add logging for failed authentication

2024-06-17 13:00:45 +02:00 · 2024-06-17 13:00:45 +02:00 · 3b8c103ec1
parent 596aa06809
commit 3b8c103ec1
4 changed files with 7 additions and 9 deletions
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
--- a/src/main/kotlin/dev/frogmc/DB.kt
+++ b/src/main/kotlin/dev/frogmc/DB.kt
@ -21,8 +21,7 @@ object DB {
            transaction(db) {
                SchemaUtils.create(
                    LoaderVersions,
-                    LibraryVersions,
-                    File
+                    LibraryVersions
                )
            }
            if (db == null) {
--- a/src/main/kotlin/dev/frogmc/plugins/Auth.kt
+++ b/src/main/kotlin/dev/frogmc/plugins/Auth.kt
@ -1,16 +1,18 @@
 package dev.frogmc.plugins

 import dev.frogmc.Config
+import dev.frogmc.logger
 import io.ktor.http.*
 import io.ktor.server.application.*
 import io.ktor.server.response.*
-import java.nio.charset.StandardCharsets
 import java.security.MessageDigest

 val authPlugin = createRouteScopedPlugin("auth") {
    onCall {
        val authorization = it.request.headers["Authorization"]
-        if (authorization.isNullOrEmpty() || !MessageDigest.isEqual(authorization.toByteArray(), Config.UPLOAD_SECRET))
-            it.respond(HttpStatusCode.Unauthorized);
+        if (authorization.isNullOrEmpty() || !MessageDigest.isEqual(authorization.toByteArray(), Config.UPLOAD_SECRET)) {
+            logger.info("Authentication Failed: provided: ${authorization?.toByteArray()}; expected: ${Config.UPLOAD_SECRET}")
+            it.respond(HttpStatusCode.Unauthorized)
+        }
    }
 }
--- a/src/main/kotlin/dev/frogmc/plugins/HTTP.kt
+++ b/src/main/kotlin/dev/frogmc/plugins/HTTP.kt
@ -3,7 +3,6 @@ package dev.frogmc.plugins
 import io.ktor.http.*
 import io.ktor.server.application.*
 import io.ktor.server.plugins.cors.routing.*
-import io.ktor.server.response.*

 fun Application.configureHTTP() {
    install(CORS) {
@ -12,7 +11,5 @@ fun Application.configureHTTP() {
        allowMethod(HttpMethod.Delete)
        allowMethod(HttpMethod.Patch)
        allowHeader(HttpHeaders.Authorization)
-        allowHeader("MyCustomHeader")
-        anyHost() // @TODO: Don't do this in production if possible. Try to limit it.
    }
 }