remove Game.token (store tokens in memory)
This commit is contained in:
parent
0398108441
commit
7871f3e34b
|
@ -35,7 +35,7 @@ object Round extends LilaController with TheftPrevention {
|
|||
}
|
||||
|
||||
def signedJs(gameId: String) = OpenNoCtx { req ⇒
|
||||
JsOk(GameRepo token gameId map Env.game.gameJs.sign, CACHE_CONTROL -> "max-age=3600")
|
||||
JsOk(fuccess(Env.game.gameJs.sign(env.hijack.tokenOf(gameId))), CACHE_CONTROL -> "max-age=3600")
|
||||
}
|
||||
|
||||
def player(fullId: String) = Open { implicit ctx ⇒
|
||||
|
|
|
@ -11,7 +11,6 @@ import lila.user.User
|
|||
|
||||
case class Game(
|
||||
id: String,
|
||||
token: String,
|
||||
whitePlayer: Player,
|
||||
blackPlayer: Player,
|
||||
binaryPieces: ByteArray,
|
||||
|
@ -340,7 +339,6 @@ object Game {
|
|||
val playerIdSize = 4
|
||||
val fullIdSize = 12
|
||||
val tokenSize = 4
|
||||
val defaultToken = "-tk-"
|
||||
|
||||
def abandonedDate = DateTime.now - 7.days
|
||||
|
||||
|
@ -356,7 +354,6 @@ object Game {
|
|||
source: Source,
|
||||
pgnImport: Option[PgnImport]): Game = Game(
|
||||
id = IdGenerator.game,
|
||||
token = IdGenerator.token,
|
||||
whitePlayer = whitePlayer,
|
||||
blackPlayer = blackPlayer,
|
||||
binaryPieces = if (game.isStandardInit) BinaryFormat.piece.standard
|
||||
|
@ -387,7 +384,6 @@ object Game {
|
|||
object BSONFields {
|
||||
|
||||
val id = "_id"
|
||||
val token = "tk"
|
||||
val whitePlayer = "p0"
|
||||
val blackPlayer = "p1"
|
||||
val binaryPieces = "ps"
|
||||
|
@ -420,7 +416,6 @@ object Game {
|
|||
val nbTurns = r int turns
|
||||
Game(
|
||||
id = r str "_id",
|
||||
token = r str "tk",
|
||||
whitePlayer = r.get[Color ⇒ Player](whitePlayer)(playerBSONHandler)(White),
|
||||
blackPlayer = r.get[Color ⇒ Player](blackPlayer)(playerBSONHandler)(Black),
|
||||
binaryPieces = r bytes binaryPieces,
|
||||
|
@ -448,7 +443,6 @@ object Game {
|
|||
|
||||
def writes(w: BSON.Writer, o: Game) = BSONDocument(
|
||||
id -> o.id,
|
||||
token -> o.token,
|
||||
whitePlayer -> ((_: Color) ⇒ o.whitePlayer),
|
||||
blackPlayer -> ((_: Color) ⇒ o.blackPlayer),
|
||||
binaryPieces -> o.binaryPieces,
|
||||
|
|
|
@ -49,7 +49,7 @@ object GameBinaryMigration {
|
|||
case (k, v) if !drops(k) ⇒ k -> v
|
||||
})
|
||||
|
||||
val gameDrop = Set("c", "cc", "cs", "lm", "lmt", "p", "me", "ph", "uids")
|
||||
val gameDrop = Set("c", "cc", "cs", "lm", "lmt", "p", "me", "ph", "uids", "tk")
|
||||
val playerDrop = Set("ps", "mts", "uid", "isOfferingDraw", "isOfferingRematch", "isProposingTakeback", "lastDrawOffer")
|
||||
|
||||
def convertGame(o: Doc): Doc = {
|
||||
|
|
|
@ -72,9 +72,6 @@ trait GameRepo {
|
|||
$query(Query.finished ++ Query.rated ++ Query.user(userId)) sort ($sort asc BSONFields.createdAt)
|
||||
)
|
||||
|
||||
def token(id: ID): Fu[String] =
|
||||
$primitive.one($select(id), "tk")(_.asOpt[String]) map (_ | Game.defaultToken)
|
||||
|
||||
def save(progress: Progress): Funit =
|
||||
GameDiff(progress.origin, progress.game) |> {
|
||||
case (Nil, Nil) ⇒ funit
|
||||
|
|
|
@ -154,7 +154,7 @@ final class Env(
|
|||
|
||||
private lazy val titivate = new Titivate(roundMap, meddler, scheduler)
|
||||
|
||||
private lazy val hijack = new Hijack(HijackTimeout, HijackEnabled)
|
||||
lazy val hijack = new Hijack(HijackTimeout, HijackEnabled)
|
||||
|
||||
private lazy val takebacker = new Takebacker(
|
||||
messenger = messenger,
|
||||
|
|
|
@ -1,20 +1,28 @@
|
|||
package lila.round
|
||||
|
||||
import scala.concurrent.duration.Duration
|
||||
import scala.concurrent.duration._
|
||||
|
||||
import lila.game.Pov
|
||||
import lila.game.{ Pov, Game, IdGenerator }
|
||||
import lila.memo.ExpireSetMemo
|
||||
import lila.user.Context
|
||||
|
||||
private[round] final class Hijack(timeout: Duration, enabled: Boolean) {
|
||||
|
||||
// game ID -> game token
|
||||
private val tokens = lila.memo.Builder.cache(
|
||||
2 hour,
|
||||
(_: String) ⇒ IdGenerator.token
|
||||
)
|
||||
|
||||
// full game ids that have been hijacked
|
||||
private val hijacks = new ExpireSetMemo(timeout)
|
||||
|
||||
def tokenOf(gameId: String) = tokens get gameId
|
||||
|
||||
def apply(pov: Pov, token: String): Boolean = enabled && {
|
||||
pov.game.rated && {
|
||||
if (hijacks get pov.fullId) true
|
||||
else if (token != pov.game.token) {
|
||||
else if (token != tokenOf(pov.game.id)) {
|
||||
logwarn(s"[websocket] hijacking detected ${pov.fullId}")
|
||||
hijacks put pov.fullId
|
||||
true
|
||||
|
|
Loading…
Reference in a new issue