOR_ACTIVE("Settings.Analysis.MinutesPlayedUntilConsidiredActive"),
SAVE_CACHE_MIN("Settings.Cache.DataCache.SaveEveryXMinutes"),

View File

@ -1,6 +1,5 @@
package main.java.com.djrapitops.plan.ui.html.graphs;
import main.java.com.djrapitops.plan.Log;
import main.java.com.djrapitops.plan.data.SessionData;
import main.java.com.djrapitops.plan.data.TPS;
import main.java.com.djrapitops.plan.utilities.MiscUtils;
@ -41,8 +40,6 @@ public class PlayerActivityGraphCreator {
.map(session -> new Point[]{new Point(session.getSessionStart(), 1), new Point(session.getSessionEnd(), 0)})
.flatMap(Arrays::stream)
.collect(Collectors.toList());
Log.debug(points.stream().map(Point::getY).collect(Collectors.toList()).toString());
return ScatterGraphCreator.scatterGraph(points, true, false);
}

View File

@ -75,7 +75,7 @@ public class WebServer {
server = HttpServer.create();
}
HttpContext context = server.createContext("/", new HttpHandler() {
server.createContext("/", new HttpHandler() {
@Override
public void handle(HttpExchange xchange) throws IOException {
OutputStream os = null;
@ -126,10 +126,8 @@ public class WebServer {
try {
List<String> authorization = requestHeaders.get("Authorization");
if (Verify.isEmpty(authorization)) {
Log.debug("WebServer: Authorization not Found");
return null;
}
Log.debug("WebServer: Found Authorization");
String auth = authorization.get(0);
if (auth.contains("Basic ")) {
auth = auth.split(" ")[1];
@ -225,13 +223,18 @@ public class WebServer {
}
private Response getResponse(String target, WebUser user) {
if ("/favicon.ico".equals(target)) {
return new RedirectResponse("https://puu.sh/tK0KL/6aa2ba141b.ico");
}
if (usingHttps) {
if (user == null) {
return new PromptAuthorizationResponse();
}
if (!isAuthorized(target, user)) {
return forbiddenResponse();
int permLevel = user.getPermLevel(); // Lower number has higher clearance.
int required = getRequiredPermLevel(target, user.getName());
if (permLevel > required) {
return forbiddenResponse(permLevel, required);
}
}
String[] args = target.split("/");
@ -241,8 +244,6 @@ public class WebServer {
String page = args[1];
switch (page) {
case "favicon.ico":
return new RedirectResponse("https://puu.sh/tK0KL/6aa2ba141b.ico");
case "players":
return new PlayersPageResponse(plugin);
case "player":
@ -254,12 +255,13 @@ public class WebServer {
}
}
private ForbiddenResponse forbiddenResponse() {
private ForbiddenResponse forbiddenResponse(int permLevel, int required) {
ForbiddenResponse response403 = new ForbiddenResponse();
String content = "<h1>403 Forbidden - Access Denied</h1>"
+ "<p>Unauthorized User.<br>"
+ "Make sure your user has the correct access level.<br>"
+ "You can use /plan web check <username> to check the permission level.</p>";
+ "This page requires permission level of " + String.valueOf(required) + ",<br>"
+ "This user has permission level of " + String.valueOf(permLevel) + "</p>";
response403.setContent(content);
return response403;
}
@ -276,7 +278,7 @@ public class WebServer {
case 2:
return playerResponse(new String[]{"", user.getName()});
default:
return forbiddenResponse();
return forbiddenResponse(user.getPermLevel(), 0);
}
}
@ -338,31 +340,34 @@ public class WebServer {
return dataReqHandler;
}
private boolean isAuthorized(String target, WebUser user) {
int permLevel = user.getPermLevel(); // Lower number has higher clearance.
int required = getRequiredPermLevel(target, user.getName());
return permLevel <= required;
}
private int getRequiredPermLevel(String target, String user) {
String[] t = target.split("/");
if (t.length < 3) {
if (t.length < 2) {
return 100;
}
if (t.length > 3) {
return 0;
}
String page = t[1];
switch (page) {
case "players":
return 1;
case "player":
// /player/ - 404 for perm lvl 1
if (t.length < 3) {
return 1;
}
final String wantedUser = t[2].toLowerCase().trim();
final String theUser = user.trim().toLowerCase();
if (t[1].equals("players")) {
return 1;
}
if (t[1].equals("player")) {
if (wantedUser.equals(theUser)) {
return 2;
} else {
return 1;
}
}
default:
return 0;
}
}
public String getProtocol() {
return usingHttps ? "https" : "http";

View File

@ -3,6 +3,7 @@ package main.java.com.djrapitops.plan.utilities;
import main.java.com.djrapitops.plan.Plan;
import main.java.com.djrapitops.plan.Settings;
import main.java.com.djrapitops.plan.ui.html.Html;
import main.java.com.djrapitops.plan.ui.webserver.WebServer;
import java.io.File;
import java.io.FileNotFoundException;
@ -101,7 +102,8 @@ public class HtmlUtils {
}
private static String getProtocol() {
return Settings.EXTERNAL_WEBSERVER.isTrue() ? Settings.LINK_PROTOCOL.toString() : Plan.getInstance().getUiServer().getProtocol();
WebServer uiServer = Plan.getInstance().getUiServer();
return uiServer.isEnabled() ? uiServer.getProtocol() : Settings.LINK_PROTOCOL.toString();
}
/**

View File

@ -34,7 +34,6 @@ Settings:
InternalIP: 0.0.0.0
ShowAlternativeServerIP: false
AlternativeIP: your.ip.here:%port%
UsingExternalWebServer: false
ExternalWebServerLinkProtocol: http
Security:
DisplayIPsAndUUIDs: true