mirror of
https://github.com/openfrontio/OpenFrontIO.git
synced 2026-07-08 10:50:37 +00:00
Client JWT authentication (#723)
## Description: Send JWT to the game server for verification. ## Please complete the following: - [x] I have added screenshots for all UI updates - [ ] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced - [x] I understand that submitting code with bugs that could have been caught through manual testing blocks releases and new features for all contributors --------- Co-authored-by: Scott Anderson <662325+scottanderson@users.noreply.github.com>
This commit is contained in:
+27
-1
@@ -138,7 +138,33 @@ const SafeString = z
|
||||
)
|
||||
.max(1000);
|
||||
|
||||
const jwtRegex = /^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$/;
|
||||
// Copied from zod, modified to remove their erroneous `typ` header requirement
|
||||
function isValidJWT(jwt: string, alg?: string): boolean {
|
||||
if (!jwtRegex.test(jwt)) return false;
|
||||
try {
|
||||
const [header] = jwt.split(".");
|
||||
// Convert base64url to base64
|
||||
const base64 = header
|
||||
.replace(/-/g, "+")
|
||||
.replace(/_/g, "/")
|
||||
.padEnd(header.length + ((4 - (header.length % 4)) % 4), "=");
|
||||
const decoded = JSON.parse(atob(base64));
|
||||
if (typeof decoded !== "object" || decoded === null) return false;
|
||||
if (!decoded.alg) return false;
|
||||
if (alg && decoded.alg !== alg) return false;
|
||||
return true;
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
const PersistentIdSchema = z.string().uuid();
|
||||
const TokenSchema = z
|
||||
.string()
|
||||
.refine((v) => PersistentIdSchema.safeParse(v).success || isValidJWT(v), {
|
||||
message: "Token must be a valid UUID or JWT",
|
||||
});
|
||||
|
||||
const EmojiSchema = z
|
||||
.number()
|
||||
@@ -405,7 +431,7 @@ export const ClientIntentMessageSchema = z.object({
|
||||
export const ClientJoinMessageSchema = z.object({
|
||||
type: z.literal("join"),
|
||||
clientID: ID,
|
||||
persistentID: PersistentIdSchema, // WARNING: PII
|
||||
token: TokenSchema, // WARNING: PII
|
||||
gameID: ID,
|
||||
lastTurn: z.number(), // The last turn the client saw.
|
||||
username: SafeString,
|
||||
|
||||
Reference in New Issue
Block a user