Merge pull request #166 from TaloDev/develop

Release 0.28.0

Author: tudddorrr

.github/workflows/docker.yml

@@ -24,7 +24,7 @@ jobs:
 
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           push: true
           tags: |

envs/.env.dev

@@ -21,5 +21,6 @@ FROM_EMAIL=hello@trytalo.com
 
 RECOVERY_CODES_SECRET=tc0d8e0h0lqv5isajfjw0iivj5pc3d95
 STEAM_INTEGRATION_SECRET=PjBw8vy8ZbFqXvZwAABWfbhfXvJ32idf
+API_SECRET=YgGBEely4gOIzXGOf44N4IWtFwMCzw8O
 
 STRIPE_KEY=

package.json

@@ -1,6 +1,6 @@
 {
   "name": "game-services",
-  "version": "0.27.0",
+  "version": "0.28.0",
   "description": "",
   "main": "src/index.ts",
   "scripts": {
@@ -70,7 +70,7 @@
     "koa-bodyparser": "^4.3.0",
     "koa-clay": "^6.5.0",
     "koa-helmet": "^6.1.0",
-    "koa-jwt": "^4.0.3",
+    "koa-jwt": "^4.0.4",
     "koa-logger": "^3.2.1",
     "lodash.get": "^4.4.2",
     "lodash.groupby": "^4.6.0",

src/config/api-routes.ts

@@ -8,19 +8,20 @@ import EventAPIService from '../services/api/event-api.service'
 import PlayerAPIService from '../services/api/player-api.service'
 import limiterMiddleware from '../middlewares/limiter-middleware'
 import currentPlayerMiddleware from '../middlewares/current-player-middleware'
+import { apiRouteAuthMiddleware, getRouteInfo } from '../middlewares/route-middleware'
+import apiKeyMiddleware from '../middlewares/api-key-middleware'
 
 export default (app: Koa) => {
+  app.use(apiKeyMiddleware)
+  app.use(apiRouteAuthMiddleware)
+  app.use(limiterMiddleware)
+
   app.use(async (ctx: Context, next: Next): Promise<void> => {
-    if (ctx.path.match(/^\/(v1)\//)) {
-      if (ctx.state.user?.api !== true) ctx.throw(401)
-    }
+    const route = getRouteInfo(ctx)
+    if (route.isAPIRoute && !route.isAPICall) ctx.throw(401)
     await next()
   })
 
-  if (process.env.NODE_ENV !== 'test') {
-    app.use(limiterMiddleware)
-  }
-
   app.use(currentPlayerMiddleware)
 
   app.use(service('/v1/game-config', new GameConfigAPIService()))

src/config/protected-routes.ts

@@ -15,13 +15,14 @@ import PlayerService from '../services/player.service'
 import UserService from '../services/user.service'
 import BillingService from '../services/billing.service'
 import IntegrationService from '../services/integration.service'
+import { getRouteInfo, protectedRouteAuthMiddleware } from '../middlewares/route-middleware'
 
 export default (app: Koa) => {
+  app.use(protectedRouteAuthMiddleware)
+
   app.use(async (ctx: Context, next: Next): Promise<void> => {
-    // trying to access protected route via api key
-    if (!ctx.path.match(/^\/(public|v1)\//)) {
-      if (ctx.state.user?.api) ctx.throw(401)
-    }
+    const route = getRouteInfo(ctx)
+    if (route.isProtectedRoute && route.isAPICall) ctx.throw(401)
     await next()
   })
 

src/entities/api-key.ts

@@ -1,7 +1,6 @@
 import { Entity, Enum, ManyToOne, PrimaryKey, Property } from '@mikro-orm/core'
 import Game from './game'
 import User from './user'
-import jwt from 'jsonwebtoken'
 
 export enum APIKeyScope {
   READ_GAME_CONFIG = 'read:gameConfig',
@@ -39,27 +38,22 @@ export default class APIKey {
   @Property({ nullable: true })
   revokedAt?: Date
 
+  @Property({ nullable: true })
+  lastUsedAt?: Date
+
   constructor(game: Game, createdByUser: User) {
     this.game = game
     this.createdByUser = createdByUser
   }
 
-  createTokenSync(apiKey: APIKey, iat: number) {
-    const payload = { sub: apiKey.id, api: true, iat }
-    return jwt.sign(payload, process.env.JWT_SECRET)
-  }
-
   toJSON() {
-    const iat = new Date(this.createdAt).getTime()
-    const token = this.createTokenSync(this, Math.floor(iat / 1000))
-
     return {
       id: this.id,
-      token: token.substring(token.length - 5, token.length),
       scopes: this.scopes,
       gameId: this.game.id,
       createdBy: this.createdByUser.username,
-      createdAt: this.createdAt
+      createdAt: this.createdAt,
+      lastUsedAt: this.lastUsedAt
     }
   }
 }

src/entities/game-secret.ts

@@ -0,0 +1,37 @@
+import { Entity, OneToOne, PrimaryKey, Property } from '@mikro-orm/core'
+import { decrypt, encrypt } from '../lib/crypto/string-encryption'
+import Game from './game'
+import crypto from 'crypto'
+
+@Entity()
+export default class GameSecret {
+  @PrimaryKey()
+  id: number
+
+  @OneToOne(() => Game, (game) => game.apiSecret)
+  game: Game
+
+  @Property({ hidden: true })
+  secret: string
+
+  constructor() {
+    this.secret = this.generateSecret()
+  }
+
+  generateSecret(): string {
+    const secret = Buffer.from(crypto.randomBytes(48)).toString('hex')
+    return encrypt(secret, process.env.API_SECRET)
+  }
+
+  getPlainSecret(): string {
+    return decrypt(this.secret, process.env.API_SECRET)
+  }
+
+  /* c8 ignore start */
+  toJSON() {
+    return {
+      id: this.id
+    }
+  }
+  /* c8 ignore stop */
+}

src/entities/game.ts

@@ -1,4 +1,5 @@
-import { Collection, Embedded, Entity, ManyToOne, OneToMany, PrimaryKey, Property } from '@mikro-orm/core'
+import { Collection, Embedded, Entity, ManyToOne, OneToMany, OneToOne, PrimaryKey, Property } from '@mikro-orm/core'
+import GameSecret from './game-secret'
 import Organisation from './organisation'
 import Player from './player'
 import Prop from './prop'
@@ -20,6 +21,9 @@ export default class Game {
   @OneToMany(() => Player, (player) => player.game)
   players: Collection<Player> = new Collection<Player>(this)
 
+  @OneToOne({ orphanRemoval: true })
+  apiSecret: GameSecret
+
   @Property()
   createdAt: Date = new Date()
 

src/entities/index.ts

@@ -28,8 +28,10 @@ import SteamworksIntegrationEvent from './steamworks-integration-event'
 import SteamworksLeaderboardMapping from './steamworks-leaderboard-mapping'
 import PlayerProp from './player-prop'
 import PlayerGroup from './player-group'
+import GameSecret from './game-secret'
 
 export default [
+  GameSecret,
   PlayerGroup,
   PlayerProp,
   SteamworksLeaderboardMapping,

src/index.ts

@@ -2,7 +2,6 @@ import 'dotenv/config'
 import Koa, { Context, Next } from 'koa'
 import logger from 'koa-logger'
 import bodyParser from 'koa-bodyparser'
-import jwt from 'koa-jwt'
 import helmet from 'koa-helmet'
 import { RequestContext } from '@mikro-orm/core'
 import configureProtectedRoutes from './config/protected-routes'
@@ -27,24 +26,18 @@ export const init = async (): Promise<Koa> => {
   app.use(errorMiddleware)
   app.use(bodyParser())
   app.use(helmet())
-
   app.use(corsMiddleware)
-  app.use(jwt({ secret: process.env.JWT_SECRET }).unless({ path: [/^\/public/] }))
-
   app.use((ctx: Context, next: Next) => RequestContext.createAsync(ctx.em, next))
-
   app.use(devDataMiddleware)
+  app.context.emailQueue = createEmailQueue()
 
   configureProtectedRoutes(app)
   configurePublicRoutes(app)
   configureAPIRoutes(app)
 
-  app.context.emailQueue = createEmailQueue()
-
   app.use(cleanupMiddleware)
 
   if (!isTest) app.listen(80, () => console.log('Listening on port 80'))
-
   return app
 }