Initial commit

2025-12-14 10:45:30 +01:00 · 2022-10-08 17:16:13 -04:00
commit 385638c5e1
1925 changed files with 872504 additions and 0 deletions
--- a/builtin/game/auth.lua
+++ b/builtin/game/auth.lua
@@ -0,0 +1,185 @@
+-- Minetest: builtin/auth.lua
+
+--
+-- Builtin authentication handler
+--
+
+-- Make the auth object private, deny access to mods
+local core_auth = core.auth
+core.auth = nil
+
+core.builtin_auth_handler = {
+	get_auth = function(name)
+		assert(type(name) == "string")
+		local auth_entry = core_auth.read(name)
+		-- If no such auth found, return nil
+		if not auth_entry then
+			return nil
+		end
+		-- Figure out what privileges the player should have.
+		-- Take a copy of the privilege table
+		local privileges = {}
+		for priv, _ in pairs(auth_entry.privileges) do
+			privileges[priv] = true
+		end
+		-- If singleplayer, give all privileges except those marked as give_to_singleplayer = false
+		if core.is_singleplayer() then
+			for priv, def in pairs(core.registered_privileges) do
+				if def.give_to_singleplayer then
+					privileges[priv] = true
+				end
+			end
+		-- For the admin, give everything
+		elseif name == core.settings:get("name") then
+			for priv, def in pairs(core.registered_privileges) do
+				if def.give_to_admin then
+					privileges[priv] = true
+				end
+			end
+		end
+		-- All done
+		return {
+			password = auth_entry.password,
+			privileges = privileges,
+			last_login = auth_entry.last_login,
+		}
+	end,
+	create_auth = function(name, password)
+		assert(type(name) == "string")
+		assert(type(password) == "string")
+		core.log('info', "Built-in authentication handler adding player '"..name.."'")
+		return core_auth.create({
+			name = name,
+			password = password,
+			privileges = core.string_to_privs(core.settings:get("default_privs")),
+			last_login = -1,  -- Defer login time calculation until record_login (called by on_joinplayer)
+		})
+	end,
+	delete_auth = function(name)
+		assert(type(name) == "string")
+		local auth_entry = core_auth.read(name)
+		if not auth_entry then
+			return false
+		end
+		core.log('info', "Built-in authentication handler deleting player '"..name.."'")
+		return core_auth.delete(name)
+	end,
+	set_password = function(name, password)
+		assert(type(name) == "string")
+		assert(type(password) == "string")
+		local auth_entry = core_auth.read(name)
+		if not auth_entry then
+			core.builtin_auth_handler.create_auth(name, password)
+		else
+			core.log('info', "Built-in authentication handler setting password of player '"..name.."'")
+			auth_entry.password = password
+			core_auth.save(auth_entry)
+		end
+		return true
+	end,
+	set_privileges = function(name, privileges)
+		assert(type(name) == "string")
+		assert(type(privileges) == "table")
+		local auth_entry = core_auth.read(name)
+		if not auth_entry then
+			auth_entry = core.builtin_auth_handler.create_auth(name,
+				core.get_password_hash(name,
+					core.settings:get("default_password")))
+		end
+
+		auth_entry.privileges = privileges
+
+		core_auth.save(auth_entry)
+
+		-- Run grant callbacks
+		for priv, _ in pairs(privileges) do
+			if not auth_entry.privileges[priv] then
+				core.run_priv_callbacks(name, priv, nil, "grant")
+			end
+		end
+
+		-- Run revoke callbacks
+		for priv, _ in pairs(auth_entry.privileges) do
+			if not privileges[priv] then
+				core.run_priv_callbacks(name, priv, nil, "revoke")
+			end
+		end
+		core.notify_authentication_modified(name)
+	end,
+	reload = function()
+		core_auth.reload()
+		return true
+	end,
+	record_login = function(name)
+		assert(type(name) == "string")
+		local auth_entry = core_auth.read(name)
+		assert(auth_entry)
+		auth_entry.last_login = os.time()
+		core_auth.save(auth_entry)
+	end,
+	iterate = function()
+		local names = {}
+		local nameslist = core_auth.list_names()
+		for k,v in pairs(nameslist) do
+			names[v] = true
+		end
+		return pairs(names)
+	end,
+}
+
+core.register_on_prejoinplayer(function(name, ip)
+	if core.registered_auth_handler ~= nil then
+		return -- Don't do anything if custom auth handler registered
+	end
+	local auth_entry = core_auth.read(name)
+	if auth_entry ~= nil then
+		return
+	end
+
+	local name_lower = name:lower()
+	for k in core.builtin_auth_handler.iterate() do
+		if k:lower() == name_lower then
+			return string.format("\nCannot create new player called '%s'. "..
+					"Another account called '%s' is already registered. "..
+					"Please check the spelling if it's your account "..
+					"or use a different nickname.", name, k)
+		end
+	end
+end)
+
+--
+-- Authentication API
+--
+
+function core.register_authentication_handler(handler)
+	if core.registered_auth_handler then
+		error("Add-on authentication handler already registered by "..core.registered_auth_handler_modname)
+	end
+	core.registered_auth_handler = handler
+	core.registered_auth_handler_modname = core.get_current_modname()
+	handler.mod_origin = core.registered_auth_handler_modname
+end
+
+function core.get_auth_handler()
+	return core.registered_auth_handler or core.builtin_auth_handler
+end
+
+local function auth_pass(name)
+	return function(...)
+		local auth_handler = core.get_auth_handler()
+		if auth_handler[name] then
+			return auth_handler[name](...)
+		end
+		return false
+	end
+end
+
+core.set_player_password = auth_pass("set_password")
+core.set_player_privs    = auth_pass("set_privileges")
+core.remove_player_auth  = auth_pass("delete_auth")
+core.auth_reload         = auth_pass("reload")
+
+local record_login = auth_pass("record_login")
+core.register_on_joinplayer(function(player)
+	record_login(player:get_player_name())
+end)