From f4ca2531ae7658398ed2b0d19018117d3eae9bd6 Mon Sep 17 00:00:00 2001
From: Astrologies <superativeroblox@gmail.com>
Date: Wed, 1 Dec 2021 04:17:47 -0500
Subject: [PATCH] implement some webcontextmanager

---
 .../Dependencies/Web/WebContextManager.php    | 82 ++++++++++++++++---
 globals/config.php                            |  3 +-
 html/Game/AdminScript.php                     |  7 +-
 html/Game/ClientPresence.php                  |  7 +-
 html/Game/KillServer.php                      |  7 +-
 html/Game/RegisterServer.php                  |  7 +-
 html/Game/ServerPing.php                      |  7 +-
 html/asset/index.php                          |  4 +-
 .../RoleSets/PrivilegedSetUserRoleSetRank.php |  7 +-
 .../AbuseReport/InGameChatHandler.php         |  7 +-
 html_assetgame/Game/Badge/AwardBadge.php      |  7 +-
 html_assetgame/Game/Badge/HasBadge.php        |  7 +-
 html_assetgame/Game/Badge/IsBadgeDisabled.php |  7 +-
 html_assetgame/Game/BreakFriend.php           |  7 +-
 html_assetgame/Game/CreateFriend.php          |  7 +-
 html_gamepersistence/Persistence/set.php      |  7 +-
 .../GetAllowedMD5Hashes.php                   |  7 +-
 .../GetAllowedSecurityKeys.php                |  7 +-
 18 files changed, 167 insertions(+), 27 deletions(-)

diff --git a/globals/Dependencies/Web/WebContextManager.php b/globals/Dependencies/Web/WebContextManager.php
index daca1c8..8d0cc7c 100644
--- a/globals/Dependencies/Web/WebContextManager.php
+++ b/globals/Dependencies/Web/WebContextManager.php
@@ -1,8 +1,7 @@
 <?php
 
 namespace Alphaland\Web {
-
-    use Alphaland\Users\User;
+    
     use PDO;
 
     class WebContextManager
@@ -24,28 +23,91 @@ namespace Alphaland\Web {
             return false;
         }
 
+        public static function IsCurrentIpAddressWhitelisted()
+        {
+            $currentIp = WebContextManager::GetCurrentIPAddress();
+            $ipWhitelist = explode(";", $GLOBALS['ws']->webservice_whitelist);
+
+            return in_array($currentIp, $ipWhitelist);
+        }
+
         public static function CanBypassMaintenance()
         {
             // Wouldn't really be a bypass per say, but you know, reusing existing code is better than
             // copying already existing code.
             if (!WebContextManager::IsUnderMaintenance()) return true;
 
-            if (
-                !WebContextManager::$CurrentUser->IsAdministrator()
+            if (!$GLOBALS['user']->isAdmin()
                 && !WebContextManager::IsCurrentIpAddressWhitelisted()
             ) return false;
 
             return true;
         }
 
-        public static function IsCurrentIpAddressWhitelisted()
+        public static function GetRequestHeaders() 
         {
-            $currentIp = WebContextManager::GetCurrentIPAddress();
-            $ipWhitelist = []; // query from db
-
-            return in_array($currentIp, $ipWhitelist);
+            $headers = [];
+            foreach ($_SERVER as $name => $value) {
+                if (substr($name, 0, 5) == 'HTTP_') {
+                    $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
+                }
+            }
+            return $headers;
         }
 
-        public static $CurrentUser = new User();
+        public static function VerifyAccessKeyHeader()
+        {   
+            $headers = WebContextManager::GetRequestHeaders();
+            $accesskey = $headers['Accesskey'];
+        
+            if (!empty($accesskey))
+            {
+                if(WebContextManager::IsCurrentIpAddressWhitelisted())
+                {
+                    if($accesskey == $GLOBALS['ws']->webservice_key)
+                    {
+                        return true;
+                    }
+                }
+            }
+            return false;
+        }
+
+        public static function IsCloudflareHttps() 
+        {
+            return isset($_SERVER['HTTPS']) ||
+                ($visitor = json_decode($_SERVER['HTTP_CF_VISITOR'])) &&
+                    $visitor->scheme == 'https';
+        }
+        
+        public static function ForceHttpsCloudflare() 
+        {
+            if(!is_https_cloudflare()) {
+                header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
+                exit();
+            }
+        }
+
+        public static function HttpGetPing($url, $timeout) //to see if a URL times out
+        {
+            $curl_do = curl_init(); 
+            curl_setopt($curl_do, CURLOPT_URL,          	      $url);   
+            curl_setopt($curl_do, CURLOPT_RETURNTRANSFER,         true);
+            curl_setopt($curl_do, CURLOPT_CONNECTTIMEOUT_MS,$timeout); 
+            curl_setopt($curl_do, CURLOPT_TIMEOUT_MS,       $timeout); 
+            curl_setopt($curl_do, CURLOPT_SSL_VERIFYPEER,        false);  
+            curl_setopt($curl_do, CURLOPT_SSL_VERIFYHOST,        false); 
+            curl_setopt($curl_do, CURLOPT_POST,                  false ); 
+            curl_setopt($curl_do, CURLOPT_HEADER, 1);
+            
+            $result = curl_exec($curl_do);
+            
+            curl_close($curl_do);
+            
+            if ($result) {
+                return true;
+            }
+            return false;
+        }
     }
 }
diff --git a/globals/config.php b/globals/config.php
index 66ee142..12e572f 100644
--- a/globals/config.php
+++ b/globals/config.php
@@ -94,12 +94,13 @@ try
 	//autoloader include
 	require 'C:\Users\Administrator\vendor\autoload.php';
 	
-	//alphaland specfic dependencies
+	//alphaland specfic dependencies (listing manually for now due to active rewrite of stuff)
 	include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Users/Activation.php";
 	include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Users/TwoFactor.php";
 	include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Moderation/UserModerationManager.php";
 	include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Common/HashingUtiltity.php";
 	include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Web/IpRange.php";
+	include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Web/WebContextManager.php";
 
 	//authenticator 
 	$authenticator = new PHPGangsta_GoogleAuthenticator();
diff --git a/html/Game/AdminScript.php b/html/Game/AdminScript.php
index 5b36545..3eb2a86 100644
--- a/html/Game/AdminScript.php
+++ b/html/Game/AdminScript.php
@@ -2,7 +2,12 @@
 
 //stuff for staff will be handled here
 
-RCCHeaderEnvironment(); //secure for RCC access only
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 /*
 local GUI = Instance.new("BillboardGui")
diff --git a/html/Game/ClientPresence.php b/html/Game/ClientPresence.php
index e79068a..ff92f4e 100644
--- a/html/Game/ClientPresence.php
+++ b/html/Game/ClientPresence.php
@@ -2,7 +2,12 @@
 
 //the design choice here was to tie in clientpresence with recently played and visits and make it fully server-sided besides the client pings
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $action = (string)$_GET['action'];
 $userid = (int)$_GET['UserID'];
diff --git a/html/Game/KillServer.php b/html/Game/KillServer.php
index c35cd10..49a6b39 100644
--- a/html/Game/KillServer.php
+++ b/html/Game/KillServer.php
@@ -1,5 +1,10 @@
 <?php
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $jobID = (string)$_GET['jobid'];
 
diff --git a/html/Game/RegisterServer.php b/html/Game/RegisterServer.php
index c5580eb..ba2a52e 100644
--- a/html/Game/RegisterServer.php
+++ b/html/Game/RegisterServer.php
@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $jobid = (string)$_GET['jobId'];
 
diff --git a/html/Game/ServerPing.php b/html/Game/ServerPing.php
index 9839fff..73afcf7 100644
--- a/html/Game/ServerPing.php
+++ b/html/Game/ServerPing.php
@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $placeid = (int)$_GET['PlaceID'];
 $jobid = (string)$_GET['JobID'];
diff --git a/html/asset/index.php b/html/asset/index.php
index 83e5e66..1f2e4c1 100644
--- a/html/asset/index.php
+++ b/html/asset/index.php
@@ -1,5 +1,7 @@
 <?php
 
+use Alphaland\Web\WebContextManager;
+
 header("Cache-Control: no-cache");
 header("Pragma: no-cache");
 header("Expires: -1");
@@ -42,7 +44,7 @@ if ($id)
 	{
 		if (isAssetApproved($id) and !isAssetModerated($id)) //if the asset is approved and not moderated
 		{
-			if (RCCHeaderEnvironment(true)) //immediately allow full access (passing true disables die() and returns true or false)
+			if (WebContextManager::VerifyAccessKeyHeader()) //immediately allow full access (passing true disables die() and returns true or false)
 			{
 				ReturnAsset($iteminfo->Hash, $iteminfo->AssetTypeId);
 			}
diff --git a/html_api/RoleSets/PrivilegedSetUserRoleSetRank.php b/html_api/RoleSets/PrivilegedSetUserRoleSetRank.php
index 1af4963..803a8c8 100644
--- a/html_api/RoleSets/PrivilegedSetUserRoleSetRank.php
+++ b/html_api/RoleSets/PrivilegedSetUserRoleSetRank.php
@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment(); //we dont want people to change ranks, restrict this to rcc
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 /*
 Alphaland 2021 
diff --git a/html_api/moderation/AbuseReport/InGameChatHandler.php b/html_api/moderation/AbuseReport/InGameChatHandler.php
index bfe5db2..cd72277 100644
--- a/html_api/moderation/AbuseReport/InGameChatHandler.php
+++ b/html_api/moderation/AbuseReport/InGameChatHandler.php
@@ -5,7 +5,12 @@
     Abuse reports
 */
 
-RCCHeaderEnvironment(); //secure access RCC only
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $xml = file_get_contents('php://input');
 
diff --git a/html_assetgame/Game/Badge/AwardBadge.php b/html_assetgame/Game/Badge/AwardBadge.php
index 367a4f1..aa2ba39 100644
--- a/html_assetgame/Game/Badge/AwardBadge.php
+++ b/html_assetgame/Game/Badge/AwardBadge.php
@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $userid = $_GET['UserID'];
 $badgeid = $_GET['BadgeID'];
diff --git a/html_assetgame/Game/Badge/HasBadge.php b/html_assetgame/Game/Badge/HasBadge.php
index 876b868..2a55325 100644
--- a/html_assetgame/Game/Badge/HasBadge.php
+++ b/html_assetgame/Game/Badge/HasBadge.php
@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $userid = $_GET['UserID'];
 $badgeid = $_GET['BadgeID'];
diff --git a/html_assetgame/Game/Badge/IsBadgeDisabled.php b/html_assetgame/Game/Badge/IsBadgeDisabled.php
index 124287d..b1b44f6 100644
--- a/html_assetgame/Game/Badge/IsBadgeDisabled.php
+++ b/html_assetgame/Game/Badge/IsBadgeDisabled.php
@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $badgeid = $_GET['BadgeID'];
 $placeid = $_GET['PlaceID'];
diff --git a/html_assetgame/Game/BreakFriend.php b/html_assetgame/Game/BreakFriend.php
index f9fc69d..e8897c2 100644
--- a/html_assetgame/Game/BreakFriend.php
+++ b/html_assetgame/Game/BreakFriend.php
@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $firstuser = $_GET['firstUserId'];
 $seconduser = $_GET['secondUserId'];
diff --git a/html_assetgame/Game/CreateFriend.php b/html_assetgame/Game/CreateFriend.php
index b45bda8..a295634 100644
--- a/html_assetgame/Game/CreateFriend.php
+++ b/html_assetgame/Game/CreateFriend.php
@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $firstuser = $_GET['firstUserId'];
 $seconduser = $_GET['secondUserId'];
diff --git a/html_gamepersistence/Persistence/set.php b/html_gamepersistence/Persistence/set.php
index 7c5a0b4..5b4d009 100644
--- a/html_gamepersistence/Persistence/set.php
+++ b/html_gamepersistence/Persistence/set.php
@@ -1,7 +1,12 @@
 <?php
 header("Content-Type: application/json");
 
-RCCHeaderEnvironment(); //since this is only meant to be used from rcc, we check for the whitelisted IP and the accesskey header. If valid, we continue
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 if(isset($_SERVER["HTTP_CF_CONNECTING_IP"]))
 {
diff --git a/html_versioncompatibility/GetAllowedMD5Hashes.php b/html_versioncompatibility/GetAllowedMD5Hashes.php
index 0b5f71c..3f90673 100644
--- a/html_versioncompatibility/GetAllowedMD5Hashes.php
+++ b/html_versioncompatibility/GetAllowedMD5Hashes.php
@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 header('Content-Type: application/json');
 
diff --git a/html_versioncompatibility/GetAllowedSecurityKeys.php b/html_versioncompatibility/GetAllowedSecurityKeys.php
index 91a043f..4d3ca6a 100644
--- a/html_versioncompatibility/GetAllowedSecurityKeys.php
+++ b/html_versioncompatibility/GetAllowedSecurityKeys.php
@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 header('Content-Type: application/json');