Use hashed smjs_auth instead of plaintext

Author: Infinixius

plugin/sourcemod.js.sp

@@ -1,4 +1,5 @@
 #include <sourcemod>
+#include <sdkhooks>
 #include <sdktools>
 
 #include <json>
@@ -11,20 +12,32 @@
 
 #include <halflife>
 #include <tf2>
+#include <tf2_stocks>
 
-int port
-char localip[64]
-char authstr[64]
-bool debugLogging = false
+#undef REQUIRE_EXTENSIONS
+#include <tf2items>
+#define REQUIRE_EXTENSIONS
 
-new WebsocketHandle:g_hListenSocket = INVALID_WEBSOCKET_HANDLE
-new Handle:g_hChilds
+int port;
+char localip[64];
+char authstr[64];
+char whitelistedips[64][16];
+bool allIPSAllowed = false;
+bool debugLogging = false;
+bool tf2itemsENABLED = false;
+
+new WebsocketHandle:g_hListenSocket = INVALID_WEBSOCKET_HANDLE;
+new Handle:g_hChilds;
 
 #include "events/ConVarChanged.sp"
 #include "events/OnClientSayCommand.sp"
 #include "events/PlayerConnect.sp"
 #include "events/PlayerDisconnect.sp"
 
+// from smlib, but the entirity of smlib would not compile properly, so just these files are included
+#include "libraries/arrays.inc"
+#include "libraries/crypt.inc"
+
 #include "messages/source/FetchPlayer.sp"
 #include "messages/source/FetchPlayers.sp"
 #include "messages/source/FetchServer.sp"
@@ -46,6 +59,8 @@ new Handle:g_hChilds
 #include "messages/source/SlapPlayer.sp"
 #include "messages/source/TeleportPlayer.sp"
 
+#include "messages/tf2/ApplyCondition.sp"
+#include "messages/tf2/GiveWeapon.sp"
 #include "messages/tf2/RegeneratePlayer.sp"
 
 #include "websocket/WebsocketPing.sp"
@@ -58,17 +73,17 @@ public Plugin myinfo =
 	name = "sourcemod.js",
 	author = "infinixius",
 	description = "A JavaScript wrapper over SourceMod",
-	version = "1.1.0",
-	url = "https://infinixi.us"
+	version = "2.0.0",
+	url = "https://sourcemod.js.org"
 }
 
 public void OnPluginStart()
 {
-	g_hChilds = CreateArray()
+	g_hChilds = CreateArray(64);
 
-	HookEvent("server_cvar", Event_ConVarChanged)
-	HookEvent("player_connect", Event_PlayerConnect)
-	HookEvent("player_disconnect", Event_PlayerDisconnect)
+	HookEvent("server_cvar", Event_ConVarChanged);
+	HookEvent("player_connect", Event_PlayerConnect);
+	HookEvent("player_disconnect", Event_PlayerDisconnect);
 
 	CreateTimer(1.0, Ping, _, TIMER_REPEAT)
 
@@ -78,30 +93,80 @@ public void OnPluginStart()
 	ConVar convar2 = CreateConVar("smjs_ip", "0.0.0.0", "Local IP for sourcemod.js to listen on.")
 	GetConVarString(convar2, localip, sizeof(localip))
 
-	ConVar convar3 = CreateConVar("smjs_auth", "test", "Authorization string that must be provided to send messages to this server.")
+	ConVar convar3 = CreateConVar("smjs_auth", "admin", "MD5 hash that must be provided to send messages to this server.")
 	GetConVarString(convar3, authstr, sizeof(authstr))
 
 	ConVar convar4 = CreateConVar("smjs_debug", "0", "Toggles debug logging.")
 	debugLogging = GetConVarBool(convar4)
 	HookConVarChange(convar4, ConVarChanged)
 
+	ConVar convar5 = CreateConVar("smjs_whitelist", "*", "Comma-separated list of IP addresses that are permitted to connect to this server. Use * to allow any IP address to connect.")
+	char ipstring[128];
+	GetConVarString(convar5, ipstring, sizeof(ipstring));
+
+	if (StrEqual(ipstring, "*")) {
+		allIPSAllowed = true
+		PrintToServer("[SMJS] WARNING! smjs_whitelist has been sent to \"*\"! This means any IP address can connect to your server.")
+	} else {
+		ExplodeString(ipstring, ",", whitelistedips, sizeof(whitelistedips), sizeof(whitelistedips[]))
+	}
+
+	RegServerCmd("smjs_generateauth", Command_GenerateAuth);
+
 	PrintToServer("[SMJS] sourcemod.js loaded!")
 }
 
 public OnAllPluginsLoaded()
 {
+	tf2itemsENABLED = LibraryExists("TF2Items");
+
+	if (tf2itemsENABLED) {
+		PrintToServer("[SMJS] TF2Items detected, enabling TF2Items support.")
+	} else {
+		PrintToServer("[SMJS] TF2Items not detected, disabling TF2Items support.")
+	}
+
 	if (g_hListenSocket == INVALID_WEBSOCKET_HANDLE)
 	{
 		g_hListenSocket = Websocket_Open(localip, port, OnWebsocketIncoming, OnWebsocketMasterError, OnWebsocketMasterClose);
 		PrintToServer("[SMJS] Started WebSocket server on port %d!", port)
 	}
 }
 
+public Action Command_GenerateAuth(int args) {
+	char arg[64];
+	char output[64];
+
+	GetCmdArg(1, arg, sizeof(arg));
+
+	Crypt_MD5(arg, output, sizeof(output));
+
+	PrintToServer("[SMJS] Set smjs_auth to: '%s'", output)
+}
+
 public ConVarChanged(ConVar convar, const char[] oldValue, const char[] newValue) {
 	char name[32]
 	convar.GetName(name, sizeof(name))
 
 	if (StrEqual(name, "smjs_debug")) {
 		debugLogging = GetConVarBool(convar)
 	}
+}
+
+public void OnLibraryRemoved(const char[] name)
+{
+    if (StrEqual(name, "tf2items"))
+    {
+		tf2itemsENABLED = false;
+		PrintToServer("[SMJS] TF2Items not detected, disabling TF2Items support.")
+    }
+}
+ 
+public void OnLibraryAdded(const char[] name)
+{
+    if (StrEqual(name, "tf2items"))
+    {
+		tf2itemsENABLED = true;
+		PrintToServer("[SMJS] TF2Items detected, enabling TF2Items support.")
+	}
 }

plugin/websocket/OnWebsocketReceive.sp

@@ -28,12 +28,16 @@ public OnWebsocketReceive(WebsocketHandle:websocket, WebsocketSendType:iType, co
 }
 
 public CheckAuthorization(const String:auth[], WebsocketHandle:websocket) {
-	if (!StrEqual(auth, authstr)) {
+	char output[64];
+
+	Crypt_MD5(auth, output, sizeof(output));
+
+	if (!StrEqual(output, authstr)) {
 		PrintToServer("[SMJS] Client #%i failed to authenticate! Attempted auth string: %s", websocket, auth)
 
 		TerminateWebsocket(websocket, "Unauthorized")
 	}
-	return StrEqual(auth, authstr)
+	return StrEqual(output, authstr)
 }
 
 public Acknowledge(const String:ack[], WebsocketHandle:websocket) {
@@ -90,5 +94,9 @@ public void HandleMessage(const String:type[], const String:message[], const JSO
 		Message_SetPlayerRendering(type, message, jsondata, websocket)
 	} else if (StrEqual(type, "TF2_RegeneratePlayer")) {
 		Message_RegeneratePlayer(type, message, jsondata, websocket)
+	} else if (StrEqual(type, "TF2_GiveWeapon")) {
+		Message_GiveWeapon(type, message, jsondata, websocket)
+	} else if (StrEqual(type, "TF2_ApplyCondition")) {
+		Message_ApplyCondition(type, message, jsondata, websocket)
 	}
 }