Allow HTTP auth servers again.

only `localhost` are allowed in a release build. when debug assertions are on, others are also allowed. This change undoes the changes to the settings, so compared to master, there is no effect
2024-08-30 18:12:32 +00:00 · 2021-03-11 16:57:50 +01:00 · 2021-03-11 16:57:50 +01:00 · 728bff610b
commit 728bff610b
parent 381bb5eef0
12 changed files with 49 additions and 19 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -278,7 +278,7 @@ dependencies = [
 [[package]]
 name = "auth-common"
 version = "0.1.0"
-source = "git+https://gitlab.com/veloren/auth.git?rev=f3683798bc5ea656845010f9bae11b05dd671ece#f3683798bc5ea656845010f9bae11b05dd671ece"
+source = "git+https://gitlab.com/veloren/auth.git?rev=fb3dcbc4962b367253f8f2f92760ef44d2679c9a#fb3dcbc4962b367253f8f2f92760ef44d2679c9a"
 dependencies = [
 "rand 0.8.3",
 "serde",
@ -288,7 +288,7 @@ dependencies = [
 [[package]]
 name = "authc"
 version = "1.0.0"
-source = "git+https://gitlab.com/veloren/auth.git?rev=f3683798bc5ea656845010f9bae11b05dd671ece#f3683798bc5ea656845010f9bae11b05dd671ece"
+source = "git+https://gitlab.com/veloren/auth.git?rev=fb3dcbc4962b367253f8f2f92760ef44d2679c9a#fb3dcbc4962b367253f8f2f92760ef44d2679c9a"
 dependencies = [
 "auth-common",
 "fxhash",
--- a/assets/voxygen/i18n/en/main.ron
+++ b/assets/voxygen/i18n/en/main.ron
@ -42,6 +42,7 @@ https://veloren.net/account/."#,
        "main.login.server_not_found": "Server not found",
        "main.login.authentication_error": "Auth error on server",
        "main.login.failed_auth_server_url_invalid": "Failed to connect to auth server",
+        "main.login.insecure_auth_scheme": "The auth Scheme HTTP is NOT supported. It's insecure! For development purposes, HTTP is allowed for 'localhost' or debug builds",
        "main.login.server_full": "Server is full",
        "main.login.untrusted_auth_server": "Auth server not trusted",
        "main.login.outdated_client_or_server": "ServerWentMad: Probably versions are incompatible, check for updates.",
--- a/client/Cargo.toml
+++ b/client/Cargo.toml
@ -27,7 +27,7 @@ rayon = "1.5"
 specs = { git = "https://github.com/amethyst/specs.git", rev = "5a9b71035007be0e3574f35184acac1cd4530496" }
 vek = { version = "=0.14.1", features = ["serde"] }
 hashbrown = { version = "0.9", features = ["rayon", "serde", "nightly"] }
-authc = { git = "https://gitlab.com/veloren/auth.git", rev = "f3683798bc5ea656845010f9bae11b05dd671ece" }
+authc = { git = "https://gitlab.com/veloren/auth.git", rev = "fb3dcbc4962b367253f8f2f92760ef44d2679c9a" }

 [dev-dependencies]
 tracing-subscriber = { version = "0.2.3", default-features = false, features = ["fmt", "chrono", "ansi", "smallvec"] }
--- a/client/examples/chat-cli/main.rs
+++ b/client/examples/chat-cli/main.rs
@ -62,7 +62,7 @@ fn main() {

    runtime
        .block_on(client.register(username, password, |provider| {
-            provider == "auth.veloren.net"
+            provider == "https:://auth.veloren.net"
        }))
        .unwrap();

--- a/client/src/lib.rs
+++ b/client/src/lib.rs
@ -489,14 +489,25 @@ impl Client {
            Some(addr) => {
                // Query whether this is a trusted auth server
                if auth_trusted(&addr) {
-                    use std::str::FromStr;
-                    match authc::Authority::from_str(&addr) {
-                        Ok(addr) => Ok(authc::AuthClient::new(addr)
-                            .sign_in(&username, &password)
-                            .await?
-                            .serialize()),
-                        Err(_) => Err(Error::AuthServerUrlInvalid(addr.to_string())),
-                    }
+                    let (scheme, authority) = match addr.split_once("://") {
+                        Some((s, a)) => (s, a),
+                        None => return Err(Error::AuthServerUrlInvalid(addr.to_string())),
+                    };
+
+                    let scheme = match scheme.parse::<authc::Scheme>() {
+                        Ok(s) => s,
+                        Err(_) => return Err(Error::AuthServerUrlInvalid(addr.to_string())),
+                    };
+
+                    let authority = match authority.parse::<authc::Authority>() {
+                        Ok(a) => a,
+                        Err(_) => return Err(Error::AuthServerUrlInvalid(addr.to_string())),
+                    };
+
+                    Ok(authc::AuthClient::new(scheme, authority)?
+                        .sign_in(&username, &password)
+                        .await?
+                        .serialize())
                } else {
                    Err(Error::AuthServerNotTrusted)
                }
--- a/common/net/Cargo.toml
+++ b/common/net/Cargo.toml
@ -21,7 +21,7 @@ tracing = { version = "0.1", default-features = false }
 hashbrown = { version = "0.9", features = ["rayon", "serde", "nightly"] }

 # Auth
-authc = { git = "https://gitlab.com/veloren/auth.git", rev = "f3683798bc5ea656845010f9bae11b05dd671ece" }
+authc = { git = "https://gitlab.com/veloren/auth.git", rev = "fb3dcbc4962b367253f8f2f92760ef44d2679c9a" }

 # ECS
 specs = { git = "https://github.com/amethyst/specs.git", features = ["serde", "storage-event-control"], rev = "5a9b71035007be0e3574f35184acac1cd4530496" }
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@ -42,7 +42,7 @@ rayon = "1.5"
 crossbeam-channel = "0.5"
 prometheus = { version = "0.12", default-features = false}
 portpicker = { git = "https://github.com/xMAC94x/portpicker-rs", rev = "df6b37872f3586ac3b21d08b56c8ec7cd92fb172" }
-authc = { git = "https://gitlab.com/veloren/auth.git", rev = "f3683798bc5ea656845010f9bae11b05dd671ece" }
+authc = { git = "https://gitlab.com/veloren/auth.git", rev = "fb3dcbc4962b367253f8f2f92760ef44d2679c9a" }
 libsqlite3-sys = { version = "0.18", features = ["bundled"] }
 diesel = { version = "1.4.3", features = ["sqlite"] }
 diesel_migrations = "1.4.0"
--- a/server/src/lib.rs
+++ b/server/src/lib.rs
@ -6,7 +6,8 @@
    bool_to_option,
    drain_filter,
    option_unwrap_none,
-    option_zip
+    option_zip,
+    str_split_once
 )]
 #![cfg_attr(not(feature = "worldgen"), feature(const_panic))]

--- a/server/src/login_provider.rs
+++ b/server/src/login_provider.rs
@ -44,8 +44,19 @@ pub struct LoginProvider {
 impl LoginProvider {
    pub fn new(auth_addr: Option<String>, runtime: Arc<Runtime>) -> Self {
        tracing::trace!(?auth_addr, "Starting LoginProvider");
-        let auth_server = auth_addr
-            .map(|addr| Arc::new(AuthClient::new(authc::Authority::from_str(&addr).unwrap())));
+
+        let auth_server = auth_addr.map(|addr| {
+            let (scheme, authority) = addr.split_once("://").expect("invalid auth url");
+
+            let scheme = scheme
+                .parse::<authc::Scheme>()
+                .expect("invalid auth url scheme");
+            let authority = authority
+                .parse::<authc::Authority>()
+                .expect("invalid auth url authority");
+
+            Arc::new(AuthClient::new(scheme, authority).expect("insecure auth scheme"))
+        });

        Self {
            runtime,
--- a/server/src/settings.rs
+++ b/server/src/settings.rs
@ -49,7 +49,7 @@ impl Default for Settings {
        Self {
            gameserver_address: SocketAddr::from(([0; 4], 14004)),
            metrics_address: SocketAddr::from(([0; 4], 14005)),
-            auth_server_address: Some("auth.veloren.net".into()),
+            auth_server_address: Some("https://auth.veloren.net".into()),
            world_seed: DEFAULT_WORLD_SEED,
            server_name: "Veloren Alpha".into(),
            max_players: 100,
--- a/voxygen/src/menu/main/mod.rs
+++ b/voxygen/src/menu/main/mod.rs
@ -197,6 +197,9 @@ impl PlayState for MainMenuState {
                                    localized_strings.get("main.login.failed_sending_request"),
                                    e
                                ),
+                                client::AuthClientError::InsecureSchema => localized_strings
+                                    .get("main.login.insecure_auth_scheme")
+                                    .into(),
                                client::AuthClientError::ServerError(_, e) => {
                                    String::from_utf8_lossy(&e).to_string()
                                },
--- a/voxygen/src/settings.rs
+++ b/voxygen/src/settings.rs
@ -526,7 +526,10 @@ impl Default for NetworkingSettings {
            username: "".to_string(),
            servers: vec!["server.veloren.net".to_string()],
            default_server: "server.veloren.net".to_string(),
-            trusted_auth_servers: ["auth.veloren.net"].iter().map(|s| s.to_string()).collect(),
+            trusted_auth_servers: ["https://auth.veloren.net"]
+                .iter()
+                .map(|s| s.to_string())
+                .collect(),
        }
    }
 }