From 28c726f20545744a3052a3e8a0a3bf5ff95a5042 Mon Sep 17 00:00:00 2001
From: B3n30 <bene_thomas@web.de>
Date: Tue, 19 Sep 2017 03:18:26 +0200
Subject: WebService: Verify username and token (#2930)

* WebService: Verify username and token; Log errors in PostJson

* Fixup: added docstrings to the functions

* Webservice: Added Icons to the verification, imrpved error detection in cpr, fixup nits

* fixup: fmt warning
---
 src/web_service/CMakeLists.txt   |   2 +
 src/web_service/verify_login.cpp |  28 +++++++++++
 src/web_service/verify_login.h   |  24 ++++++++++
 src/web_service/web_backend.cpp  | 101 ++++++++++++++++++++++++++++++++++-----
 src/web_service/web_backend.h    |  16 +++++++
 5 files changed, 159 insertions(+), 12 deletions(-)
 create mode 100644 src/web_service/verify_login.cpp
 create mode 100644 src/web_service/verify_login.h

(limited to 'src/web_service')

diff --git a/src/web_service/CMakeLists.txt b/src/web_service/CMakeLists.txt
index 334d82a8a..c93811892 100644
--- a/src/web_service/CMakeLists.txt
+++ b/src/web_service/CMakeLists.txt
@@ -1,10 +1,12 @@
 set(SRCS
             telemetry_json.cpp
+            verify_login.cpp
             web_backend.cpp
             )
 
 set(HEADERS
             telemetry_json.h
+            verify_login.h
             web_backend.h
             )
 
diff --git a/src/web_service/verify_login.cpp b/src/web_service/verify_login.cpp
new file mode 100644
index 000000000..1bc3b5afe
--- /dev/null
+++ b/src/web_service/verify_login.cpp
@@ -0,0 +1,28 @@
+// Copyright 2017 Citra Emulator Project
+// Licensed under GPLv2 or any later version
+// Refer to the license.txt file included.
+
+#include <json.hpp>
+#include "web_service/verify_login.h"
+#include "web_service/web_backend.h"
+
+namespace WebService {
+
+std::future<bool> VerifyLogin(std::string& username, std::string& token,
+                              const std::string& endpoint_url, std::function<void()> func) {
+    auto get_func = [func, username](const std::string& reply) -> bool {
+        func();
+        if (reply.empty())
+            return false;
+        nlohmann::json json = nlohmann::json::parse(reply);
+        std::string result;
+        try {
+            result = json["username"];
+        } catch (const nlohmann::detail::out_of_range&) {
+        }
+        return result == username;
+    };
+    return GetJson<bool>(get_func, endpoint_url, false, username, token);
+}
+
+} // namespace WebService
diff --git a/src/web_service/verify_login.h b/src/web_service/verify_login.h
new file mode 100644
index 000000000..303f5dbbc
--- /dev/null
+++ b/src/web_service/verify_login.h
@@ -0,0 +1,24 @@
+// Copyright 2017 Citra Emulator Project
+// Licensed under GPLv2 or any later version
+// Refer to the license.txt file included.
+
+#pragma once
+
+#include <functional>
+#include <future>
+#include <string>
+
+namespace WebService {
+
+/**
+ * Checks if username and token is valid
+ * @param username Citra username to use for authentication.
+ * @param token Citra token to use for authentication.
+ * @param endpoint_url URL of the services.citra-emu.org endpoint.
+ * @param func A function that gets exectued when the verification is finished
+ * @returns Future with bool indicating whether the verification succeeded
+ */
+std::future<bool> VerifyLogin(std::string& username, std::string& token,
+                              const std::string& endpoint_url, std::function<void()> func);
+
+} // namespace WebService
diff --git a/src/web_service/web_backend.cpp b/src/web_service/web_backend.cpp
index d28a3f757..b17d82f9c 100644
--- a/src/web_service/web_backend.cpp
+++ b/src/web_service/web_backend.cpp
@@ -18,6 +18,19 @@ static constexpr char API_VERSION[]{"1"};
 
 static std::unique_ptr<cpr::Session> g_session;
 
+void Win32WSAStartup() {
+#ifdef _WIN32
+    // On Windows, CPR/libcurl does not properly initialize Winsock. The below code is used to
+    // initialize Winsock globally, which fixes this problem. Without this, only the first CPR
+    // session will properly be created, and subsequent ones will fail.
+    WSADATA wsa_data;
+    const int wsa_result{WSAStartup(MAKEWORD(2, 2), &wsa_data)};
+    if (wsa_result) {
+        LOG_CRITICAL(WebService, "WSAStartup failed: %d", wsa_result);
+    }
+#endif
+}
+
 void PostJson(const std::string& url, const std::string& data, bool allow_anonymous,
               const std::string& username, const std::string& token) {
     if (url.empty()) {
@@ -31,16 +44,7 @@ void PostJson(const std::string& url, const std::string& data, bool allow_anonym
         return;
     }
 
-#ifdef _WIN32
-    // On Windows, CPR/libcurl does not properly initialize Winsock. The below code is used to
-    // initialize Winsock globally, which fixes this problem. Without this, only the first CPR
-    // session will properly be created, and subsequent ones will fail.
-    WSADATA wsa_data;
-    const int wsa_result{WSAStartup(MAKEWORD(2, 2), &wsa_data)};
-    if (wsa_result) {
-        LOG_CRITICAL(WebService, "WSAStartup failed: %d", wsa_result);
-    }
-#endif
+    Win32WSAStartup();
 
     // Built request header
     cpr::Header header;
@@ -56,8 +60,81 @@ void PostJson(const std::string& url, const std::string& data, bool allow_anonym
     }
 
     // Post JSON asynchronously
-    static cpr::AsyncResponse future;
-    future = cpr::PostAsync(cpr::Url{url.c_str()}, cpr::Body{data.c_str()}, header);
+    static std::future<void> future;
+    future = cpr::PostCallback(
+        [](cpr::Response r) {
+            if (r.error) {
+                LOG_ERROR(WebService, "POST returned cpr error: %u:%s",
+                          static_cast<u32>(r.error.code), r.error.message.c_str());
+                return;
+            }
+            if (r.status_code >= 400) {
+                LOG_ERROR(WebService, "POST returned error status code: %u", r.status_code);
+                return;
+            }
+            if (r.header["content-type"].find("application/json") == std::string::npos) {
+                LOG_ERROR(WebService, "POST returned wrong content: %s",
+                          r.header["content-type"].c_str());
+                return;
+            }
+        },
+        cpr::Url{url}, cpr::Body{data}, header);
+}
+
+template <typename T>
+std::future<T> GetJson(std::function<T(const std::string&)> func, const std::string& url,
+                       bool allow_anonymous, const std::string& username,
+                       const std::string& token) {
+    if (url.empty()) {
+        LOG_ERROR(WebService, "URL is invalid");
+        return std::async(std::launch::async, [func{std::move(func)}]() { return func(""); });
+    }
+
+    const bool are_credentials_provided{!token.empty() && !username.empty()};
+    if (!allow_anonymous && !are_credentials_provided) {
+        LOG_ERROR(WebService, "Credentials must be provided for authenticated requests");
+        return std::async(std::launch::async, [func{std::move(func)}]() { return func(""); });
+    }
+
+    Win32WSAStartup();
+
+    // Built request header
+    cpr::Header header;
+    if (are_credentials_provided) {
+        // Authenticated request if credentials are provided
+        header = {{"Content-Type", "application/json"},
+                  {"x-username", username.c_str()},
+                  {"x-token", token.c_str()},
+                  {"api-version", API_VERSION}};
+    } else {
+        // Otherwise, anonymous request
+        header = cpr::Header{{"Content-Type", "application/json"}, {"api-version", API_VERSION}};
+    }
+
+    // Get JSON asynchronously
+    return cpr::GetCallback(
+        [func{std::move(func)}](cpr::Response r) {
+            if (r.error) {
+                LOG_ERROR(WebService, "GET returned cpr error: %u:%s",
+                          static_cast<u32>(r.error.code), r.error.message.c_str());
+                return func("");
+            }
+            if (r.status_code >= 400) {
+                LOG_ERROR(WebService, "GET returned error code: %u", r.status_code);
+                return func("");
+            }
+            if (r.header["content-type"].find("application/json") == std::string::npos) {
+                LOG_ERROR(WebService, "GET returned wrong content: %s",
+                          r.header["content-type"].c_str());
+                return func("");
+            }
+            return func(r.text);
+        },
+        cpr::Url{url}, header);
 }
 
+template std::future<bool> GetJson(std::function<bool(const std::string&)> func,
+                                   const std::string& url, bool allow_anonymous,
+                                   const std::string& username, const std::string& token);
+
 } // namespace WebService
diff --git a/src/web_service/web_backend.h b/src/web_service/web_backend.h
index d17100398..a63c75d13 100644
--- a/src/web_service/web_backend.h
+++ b/src/web_service/web_backend.h
@@ -4,6 +4,8 @@
 
 #pragma once
 
+#include <functional>
+#include <future>
 #include <string>
 #include "common/common_types.h"
 
@@ -20,4 +22,18 @@ namespace WebService {
 void PostJson(const std::string& url, const std::string& data, bool allow_anonymous,
               const std::string& username = {}, const std::string& token = {});
 
+/**
+ * Gets JSON from services.citra-emu.org.
+ * @param func A function that gets exectued when the json as a string is received
+ * @param url URL of the services.citra-emu.org endpoint to post data to.
+ * @param allow_anonymous If true, allow anonymous unauthenticated requests.
+ * @param username Citra username to use for authentication.
+ * @param token Citra token to use for authentication.
+ * @return future that holds the return value T of the func
+ */
+template <typename T>
+std::future<T> GetJson(std::function<T(const std::string&)> func, const std::string& url,
+                       bool allow_anonymous, const std::string& username = {},
+                       const std::string& token = {});
+
 } // namespace WebService
-- 
cgit v1.2.3