Implemented Authorization in the ProxyHandler.java

2024-02-15 17:10:56 +01:00 · 2024-02-15 17:10:56 +01:00 · b5b93c4dbc
commit b5b93c4dbc
parent 636ff60c30
1 changed files with 37 additions and 8 deletions
--- a/src/main/java/de/gnmyt/mcdash/handler/ProxyHandler.java
+++ b/src/main/java/de/gnmyt/mcdash/handler/ProxyHandler.java
@ -5,6 +5,7 @@ import com.sun.net.httpserver.HttpHandler;
 import de.gnmyt.mcdash.MCDashWrapper;
 import de.gnmyt.mcdash.api.Logger;
 import de.gnmyt.mcdash.api.ServerManager;
+import de.gnmyt.mcdash.api.UserManager;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
 import okhttp3.RequestBody;
@ -16,25 +17,53 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
+import java.util.List;

 public class ProxyHandler implements HttpHandler {

    private final static Logger LOG = new Logger(ProxyHandler.class);
    private final OkHttpClient client = new OkHttpClient();
    private final ServerManager serverManager = MCDashWrapper.getServerManager();
+    private final UserManager userManager = MCDashWrapper.getUserManager();

    @Override
    public void handle(HttpExchange exchange) throws IOException {
        String uuid = exchange.getRequestURI().getPath().split("/")[2];
-
-        if (serverManager.getServer(uuid) == null) {
-            exchange.sendResponseHeaders(404, 0);
-            exchange.close();
-            return;
-        }
-
        String pathWithoutUuid = exchange.getRequestURI().getPath().replace("/proxy/" + uuid, "")
-                        + (exchange.getRequestURI().getQuery() != null ? "?" + exchange.getRequestURI().getQuery() : "");
+                + (exchange.getRequestURI().getQuery() != null ? "?" + exchange.getRequestURI().getQuery() : "");
+
+        if (pathWithoutUuid.startsWith("/api")) {
+            List<String> authHeader = exchange.getRequestHeaders().get("Authorization");
+            if (authHeader == null) {
+                exchange.sendResponseHeaders(401, 0);
+                return;
+            }
+
+            String[] authCredentials;
+            try {
+                authCredentials = new String(Base64.getDecoder().decode(authHeader.get(0)
+                        .replace("Basic ", ""))).split(":");
+            } catch (Exception e) {
+                exchange.sendResponseHeaders(401, 0);
+                return;
+            }
+
+            if (authCredentials.length != 2) {
+                exchange.sendResponseHeaders(401, 0);
+                return;
+            }
+
+            if (!userManager.isPasswordCorrect(authCredentials[0], authCredentials[1])) {
+                exchange.sendResponseHeaders(401, 0);
+                return;
+            }
+
+            if (serverManager.getServer(uuid) == null) {
+                exchange.sendResponseHeaders(404, 0);
+                exchange.close();
+                return;
+            }
+        }

        RequestBody requestBody = exchange.getRequestMethod().equals("GET") ? null : RequestBody.create(IOUtils.toByteArray(exchange.getRequestBody()), null);