Commit 14d52337 authored by Imran Hussain's avatar Imran Hussain

Code dump of Gameauth from the staff svn

parents
SUCS Game Server Auth System v2
===============================
imranh@sucs.org
What is it?
-----------
An authentication system to ensure only SUCS members and plus whoever we want
can connect and play games on the game server.
How's it work?
--------------
It's written in php and it's done in the style of a SPA. If a member wishes
to connect to a game, they visit games.sucs.org, enter their SUCS username +
password, and they are then granted access to the server.
The page uses a HTTP Refresh: header with a timeout of 30 seconds to keep them
logged in. this timeout can be fiddeled with in index.php and in
gameauth-task.php
Every time the page is accessed, the member's entry in a sqlite db is updated
and a hole poked in the firewall on the game server for their IP (if there's
not already a hole there)
How does it know when a user times out?
---------------------------------------
A cron job runs every minute on the server to close the holes in the firewall
associated with the IPs of people who have not refreshed the web page in the
last 1 minute.
What if a user logs in twice from 2 different IPs?
--------------------------------------------------
Then the IP that did the most recent refresh overwrites the old one.
A user can only connect from one IP at a time. Should stop people giving their
login details to their friends.
What if two different people from the same IP login?
----------------------------------------------------
This is ok - 2 entries will be added to the db and the firewall, so if one user
disconnects, it won't affect the other user.
What if we want to open the server to the world for a special event?
--------------------------------------------------------------------
Currently we are restricting this to only allow Swansea University students,
rename the uni.deny file in /home/game-server to uni.allow to allow SUCS +
Swansea Univerity students and rename it back to uni.deny only allow SUCS
members.
Why was it rewritten?
---------------------
The old system didn't work.
What is wrong with Apache LDAP Auth?
------------------------------------
It doesn't give us the ability to customise the login form.
\ No newline at end of file
Game Server Auth TODO
=====================
(In no particular order)
* Use a custom iptables chain to reduce number of rules traversed.
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-7.html#ss7.5
* Reduce data transfer on page refresh.
Use Javascript to refresh a single page element.
* Close the firewall if the database gets corrupt
* Logging
Keep logs of people's actions (login/outs, failed logins, etc)
for security purposes.
* DOS Protection
Do something to help protect against attacks. iptables' 'recent' module
might be helpful here...
#!/bin/bash
/sbin/iptables -I INPUT -s "$1" -j ACCEPT
K 25
svn:wc:ra_dav:version-url
V 48
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css
END
bootstrap-theme.min.css
K 25
svn:wc:ra_dav:version-url
V 72
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css/bootstrap-theme.min.css
END
bootstrap.min.css
K 25
svn:wc:ra_dav:version-url
V 66
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css/bootstrap.min.css
END
material.min.css
K 25
svn:wc:ra_dav:version-url
V 65
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css/material.min.css
END
ripples.min.css
K 25
svn:wc:ra_dav:version-url
V 64
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css/ripples.min.css
END
material-wfont.min.css.map
K 25
svn:wc:ra_dav:version-url
V 75
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css/material-wfont.min.css.map
END
bootstrap-theme.css.map
K 25
svn:wc:ra_dav:version-url
V 72
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css/bootstrap-theme.css.map
END
bootstrap.css.map
K 25
svn:wc:ra_dav:version-url
V 66
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css/bootstrap.css.map
END
material-wfont.min.css
K 25
svn:wc:ra_dav:version-url
V 71
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css/material-wfont.min.css
END
material.min.css.map
K 25
svn:wc:ra_dav:version-url
V 69
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css/material.min.css.map
END
ripples.min.css.map
K 25
svn:wc:ra_dav:version-url
V 68
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css/ripples.min.css.map
END
bootstrap-theme.css
K 25
svn:wc:ra_dav:version-url
V 68
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css/bootstrap-theme.css
END
bootstrap.css
K 25
svn:wc:ra_dav:version-url
V 62
/svn/staff/!svn/ver/749/trunk/tools/gameauth/css/bootstrap.css
END
10
dir
791
https://sucs.org/svn/staff/trunk/tools/gameauth/css
https://sucs.org/svn/staff
2015-01-18T23:39:31.523358Z
749
imranh
d3426eaa-de17-0410-9ff3-a0a58f9baf49
ripples.min.css.map
file
2015-01-18T23:37:27.375174Z
fd042c4874625d62f3d3e3c2d4549115
2015-01-18T23:39:31.523358Z
749
imranh
has-props
1238
material.min.css.map
file
2015-01-18T23:37:27.479174Z
5fbe4783669b56ea807a5d53a0c8d9f5
2015-01-18T23:39:31.523358Z
749
imranh
has-props
190622
bootstrap-theme.css
file
2015-01-18T23:37:27.375174Z
8c6ad2433e82a311530e4ebe3aebf39f
2015-01-18T23:39:31.523358Z
749
imranh
has-props
22474
bootstrap.css
file
2015-01-18T23:37:27.435174Z
d2ab08de4855f3f73d2ecec6da794293
2015-01-18T23:39:31.523358Z
749
imranh
has-props
137067
bootstrap-theme.min.css
file
2015-01-18T23:37:27.359174Z
95eb835999f0c2f1f3218d46e6c30137
2015-01-18T23:39:31.523358Z
749
imranh
has-props
19835
bootstrap.min.css
file
2015-01-18T23:37:27.375174Z
3ab3438f85ad9f9e27e1af1facf0a9c4
2015-01-18T23:39:31.523358Z
749
imranh
has-props
113498
material.min.css
file
2015-01-18T23:37:27.343174Z
28a7609f8a499d35cbc3f7cc186066b7
2015-01-18T23:39:31.523358Z
749
imranh
has-props
988209
ripples.min.css
file
2015-01-18T23:37:27.375174Z
cc545cb37c21eaac54f92ca5b41ed9e3
2015-01-18T23:39:31.523358Z
749
imranh
has-props
786
material-wfont.min.css.map
file
2015-01-18T23:37:27.479174Z
ba0bf4b3ad66dc0618db03d584df170e
2015-01-18T23:39:31.523358Z
749
imranh
has-props
1198306
bootstrap.css.map
file
2015-01-18T23:37:27.399174Z
5206fb32306ff97ac5957e2c3193e6b9
2015-01-18T23:39:31.523358Z
749
imranh
has-props
366144
bootstrap-theme.css.map
file
2015-01-18T23:37:27.479174Z
006d9779ee6076a657daf47fce1a2957
2015-01-18T23:39:31.523358Z
749
imranh
has-props
43029
material-wfont.min.css
file
2015-01-18T23:37:27.343174Z
85848f3affa20d50704706e21b868286
2015-01-18T23:39:31.523358Z
749
imranh
has-props
989630
K 14
svn:executable
V 1
*
END
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
{"version":3,"sources":["/less/ripples.less"],"names":[],"mappings":"AAAA,YACI,kBAAA,CAAA,eAGA,kBACA,CAAA,KACA,CAAA,MACA,CAAA,SACA,CAAA,UACA,CAAA,WACA,CAAA,eACA,CAAA,qBACA,CAAA,mBAEJ,CAAA,OACI,kBACA,CAAA,UACA,CAAA,WACA,CAAA,iBACA,CAAA,gBACA,CAAA,kBACA,CAAA,gCACA,CAAA,0BAAA,CACA,sBADA,CACA,kBAAA,CAAA,4BAAA,CACA,wBADA,CACA,oBAAA,CAAA,SACA,CAAA,mBAAA,CAAA,iBAGA,qFAAA,CACA,4EAAA,CAAA,UAAA,CAAA,kBAGA,2CACA,CAAA,SAAA,CAAA","file":"ripples.min.css","sourcesContent":[".withripple {\n position: relative;\n}\n.ripple-wrapper {\n position: absolute;\n top: 0;\n left: 0;\n z-index: 1;\n width: 100%;\n height: 100%;\n overflow: hidden;\n border-radius: inherit;\n pointer-events: none;\n}\n.ripple {\n position: absolute;\n width: 20px;\n height: 20px;\n margin-left: -10px;\n margin-top: -10px;\n border-radius: 100%;\n background-color: rgba(0,0,0,0.05);\n transform: scale(1);\n transform-origin: 50%;\n opacity: 0;\n pointer-events: none;\n}\n.ripple.ripple-on {\n transition: opacity 0.15s ease-in 0s, transform 0.5s cubic-bezier(0.4, 0, 0.2, 1) 0.1s;\n opacity: 0.1;\n}\n.ripple.ripple-out {\n transition: opacity 0.1s linear 0s !important;\n opacity: 0;\n}\n"]}
\ No newline at end of file
.withripple{position:relative}.ripple-wrapper{position:absolute;top:0;left:0;z-index:1;width:100%;height:100%;overflow:hidden;border-radius:inherit;pointer-events:none}.ripple{position:absolute;width:20px;height:20px;margin-left:-10px;margin-top:-10px;border-radius:100%;background-color:rgba(0,0,0,.05);-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1);-webkit-transform-origin:50%;-ms-transform-origin:50%;transform-origin:50%;opacity:0;pointer-events:none}.ripple.ripple-on{transition:opacity .15s ease-in 0s,-webkit-transform .5s cubic-bezier(.4,0,.2,1) .1s;transition:opacity .15s ease-in 0s,transform .5s cubic-bezier(.4,0,.2,1) .1s;opacity:.1}.ripple.ripple-out{transition:opacity .1s linear 0s!important;opacity:0}
/*# sourceMappingURL=ripples.min.css.map */
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
.withripple{position:relative}.ripple-wrapper{position:absolute;top:0;left:0;z-index:1;width:100%;height:100%;overflow:hidden;border-radius:inherit;pointer-events:none}.ripple{position:absolute;width:20px;height:20px;margin-left:-10px;margin-top:-10px;border-radius:100%;background-color:rgba(0,0,0,.05);-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1);-webkit-transform-origin:50%;-ms-transform-origin:50%;transform-origin:50%;opacity:0;pointer-events:none}.ripple.ripple-on{transition:opacity .15s ease-in 0s,-webkit-transform .5s cubic-bezier(.4,0,.2,1) .1s;transition:opacity .15s ease-in 0s,transform .5s cubic-bezier(.4,0,.2,1) .1s;opacity:.1}.ripple.ripple-out{transition:opacity .1s linear 0s!important;opacity:0}
/*# sourceMappingURL=ripples.min.css.map */
{"version":3,"sources":["/less/ripples.less"],"names":[],"mappings":"AAAA,YACI,kBAAA,CAAA,eAGA,kBACA,CAAA,KACA,CAAA,MACA,CAAA,SACA,CAAA,UACA,CAAA,WACA,CAAA,eACA,CAAA,qBACA,CAAA,mBAEJ,CAAA,OACI,kBACA,CAAA,UACA,CAAA,WACA,CAAA,iBACA,CAAA,gBACA,CAAA,kBACA,CAAA,gCACA,CAAA,0BAAA,CACA,sBADA,CACA,kBAAA,CAAA,4BAAA,CACA,wBADA,CACA,oBAAA,CAAA,SACA,CAAA,mBAAA,CAAA,iBAGA,qFAAA,CACA,4EAAA,CAAA,UAAA,CAAA,kBAGA,2CACA,CAAA,SAAA,CAAA","file":"ripples.min.css","sourcesContent":[".withripple {\n position: relative;\n}\n.ripple-wrapper {\n position: absolute;\n top: 0;\n left: 0;\n z-index: 1;\n width: 100%;\n height: 100%;\n overflow: hidden;\n border-radius: inherit;\n pointer-events: none;\n}\n.ripple {\n position: absolute;\n width: 20px;\n height: 20px;\n margin-left: -10px;\n margin-top: -10px;\n border-radius: 100%;\n background-color: rgba(0,0,0,0.05);\n transform: scale(1);\n transform-origin: 50%;\n opacity: 0;\n pointer-events: none;\n}\n.ripple.ripple-on {\n transition: opacity 0.15s ease-in 0s, transform 0.5s cubic-bezier(0.4, 0, 0.2, 1) 0.1s;\n opacity: 0.1;\n}\n.ripple.ripple-out {\n transition: opacity 0.1s linear 0s !important;\n opacity: 0;\n}\n"]}
\ No newline at end of file
#!/bin/bash
/sbin/iptables -D INPUT -s "$1" -j ACCEPT
#!/bin/bash
start(){
/sbin/iptables -F INPUT
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -s 137.44.10.0/24 -j ACCEPT
/sbin/iptables -A INPUT -p TCP --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p TCP --dport 443 -j ACCEPT
/usr/local/src/gameauth/empty_users_table.py
}
stop(){