1-- Minetest: builtin/auth.lua 2 3-- 4-- Builtin authentication handler 5-- 6 7-- Make the auth object private, deny access to mods 8local core_auth = core.auth 9core.auth = nil 10 11core.builtin_auth_handler = { 12 get_auth = function(name) 13 assert(type(name) == "string") 14 local auth_entry = core_auth.read(name) 15 -- If no such auth found, return nil 16 if not auth_entry then 17 return nil 18 end 19 -- Figure out what privileges the player should have. 20 -- Take a copy of the privilege table 21 local privileges = {} 22 for priv, _ in pairs(auth_entry.privileges) do 23 privileges[priv] = true 24 end 25 -- If singleplayer, give all privileges except those marked as give_to_singleplayer = false 26 if core.is_singleplayer() then 27 for priv, def in pairs(core.registered_privileges) do 28 if def.give_to_singleplayer then 29 privileges[priv] = true 30 end 31 end 32 -- For the admin, give everything 33 elseif name == core.settings:get("name") then 34 for priv, def in pairs(core.registered_privileges) do 35 if def.give_to_admin then 36 privileges[priv] = true 37 end 38 end 39 end 40 -- All done 41 return { 42 password = auth_entry.password, 43 privileges = privileges, 44 last_login = auth_entry.last_login, 45 } 46 end, 47 create_auth = function(name, password) 48 assert(type(name) == "string") 49 assert(type(password) == "string") 50 core.log('info', "Built-in authentication handler adding player '"..name.."'") 51 return core_auth.create({ 52 name = name, 53 password = password, 54 privileges = core.string_to_privs(core.settings:get("default_privs")), 55 last_login = -1, -- Defer login time calculation until record_login (called by on_joinplayer) 56 }) 57 end, 58 delete_auth = function(name) 59 assert(type(name) == "string") 60 local auth_entry = core_auth.read(name) 61 if not auth_entry then 62 return false 63 end 64 core.log('info', "Built-in authentication handler deleting player '"..name.."'") 65 return core_auth.delete(name) 66 end, 67 set_password = function(name, password) 68 assert(type(name) == "string") 69 assert(type(password) == "string") 70 local auth_entry = core_auth.read(name) 71 if not auth_entry then 72 core.builtin_auth_handler.create_auth(name, password) 73 else 74 core.log('info', "Built-in authentication handler setting password of player '"..name.."'") 75 auth_entry.password = password 76 core_auth.save(auth_entry) 77 end 78 return true 79 end, 80 set_privileges = function(name, privileges) 81 assert(type(name) == "string") 82 assert(type(privileges) == "table") 83 local auth_entry = core_auth.read(name) 84 if not auth_entry then 85 auth_entry = core.builtin_auth_handler.create_auth(name, 86 core.get_password_hash(name, 87 core.settings:get("default_password"))) 88 end 89 90 -- Run grant callbacks 91 for priv, _ in pairs(privileges) do 92 if not auth_entry.privileges[priv] then 93 core.run_priv_callbacks(name, priv, nil, "grant") 94 end 95 end 96 97 -- Run revoke callbacks 98 for priv, _ in pairs(auth_entry.privileges) do 99 if not privileges[priv] then 100 core.run_priv_callbacks(name, priv, nil, "revoke") 101 end 102 end 103 104 auth_entry.privileges = privileges 105 core_auth.save(auth_entry) 106 core.notify_authentication_modified(name) 107 end, 108 reload = function() 109 core_auth.reload() 110 return true 111 end, 112 record_login = function(name) 113 assert(type(name) == "string") 114 local auth_entry = core_auth.read(name) 115 assert(auth_entry) 116 auth_entry.last_login = os.time() 117 core_auth.save(auth_entry) 118 end, 119 iterate = function() 120 local names = {} 121 local nameslist = core_auth.list_names() 122 for k,v in pairs(nameslist) do 123 names[v] = true 124 end 125 return pairs(names) 126 end, 127} 128 129core.register_on_prejoinplayer(function(name, ip) 130 if core.registered_auth_handler ~= nil then 131 return -- Don't do anything if custom auth handler registered 132 end 133 local auth_entry = core_auth.read(name) 134 if auth_entry ~= nil then 135 return 136 end 137 138 local name_lower = name:lower() 139 for k in core.builtin_auth_handler.iterate() do 140 if k:lower() == name_lower then 141 return string.format("\nCannot create new player called '%s'. ".. 142 "Another account called '%s' is already registered. ".. 143 "Please check the spelling if it's your account ".. 144 "or use a different nickname.", name, k) 145 end 146 end 147end) 148 149-- 150-- Authentication API 151-- 152 153function core.register_authentication_handler(handler) 154 if core.registered_auth_handler then 155 error("Add-on authentication handler already registered by "..core.registered_auth_handler_modname) 156 end 157 core.registered_auth_handler = handler 158 core.registered_auth_handler_modname = core.get_current_modname() 159 handler.mod_origin = core.registered_auth_handler_modname 160end 161 162function core.get_auth_handler() 163 return core.registered_auth_handler or core.builtin_auth_handler 164end 165 166local function auth_pass(name) 167 return function(...) 168 local auth_handler = core.get_auth_handler() 169 if auth_handler[name] then 170 return auth_handler[name](...) 171 end 172 return false 173 end 174end 175 176core.set_player_password = auth_pass("set_password") 177core.set_player_privs = auth_pass("set_privileges") 178core.remove_player_auth = auth_pass("delete_auth") 179core.auth_reload = auth_pass("reload") 180 181local record_login = auth_pass("record_login") 182core.register_on_joinplayer(function(player) 183 record_login(player:get_player_name()) 184end) 185