nightly checkpoint (nothing functional
parent
f969d37804
commit
0d89c4687f
|
@ -0,0 +1,127 @@
|
||||||
|
Ideas for this mod were taken liberally from sban (MIT license, Copyright (c) 2017 shivajiva101)
|
||||||
|
and BillyS's verification mod (no listed license). Very little was explicitly copied, however.
|
||||||
|
Not sure how that affects the license here.
|
||||||
|
|
||||||
|
Otherwise:
|
||||||
|
-------------------------------------------------------------------------------
|
||||||
|
Creative Commons Legal Code
|
||||||
|
|
||||||
|
CC0 1.0 Universal
|
||||||
|
|
||||||
|
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
|
||||||
|
LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
|
||||||
|
ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
|
||||||
|
INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
|
||||||
|
REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
|
||||||
|
PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
|
||||||
|
THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
|
||||||
|
HEREUNDER.
|
||||||
|
|
||||||
|
Statement of Purpose
|
||||||
|
|
||||||
|
The laws of most jurisdictions throughout the world automatically confer
|
||||||
|
exclusive Copyright and Related Rights (defined below) upon the creator
|
||||||
|
and subsequent owner(s) (each and all, an "owner") of an original work of
|
||||||
|
authorship and/or a database (each, a "Work").
|
||||||
|
|
||||||
|
Certain owners wish to permanently relinquish those rights to a Work for
|
||||||
|
the purpose of contributing to a commons of creative, cultural and
|
||||||
|
scientific works ("Commons") that the public can reliably and without fear
|
||||||
|
of later claims of infringement build upon, modify, incorporate in other
|
||||||
|
works, reuse and redistribute as freely as possible in any form whatsoever
|
||||||
|
and for any purposes, including without limitation commercial purposes.
|
||||||
|
These owners may contribute to the Commons to promote the ideal of a free
|
||||||
|
culture and the further production of creative, cultural and scientific
|
||||||
|
works, or to gain reputation or greater distribution for their Work in
|
||||||
|
part through the use and efforts of others.
|
||||||
|
|
||||||
|
For these and/or other purposes and motivations, and without any
|
||||||
|
expectation of additional consideration or compensation, the person
|
||||||
|
associating CC0 with a Work (the "Affirmer"), to the extent that he or she
|
||||||
|
is an owner of Copyright and Related Rights in the Work, voluntarily
|
||||||
|
elects to apply CC0 to the Work and publicly distribute the Work under its
|
||||||
|
terms, with knowledge of his or her Copyright and Related Rights in the
|
||||||
|
Work and the meaning and intended legal effect of CC0 on those rights.
|
||||||
|
|
||||||
|
1. Copyright and Related Rights. A Work made available under CC0 may be
|
||||||
|
protected by copyright and related or neighboring rights ("Copyright and
|
||||||
|
Related Rights"). Copyright and Related Rights include, but are not
|
||||||
|
limited to, the following:
|
||||||
|
|
||||||
|
i. the right to reproduce, adapt, distribute, perform, display,
|
||||||
|
communicate, and translate a Work;
|
||||||
|
ii. moral rights retained by the original author(s) and/or performer(s);
|
||||||
|
iii. publicity and privacy rights pertaining to a person's image or
|
||||||
|
likeness depicted in a Work;
|
||||||
|
iv. rights protecting against unfair competition in regards to a Work,
|
||||||
|
subject to the limitations in paragraph 4(a), below;
|
||||||
|
v. rights protecting the extraction, dissemination, use and reuse of data
|
||||||
|
in a Work;
|
||||||
|
vi. database rights (such as those arising under Directive 96/9/EC of the
|
||||||
|
European Parliament and of the Council of 11 March 1996 on the legal
|
||||||
|
protection of databases, and under any national implementation
|
||||||
|
thereof, including any amended or successor version of such
|
||||||
|
directive); and
|
||||||
|
vii. other similar, equivalent or corresponding rights throughout the
|
||||||
|
world based on applicable law or treaty, and any national
|
||||||
|
implementations thereof.
|
||||||
|
|
||||||
|
2. Waiver. To the greatest extent permitted by, but not in contravention
|
||||||
|
of, applicable law, Affirmer hereby overtly, fully, permanently,
|
||||||
|
irrevocably and unconditionally waives, abandons, and surrenders all of
|
||||||
|
Affirmer's Copyright and Related Rights and associated claims and causes
|
||||||
|
of action, whether now known or unknown (including existing as well as
|
||||||
|
future claims and causes of action), in the Work (i) in all territories
|
||||||
|
worldwide, (ii) for the maximum duration provided by applicable law or
|
||||||
|
treaty (including future time extensions), (iii) in any current or future
|
||||||
|
medium and for any number of copies, and (iv) for any purpose whatsoever,
|
||||||
|
including without limitation commercial, advertising or promotional
|
||||||
|
purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
|
||||||
|
member of the public at large and to the detriment of Affirmer's heirs and
|
||||||
|
successors, fully intending that such Waiver shall not be subject to
|
||||||
|
revocation, rescission, cancellation, termination, or any other legal or
|
||||||
|
equitable action to disrupt the quiet enjoyment of the Work by the public
|
||||||
|
as contemplated by Affirmer's express Statement of Purpose.
|
||||||
|
|
||||||
|
3. Public License Fallback. Should any part of the Waiver for any reason
|
||||||
|
be judged legally invalid or ineffective under applicable law, then the
|
||||||
|
Waiver shall be preserved to the maximum extent permitted taking into
|
||||||
|
account Affirmer's express Statement of Purpose. In addition, to the
|
||||||
|
extent the Waiver is so judged Affirmer hereby grants to each affected
|
||||||
|
person a royalty-free, non transferable, non sublicensable, non exclusive,
|
||||||
|
irrevocable and unconditional license to exercise Affirmer's Copyright and
|
||||||
|
Related Rights in the Work (i) in all territories worldwide, (ii) for the
|
||||||
|
maximum duration provided by applicable law or treaty (including future
|
||||||
|
time extensions), (iii) in any current or future medium and for any number
|
||||||
|
of copies, and (iv) for any purpose whatsoever, including without
|
||||||
|
limitation commercial, advertising or promotional purposes (the
|
||||||
|
"License"). The License shall be deemed effective as of the date CC0 was
|
||||||
|
applied by Affirmer to the Work. Should any part of the License for any
|
||||||
|
reason be judged legally invalid or ineffective under applicable law, such
|
||||||
|
partial invalidity or ineffectiveness shall not invalidate the remainder
|
||||||
|
of the License, and in such case Affirmer hereby affirms that he or she
|
||||||
|
will not (i) exercise any of his or her remaining Copyright and Related
|
||||||
|
Rights in the Work or (ii) assert any associated claims and causes of
|
||||||
|
action with respect to the Work, in either case contrary to Affirmer's
|
||||||
|
express Statement of Purpose.
|
||||||
|
|
||||||
|
4. Limitations and Disclaimers.
|
||||||
|
|
||||||
|
a. No trademark or patent rights held by Affirmer are waived, abandoned,
|
||||||
|
surrendered, licensed or otherwise affected by this document.
|
||||||
|
b. Affirmer offers the Work as-is and makes no representations or
|
||||||
|
warranties of any kind concerning the Work, express, implied,
|
||||||
|
statutory or otherwise, including without limitation warranties of
|
||||||
|
title, merchantability, fitness for a particular purpose, non
|
||||||
|
infringement, or the absence of latent or other defects, accuracy, or
|
||||||
|
the present or absence of errors, whether or not discoverable, all to
|
||||||
|
the greatest extent permissible under applicable law.
|
||||||
|
c. Affirmer disclaims responsibility for clearing rights of other persons
|
||||||
|
that may apply to the Work or any use thereof, including without
|
||||||
|
limitation any person's Copyright and Related Rights in the Work.
|
||||||
|
Further, Affirmer disclaims responsibility for obtaining any necessary
|
||||||
|
consents, permissions or other rights required for any use of the
|
||||||
|
Work.
|
||||||
|
d. Affirmer understands and acknowledges that Creative Commons is not a
|
||||||
|
party to this document and has no duty or obligation with respect to
|
||||||
|
this CC0 or use of the Work.
|
|
@ -0,0 +1,48 @@
|
||||||
|
Verbana: Verification and banning mod for minetest
|
||||||
|
==================================================
|
||||||
|
|
||||||
|
Name
|
||||||
|
----
|
||||||
|
A portmanteau of "verification", "ban", and the herb verbena.
|
||||||
|
|
||||||
|
Motivation
|
||||||
|
----------
|
||||||
|
|
||||||
|
This mod is a response to sban, an IP-aware banning mod derived from xban,
|
||||||
|
and BillyS's verification mod for Blocky Survival. Both of these mods have
|
||||||
|
problems that I've long wanted to resolve, and it seemed the best resolution
|
||||||
|
to those problems was to create a new integrating the features of both.
|
||||||
|
|
||||||
|
Sban is a good first attempt at IP-aware bans, but it has several major flaws:
|
||||||
|
1. Multiple users may be associated with an IP, and banning one often bans
|
||||||
|
them all.
|
||||||
|
2. Banned IPs can still "hack" into existing accounts of other players by
|
||||||
|
brute-forcing weak passwords.
|
||||||
|
3. For many trolls, getting access to a new IP is far too easy, and there is no
|
||||||
|
effective way to keep them off the server.
|
||||||
|
|
||||||
|
BillyS's verification mod was created to deal with one particular troll on
|
||||||
|
the BlockySurvival server. When enabled, it requires all new players to be
|
||||||
|
verified by a player with moderator privileges before they can interact with
|
||||||
|
the server or communicate with non-moderator players.
|
||||||
|
|
||||||
|
The flaws in the verification mod are
|
||||||
|
1. Moderators are not always online to verify new players.
|
||||||
|
2. New players come from all over the world, and may not be able to communicate
|
||||||
|
with the moderator.
|
||||||
|
3. New players are of all ages, and may not be able to communicate in chat at
|
||||||
|
all.
|
||||||
|
|
||||||
|
Verbena aims to provide name-based banning, as well as ip and network based
|
||||||
|
blocking and verification.
|
||||||
|
1. IPs and Networks may be marked as "untrusted" - all new players from
|
||||||
|
untrusted IPs/networks must go through verification, while other new
|
||||||
|
players may join at will.
|
||||||
|
2. IPs and Networks may be blocked or temporarily blocked, should the need
|
||||||
|
arise.
|
||||||
|
3. There is a three tiered privilege system: Normal players, moderators,
|
||||||
|
and admins. Moderators may ban and verify players, but only admins have
|
||||||
|
the ability to mark IPs and networks as untrusted. This way, player's
|
||||||
|
personal details may be kept private. However, oderators may execute queries
|
||||||
|
to determine if a player is associated with other banned players by IP or
|
||||||
|
network.
|
|
@ -1,13 +1,14 @@
|
||||||
if not verbana then verbana = {} end
|
if not verbana then verbana = {} end
|
||||||
if not verbana.ip then dofile('ipmanip.lua') end
|
if not verbana.modpath then verbana.modpath = '.' end
|
||||||
|
if not verbana.ip then dofile(verbana.modpath .. '/ipmanip.lua') end
|
||||||
if not verbana.log then function verbana.log(_, message, ...) print(message:format(...)) end end
|
if not verbana.log then function verbana.log(_, message, ...) print(message:format(...)) end end
|
||||||
verbana.asn_db = {}
|
verbana.asn = {}
|
||||||
|
|
||||||
local ASN_DESCRIPTION_FILE = 'data-used-autnums'
|
local ASN_DESCRIPTION_FILE = 'data-used-autnums'
|
||||||
local NETWORK_ASN_FILE = 'data-raw-table'
|
local NETWORK_ASN_FILE = 'data-raw-table'
|
||||||
|
|
||||||
local function load_file(filename)
|
local function load_file(filename)
|
||||||
local file = io.open(filename, 'r')
|
local file = io.open(('%s/%s'):format(verbana.modpath, filename), 'r')
|
||||||
if not file then
|
if not file then
|
||||||
verbana.log('error', 'error opening "%s"', filename)
|
verbana.log('error', 'error opening "%s"', filename)
|
||||||
return
|
return
|
||||||
|
@ -31,7 +32,7 @@ local function refresh_asn_descriptions()
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
verbana.asn_db.description = description
|
verbana.asn.description = description
|
||||||
end
|
end
|
||||||
|
|
||||||
local function refresh_asn_table()
|
local function refresh_asn_table()
|
||||||
|
@ -77,10 +78,10 @@ local function refresh_asn_table()
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
verbana.asn_db.network = networks
|
verbana.asn.network = networks
|
||||||
end
|
end
|
||||||
|
|
||||||
function verbana.asn_db.refresh()
|
function verbana.asn.refresh()
|
||||||
local start = os.clock()
|
local start = os.clock()
|
||||||
refresh_asn_descriptions()
|
refresh_asn_descriptions()
|
||||||
refresh_asn_table()
|
refresh_asn_table()
|
||||||
|
@ -88,34 +89,34 @@ function verbana.asn_db.refresh()
|
||||||
verbana.log('action', 'refreshed ASN tables in %s seconds', os.clock() - start)
|
verbana.log('action', 'refreshed ASN tables in %s seconds', os.clock() - start)
|
||||||
end
|
end
|
||||||
|
|
||||||
verbana.asn_db.refresh()
|
verbana.asn.refresh()
|
||||||
|
|
||||||
local function find(ipint)
|
local function find(ipint)
|
||||||
local t = verbana.asn_db.network
|
local t = verbana.asn.network
|
||||||
local low = 0
|
local low = 1
|
||||||
local high = #t
|
local high = #t
|
||||||
while low <= high do
|
while low <= high do
|
||||||
local mid = math.floor((low + high) / 2)
|
local mid = math.floor((low + high) / 2)
|
||||||
|
verbana.log('action', '%s %s %s %s %s', ipint, low, mid, high, #t)
|
||||||
local element = t[mid]
|
local element = t[mid]
|
||||||
local start = element[1]
|
local start = element[1]
|
||||||
local end_ = element[2]
|
local end_ = element[2]
|
||||||
local asn = element[3]
|
|
||||||
|
|
||||||
if start <= ipint and ipint <= end_ then
|
if start <= ipint and ipint <= end_ then
|
||||||
return asn
|
return element[3]
|
||||||
elseif start > ipint then
|
elseif start > ipint then
|
||||||
low = mid + 1
|
|
||||||
else
|
|
||||||
high = mid - 1
|
high = mid - 1
|
||||||
|
else
|
||||||
|
low = mid + 1
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
function verbana.asn_db.lookup(ipstr)
|
function verbana.asn.lookup(ipstr)
|
||||||
local ipint = verbana.ip.ipstr_to_number(ipstr)
|
local ipint = verbana.ip.ipstr_to_number(ipstr)
|
||||||
local asn = find(ipint)
|
local asn = find(ipint)
|
||||||
if asn then
|
if asn then
|
||||||
return asn, verbana.asn_db.description[asn]
|
return asn, verbana.asn.description[asn]
|
||||||
else
|
else
|
||||||
return nil, nil
|
return nil, nil
|
||||||
end
|
end
|
|
@ -0,0 +1,197 @@
|
||||||
|
local mod_priv = verbana.privs.moderator
|
||||||
|
local admin_priv = verbana.privs.admin
|
||||||
|
|
||||||
|
minetest.register_chatcommand('import_sban', {
|
||||||
|
params='<filename>',
|
||||||
|
description='import records from sban',
|
||||||
|
privs={[admin_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('get_asn', {
|
||||||
|
params='<name> | <IP>',
|
||||||
|
description='get the ASN associated with an IP or player name',
|
||||||
|
privs={[mod_priv]=true},
|
||||||
|
func = function(caller, ipstr)
|
||||||
|
if not verbana.ip.is_valid_ip(ipstr) then
|
||||||
|
-- TODO assume its a player?
|
||||||
|
return false, ('"%s" is not a valid ip'):format(ipstr)
|
||||||
|
end
|
||||||
|
local asn, description = verbana.asn.lookup(ipstr)
|
||||||
|
if not asn then
|
||||||
|
return false, ('could not find ASN for "%s"'):format(ipstr)
|
||||||
|
end
|
||||||
|
description = description or ''
|
||||||
|
return true, ('A%u %s'):format(asn, description)
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('verify', {
|
||||||
|
params='<name>',
|
||||||
|
description='verify a player',
|
||||||
|
privs={[mod_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('unverify', {
|
||||||
|
params='<name>',
|
||||||
|
description='unverify a player',
|
||||||
|
privs={[mod_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.override_chatcommand('kick', {
|
||||||
|
params='<name> [<reason>]',
|
||||||
|
description='kick a player',
|
||||||
|
privs={[mod_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('lock', {
|
||||||
|
params='<name> [<reason>]',
|
||||||
|
description='lock a player\'s account',
|
||||||
|
privs={[mod_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('unlock', {
|
||||||
|
params='<name> [<reason>]',
|
||||||
|
description='unlock a player\'s account',
|
||||||
|
privs={[mod_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.override_chatcommand('ban', {
|
||||||
|
params='<name> [<reason>]',
|
||||||
|
description='ban a player',
|
||||||
|
privs={[mod_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
-- todo: make sure that the begining of 'reason' doesn't look like a timespan =b
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('tempban', {
|
||||||
|
params='<name> <timespan> [<reason>]',
|
||||||
|
description='ban a player for a length of time',
|
||||||
|
privs={[mod_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.override_chatcommand('unban', {
|
||||||
|
params='<name> [<reason>]',
|
||||||
|
description='unban a player',
|
||||||
|
privs={[mod_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('whitelist', {
|
||||||
|
params='<name> [<reason>]',
|
||||||
|
description='whitelist a player',
|
||||||
|
privs={[admin_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('unwhitelist', {
|
||||||
|
params='<name> [<reason>]',
|
||||||
|
description='whitelist a player',
|
||||||
|
privs={[admin_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('suspect', {
|
||||||
|
params='<name> [<reason>]',
|
||||||
|
description='mark a player as suspicious',
|
||||||
|
privs={[mod_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('unsuspect', {
|
||||||
|
params='<name> [<reason>]',
|
||||||
|
description='unmark a player as suspicious',
|
||||||
|
privs={[mod_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('ban_record', {
|
||||||
|
params='<name> [<number>]',
|
||||||
|
description='shows the ban record of a player',
|
||||||
|
privs={[mod_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('login_record', {
|
||||||
|
params='<name> [<number>]',
|
||||||
|
description='shows the login record of a player',
|
||||||
|
privs={[admin_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('inspect', {
|
||||||
|
params='<name> | <IP>',
|
||||||
|
description='list data associated with a player or IP',
|
||||||
|
privs={[admin_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('inspect_asn', {
|
||||||
|
params='<asn>',
|
||||||
|
description='list player accounts and statuses associated with an ASN',
|
||||||
|
privs={[admin_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('set_ip_status', {
|
||||||
|
params='<asn> <status>',
|
||||||
|
description='set the status of an IP (default, dangerous, blocked)',
|
||||||
|
privs={[admin_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
minetest.register_chatcommand('set_asn_status', {
|
||||||
|
params='<asn> <status>',
|
||||||
|
description='set the status of an ASN (default, dangerous, blocked)',
|
||||||
|
privs={[admin_priv]=true},
|
||||||
|
func=function(caller, params)
|
||||||
|
return false, 'TODO: implement'
|
||||||
|
end
|
||||||
|
})
|
||||||
|
|
||||||
|
-- alias (for listing an account's primary, cascade status)
|
||||||
|
-- list recent bans/kicks/locks/etc
|
||||||
|
-- first_login (=b) for all players
|
||||||
|
-- asn statistics
|
|
@ -0,0 +1,179 @@
|
||||||
|
if not verbana then verbana = {} end
|
||||||
|
if not verbana.modpath then verbana.modpath = '.' end
|
||||||
|
if not verbana.ip then dofile(verbana.modpath .. '/ipmanip.lua') end
|
||||||
|
if not verbana.log then function verbana.log(_, message, ...) print(message:format(...)) end end
|
||||||
|
|
||||||
|
local ie = minetest.request_insecure_environment()
|
||||||
|
if not ie then
|
||||||
|
error('Verbana will not work unless it has been listed under secure.trusted_mods in minetest.conf')
|
||||||
|
end
|
||||||
|
|
||||||
|
local sql = ie.require("lsqlite3")
|
||||||
|
local db = sql.open(('%s/verbana.sqlite'):format(minetest.get_worldpath())) -- TODO get path from settings
|
||||||
|
sqlite3 = nil -- remove sqlite3 from the global (secure) namespace
|
||||||
|
|
||||||
|
minetest.register_on_shutdown(function()
|
||||||
|
db:close()
|
||||||
|
end)
|
||||||
|
|
||||||
|
local function db_exec(stmt)
|
||||||
|
local status = db:exec(stmt)
|
||||||
|
if status ~= sql.OK then
|
||||||
|
verbana.log('error', 'SQLite ERROR: %s', db:errmsg())
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
|
local function init_db()
|
||||||
|
db_exec([[
|
||||||
|
PRAGMA foreign_keys = OFF;
|
||||||
|
-- PLAYER
|
||||||
|
CREATE TABLE IF NOT EXISTS player_status (
|
||||||
|
id INTEGER PRIMARY KEY
|
||||||
|
, name TEXT NOT NULL
|
||||||
|
);
|
||||||
|
CREATE INDEX IF NOT EXISTS player_status_name ON player_status(name);
|
||||||
|
INSERT OR IGNORE INTO player_status
|
||||||
|
(id, name)
|
||||||
|
VALUES ( 0, 'default')
|
||||||
|
, ( 1, 'unverified')
|
||||||
|
, ( 2, 'banned')
|
||||||
|
, ( 3, 'tempbanned')
|
||||||
|
, ( 4, 'locked')
|
||||||
|
, ( 5, 'whitelisted')
|
||||||
|
, ( 6, 'suspicious');
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS player (
|
||||||
|
id INTEGER PRIMARY KEY AUTOINCREMENT
|
||||||
|
, name TEXT NOT NULL
|
||||||
|
, main_player_id INTEGER
|
||||||
|
, last_action_id INTEGER
|
||||||
|
, FOREIGN KEY (main_player_id) REFERENCES player(id)
|
||||||
|
, FOREIGN KEY (last_action_id) REFERENCES player_action_log(id)
|
||||||
|
);
|
||||||
|
CREATE UNIQUE INDEX IF NOT EXISTS player_name ON player(name);
|
||||||
|
CREATE INDEX IF NOT EXISTS player_main_player_id ON player(main_player_id);
|
||||||
|
CREATE INDEX IF NOT EXISTS player_last_action_id ON player(last_action_id);
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS player_action_log (
|
||||||
|
id INTEGER PRIMARY KEY AUTOINCREMENT
|
||||||
|
, executor_id INTEGER NOT NULL
|
||||||
|
, player_id INTEGER NOT NULL
|
||||||
|
, status_id INTEGER NOT NULL
|
||||||
|
, timestamp INTEGER NOT NULL
|
||||||
|
, reason TEXT
|
||||||
|
, expires INTEGER
|
||||||
|
, FOREIGN KEY (executor_id) REFERENCES player(id)
|
||||||
|
, FOREIGN KEY (player_id) REFERENCES player(id)
|
||||||
|
, FOREIGN KEY (status_id) REFERENCES player_status(id)
|
||||||
|
);
|
||||||
|
CREATE INDEX IF NOT EXISTS player_action_log_player_id ON player_action_log(player_id);
|
||||||
|
CREATE INDEX IF NOT EXISTS player_action_log_timestamp ON player_action_log(timestamp);
|
||||||
|
CREATE INDEX IF NOT EXISTS player_action_log_reason ON player_action_log(reason);
|
||||||
|
-- END PLAYER
|
||||||
|
-- IP
|
||||||
|
CREATE TABLE IF NOT EXISTS ip_status (
|
||||||
|
id INTEGER PRIMARY KEY
|
||||||
|
, name TEXT NOT NULL
|
||||||
|
);
|
||||||
|
CREATE INDEX IF NOT EXISTS ip_status_name ON ip_status(name);
|
||||||
|
INSERT OR IGNORE INTO ip_status
|
||||||
|
(id, name)
|
||||||
|
VALUES ( 0, 'default')
|
||||||
|
, ( 1, 'untrusted')
|
||||||
|
, ( 2, 'blocked')
|
||||||
|
, ( 3, 'tempblocked');
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS ip (
|
||||||
|
ip INTEGER PRIMARY KEY
|
||||||
|
, last_action_id INTEGER
|
||||||
|
, FOREIGN KEY (last_action_id) REFERENCES ip_action_log(id)
|
||||||
|
);
|
||||||
|
CREATE INDEX IF NOT EXISTS ip_last_action_id ON ip(last_action_id);
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS ip_action_log (
|
||||||
|
id INTEGER PRIMARY KEY AUTOINCREMENT
|
||||||
|
, executor_id INTEGER NOT NULL
|
||||||
|
, ip INTEGER NOT NULL
|
||||||
|
, status_id INTEGER NOT NULL
|
||||||
|
, timestamp INTEGER NOT NULL
|
||||||
|
, reason TEXT
|
||||||
|
, expires INTEGER
|
||||||
|
, FOREIGN KEY (executor_id) REFERENCES player(id)
|
||||||
|
, FOREIGN KEY (ip) REFERENCES ip(ip)
|
||||||
|
, FOREIGN KEY (status_id) REFERENCES ip_status(id)
|
||||||
|
);
|
||||||
|
CREATE INDEX IF NOT EXISTS ip_action_log_ip ON ip_action_log(ip);
|
||||||
|
CREATE INDEX IF NOT EXISTS ip_action_log_timestamp ON ip_action_log(timestamp);
|
||||||
|
CREATE INDEX IF NOT EXISTS ip_action_log_reason ON ip_action_log(reason);
|
||||||
|
-- END IP
|
||||||
|
-- ASN
|
||||||
|
CREATE TABLE IF NOT EXISTS asn_status (
|
||||||
|
id INTEGER PRIMARY KEY
|
||||||
|
, name TEXT NOT NULL
|
||||||
|
);
|
||||||
|
CREATE INDEX IF NOT EXISTS asn_status_name ON asn_status(name);
|
||||||
|
INSERT OR IGNORE INTO asn_status
|
||||||
|
(id, name)
|
||||||
|
VALUES ( 0, 'default')
|
||||||
|
, ( 1, 'untrusted')
|
||||||
|
, ( 2, 'blocked')
|
||||||
|
, ( 3, 'tempblocked');
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS asn (
|
||||||
|
asn INTEGER PRIMARY KEY
|
||||||
|
, last_action_id INTEGER
|
||||||
|
, FOREIGN KEY (last_action_id) REFERENCES asn_action_log(id)
|
||||||
|
);
|
||||||
|
CREATE INDEX IF NOT EXISTS asn_last_action_id ON asn(last_action_id);
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS asn_action_log (
|
||||||
|
id INTEGER PRIMARY KEY AUTOINCREMENT
|
||||||
|
, executor_id INTEGER NOT NULL
|
||||||
|
, asn INTEGER NOT NULL
|
||||||
|
, status_id INTEGER NOT NULL
|
||||||
|
, timestamp INTEGER NOT NULL
|
||||||
|
, reason TEXT
|
||||||
|
, expires INTEGER
|
||||||
|
, FOREIGN KEY (executor_id) REFERENCES player(id)
|
||||||
|
, FOREIGN KEY (asn) REFERENCES asn(asn)
|
||||||
|
, FOREIGN KEY (status_id) REFERENCES asn_status(id)
|
||||||
|
);
|
||||||
|
CREATE INDEX IF NOT EXISTS asn_action_log_asn ON asn_action_log(asn);
|
||||||
|
CREATE INDEX IF NOT EXISTS asn_action_log_timestamp ON asn_action_log(timestamp);
|
||||||
|
CREATE INDEX IF NOT EXISTS asn_action_log_reason ON asn_action_log(reason);
|
||||||
|
-- END ASN
|
||||||
|
-- OTHER
|
||||||
|
CREATE TABLE IF NOT EXISTS log (
|
||||||
|
player_id INTEGER NOT NULL
|
||||||
|
, ip INTEGER NOT NULL
|
||||||
|
, asn INTEGER NOT NULL
|
||||||
|
, timestamp INTEGER NOT NULL
|
||||||
|
, FOREIGN KEY (player_id) REFERENCES player(id)
|
||||||
|
, FOREIGN KEY (ip) REFERENCES ip(ip)
|
||||||
|
, FOREIGN KEY (asn) REFERENCES asn(asn)
|
||||||
|
);
|
||||||
|
CREATE INDEX IF NOT EXISTS log_player ON log(player_id);
|
||||||
|
CREATE INDEX IF NOT EXISTS log_ip ON log(ip);
|
||||||
|
CREATE INDEX IF NOT EXISTS log_asn ON log(asn);
|
||||||
|
CREATE INDEX IF NOT EXISTS log_timestamp ON log(timestamp);
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS assoc (
|
||||||
|
player_id INTEGER
|
||||||
|
, ip INTEGER
|
||||||
|
, asn INTEGER
|
||||||
|
, PRIMARY KEY (player_id, ip, asn)
|
||||||
|
, FOREIGN KEY (player_id) REFERENCES player(id)
|
||||||
|
, FOREIGN KEY (ip) REFERENCES ip(ip)
|
||||||
|
, FOREIGN KEY (asn) REFERENCES asn(asn)
|
||||||
|
);
|
||||||
|
CREATE INDEX IF NOT EXISTS assoc_player ON assoc(player_id);
|
||||||
|
CREATE INDEX IF NOT EXISTS assoc_ip ON assoc(ip);
|
||||||
|
CREATE INDEX IF NOT EXISTS assoc_asn ON assoc(asn);
|
||||||
|
-- END OTHER
|
||||||
|
PRAGMA foreign_keys = ON;
|
||||||
|
]])
|
||||||
|
end -- init_db()
|
||||||
|
|
||||||
|
init_db()
|
|
@ -0,0 +1 @@
|
||||||
|
Verification and Banning mod
|
21
init.lua
21
init.lua
|
@ -1,5 +1,22 @@
|
||||||
verbana = {}
|
verbana = {}
|
||||||
|
local modname = minetest.get_current_modname()
|
||||||
|
verbana.modpath = minetest.get_modpath(modname)
|
||||||
|
|
||||||
function verbana.log(level, message)
|
function verbana.log(level, message, ...)
|
||||||
|
minetest.log(level, ('[%s] %s'):format(modname, message:format(...)))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if not minetest.request_insecure_environment() then
|
||||||
|
error('insecure environment inaccessible - make sure this mod has been added to minetest.conf!')
|
||||||
|
end
|
||||||
|
|
||||||
|
dofile(verbana.modpath .. '/settings.lua')
|
||||||
|
dofile(verbana.modpath .. '/privs.lua')
|
||||||
|
|
||||||
|
dofile(verbana.modpath .. '/ipmanip.lua')
|
||||||
|
dofile(verbana.modpath .. '/asn.lua')
|
||||||
|
|
||||||
|
dofile(verbana.modpath .. '/data.lua')
|
||||||
|
|
||||||
|
dofile(verbana.modpath .. '/commands.lua')
|
||||||
|
dofile(verbana.modpath .. '/login_handling.lua')
|
||||||
|
|
12
ipmanip.lua
12
ipmanip.lua
|
@ -2,13 +2,19 @@ if not verbana then verbana = {} end
|
||||||
|
|
||||||
verbana.ip = {}
|
verbana.ip = {}
|
||||||
|
|
||||||
function verbana.ip.ipstr_to_number(ip)
|
function verbana.ip.is_valid_ip(ipstr)
|
||||||
local a, b, c, d = ip:match('^(%d+)%.(%d+)%.(%d+)%.(%d+)$')
|
local a, b, c, d = ipstr:match('^(%d+)%.(%d+)%.(%d+)%.(%d+)$')
|
||||||
|
if not a and b and c and d then return false end
|
||||||
a = tonumber(a)
|
a = tonumber(a)
|
||||||
b = tonumber(b)
|
b = tonumber(b)
|
||||||
c = tonumber(c)
|
c = tonumber(c)
|
||||||
d = tonumber(d)
|
d = tonumber(d)
|
||||||
return (a * 16777216) + (b * 65536) + (c * 256) + d
|
return 0 <= a and a < 256 and 0 <= b and b < 256 and 0 <= c and c < 256 and 0 <= d and d < 256
|
||||||
|
end
|
||||||
|
|
||||||
|
function verbana.ip.ipstr_to_number(ipstr)
|
||||||
|
local a, b, c, d = ipstr:match('^(%d+)%.(%d+)%.(%d+)%.(%d+)$')
|
||||||
|
return (tonumber(a) * 16777216) + (tonumber(b) * 65536) + (tonumber(c) * 256) + tonumber(d)
|
||||||
end
|
end
|
||||||
|
|
||||||
function verbana.ip.number_to_ipstr(number)
|
function verbana.ip.number_to_ipstr(number)
|
||||||
|
|
|
@ -0,0 +1,60 @@
|
||||||
|
TODO: turn this into proper documentation
|
||||||
|
|
||||||
|
new player logs in from a DEFAULT ip/network
|
||||||
|
status = default
|
||||||
|
new player logs in from a DANGEROUS ip/network
|
||||||
|
if player is whitelisted: status = default
|
||||||
|
else: status = unverified; alert mods
|
||||||
|
new player logs in from a BLOCKED ip/network
|
||||||
|
if player is whitelisted: let them in
|
||||||
|
else: status is not changed (we should refuse to allow them to register the account)
|
||||||
|
|
||||||
|
old player logs in from a DEFAULT ip/network
|
||||||
|
if status is banned, boot them
|
||||||
|
if status is temp banned, check expiry and conditionally boot them
|
||||||
|
if status is locked, boot them BUT ALERT MODS
|
||||||
|
if status is suspicious, let them in BUT ALERT MODS
|
||||||
|
else allow them in
|
||||||
|
old player logs in from a DANGEROUS ip/network
|
||||||
|
if player has never used that ip/network
|
||||||
|
if the player is whitelisted let them in
|
||||||
|
else refuse entry
|
||||||
|
else
|
||||||
|
if the player is whitelisted, let them in
|
||||||
|
if the player is banned/tempbanned/locked, as for default ip/net status
|
||||||
|
else let them in, but alert mods
|
||||||
|
old player logs in from a BLOCKED ip/network
|
||||||
|
if the player is whitelisted, let them in
|
||||||
|
else refuse entry
|
||||||
|
|
||||||
|
when status == default:
|
||||||
|
account can be banned
|
||||||
|
account can be temp banned
|
||||||
|
account can be locked
|
||||||
|
account can be whitelisted by admins
|
||||||
|
account can be be marked suspicious
|
||||||
|
account can be unverified (sent back to verification area)
|
||||||
|
when status == unverified
|
||||||
|
account can be verified (status -> default)
|
||||||
|
account can be banned, tempbanned, locked
|
||||||
|
account can be whitelisted by admins (also lets them out of verification area)
|
||||||
|
account can be marked suspicious (also lets them out of verification area)
|
||||||
|
when status == banned
|
||||||
|
account can be unbanned (status -> default | suspicious depending on network)
|
||||||
|
account can be tempbanned (override previous behavior)
|
||||||
|
account can be locked (override previous behavior)
|
||||||
|
when status == tempbanned
|
||||||
|
account can be unbanned (status -> default | suspicious depending on network)
|
||||||
|
account can be banned (override previous behavior)
|
||||||
|
account can be locked (override previous behavior)
|
||||||
|
when status == locked
|
||||||
|
account can be unlocked (status -> default | suspicious depending on network)
|
||||||
|
account can be banned (override previous behavior)
|
||||||
|
account can be tempbanned (override previous behavior)
|
||||||
|
when status == whitelisted
|
||||||
|
account can be locked by mods
|
||||||
|
account can be unwhitelisted by admins (status -> default)
|
||||||
|
account can be banned by admins
|
||||||
|
account can be tempbanned by admins
|
||||||
|
when status == suspicious
|
||||||
|
as for default, mutatis mutandis
|
|
@ -0,0 +1,7 @@
|
||||||
|
minetest.register_on_prejoinplayer(function(name, ip)
|
||||||
|
end)
|
||||||
|
|
||||||
|
minetest.register_on_joinplayer(function(player)
|
||||||
|
local name = player:get_player_name()
|
||||||
|
local ip = minetest.get_player_ip(name)
|
||||||
|
end)
|
|
@ -0,0 +1,2 @@
|
||||||
|
name = verbana
|
||||||
|
description = Verification and Banning mod
|
|
@ -0,0 +1,7 @@
|
||||||
|
if not verbana then verbana = {} end
|
||||||
|
verbana.privs = {}
|
||||||
|
|
||||||
|
minetest.register_privilege('ban_admin', 'administrator for verification/bans')
|
||||||
|
|
||||||
|
verbana.privs.admin = 'ban_admin' -- TODO load from settings
|
||||||
|
verbana.privs.moderator = 'basic_privs' -- TODO load from settings
|
|
@ -0,0 +1 @@
|
||||||
|
-- config: privs_to_whitelist: if a player has this/these privs, they are treated as whitelisted
|
|
@ -0,0 +1 @@
|
||||||
|
-- TODO: command line interface to manipulate the DB (e.g. for emergencies)
|
Loading…
Reference in New Issue