Browse Source

Build 09

- introduced support for array literals in rulesets
- added array-related functions for use by rulesets
- localized references to transcoding functions
- registered chat command to control login filtering
- included support for disabling login filtering
- added reload function to AuthFilter class
- tweaked lexer to skip comments on ruleset loading
- added search function to AuthDatabase class
master
Leslie Krause 1 year ago
parent
commit
a0799fe6a4
4 changed files with 128 additions and 45 deletions
  1. 11
    1
      README.txt
  2. 12
    0
      db.lua
  3. 76
    40
      filter.lua
  4. 29
    4
      init.lua

+ 11
- 1
README.txt View File

@@ -1,4 +1,4 @@
Auth Redux Mod v2.5b
Auth Redux Mod v2.6b
By Leslie Krause

Auth Redux is a drop-in replacement for the builtin authentication handler of Minetest.
@@ -61,6 +61,16 @@ Version 2.5b (17-Jul-2018)
- added some basic functions for use by rulesets
- fixed validation of dataset names in rulesets

Version 2.6b (19-Jul-2018)
- introduced support for array literals in rulesets
- added array-related functions for use by rulesets
- localized references to transcoding functions
- registered chat command to control login filtering
- included support for disabling login filtering
- added reload function to AuthFilter class
- tweaked lexer to skip comments on ruleset loading
- added search function to AuthDatabase class

Installation
----------------------


+ 12
- 0
db.lua View File

@@ -1,5 +1,5 @@
--------------------------------------------------------
-- Minetest :: Auth Redux Mod v2.6 (auth_rx)
--
-- See README.txt for licensing and release notes.
-- Copyright (c) 2017-2018, Leslie E. Krause
@@ -398,5 +398,16 @@ function AuthDatabase( path, name )
return data[ username ]
end

self.search = function ( is_online, pattern )
local res = { }
local src = is_online and users or data
for k, v in pairs( src ) do
if pattern == nil or string.match( k, pattern ) then
table.insert( res, k )
end
end
return res
end

return self
end

+ 76
- 40
filter.lua View File

@@ -1,5 +1,5 @@
--------------------------------------------------------
-- Minetest :: Auth Redux Mod v2.6 (auth_rx)
--
-- See README.txt for licensing and release notes.
-- Copyright (c) 2017-2018, Leslie E. Krause
@@ -36,49 +36,30 @@ end
----------------------------

function AuthFilter( path, name )
local src = { }
local opt = { is_debug = false, is_strict = true }
local src
local opt = { is_debug = false, is_strict = true, is_active = true }
local self = { }

local file = io.open( path .. "/" .. name, "rb" )
if not file then
error( "The specified ruleset file does not exist." )
end

for line in file:lines( ) do
-- encode string and pattern literals and function arguments to simplify parsing
line = string.gsub( line, "\"(.-)\"", function ( str )
return "\"" .. encode_base64( str ) .. ";"
end )
line = string.gsub( line, "'(.-)'", function ( str )
return "'" .. encode_base64( str ) .. ";"
end )
line = string.gsub( line, "/(.-)/", function ( str )
return "/" .. encode_base64( str ) .. ";"
end )
line = string.gsub( line, "%b()", function ( str )
return "&" .. encode_base64( trim( str ) ) .. ";"
end )
table.insert( src, line )
end

file:close( file )

local funcs = {
["add"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b ) return a + b end },
["sub"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b ) return a - b end },
["mul"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b ) return a * b end },
["div"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b ) return a / b end },
["neg"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER }, def = function ( a ) return -a end },
["max"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER }, def = function ( a, b ) return math.max( a, b ) end },
["min"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER }, def = function ( a, b ) return math.min( a, b ) end },
["abs"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER }, def = function ( a ) return math.abs( a ) end },
["max"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b ) return math.max( a, b ) end },
["min"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b ) return math.min( a, b ) end },
["int"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_NUMBER }, def = function ( a ) return a < 0 and math.ceil( a ) or math.floor( a ) end },
["num"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_STRING }, def = function ( a ) return tonumber( a ) or 0 end },
["len"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_STRING }, def = function ( a ) return string.len( a ) end },
["lc"] = { type = FILTER_TYPE_STRING, args = { FILTER_TYPE_STRING }, def = function ( a ) return string.lower( a ) end },
["uc"] = { type = FILTER_TYPE_STRING, args = { FILTER_TYPE_STRING }, def = function ( a ) return string.upper( a ) end },
["range"] = { type = FILTER_TYPE_BOOLEAN, args = { FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER, FILTER_TYPE_NUMBER }, def = function ( a, b, c ) return a >= b and a <= c end },
["trim"] = { type = FILTER_TYPE_STRING, args = { FILTER_TYPE_STRING, FILTER_TYPE_NUMBER }, def = function ( a, b ) return b > 0 and string.sub( a, 1, -b - 1 ) or string.sub( a, -b + 1 ) end },
["crop"] = { type = FILTER_TYPE_STRING, args = { FILTER_TYPE_STRING, FILTER_TYPE_NUMBER }, def = function ( a, b ) return b > 0 and string.sub( a, 1, b ) or string.sub( a, b, -1 ) end },
["size"] = { type = FILTER_TYPE_NUMBER, args = { FILTER_TYPE_SERIES }, def = function ( a ) return #a end },
["elem"] = { type = FILTER_TYPE_STRING, args = { FILTER_TYPE_SERIES, FILTER_TYPE_NUMBER }, def = function ( a, b ) return a[ b ] or "" end },
["split"] = { type = FILTER_TYPE_SERIES, args = { FILTER_TYPE_STRING, FILTER_TYPE_STRING }, def = function ( a, b ) return string.split( a, b, true ) end },
}

----------------------------
@@ -121,8 +102,8 @@ function AuthFilter( path, name )
return nil
end
local params = { }
for i, v in ipairs( args ) do
local oper = get_operand( v, vars )
for i, a in ipairs( args ) do
local oper = get_operand( a, vars )
if not oper or oper.type ~= funcs[ name ].args[ i ] then
return nil
end
@@ -130,6 +111,22 @@ function AuthFilter( path, name )
end
t = funcs[ name ].type
v = funcs[ name ].def( unpack( params ) )
elseif find_token( "^&([A-Za-z0-9+/]*);$" ) then
t = FILTER_TYPE_SERIES
v = { }
local suffix = decode_base64( ref[ 1 ] )
suffix = string.gsub( suffix, "%b()", function( str )
-- encode nested function arguments
return "&" .. encode_base64( trim( str ) ) .. ";"
end )
local elems = string.split( suffix, ",", false )
for i, e in ipairs( elems ) do
local oper = get_operand( e, vars )
if not oper or oper.type ~= FILTER_TYPE_STRING then
return nil
end
table.insert( v, oper.value )
end
elseif find_token( "^%$([a-zA-Z0-9_]+)$" ) then
local name = ref[ 1 ]
if not vars[ name ] then
@@ -170,14 +167,14 @@ function AuthFilter( path, name )
["&"] = "%a",
}
t = FILTER_TYPE_PATTERN
v = minetest.decode_base64( ref[ 1 ] )
v = decode_base64( ref[ 1 ] )
v = "^" .. string.gsub( v, ".", sanitizer ) .. "$"
elseif find_token( "^'([a-zA-Z0-9+/]*);$" ) then
t = FILTER_TYPE_STRING
v = minetest.decode_base64( ref[ 1 ] )
v = decode_base64( ref[ 1 ] )
elseif find_token( "^\"([a-zA-Z0-9+/]*);$" ) then
t = FILTER_TYPE_STRING
v = minetest.decode_base64( ref[ 1 ] )
v = decode_base64( ref[ 1 ] )
v = string.gsub( v, "%$([a-zA-Z_]+)", function ( var )
return vars[ var ] and tostring( vars[ var ].value ) or "?"
end )
@@ -190,7 +187,7 @@ function AuthFilter( path, name )
return { type = t, value = v }
end

local evaluate = function ( rule )
evaluate = function ( rule )
-- short circuit binary logic to simplify evaluation
local res = ( rule.bool == FILTER_BOOL_AND )
local xor = 0
@@ -213,22 +210,47 @@ function AuthFilter( path, name )
-- public methods
----------------------------

self.refresh = function ( )
local file = io.open( path .. "/" .. name, "rb" )
if not file then
error( "The specified ruleset file does not exist." )
end
src = { }
for line in file:lines( ) do
-- encode string and pattern literals and function arguments to simplify parsing
line = string.gsub( line, "\"(.-)\"", function ( str )
return "\"" .. encode_base64( str ) .. ";"
end )
line = string.gsub( line, "'(.-)'", function ( str )
return "'" .. encode_base64( str ) .. ";"
end )
line = string.gsub( line, "/(.-)/", function ( str )
return "/" .. encode_base64( str ) .. ";"
end )
line = string.gsub( line, "%b()", function ( str )
return "&" .. encode_base64( trim( str ) ) .. ";"
end )
-- skip comments (lines beginning with hash character) and blank lines
table.insert( src, string.byte( line ) ~= 35 and line or "" )
end
file:close( file )
end

self.process = function( vars )
local rule
local note = "Access denied."

if not opt.is_active then return end

vars[ "true" ] = { type = FILTER_TYPE_BOOLEAN, value = true }
vars[ "false" ] = { type = FILTER_TYPE_BOOLEAN, value = false }
vars[ "time" ] = { type = FILTER_TYPE_NUMBER, value = os.time( ) }

for num, line in ipairs( src ) do

-- FIXME: ignore extraneous whitespace, even at beginning of line
local stmt = string.split( line, " ", false )

if string.byte( line ) == 35 or #stmt == 0 then
-- skip comments (lines beginning with hash character) and empty lines
-- TODO: these should be stripped on file import
if #stmt == 0 then
-- skip no-op statements

elseif stmt[ 1 ] == "continue" then
if #stmt ~= 1 then return trace( "Invalid 'continue' statement in ruleset", num ) end
@@ -358,7 +380,6 @@ function AuthFilter( path, name )

-- TODO: immediately evaluating each expression (thus avoiding a list) would be optimal,
-- but probably requires state table; efficiency vs complexity scenario

else
return trace( "Invalid statement in ruleset", num )
end
@@ -366,5 +387,19 @@ function AuthFilter( path, name )
return trace( "Unexpected end-of-file in ruleset", 0 )
end

self.enable = function ( )
opt.is_active = true
end

self.disable = function ( )
opt.is_active = false
end

self.is_active = function ( )
return opt.is_active
end

self.refresh( )

return self
end

+ 29
- 4
init.lua View File

@@ -1,5 +1,5 @@
--------------------------------------------------------
-- Minetest :: Auth Redux Mod v2.6 (auth_rx)
--
-- See README.txt for licensing and release notes.
-- Copyright (c) 2017-2018, Leslie E. Krause
@@ -66,13 +66,14 @@ minetest.register_on_prejoinplayer( function ( player_name, player_ip )
name = { type = FILTER_TYPE_STRING, value = player_name },
addr = { type = FILTER_TYPE_STRING, value = player_ip },
is_new = { type = FILTER_TYPE_BOOLEAN, value = rec == nil },
priv_list = { type = FILTER_TYPE_SERIES, value = rec and rec.assigned_privs or { } },
addr_list = { type = FILTER_TYPE_SERIES, value = rec and rec.approved_addrs or { } },
cur_users = { type = FILTER_TYPE_NUMBER, value = #minetest.get_connected_players( ) },
privs_list = { type = FILTER_TYPE_SERIES, value = rec and rec.assigned_privs or { } },
users_list = { type = FILTER_TYPE_SERIES, value = auth_db.search( true ) },
cur_users = { type = FILTER_TYPE_NUMBER, value = #auth_db.search( true ) },
max_users = { type = FILTER_TYPE_NUMBER, value = get_minetest_config( "max_users" ) },
lifetime = { type = FILTER_TYPE_NUMBER, value = rec and rec.lifetime or 0 },
sessions = { type = FILTER_TYPE_NUMBER, value = rec and rec.total_sessions or 0 },
failures = { type = FILTER_TYPE_NUMBER, value = rec and rec.total_failures or 0 },
attempts = { type = FILTER_TYPE_NUMBER, value = rec and rec.total_attempts or 0 },
owner = { type = FILTER_TYPE_STRING, value = get_minetest_config( "name" ) },
} )

return filter_err
@@ -141,4 +142,27 @@ minetest.register_authentication_handler( {
iterate = auth_db.records
} )

minetest.register_chatcommand( "filter", {
description = "Enable or disable ruleset-based login filtering, or reload a ruleset definition.",
privs = { server = true },
func = function( name, param )
if param == "" then
return true, "Login filtering is currently " .. ( auth_filter.is_active( ) and "enabled" or "disabled" ) .. "."
elseif param == "disable" then
auth_filter.disable( )
minetest.log( "action", "Login filtering disabled by " .. name .. "." )
return true, "Login filtering is disabled."
elseif param == "enable" then
auth_filter.enable( )
minetest.log( "action", "Login filtering enabled by " .. name .. "." )
return true, "Login filtering is enabled."
elseif param == "reload" then
auth_filter.refresh( )
return true, "Ruleset definition was loaded successfully."
else
return false, "Unknown parameter specified."
end
end
} )

auth_db.connect( )

Loading…
Cancel
Save