import from combined repo

.luacheckrc

@@ -0,0 +1,19 @@
+unused_args = false
+allow_defined_top = true
+
+globals = {
+	"auth_proxy",
+}
+
+read_globals = {
+	"xban",
+
+	-- Stdlib
+	string = {fields = {"split"}},
+	table = {fields = {"copy", "getn"}},
+
+	-- Minetest
+	"minetest", "dump",
+	"vector", "ItemStack"
+
+}

auth.lua

@@ -0,0 +1,61 @@
+
+local MP = minetest.get_modpath(minetest.get_current_modname())
+local Channel = dofile(MP .. "/util/channel.lua")
+local channel
+
+local has_xban2_mod = minetest.get_modpath("xban2")
+
+-- auth request
+local function auth_handler(auth)
+	local handler = minetest.get_auth_handler()
+	minetest.log("action", "[auth_proxy] auth: " .. auth.name)
+
+	local success = false
+	local banned = false
+	local message = ""
+
+	if auth_proxy.disallow_banned_players and has_xban2_mod then
+		-- check xban db
+		local xbanentry = xban.find_entry(auth.name)
+		if xbanentry and xbanentry.banned then
+			banned = true
+			message = "Banned!"
+		end
+	end
+
+	if not banned then
+		-- check tan
+		local tan = auth_proxy.tan[auth.name]
+		if tan ~= nil then
+			success = tan == auth.password
+		end
+
+		-- check auth
+		if not success then
+			local entry = handler.get_auth(auth.name)
+			if entry and minetest.check_password_entry(auth.name, entry.password, auth.password) then
+				success = true
+			end
+		end
+	end
+
+	channel.send({
+		type = "auth",
+		data = {
+			name = auth.name,
+			success = success,
+			message = message
+		}
+	})
+end
+
+
+function auth_proxy.http_init(http, url)
+	channel = Channel(http, url .. "/api/minetest/channel")
+
+	channel.receive(function(data)
+		if data.type == "auth" then
+			auth_handler(data.data)
+		end
+	end)
+end

init.lua

@@ -0,0 +1,18 @@
+auth_proxy = {
+  disallow_banned_players = true,
+  url = minetest.settings:get("auth_proxy.url"),
+  tan = {}
+}
+
+
+local MP = minetest.get_modpath(minetest.get_current_modname())
+dofile(MP .. "/auth.lua")
+dofile(MP .. "/tan.lua")
+
+local http = minetest.request_http_api()
+if not http then
+  minetest.log("error", "auth_proxy_mod mod not in the secure.http_mods setting!")
+  return
+end
+
+auth_proxy.http_init(http, auth_proxy.url)

readme.md

@@ -0,0 +1,23 @@
+
+Authorization mod for minetest
+=================
+
+
+To be used with https://github.com/thomasrudin-mt/auth_proxy_app
+
+# Overview
+
+Lets third-party apps query username and password of ingame players
+
+# Installing
+
+* Copy/Clone the files into the `worldmods` folder
+* Install and start https://github.com/thomasrudin-mt/auth_proxy_app
+
+## minetest.conf
+
+Example usage:
+```
+secure.http_mods = auth_proxy_mod
+auth_proxy.url = http://127.0.0.1:8080
+```

tan.lua

@@ -0,0 +1,16 @@
+
+
+minetest.register_chatcommand("wiki_tan", {
+	description = "generates a tan (temporary access number) for the wiki access",
+	func = function(name)
+    local tan = "" .. math.random(1000, 9999)
+    auth_proxy.tan[name] = tan
+
+		return true, "Your tan is " .. tan .. ", it will expire upon leaving the game"
+	end
+})
+
+minetest.register_on_leaveplayer(function(player)
+	local name = player:get_player_name()
+	auth_proxy.tan[name] = nil
+end)

util/channel.lua

@@ -0,0 +1,93 @@
+-- bi-directional http-channel
+-- with long-poll GET and POST on the same URL
+
+local debug = false
+
+local function Channel(http, url, cfg)
+	cfg = cfg or {}
+	local extra_headers = cfg.extra_headers or {}
+	local timeout = cfg.timeout or 1
+	local long_poll_timeout = cfg.long_poll_timeout or 30
+	local error_retry = cfg.error_retry or 10
+
+	-- assemble post-header with json content
+	local post_headers = { "Content-Type: application/json" }
+	for _,header in pairs(extra_headers) do
+		table.insert(post_headers, header)
+	end
+
+	local recv_listeners = {}
+	local run = true
+
+	local recv_loop
+
+	recv_loop = function()
+		assert(run)
+
+		-- long-poll GET
+		http.fetch({
+			url = url,
+			extra_headers = extra_headers,
+			timeout = long_poll_timeout
+		}, function(res)
+			if res.succeeded and res.code == 200 then
+				local data = minetest.parse_json(res.data)
+
+				if debug then
+					minetest.log("action", "[webmail-rx] " .. dump(data))
+				end
+
+				if data then
+					for _,listener in pairs(recv_listeners) do
+						listener(data)
+					end
+				end
+				-- reschedule immediately
+				minetest.after(0, recv_loop)
+			else
+				-- error, retry after some time
+				minetest.after(error_retry, recv_loop)
+			end
+		end)
+	end
+
+
+	local send = function(data)
+		assert(run)
+		-- POST
+
+		if debug then
+			minetest.log("action", "[webmail-tx] " .. dump(data))
+		end
+
+		http.fetch({
+			url = url,
+			extra_headers = post_headers,
+			timeout = timeout,
+			post_data = minetest.write_json(data)
+		}, function(res)
+			-- TODO: error-handling
+		end)
+	end
+
+	local receive = function(listener)
+		table.insert(recv_listeners, listener)
+	end
+
+	local close = function()
+		run = false
+	end
+
+	recv_loop();
+
+	return {
+		send = send,
+		receive = receive,
+		close = close
+	}
+
+end
+
+
+
+return Channel