diff --git a/configuration.md b/configuration.md index f5eb1441e..8c4fbb5a0 100644 --- a/configuration.md +++ b/configuration.md @@ -17,7 +17,7 @@ | DATABASE_ADDRESS | | | `127.0.0.1` | | DATABASE_NAME | | | `faf` | | DATABASE_PASSWORD | | | `banana` | -| DATABASE_SCHEMA_VERSION | `123` | | | +| DATABASE_SCHEMA_VERSION | `124` | | | | DATABASE_USERNAME | | | `faf-java-api` | | EMAIL_FROM_ADDRESS | | | `faf@example.com` | | EMAIL_FROM_NAME | | | `FAForever` | diff --git a/src/inttest/java/com/faforever/api/config/MainDbTestContainers.java b/src/inttest/java/com/faforever/api/config/MainDbTestContainers.java index 1aa48ca6f..131b1f1dd 100644 --- a/src/inttest/java/com/faforever/api/config/MainDbTestContainers.java +++ b/src/inttest/java/com/faforever/api/config/MainDbTestContainers.java @@ -21,7 +21,7 @@ @Configuration public class MainDbTestContainers { private static final MariaDBContainer fafDBContainer = new MariaDBContainer<>("mariadb:10.6"); - private static final GenericContainer flywayMigrationsContainer = new GenericContainer<>("faforever/faf-db-migrations:v123"); + private static final GenericContainer flywayMigrationsContainer = new GenericContainer<>("faforever/faf-db-migrations:v124"); private static final Network sharedNetwork = Network.newNetwork(); @Bean diff --git a/src/main/java/com/faforever/api/data/domain/CoturnServer.java b/src/main/java/com/faforever/api/data/domain/CoturnServer.java new file mode 100644 index 000000000..a927eeb97 --- /dev/null +++ b/src/main/java/com/faforever/api/data/domain/CoturnServer.java @@ -0,0 +1,64 @@ +package com.faforever.api.data.domain; + +import com.faforever.api.data.checks.Prefab; +import com.faforever.api.security.elide.permission.LobbyCheck; +import com.yahoo.elide.annotation.Include; +import com.yahoo.elide.annotation.ReadPermission; +import com.yahoo.elide.annotation.UpdatePermission; +import lombok.Setter; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Table; + +@Entity +@Table(name = "coturn_servers") +@Include(name = CoturnServer.TYPE_NAME) +@ReadPermission(expression = LobbyCheck.EXPRESSION) +@UpdatePermission(expression = Prefab.NONE) +@Setter +public class CoturnServer { + public static final String TYPE_NAME = "coturnServer"; + + private Integer id; + private String region; + private String host; + private Integer port; + private String key; + private boolean active; + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id") + public Integer getId() { + return id; + } + + @Column(name = "region") + public String getRegion() { + return region; + } + + @Column(name = "host") + public String getHost() { + return host; + } + + @Column(name = "port") + public Integer getPort() { + return port; + } + + @Column(name = "preshared_key") + public String getKey() { + return key; + } + + @Column(name = "active") + public boolean isActive() { + return active; + } +} diff --git a/src/main/java/com/faforever/api/security/OAuthScope.java b/src/main/java/com/faforever/api/security/OAuthScope.java index 7040e5978..a1afbb032 100644 --- a/src/main/java/com/faforever/api/security/OAuthScope.java +++ b/src/main/java/com/faforever/api/security/OAuthScope.java @@ -16,7 +16,8 @@ public enum OAuthScope { VOTE(OAuthScope._VOTE, "Vote"), READ_SENSIBLE_USERDATA(OAuthScope._READ_SENSIBLE_USERDATA, "View sensible user data (email addresses, ip addresses, etc.)"), ADMINISTRATIVE_ACTION(OAuthScope._ADMINISTRATIVE_ACTION, "Administrative actions"), - MANAGE_VAULT(OAuthScope._MANAGE_VAULT, "Manage vault"); + MANAGE_VAULT(OAuthScope._MANAGE_VAULT, "Manage vault"), + LOBBY(OAuthScope._LOBBY, "Connect to Lobby"); public static final String _PUBLIC_PROFILE = "public_profile"; public static final String _WRITE_ACHIEVEMENTS = "write_achievements"; @@ -29,6 +30,7 @@ public enum OAuthScope { public static final String _READ_SENSIBLE_USERDATA = "read_sensible_userdata"; public static final String _ADMINISTRATIVE_ACTION = "administrative_actions"; public static final String _MANAGE_VAULT = "manage_vault"; + public static final String _LOBBY = "lobby"; private static final Map fromString; diff --git a/src/main/java/com/faforever/api/security/elide/permission/LobbyCheck.java b/src/main/java/com/faforever/api/security/elide/permission/LobbyCheck.java new file mode 100644 index 000000000..fc5dba4ae --- /dev/null +++ b/src/main/java/com/faforever/api/security/elide/permission/LobbyCheck.java @@ -0,0 +1,19 @@ +package com.faforever.api.security.elide.permission; + +import com.faforever.api.security.OAuthScope; +import com.yahoo.elide.annotation.SecurityCheck; +import com.yahoo.elide.core.security.User; +import lombok.extern.slf4j.Slf4j; + +import static com.faforever.api.security.elide.permission.LobbyCheck.EXPRESSION; + +@Slf4j +@SecurityCheck(EXPRESSION) +public class LobbyCheck extends FafUserCheck { + public static final String EXPRESSION = "Lobby"; + + @Override + public boolean ok(User user) { + return checkOAuthScopes(OAuthScope.LOBBY); + } +} diff --git a/src/main/resources/config/application.yml b/src/main/resources/config/application.yml index 34159ca51..34af0233d 100644 --- a/src/main/resources/config/application.yml +++ b/src/main/resources/config/application.yml @@ -15,7 +15,7 @@ faf-api: invite-link-expire-duration-minutes: ${CLAN_INVITE_LINK_EXPIRE_DURATION_MINUTES:604800} website-url-format: ${CLAN_WEBSITE_URL_FORMAT:https://clans.${FAF_DOMAIN}/clan/%s} database: - schema-version: ${DATABASE_SCHEMA_VERSION:123} + schema-version: ${DATABASE_SCHEMA_VERSION:124} deployment: forged-alliance-exe-path: ${FORGED_ALLIANCE_EXE_PATH:/content/legacy-featured-mod-files/updates_faf_files/ForgedAlliance.exe} repositories-directory: ${REPOSITORIES_DIRECTORY:/repositories}