From 36838ea22f19022bf897fac8f77dbcd1c292256e Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 27 Nov 2017 17:37:41 +0100 Subject: [PATCH] Make core.auth_table private and structure builtin/auth.lua If you give modders the ability to do something, they will... --- builtin/game/auth.lua | 86 ++++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 41 deletions(-) diff --git a/builtin/game/auth.lua b/builtin/game/auth.lua index 3a478111c..80b15e818 100644 --- a/builtin/game/auth.lua +++ b/builtin/game/auth.lua @@ -1,17 +1,17 @@ -- Minetest: builtin/auth.lua -- --- Authentication handler +-- Builtin authentication handler -- -core.auth_file_path = core.get_worldpath().."/auth.txt" -core.auth_table = {} +local auth_file_path = core.get_worldpath().."/auth.txt" +local auth_table = {} local function read_auth_file() local newtable = {} - local file, errmsg = io.open(core.auth_file_path, 'rb') + local file, errmsg = io.open(auth_file_path, 'rb') if not file then - core.log("info", core.auth_file_path.." could not be opened for reading ("..errmsg.."); assuming new world") + core.log("info", auth_file_path.." could not be opened for reading ("..errmsg.."); assuming new world") return end for line in file:lines() do @@ -27,14 +27,14 @@ local function read_auth_file() end end io.close(file) - core.auth_table = newtable + auth_table = newtable core.notify_authentication_modified() end local function save_auth_file() local newtable = {} -- Check table for validness before attempting to save - for name, stuff in pairs(core.auth_table) do + for name, stuff in pairs(auth_table) do assert(type(name) == "string") assert(name ~= "") assert(type(stuff) == "table") @@ -43,13 +43,13 @@ local function save_auth_file() assert(stuff.last_login == nil or type(stuff.last_login) == "number") end local content = "" - for name, stuff in pairs(core.auth_table) do + for name, stuff in pairs(auth_table) do local priv_string = core.privs_to_string(stuff.privileges) local parts = {name, stuff.password, priv_string, stuff.last_login or ""} content = content .. table.concat(parts, ":") .. "\n" end - if not core.safe_file_write(core.auth_file_path, content) then - error(core.auth_file_path.." could not be written to") + if not core.safe_file_write(auth_file_path, content) then + error(auth_file_path.." could not be written to") end end @@ -63,13 +63,13 @@ core.builtin_auth_handler = { -- usually empty too) local new_password_hash = "" -- If not in authentication table, return nil - if not core.auth_table[name] then + if not auth_table[name] then return nil end -- Figure out what privileges the player should have. -- Take a copy of the privilege table local privileges = {} - for priv, _ in pairs(core.auth_table[name].privileges) do + for priv, _ in pairs(auth_table[name].privileges) do privileges[priv] = true end -- If singleplayer, give all privileges except those marked as give_to_singleplayer = false @@ -89,17 +89,17 @@ core.builtin_auth_handler = { end -- All done return { - password = core.auth_table[name].password, + password = auth_table[name].password, privileges = privileges, -- Is set to nil if unknown - last_login = core.auth_table[name].last_login, + last_login = auth_table[name].last_login, } end, create_auth = function(name, password) assert(type(name) == "string") assert(type(password) == "string") core.log('info', "Built-in authentication handler adding player '"..name.."'") - core.auth_table[name] = { + auth_table[name] = { password = password, privileges = core.string_to_privs(core.settings:get("default_privs")), last_login = os.time(), @@ -109,11 +109,11 @@ core.builtin_auth_handler = { set_password = function(name, password) assert(type(name) == "string") assert(type(password) == "string") - if not core.auth_table[name] then + if not auth_table[name] then core.builtin_auth_handler.create_auth(name, password) else core.log('info', "Built-in authentication handler setting password of player '"..name.."'") - core.auth_table[name].password = password + auth_table[name].password = password save_auth_file() end return true @@ -121,7 +121,7 @@ core.builtin_auth_handler = { set_privileges = function(name, privileges) assert(type(name) == "string") assert(type(privileges) == "table") - if not core.auth_table[name] then + if not auth_table[name] then core.builtin_auth_handler.create_auth(name, core.get_password_hash(name, core.settings:get("default_password"))) @@ -129,19 +129,19 @@ core.builtin_auth_handler = { -- Run grant callbacks for priv, _ in pairs(privileges) do - if not core.auth_table[name].privileges[priv] then + if not auth_table[name].privileges[priv] then core.run_priv_callbacks(name, priv, nil, "grant") end end -- Run revoke callbacks - for priv, _ in pairs(core.auth_table[name].privileges) do + for priv, _ in pairs(auth_table[name].privileges) do if not privileges[priv] then core.run_priv_callbacks(name, priv, nil, "revoke") end end - core.auth_table[name].privileges = privileges + auth_table[name].privileges = privileges core.notify_authentication_modified(name) save_auth_file() end, @@ -151,11 +151,34 @@ core.builtin_auth_handler = { end, record_login = function(name) assert(type(name) == "string") - assert(core.auth_table[name]).last_login = os.time() + assert(auth_table[name]).last_login = os.time() save_auth_file() end, } +core.register_on_prejoinplayer(function(name, ip) + if core.registered_auth_handler ~= nil then + return -- Don't do anything if custom auth handler registered + end + if auth_table[name] ~= nil then + return + end + + local name_lower = name:lower() + for k in pairs(auth_table) do + if k:lower() == name_lower then + return string.format("\nCannot create new player called '%s'. ".. + "Another account called '%s' is already registered. ".. + "Please check the spelling if it's your account ".. + "or use a different nickname.", name, k) + end + end +end) + +-- +-- Authentication API +-- + function core.register_authentication_handler(handler) if core.registered_auth_handler then error("Add-on authentication handler already registered by "..core.registered_auth_handler_modname) @@ -183,26 +206,7 @@ core.set_player_password = auth_pass("set_password") core.set_player_privs = auth_pass("set_privileges") core.auth_reload = auth_pass("reload") - local record_login = auth_pass("record_login") - core.register_on_joinplayer(function(player) record_login(player:get_player_name()) end) - -core.register_on_prejoinplayer(function(name, ip) - local auth = core.auth_table - if auth[name] ~= nil then - return - end - - local name_lower = name:lower() - for k in pairs(auth) do - if k:lower() == name_lower then - return string.format("\nCannot create new player called '%s'. ".. - "Another account called '%s' is already registered. ".. - "Please check the spelling if it's your account ".. - "or use a different nickname.", name, k) - end - end -end) -- 2.25.1