krh/muuhd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Stuff

Browse Source
This commit is contained in:
Kim Ravn Hansen
2025-10-23 09:37:39 +02:00
parent cda8392795
commit 4c2b2dcdfe
8 changed files with 281 additions and 263 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
scenes/playerCreation/createUasswprdPrompt.js
View File

@@ -1,75 +0,0 @@
import { Prompt } from "../prompt.js";
import { Security } from "../../utils/security.js";
import { Config } from "../../config.js";
export class CreatePasswordPrompt extends Prompt {
//
message = ["Enter a password"];
//
// Let the client know that we're asking for a password
// so it can set <input type="password">
options = { password: true };
get player() {
return this.scene.player;
}
onReply(text) {
//
// Check of the password is sane. This is both bad from a security point
// of view, and technically not necessary as insane passwords couldn't
// reside in the player lists. However, let's save some CPU cycles on
// not hashing an insane password 1000+ times.
// This is technically bad practice, but since this is just a game,
// do it anyway.
if (!Security.isPasswordSane(text)) {
this.sendError("Insane password");
this.execute();
return;
}
//
// Block users who enter bad passwords too many times.
if (this.player.failedPasswordsSinceLastLogin > Config.maxFailedLogins) {
this.blockedUntil = Date.now() + Config.accountLockoutSeconds;
this.calamity("You have been locked out for too many failed password attempts, come back later");
return;
}
//
// Handle blocked users.
// They don't even get to have their password verified.
if (this.player.blockedUntil > Date.now()) {
//
// Try to re-login too soon, and your lockout lasts longer.
this.blockedUntil += Config.accountLockoutSeconds;
this.calamity("You have been locked out for too many failed password attempts, come back later");
return;
}
//
// Verify the password against the hash we've stored.
if (!Security.verifyPassword(text, this.player.passwordHash)) {
this.sendError("Incorrect password!");
this.player.failedPasswordsSinceLastLogin++;
this.session.sendDebug(`Failed login attempt #${this.player.failedPasswordsSinceLastLogin}`);
this.execute();
return;
}
this.player.lastSucessfulLoginAt = new Date();
this.player.failedPasswordsSinceLastLogin = 0;
//
// We do not allow a player to be logged in more than once!
if (this.player.loggedIn) {
this.calamity("This player is already logged in");
return;
}
this.scene.passwordAccepted();
}
}

58
scenes/playerCreation/createUsernamePrompt.js
View File

@@ -1,58 +0,0 @@
import { Prompt } from "../prompt.js";
import { Security } from "../../utils/security.js";
import { gGame } from "../../models/globals.js";
/** @typedef {import("./playerCreationScene.js").PlayerCreationScene} PlayerCreationScene */
export class CreateUsernamePrompt extends Prompt {
//
message = [
"Enter your username", //
"((type *:help* for more info))", //
];
//
// When player types :help
help = [
"Your username.",
"It's used, along with your password, when you log in.",
"Other players can see it.",
"Other players can use it to chat or trade with you",
"It may only consist of the letters _a-z_, _A-Z_, _0-9_, and _underscore_",
];
//
// Let the client know that we're asking for a username
options = { username: true };
/** @protected @type {PlayerCreationScene} */
_scene;
onReply(username) {
//
// do basic syntax checks on usernames
if (!Security.isUsernameSane(username)) {
console.info("Someone entered insane username: '%s'", username);
this.sendError("Incorrect username, try again.");
this.execute();
return;
}
//
// try and fetch the player object from the game
const player = gGame.getPlayerByUsername(username);
//
// handle invalid username
if (player) {
console.info("Someone tried to create a user with an occupied username: '%s'", username);
this.sendError("Occupied, try something else");
this.execute();
return;
}
//
// Tell owner that we're done
this._scene.usernameAccepted(username);
}
}

165
scenes/playerCreation/playerCreationScene.js
View File

@@ -1,8 +1,11 @@
import { Config } from "../../config.js";
import { gGame } from "../../models/globals.js";
import { Security } from "../../utils/security.js";
import { Prompt } from "../prompt.js";
import { Scene } from "../scene.js";
import { CreateUsernamePrompt } from "./createUsernamePrompt.js";
import { Security } from "../../utils/security.js";
import { gGame } from "../../models/globals.js";
import { AuthenticationScene } from "../authentication/authenticationScene.js";
const MAX_PASSWORD_ATTEMPTS = 3;
export class PlayerCreationScene extends Scene {
intro = "= Create Player";
@@ -20,7 +23,7 @@ export class PlayerCreationScene extends Scene {
this.session.calamity("Server is full, no more players can be created");
}
this.showPrompt(new CreateUsernamePrompt(this));
this.showPrompt(new UsernamePrompt(this));
}
/**
@@ -33,10 +36,10 @@ export class PlayerCreationScene extends Scene {
this.player = player;
this.session.sendSystemMessage("salt", player.salt);
this.session.sendText(`Username _*${username}*_ is available, and I've reserved it for you :)`);
//
this.session.sendError("TODO: create a createPasswordPrompt and display it.");
this.session.sendText(`Username _*${username}*_ has been reserved for you`);
this.show(PasswordPrompt);
}
/**
@@ -47,7 +50,153 @@ export class PlayerCreationScene extends Scene {
*/
passwordAccepted(password) {
this.password = password;
this.session.sendText("*_Success_* ✅ You will now be asked to log in again, sorry for that ;)");
this.player.setPasswordHash(Security.generateHash(this.password));
this.session.sendText("*_Success_* ✅ You will now be asked to log in again, sorry about that ;)");
this.session.setScene(new AuthenticationScene(this.session));
}
}
// _ _
// | | | |___ ___ _ __ _ __ __ _ _ __ ___ ___
// | | | / __|/ _ \ '__| '_ \ / _` | '_ ` _ \ / _ \
// | |_| \__ \ __/ | | | | | (_| | | | | | | __/
// \___/|___/\___|_| |_| |_|\__,_|_| |_| |_|\___|
//
// ____ _
// | _ \ _ __ ___ _ __ ___ _ __ | |_
// | |_) | '__/ _ \| '_ ` _ \| '_ \| __|
// | __/| | | (_) | | | | | | |_) | |_
// |_| |_| \___/|_| |_| |_| .__/ \__|
// |_|
class UsernamePrompt extends Prompt {
//
message = [
"Enter your username", //
"((type *:help* for more info))", //
];
//
// When player types :help
help = [
"Your username.",
"It's used, along with your password, when you log in.",
"Other players can see it.",
"Other players can use it to chat or trade with you",
"It may only consist of the letters _a-z_, _A-Z_, _0-9_, and _underscore_",
];
//
// Let the client know that we're asking for a username
options = { username: true };
/** @type {PlayerCreationScene} */
get scene() {
return this._scene;
}
onReply(username) {
//
// do basic syntax checks on usernames
if (!Security.isUsernameSane(username)) {
console.info("Someone entered insane username: '%s'", username);
this.sendError("Incorrect username, try again.");
this.execute();
return;
}
//
// try and fetch the player object from the game
const player = gGame.getPlayerByUsername(username);
//
// handle invalid username
if (player) {
console.info("Someone tried to create a user with an occupied username: '%s'", username);
this.sendError("Occupied, try something else");
this.execute();
return;
}
this.scene.usernameAccepted(username);
}
}
// ____ _
// | _ \ __ _ ___ _____ _____ _ __ __| |
// | |_) / _` / __/ __\ \ /\ / / _ \| '__/ _` |
// | __/ (_| \__ \__ \\ V V / (_) | | | (_| |
// |_| \__,_|___/___/ \_/\_/ \___/|_| \__,_|
//
// ____ _
// | _ \ _ __ ___ _ __ ___ _ __ | |_
// | |_) | '__/ _ \| '_ ` _ \| '_ \| __|
// | __/| | | (_) | | | | | | |_) | |_
// |_| |_| \___/|_| |_| |_| .__/ \__|
// |_|
class PasswordPrompt extends Prompt {
//
message = "Enter a password";
//
// Let the client know that we're asking for a password
// so it can set <input type="password">
options = { password: true };
/** @type {string?} Password that was previously entered. */
firstPassword = undefined;
errorCount = 0;
/** @type {PlayerCreationScene} */
get scene() {
return this._scene;
}
beforeExecute() {
if (this.errorCount > MAX_PASSWORD_ATTEMPTS) {
this.firstPassword = false;
this.errorCount = 0;
this.message = ["Too many errors - starting over", "Enter password"];
return;
}
if (this.firstPassword && this.errorCount === 0) {
this.message = "Repeat the password";
return;
}
if (this.firstPassword && this.errorCount > 0) {
this.message = [
"Repeat the password",
`((attempt nr. ${this.errorCount + 1} of ${MAX_PASSWORD_ATTEMPTS + 1}))`,
];
return;
}
this.errorCount = 0;
this.message = "Enter a password";
}
onReply(str) {
if (!Security.isPasswordSane(str)) {
this.sendError("Invalid password format.");
this.errorCount++;
this.execute();
return;
}
if (!this.firstPassword) {
this.firstPassword = str;
this.execute();
return;
}
if (this.firstPassword !== str) {
this.errorCount++;
this.execute();
return;
}
this.scene.passwordAccepted(str);
}
}