Put torch/signlike node on floor if no paramtype2 (#11074)

[dragonfireclient.git] / builtin / game / auth.lua

-- Minetest: builtin/auth.lua

--
-- Builtin authentication handler
--

-- Make the auth object private, deny access to mods
local core_auth = core.auth
core.auth = nil

core.builtin_auth_handler = {
        get_auth = function(name)
                assert(type(name) == "string")
                local auth_entry = core_auth.read(name)
                -- If no such auth found, return nil
                if not auth_entry then
                        return nil
                end
                -- Figure out what privileges the player should have.
                -- Take a copy of the privilege table
                local privileges = {}
                for priv, _ in pairs(auth_entry.privileges) do
                        privileges[priv] = true
                end
                -- If singleplayer, give all privileges except those marked as give_to_singleplayer = false
                if core.is_singleplayer() then
                        for priv, def in pairs(core.registered_privileges) do
                                if def.give_to_singleplayer then
                                        privileges[priv] = true
                                end
                        end
                -- For the admin, give everything
                elseif name == core.settings:get("name") then
                        for priv, def in pairs(core.registered_privileges) do
                                if def.give_to_admin then
                                        privileges[priv] = true
                                end
                        end
                end
                -- All done
                return {
                        password = auth_entry.password,
                        privileges = privileges,
                        last_login = auth_entry.last_login,
                }
        end,
        create_auth = function(name, password)
                assert(type(name) == "string")
                assert(type(password) == "string")
                core.log('info', "Built-in authentication handler adding player '"..name.."'")
                return core_auth.create({
                        name = name,
                        password = password,
                        privileges = core.string_to_privs(core.settings:get("default_privs")),
                        last_login = -1,  -- Defer login time calculation until record_login (called by on_joinplayer)
                })
        end,
        delete_auth = function(name)
                assert(type(name) == "string")
                local auth_entry = core_auth.read(name)
                if not auth_entry then
                        return false
                end
                core.log('info', "Built-in authentication handler deleting player '"..name.."'")
                return core_auth.delete(name)
        end,
        set_password = function(name, password)
                assert(type(name) == "string")
                assert(type(password) == "string")
                local auth_entry = core_auth.read(name)
                if not auth_entry then
                        core.builtin_auth_handler.create_auth(name, password)
                else
                        core.log('info', "Built-in authentication handler setting password of player '"..name.."'")
                        auth_entry.password = password
                        core_auth.save(auth_entry)
                end
                return true
        end,
        set_privileges = function(name, privileges)
                assert(type(name) == "string")
                assert(type(privileges) == "table")
                local auth_entry = core_auth.read(name)
                if not auth_entry then
                        auth_entry = core.builtin_auth_handler.create_auth(name,
                                core.get_password_hash(name,
                                        core.settings:get("default_password")))
                end

                -- Run grant callbacks
                for priv, _ in pairs(privileges) do
                        if not auth_entry.privileges[priv] then
                                core.run_priv_callbacks(name, priv, nil, "grant")
                        end
                end

                -- Run revoke callbacks
                for priv, _ in pairs(auth_entry.privileges) do
                        if not privileges[priv] then
                                core.run_priv_callbacks(name, priv, nil, "revoke")
                        end
                end

                auth_entry.privileges = privileges
                core_auth.save(auth_entry)
                core.notify_authentication_modified(name)
        end,
        reload = function()
                core_auth.reload()
                return true
        end,
        record_login = function(name)
                assert(type(name) == "string")
                local auth_entry = core_auth.read(name)
                assert(auth_entry)
                auth_entry.last_login = os.time()
                core_auth.save(auth_entry)
        end,
        iterate = function()
                local names = {}
                local nameslist = core_auth.list_names()
                for k,v in pairs(nameslist) do
                        names[v] = true
                end
                return pairs(names)
        end,
}

core.register_on_prejoinplayer(function(name, ip)
        if core.registered_auth_handler ~= nil then
                return -- Don't do anything if custom auth handler registered
        end
        local auth_entry = core_auth.read(name)
        if auth_entry ~= nil then
                return
        end

        local name_lower = name:lower()
        for k in core.builtin_auth_handler.iterate() do
                if k:lower() == name_lower then
                        return string.format("\nCannot create new player called '%s'. "..
                                        "Another account called '%s' is already registered. "..
                                        "Please check the spelling if it's your account "..
                                        "or use a different nickname.", name, k)
                end
        end
end)

--
-- Authentication API
--

function core.register_authentication_handler(handler)
        if core.registered_auth_handler then
                error("Add-on authentication handler already registered by "..core.registered_auth_handler_modname)
        end
        core.registered_auth_handler = handler
        core.registered_auth_handler_modname = core.get_current_modname()
        handler.mod_origin = core.registered_auth_handler_modname
end

function core.get_auth_handler()
        return core.registered_auth_handler or core.builtin_auth_handler
end

local function auth_pass(name)
        return function(...)
                local auth_handler = core.get_auth_handler()
                if auth_handler[name] then
                        return auth_handler[name](...)
                end
                return false
        end
end

core.set_player_password = auth_pass("set_password")
core.set_player_privs    = auth_pass("set_privileges")
core.remove_player_auth  = auth_pass("delete_auth")
core.auth_reload         = auth_pass("reload")

local record_login = auth_pass("record_login")
core.register_on_joinplayer(function(player)
        record_login(player:get_player_name())
end)