things+stuff

2025-09-10 12:36:42 +02:00
parent 5d0cc61cf9
commit ba293d08b3
39 changed files with 3425 additions and 2713 deletions
--- a/server/states/playerCreationState.js
+++ b/server/states/playerCreationState.js
@@ -0,0 +1,173 @@
+import { Session } from "../models/session.js";
+import * as msg from "../utils/messages.js";
+import * as security from "../utils/security.js";
+import { Player } from "../models/player.js";
+import { AuthState } from "./authState.js";
+import { Config } from "../config.js";
+
+const USERNAME_PROMPT =
+  "Enter a valid username (4-20 characters, [a-z], [A-Z], [0-9], and underscore)";
+const PASSWORD_PROMPT = "Enter a valid password";
+const PASSWORD_PROMPT2 = "Enter your password again";
+const ERROR_INSANE_PASSWORD = "Invalid password.";
+const ERROR_INSANE_USERNAME =
+  "Invalid username. It must be 4-20 characters, and may only contain [a-z], [A-Z], [0-9] and underscore";
+const ERROR_INCORRECT_PASSWOD = "Incorrect password.";
+
+/** @property {Session} session */
+export class PlayerCreationState {
+  /**
+   * @proteted
+   * @type {(msg: ClientMessage) => }
+   *
+   * Allows us to dynamically set which
+   * method handles incoming messages.
+   */
+  _dynamicMessageHandler;
+
+  /** @protected @type {Player} */
+  _player;
+  /** @protected @type {string} */
+  _password;
+
+  /**
+   * @param {Session} session
+   */
+  constructor(session) {
+    /** @type {Session} */
+    this.session = session;
+  }
+
+  onAttach() {
+    //
+    // If there are too many players, stop allowing new players in.
+    if (this.session.game._players.size >= Config.maxPlayers) {
+      this.session.sendCalamity(
+        "Server is full, no more players can be created",
+      );
+      this.session.close();
+    }
+
+    this.session.sendFigletMessage("New Player");
+    this.session.sendPrompt("username", USERNAME_PROMPT);
+
+    // our initial substate is to receive a username
+    this.setMessageHandler(this.receiveUsername);
+  }
+
+  /** @param {msg.ClientMessage} message */
+  onMessage(message) {
+    this._dynamicMessageHandler(message);
+  }
+
+  /* @param {(msg: ClientMessage) => } handler */
+  setMessageHandler(handler) {
+    this._dynamicMessageHandler = handler;
+  }
+
+  /** @param {msg.ClientMessage} message */
+  receiveUsername(message) {
+    //
+    // NOTE FOR ACCOUNT CREATION
+    // Do adult-word checks, so we dont have Fucky_McFuckFace
+    // https://www.npmjs.com/package/glin-profanity
+
+    //
+    // handle invalid message types
+    if (!message.isUsernameResponse()) {
+      this.session.sendError("Incorrect message type!");
+      this.session.sendPrompt("username", USERNAME_PROMPT);
+      return;
+    }
+
+    //
+    // do basic syntax checks on usernames
+    if (!security.isUsernameSane(message.username)) {
+      this.session.sendError(ERROR_INSANE_USERNAME);
+      this.session.sendPrompt("username", USERNAME_PROMPT);
+      return;
+    }
+
+    const player = this.session.game.createPlayer(message.username);
+
+    //
+    // handle taken/occupied username
+    if (player === false) {
+      // Telling the user right away that the username is taken can
+      // lead to data leeching. But fukkit.
+
+      this.session.sendError(
+        `Username _${message.username}_ was taken by another player.`,
+      );
+      this.session.sendPrompt("username", USERNAME_PROMPT);
+      return;
+    }
+
+    this._player = player;
+
+    this.session.sendSystemMessage("salt", player.salt);
+    this.session.sendMessage(
+      `Username _*${message.username}*_ is available, and I've reserved it for you :)`,
+    );
+    this.session.sendPrompt("password", PASSWORD_PROMPT);
+    this.setMessageHandler(this.receivePassword);
+  }
+
+  /** @param {msg.ClientMessage} message */
+  receivePassword(message) {
+    //
+    // handle invalid message types
+    if (!message.isPasswordResponse()) {
+      console.log("Invalid message type, expected password reply", message);
+      this.session.sendError("Incorrect message type!");
+      this.session.sendPrompt("password", PASSWORD_PROMPT);
+      return;
+    }
+
+    //
+    // Check that it's been hashed thoroughly before being sent here.
+    if (!security.isPasswordSane(message.password)) {
+      this.session.sendError(ERROR_INSANE_PASSWORD);
+      this.session.sendPrompt("password", PASSWORD_PROMPT);
+      return;
+    }
+
+    this._password = message.password; // it's relatively safe to store the PW here temporarily. The client already hashed the hell out of it.
+    this.session.sendPrompt("password", PASSWORD_PROMPT2);
+
+    this.setMessageHandler(this.receivePasswordConfirmation);
+  }
+
+  /** @param {msg.ClientMessage} memssage */
+  receivePasswordConfirmation(message) {
+    //
+    // handle invalid message types
+    if (!message.isPasswordResponse()) {
+      console.log("Invalid message type, expected password reply", message);
+      this.session.sendError("Incorrect message type!");
+      this.session.sendPrompt("password", PASSWORD_PROMPT);
+      this.setMessageHandler(this.receivePassword);
+      return;
+    }
+
+    //
+    // Handle mismatching passwords
+    if (message.password !== this._password) {
+      this.session.sendError(
+        "Incorrect, you have to enter your password twice in a row successfully",
+      );
+      this.session.sendPrompt("password", PASSWORD_PROMPT);
+      this.setMessageHandler(this.receivePassword);
+      return;
+    }
+
+    //
+    // Success!
+    // Take the user to the login screen.
+    this.session.sendMessage(
+      "*_Success_* ✅ You will now be asked to log in again, sorry for that ;)",
+    );
+    this._player.setPasswordHash(security.generateHash(this._password));
+    this.session.setState(new AuthState(this.session));
+  }
+}