add logging for failed authentication

This commit is contained in:
moehreag 2024-06-17 13:00:45 +02:00
parent 596aa06809
commit 3b8c103ec1
4 changed files with 7 additions and 9 deletions

View file

@ -1,5 +1,5 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

View file

@ -21,8 +21,7 @@ object DB {
transaction(db) {
SchemaUtils.create(
LoaderVersions,
LibraryVersions,
File
LibraryVersions
)
}
if (db == null) {

View file

@ -1,16 +1,18 @@
package dev.frogmc.plugins
import dev.frogmc.Config
import dev.frogmc.logger
import io.ktor.http.*
import io.ktor.server.application.*
import io.ktor.server.response.*
import java.nio.charset.StandardCharsets
import java.security.MessageDigest
val authPlugin = createRouteScopedPlugin("auth") {
onCall {
val authorization = it.request.headers["Authorization"]
if (authorization.isNullOrEmpty() || !MessageDigest.isEqual(authorization.toByteArray(), Config.UPLOAD_SECRET))
it.respond(HttpStatusCode.Unauthorized);
if (authorization.isNullOrEmpty() || !MessageDigest.isEqual(authorization.toByteArray(), Config.UPLOAD_SECRET)) {
logger.info("Authentication Failed: provided: ${authorization?.toByteArray()}; expected: ${Config.UPLOAD_SECRET}")
it.respond(HttpStatusCode.Unauthorized)
}
}
}

View file

@ -3,7 +3,6 @@ package dev.frogmc.plugins
import io.ktor.http.*
import io.ktor.server.application.*
import io.ktor.server.plugins.cors.routing.*
import io.ktor.server.response.*
fun Application.configureHTTP() {
install(CORS) {
@ -12,7 +11,5 @@ fun Application.configureHTTP() {
allowMethod(HttpMethod.Delete)
allowMethod(HttpMethod.Patch)
allowHeader(HttpHeaders.Authorization)
allowHeader("MyCustomHeader")
anyHost() // @TODO: Don't do this in production if possible. Try to limit it.
}
}