Use Node library for Google token validation

After lots of tries, the PHP code just couldn't be made to work...
2026-03-21 17:50:29 -05:00 · 2017-11-17 20:21:24 -05:00 · 2017-11-17 20:21:24 -05:00 · 2dc0f28e78
commit 2dc0f28e78
parent 090b3b67e2
3 changed files with 32 additions and 11 deletions
--- a/lib/dispatcher.lib.php
+++ b/lib/dispatcher.lib.php
@ -129,10 +129,14 @@ class DefaultActionHandler {
 		$challengeprefix = $dispatcher->verifyCrossDomainRequest();

 		if (!$_POST || empty($reqData['name']) || empty($reqData['pass'])) die();
-		$users->login($reqData['name'], $reqData['pass']);
+		try {
+			$users->login($reqData['name'], $reqData['pass']);
+		} catch (Exception $e) {
+			$out['error'] = $e->getMessage() . "\n" . $e->getFile() . '(' . $e->getLine() . ')' . "\n" . $e->getTraceAsString();
+		}
 		unset($curuser['userdata']);
 		$out['curuser'] = $curuser;
-		$out['actionsuccess'] = !!$curuser;
+		$out['actionsuccess'] = ($curuser ? $curuser['loggedin'] : false);
 		$serverhostname = '' . $dispatcher->getServerHostName(@$reqData['serverid']);
 		$challengekeyid = !isset($reqData['challengekeyid']) ? -1 : intval($reqData['challengekeyid']);
 		$challenge = !isset($reqData['challenge']) ? '' : $reqData['challenge'];
--- a/lib/ntbb-session.lib.php
+++ b/lib/ntbb-session.lib.php
@ -203,15 +203,9 @@ class NTBBSession {
 		}

 		if (substr(@$user['email'], -1) === '@') {
-			// Timezone determined to work at 7:30 PM CDT
-			// Timezones known to fail at various times: America/Chicago, America/New_York
-			date_default_timezone_set('UTC');
-			require_once dirname(__FILE__).'/../vendor/autoload.php';
-			$client = new Google_Client(['client_id' => $psconfig['gapi_clientid']]);
-			$payload = '';
-			try {
-				$payload = $client->verifyIdToken($pass);
-			} catch (Firebase\JWT\SignatureInvalidException $e) {}
+			// Forgive me, gods, for I have hardcoded way more than I really should have
+			$valResult = shell_exec("cd /var/www/html/play.pokemonshowdown.com && node lib/validate-token.js \"$pass\"");
+			$payload = json_decode($valResult, true);
 			if (!$payload) return false;
 			if (strpos($payload['aud'], $psconfig['gapi_clientid']) === false) return false;
 			if ($payload['email'] === substr($user['email'], 0, -1)) {
--- a/lib/validate-token.js
+++ b/lib/validate-token.js
@ -0,0 +1,23 @@
+#!/usr/bin/env node
+
+const GoogleAuth = require('google-auth-library');
+
+const CLIENT_ID = '912270888098-jjnre816lsuhc5clj3vbcn4o2q7p4qvk.apps.googleusercontent.com';
+
+const token = process.argv[2];
+
+var auth = new GoogleAuth;
+var client = new auth.OAuth2(CLIENT_ID, '', '');
+client.verifyIdToken(
+  token,
+  CLIENT_ID,
+  // Or, if multiple clients access the backend:
+  //[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3],
+  function(e, login) {
+    if (e) return console.log(e);
+    var payload = login.getPayload();
+    var userid = payload['sub'];
+    console.log(JSON.stringify(payload));
+    // If request specified a G Suite domain:
+    //var domain = payload['hd'];
+  });