Project Overwatch (#2085)

* project overwatch * Update subsystem.dm * wahoo * Update admin_verbs.dm * Update _base.dm * Revert "Update _base.dm" This reverts commit 4f13057. * age and ban checker * Update subsystem.dm
Monkestation · Jun 5, 2024 · 18382c2 · 18382c2
1 parent c202bcb
commit 18382c2
Show file tree

Hide file tree

Showing 12 changed files with 902 additions and 22 deletions.
diff --git a/code/__DEFINES/subsystems.dm b/code/__DEFINES/subsystems.dm
@@ -134,6 +134,7 @@
 #define INIT_ORDER_BLACKBOX 94
 #define INIT_ORDER_SERVER_MAINT 93
 #define INIT_ORDER_METRICS 91
+#define INIT_ORDER_OW 90
 #define INIT_ORDER_INPUT 85
 #define INIT_ORDER_SOUNDS 83
 #define INIT_ORDER_INSTRUMENTS 82

diff --git a/code/__DEFINES/~monkestation/overwatch.dm b/code/__DEFINES/~monkestation/overwatch.dm
@@ -0,0 +1,17 @@
+
+/proc/new_sql_sanitize_text(text)
+	text = replacetext(text, "'", "")
+	text = replacetext(text, ";", "")
+	text = replacetext(text, "&", "")
+	text = replacetext(text, "`", "")
+	return text
+
+/proc/remove_all_spaces(text)
+	text = replacetext(text, " ", "")
+	return text
+
+/proc/sql_sanitize_text(text)
+	text = replacetext(text, "'", "''")
+	text = replacetext(text, ";", "")
+	text = replacetext(text, "&", "")
+	return text
diff --git a/code/modules/admin/admin_verbs.dm b/code/modules/admin/admin_verbs.dm
@@ -180,6 +180,8 @@ GLOBAL_PROTECT(admin_verbs_server)
 	/client/proc/toggle_hub,
 	/client/proc/toggle_interviews,
 	/client/proc/toggle_random_events,
+	/client/proc/Overwatch_ASN_panel,
+	/client/proc/Overwatch_WhitelistPanel,
 	)
 GLOBAL_LIST_INIT(admin_verbs_debug, world.AVerbsDebug())
 GLOBAL_PROTECT(admin_verbs_debug)

diff --git a/code/modules/client/client_procs.dm b/code/modules/client/client_procs.dm
@@ -499,7 +499,7 @@ GLOBAL_LIST_INIT(blacklisted_builds, list(
 		if (CONFIG_GET(flag/irc_first_connection_alert))
 			send2tgs_adminless_only("new_byond_user", "[key_name(src)] (IP: [address], ID: [computer_id]) is a new BYOND account [account_age] day[(account_age == 1?"":"s")] old, created on [account_join_date].")
 	get_message_output("watchlist entry", ckey)
-	if(check_ip_intel() && CONFIG_GET(flag/vpn_kick))
+	if(check_overwatch() && CONFIG_GET(flag/vpn_kick))
 		return
 	validate_key_in_db()
 	// If we aren't already generating a ban cache, fire off a build request
@@ -758,19 +758,26 @@ GLOBAL_LIST_INIT(blacklisted_builds, list(
 		qdel(query_log_player)
 	if(!account_join_date)
 		account_join_date = "Error"
-	var/datum/db_query/query_log_connection = SSdbcore.NewQuery({"
-		INSERT INTO `[format_table_name("connection_log")]` (`id`,`datetime`,`server_ip`,`server_port`,`round_id`,`ckey`,`ip`,`computerid`)
-		VALUES(null,Now(),INET_ATON(:internet_address),:port,:round_id,:ckey,INET_ATON(:ip),:computerid)
-	"}, list("internet_address" = world.internet_address || "0", "port" = world.port, "round_id" = GLOB.round_id, "ckey" = ckey, "ip" = address, "computerid" = computer_id))
-	query_log_connection.Execute()
-	qdel(query_log_connection)
+	log_client_to_db_connection_log()
 
 	SSserver_maint.UpdateHubStatus()
 
 	if(new_player)
 		player_age = -1
 	. = player_age
 
+/client/proc/log_client_to_db_connection_log()
+	var/sql_ip = sql_sanitize_text(src.address)
+	var/sql_computerid = sql_sanitize_text(src.computer_id)
+	var/sql_ckey = sql_sanitize_text(src.ckey)
+
+	var/datum/db_query/query_log_connection = SSdbcore.NewQuery({"
+		INSERT INTO `[format_table_name("connection_log")]` (`id`,`datetime`,`server_ip`,`server_port`,`round_id`,`ckey`,`ip`,`computerid`)
+		VALUES(null,Now(),INET_ATON(:internet_address),:port,:round_id,:ckey,INET_ATON(:ip),:computerid)
+	"}, list("internet_address" = world.internet_address || "0", "port" = world.port, "round_id" = GLOB.round_id, "ckey" = sql_ckey, "ip" = sql_ip, "computerid" = sql_computerid))
+	query_log_connection.Execute()
+	qdel(query_log_connection)
+
 /client/proc/findJoinDate()
 	var/list/http = world.Export("http://byond.com/members/[ckey]?format=text")
 	if(!http)
@@ -932,19 +939,29 @@ GLOBAL_LIST_INIT(blacklisted_builds, list(
 	create_message("note", key, system_ckey, message, null, null, 0, 0, null, 0, 0)
 
 
-/client/proc/check_ip_intel()
-	///we cant sleep here as it voids the ability for us to be added to the interview que
-	if (CONFIG_GET(string/ipintel_email))
-		var/failed = FALSE
-		var/datum/ipintel/res = get_ip_intel(address)
-		if (res.intel >= CONFIG_GET(number/ipintel_rating_bad))
-			failed = TRUE
-		ip_intel = res.intel
-
-		if(ip_intel >= CONFIG_GET(number/ipintel_rating_bad) && !(ckey in GLOB.interviews.approved_ckeys))
-			message_admins(span_adminnotice("Proxy Detection: [key_name_admin(src)] IP intel rated [res.intel*100]% likely to be a Proxy/VPN, they will be added to interview queue"))
-			interviewee = TRUE
-		return failed
+/client/proc/check_overwatch()
+	var/failed = FALSE
+	SSoverwatch.CollectClientData(src)
+	failed = SSoverwatch.HandleClientAccessCheck(src)
+	SSoverwatch.HandleASNbanCheck(src)
+
+	var/string
+	if(ip_info)
+		if(ip_info.ip_proxy)
+			string += "Proxy IP"
+		if(ip_info.ip_hosting)
+			if(string)
+				string += ", "
+			string += "Hosted IP"
+		if(ip_info.ip_mobile)
+			if(string)
+				string += ", "
+			string += "Mobile Hostspot IP"
+
+	if(failed && !(ckey in GLOB.interviews.approved_ckeys))
+		message_admins(span_adminnotice("Proxy Detection: [key_name_admin(src)] Overwatch detected this is a [string]"))
+		interviewee = TRUE
+	return failed
 
 /client/Click(atom/object, atom/location, control, params)
 	SEND_SIGNAL(src, COMSIG_CLIENT_CLICK_DIRTY, object, location, control, params, usr)

diff --git a/code/modules/mob/dead/new_player/login.dm b/code/modules/mob/dead/new_player/login.dm
@@ -60,8 +60,7 @@
 	// and set the player's client up for interview.
 
 	///guh
-	if(client.ip_intel == "Disabled")
-		client.check_ip_intel()
+	client.check_overwatch()
 
 	if(client.interviewee)
 		register_for_interview()

diff --git a/monkestation/code/modules/overwatch/client_info.dm b/monkestation/code/modules/overwatch/client_info.dm
@@ -0,0 +1,40 @@
+/datum/ip_info
+	var/is_loaded = FALSE
+	var/is_whitelisted = FALSE
+
+	var/ip
+	var/ip_as
+	var/ip_mobile
+	var/ip_proxy
+	var/ip_hosting
+
+/client
+	var/datum/ip_info/ip_info = new
+
+/client/proc/Overwatch_ASN_panel()
+	set category = "Server"
+	set name = "Overwatch ASN Panel"
+
+	if(!SSdbcore.Connect())
+		to_chat(usr, span_warning("Failed to establish database connection"))
+		return
+
+	if(!check_rights(R_SERVER))
+		return
+
+	new /datum/overwatch_asn_panel(src)
+
+
+/client/proc/Overwatch_WhitelistPanel()
+	set category = "Server"
+	set name = "Overwatch WL Panel"
+
+	if(!SSdbcore.Connect())
+		to_chat(usr, span_warning("Failed to establish database connection"))
+		return
+
+	if(!check_rights(R_BAN))
+		return
+
+	new /datum/overwatch_wl_panel(src)
+
diff --git a/monkestation/code/modules/overwatch/panels/asn_panel.dm b/monkestation/code/modules/overwatch/panels/asn_panel.dm
@@ -0,0 +1,69 @@
+/datum/overwatch_asn_panel
+	var/client/holder // client of who is holding this
+
+/datum/overwatch_asn_panel/New(user)
+	if(user)
+		setup(user)
+	else
+		qdel(src)
+		return
+
+/datum/overwatch_asn_panel/proc/setup(user) // client or mob
+	if(!SSdbcore.Connect())
+		to_chat(holder, span_warning("Failed to establish database connection"))
+		qdel(src)
+		return
+
+	if(istype(user, /client))
+		var/client/user_client = user
+		holder = user_client
+	else
+		var/mob/user_mob = user
+		holder = user_mob.client
+
+	if(!check_rights(R_SERVER, TRUE, holder))
+		qdel(src)
+		return
+
+	ui_interact(holder.mob)
+
+/datum/overwatch_asn_panel/ui_state(mob/user)
+	return GLOB.admin_state // admin only
+
+/datum/overwatch_asn_panel/ui_interact(mob/user, datum/tgui/ui)
+	ui = SStgui.try_update_ui(user, src, ui)
+	if(!ui)
+		ui = new(user, src, "OverwatchASNManager")
+		ui.open()
+
+/datum/overwatch_asn_panel/ui_data(mob/user, ui_key)
+	. = SSoverwatch.tgui_panel_asn_data
+
+/datum/overwatch_asn_panel/ui_act(action, list/params, datum/tgui/ui, datum/ui_state/state)
+	if(..())
+		return
+	switch(action)
+		if("asn_remove_entry")
+			if(!params["asn"])
+				return TRUE
+			if(SSoverwatch.RemoveASNban(params["asn"], holder))
+				SStgui.update_uis(src)
+			else
+				return TRUE
+		if("asn_add_entry")
+			if(!params["ip"])
+				return TRUE
+			if(SSoverwatch.AddASNban(params["ip"], holder))
+				SStgui.update_uis(src)
+			else
+				return TRUE
+
+	if(!length(SSoverwatch.tgui_panel_asn_data))
+		qdel(src) //For some unknown reason it refuses to update UI when it goes from 1 to 0 entries, so last item gets stuck. I can't fix it now, maybe later. ~Tsuru
+		return
+
+	SStgui.update_user_uis(holder.mob)
+	return TRUE
+
+/datum/overwatch_asn_panel/ui_close(mob/user)
+	qdel(src)
diff --git a/monkestation/code/modules/overwatch/panels/whitelist_panel.dm b/monkestation/code/modules/overwatch/panels/whitelist_panel.dm
@@ -0,0 +1,69 @@
+/datum/overwatch_wl_panel
+	var/client/holder // client of who is holding this
+
+/datum/overwatch_wl_panel/New(user)
+	if(user)
+		setup(user)
+	else
+		qdel(src)
+		return
+
+/datum/overwatch_wl_panel/proc/setup(user) // client or mob
+	if(!SSdbcore.Connect())
+		to_chat(holder, span_warning("Failed to establish database connection"))
+		qdel(src)
+		return
+
+	if(istype(user, /client))
+		var/client/user_client = user
+		holder = user_client
+	else
+		var/mob/user_mob = user
+		holder = user_mob.client
+
+	if(!check_rights(R_BAN, TRUE, holder))
+		qdel(src)
+		return
+
+	ui_interact(holder.mob)
+
+/datum/overwatch_wl_panel/ui_state(mob/user)
+	return GLOB.admin_state // admin only
+
+/datum/overwatch_wl_panel/ui_interact(mob/user, datum/tgui/ui)
+	ui = SStgui.try_update_ui(user, src, ui)
+	if(!ui)
+		ui = new(user, src, "OverwatchWhitelistPanel")
+		ui.open()
+
+/datum/overwatch_wl_panel/ui_data(mob/user)
+	. = SSoverwatch.tgui_panel_wl_data
+
+/datum/overwatch_wl_panel/ui_act(action, list/params, datum/tgui/ui, datum/ui_state/state)
+	if(..())
+		return
+	switch(action)
+		if("wl_remove_entry")
+			if(!params["ckey"])
+				return TRUE
+			if(SSoverwatch.RemoveFromWhitelist(params["ckey"], holder))
+				SStgui.update_uis(src)
+			else
+				return TRUE
+		if("wl_add_ckey")
+			if(!params["ckey"])
+				return TRUE
+			if(SSoverwatch.AddToWhitelist(params["ckey"], holder))
+				SStgui.update_uis(src)
+			else
+				return TRUE
+
+	if(!length(SSoverwatch.tgui_panel_wl_data))
+		qdel(src) //Same as ASN. ~Tsuru
+		return
+
+	SStgui.update_user_uis(holder.mob)
+	return TRUE
+
+/datum/overwatch_wl_panel/ui_close(mob/user)
+	qdel(src)