External Auth security improvements (#6961)

Adds connection timeout Adds new API for WI to get client that is authing IP.
2025-12-21 07:32:02 +00:00 · 2019-09-09 21:54:11 +03:00
parent 169cfc176c
commit b6f7d9c79f
2 changed files with 42 additions and 1 deletions
--- a/code/modules/world_api/commands/misc.dm
+++ b/code/modules/world_api/commands/misc.dm
@@ -208,6 +208,38 @@
 	response = "Client has been authenticated sucessfully."
 	una.ClientLogin(queryparams["key"])

+// Authenticates client from external system
+/datum/topic_command/get_auth_client_ip
+	name = "get_auth_client_ip"
+	description = "Returns the IP of the client awaiting authentication, identified by the client token."
+	params = list(
+		"clienttoken" = list("name"="clienttoken","desc"="Token for identifying the unique client.","type"="str","req"=1),
+	)
+
+/datum/topic_command/get_auth_client_ip/run_command(queryparams)
+	if(!(queryparams["clienttoken"] in unauthed))
+		statuscode = 404
+		response = "Client with such token is not found."
+		return TRUE
+
+	var/mob/abstract/unauthed/una = unauthed[queryparams["clienttoken"]]
+
+	if(!istype(una) || !una.client)
+		statuscode = 500
+		response = "Something went horribly wrong."
+		return TRUE
+
+	if(!config.external_auth)
+		statuscode = 500
+		response = "External auth is disallowed."
+		del(una.client)
+		del(una)
+		return TRUE
+
+	statuscode = 200
+	response = "Got client IP sucessfully."
+	data = una.client.address
+
 // Updates external auth state
 /datum/topic_command/set_extenal_auth
 	name = "set_extenal_auth"
@@ -224,4 +256,4 @@
 	
 	statuscode = 200
 	response = "External authentication state has been updated sucessfully."
-	data = config.external_auth
+	data = config.external_auth