dahjah/hostile-takeover
1
0
Fork 0
mirror of https://github.com/spiffcode/hostile-takeover.git synced 2026-02-01 12:03:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
hostile-takeover/stats/auth.py
Nathan Fulton d6b301c3e7 Track client platform version 
Client platform version can be retrieved live with /ids and is also
recorded in the playerdetail module.
2016-08-31 23:54:48 -04:00

68 lines
2.3 KiB
Python
Raw Permalink Blame History

import models
import config
import time
import base64
import random
from hashlib import md5
import serverinfo
import playerdetail
from google.appengine.ext import webapp
from google.appengine.ext.webapp.util import run_wsgi_app
# 24 hours
#COOKIE_TIMEOUT_SECONDS = 60*60*24
# 1 hour (so accounts can be disabled more easily)
COOKIE_TIMEOUT_SECONDS = 60*60
class AuthUser(webapp.RequestHandler):
def get(self):
self.response.headers['Content-Type'] = 'text/plain'
username = 'anonymous'
password = ''
t = None
try:
username,password,did,platform = self.get_username_password_did_platform()
if self.authenticate(username, password, did):
t = self.generate_token(username, config.AUTH_GOOD_SECRET)
self.save_action(username, did, platform)
else:
t = self.generate_token(username, config.AUTH_BAD_SECRET)
except:
t = self.generate_token(username, config.AUTH_BAD_SECRET)
self.response.out.write(t)
def get_username_password_did_platform(self):
d = base64.b64decode(self.request.get('a'))
username = d[0:d.find('\0')]
password = d[d.find('\0')+1:]
did = self.request.get('d')
platform = self.request.get('o')
return username,password,did,platform
def generate_token(self, username, secret):
a = {}
a['u'] = base64.b64encode(username)
a['c'] = random.randint(1000, 65535)
a['t'] = int(time.time()) + COOKIE_TIMEOUT_SECONDS
s = ''.join(a.__str__().split(' ')).replace("'",'"')
m = md5(s + secret)
return base64.b64encode('[%s,"%s"]' % (s, m.hexdigest()))
def authenticate(self, username, password, did):
m = models.PlayerModel.get_by_key_name('k' + username.lower())
if m == None or m.blocked or not did:
return False
return m.password.lower() == md5(password).hexdigest().lower()
def save_action(self, username, did, platform):
try:
player_name = username
anonymous = False
ip = self.request.remote_addr
action = dict(action='auth')
playerdetail.save(player_name, anonymous, did, ip, action, platform)
except:
pass
Reference in New Issue View Git Blame Copy Permalink