Merge pull request #28 from Taraman17/dev

Merge HTTP Authentication

#22

README.MD

@@ -6,18 +6,23 @@ It exposes control of your server and shell functions to the internet. Although
 I strongly adivise to use secure connections to prevent possible man-in-the-middle attacks.
 
 ## NOTE:
-Release 0.8 changed the API end Points to facilitate versioning of the API.
-The old Endpoints will be available for some time to allow for a transition time. I expect to remove them with Version 1.0.
+Release 1.0 changed structure of the code to enable further development.
+See below for changes.
 
 ### Breaking changes:
-- mapchange completed reporting via websocket will be changed to the standard command status reporting. See below for details.
-- control?action=status is deprecated. use /control/runningstatus & /control/rconauthstatus instead.
+- Config logic has been separated from configClass - make sure to backup your config! You can copy the config part from the old file to the new "./config.js"
+- steam account used for updating the server has been deleted from the config - it has to go in your update-Script.
+- login code has been seperated from the api calls. New location is "http://<your-servers-address>:<your-port>/csgoapi/login" ISO "http://<your-servers-address>:<your-port>/csgoapi/v1.0/login"
 
 ## Install
 download the script files to and install the dependencies for nodejs
 ```console
 npm install --save rcon-srcds srcds-log-receiver local-ip express express-session express-rate-limit cors passport passport-steam node-pty ws winston winston-daily-rotate-file
 ```
+If you want to use http authentication, add
+```console
+npm install --save passport-http
+```
 
 ## Configuration
 The CS:GO Server must be configured to send logs to the local IP (not 127.0.0.1): on port 9871
@@ -54,16 +59,16 @@ For better readability, $.get() is used in the following examples
 
 ### Login / Logout
 ```javascript
-$.get('http://<your-servers-address>:<your-port>/csgoapi/v1.0/login')
-$.get('http://<your-servers-address>:<your-port>/csgoapi/v1.0/logout')
-$.get('http://<your-servers-address>:<your-port>/csgoapi/v1.0/loginStatus')
+$.get('http://<your-servers-address>:<your-port>/csgoapi/login')
+$.get('http://<your-servers-address>:<your-port>/csgoapi/logout')
+$.get('http://<your-servers-address>:<your-port>/csgoapi/loginStatus')
 ```
 
-For Authentication the API redirects to the Steam login page by calling '/csgoapi/v1.0/login'
-After authentication there, it will return to '/csgoapi/v1.0/loginStatus' by default, returning { "login": true/false }.
+For Authentication the API redirects to the Steam login page by calling '/csgoapi/login'
+After authentication there, it will return to '/csgoapi/loginStatus' by default, returning { "login": true/false }.
 If you use the API in a web interface, you can set 'redirectPage' in the config to your startPage (e.g. http://your-webserver/index.html) This way, you can call up the login page and then be returned to your web application after you got the session cookie in your browser.
 
-If you want to have a manual logout in your client, call '/csgoapi/v1.0/logout', which will redirect to '/csgoapi/v1.0/loginStatus' to confirm the success.
+If you want to have a manual logout in your client, call '/csgoapi/logout', which will redirect to '/csgoapi/loginStatus' to confirm the success.
 
 ### Map filtering
 Filters are used to limit the maps that are transmitted to clients with the serverInfo. Filtering here consists of filter strings and a filter type. The strings are matched as parts against the maps filenames. 'cs_' would match all hostage rescue maps, 'dust' would match all maps that have dust in their names (de_dust2, de_dust, etc.).
@@ -146,12 +151,20 @@ UpdateProgress looks as follows:
 ```javascript
 { "type": "updateProgress", "payload": { "step": <string>, "progress": <int> } }
 ```
+## Api calls with http authentication
+For stateless API-Calls via command line or other automatic tools the http basic authentication can be activated in the config with
+```
+"httpAuth": true,
+"httpUser": { "username": "", "password": "" },
+```
+For now, only one user can be specified.
 
-mapchange message (deprecated, do not use anymore):
-```javascript
-{ "type": "mapchange", "payload": { "success": true/false }
+**If you enable this option, you should use https to avoid sending of paswords in the clear.**
+
+The interface is:
+```
+http://<your-servers-address>:<your-port>/csgoapi/http/v1.0/...
 ```
-false is sent after a 30 sec. timeout when no "Started map" log has been received.
 
 ## Example
 An example of a webinterface is available in the folder "example"

config.js

@@ -1,166 +1,77 @@
-/**
- * Config class for CSGO Server API
- */
-module.exports = class config {
-    constructor () {
-        this._userOptions = {
-            // Network interface over which the server is communicating. We set this and not the 
-            // IP-address, in case the server is using DHCP in a LAN and not a static address.
-            'iface': 'eth0',
-            // Hostname of the machine, this script runs on (e.g.: yourdomain.org).
-            // Leave empty if you use the IP of iface.
-            'host': '',
-            // steam serverToken. To get one see https://steamcommunity.com/dev/managegameservers
-            'serverToken': '<token>',
-            // Well, the rcon password...
-            'rconPass': 'YourRconPass',
-            // SteamID64 of Users who are allowed to control the server. For info on SteamID64 see:
-            // https://steamcommunity.com/discussions/forum/1/364039785160857002/
-            'admins': [],
-            // The Page the client is redirected to after login - see README for more info.
-            'redirectPage': '/loginStatus',
-            // Time in minutes, after which a new login is needed.
-            'loginValidity': 300,
-            // Port, the webserver for API calls listens on.
-            'apiPort': 8090,
-            // Set to true if you use Websockets for status updates.
-            'webSockets': false,
-            // Port, the websocket is listening on.
-            'socketPort': 8091,
-            // https settings
-            'useHttps': false,
-            // Optional: If you use https, add the path to the certificate files here.
-            'httpsCertificate': '',
-            'httpsPrivateKey': '',
-            // Optional: In case your CA is not trusted by default (e.g. letsencrypt), you can add 
-            // the CA-Cert here.
-            'httpsCa': '',
-            // CORS origin setting. '*' is not allowed since login credentials are sent with requests.
-            // For possible values see:
-            // https://expressjs.com/en/resources/middleware/cors.html#configuration-options
-            'corsOrigin': 'localhost',
-            // Change this to any string of your liking to make it harder for attackers to profile your cookies.
-            'sessionSecret': 'nodejs-csgo-api',
-            // The folder, where your srcds_run is located.
-            'csgoDir': '/home/csgo/csgo_ds',
-            // Anything you want your server command line to have additional to:
-            //   -game csgo -console -usercon +sv_setsteamaccount
-            'csgoOptionalArgs': '-insecure +sv_lan 1 +sv_pure 0 -ip 0.0.0.0 +mapgroup mg_all',
-            // The path to screen.
-            'screen': '/usr/bin/screen',
-            // The name screen will give the process (no spaces allowed).
-            'screenName': 'csgoServer',
-            // The screen Logfile where the console output of screen and the server will be logged.
-            // New logs are appended, so you may need to delete or rotate this log periodically.
-            'screenLog': '/home/csgo/screen.log',
-            // Path to steamcmd, can stay like this if installed via package manager.
-            'steamExe': 'steamcmd',
-            // Steam Account to update the server with steamcmd.
-            'steamAccount': '<username> <password>',
-            // Script to pass into steamcmd to update.
-            // See https://steamcommunity.com/discussions/forum/1/492379159713970561/ for more info.
-            'updateScript': '/home/csgo/update_csgo.txt',
-            // Scripts to run on various events. Use absolute path.
-            'logStartScript': '',
-            'mapStartScript': '',
-            'matchStartScript': '',
-            'roundStartScript': '',
-            'roundEndScript': '',
-            'matchEndScript': '',
-            //'mapEndScript': '', // For the moment I have no definite way to sense the end of map.
-            'logEndScript': '',
-            // Logfile for API
-            'logFile': './logs/csgoapi',
-            // logLevel for API-Logfiles. In case 'debug' is set, logs will also be written to console.
-            'logLevel': 'http',
-            // how many Days should logfiles be kept?
-            'logDays': '14'
-        };
-
-        this.screenCommand = `${this._userOptions.screen} -L -Logfile ${this._userOptions.screenLog} -dmS ${this._userOptions.screenName}`;
-        this.csgoCommand = `${this._userOptions.csgoDir}/srcds_run`;
-        this.csgoArgs = `-game csgo -console -usercon +sv_setsteamaccount ${this._userOptions.serverToken} ${this._userOptions.csgoOptionalArgs}`;
-    }
-
-    get rconPass() {
-        return this._userOptions.rconPass;
-    }
-
-    get admins() {
-        return this._userOptions.admins;
-    }
-
-    get redirectPage() {
-        return this._userOptions.redirectPage;
-    }
-
-    get loginValidity() {
-        return this._userOptions.loginValidity * 60000;
-    }
-
-    get iface() {
-        return this._userOptions.iface;
-    }
-
-    get host() {
-        return this._userOptions.host;
-    }
-
-    get apiPort(){
-        return this._userOptions.apiPort;
-    }
-    get socketPort(){
-        return this._userOptions.socketPort;
-    }
-
-    get serverCommandline() {
-        return `${this.screenCommand} ${this.csgoCommand} ${this.csgoArgs}`;
-    }
-    get updateCommand() {
-        return this._userOptions.steamExe
-    }
-    get updateArguments() {
-        return [`+login ${this._userOptions.steamAccount}`,
-                `+runscript ${this._userOptions.updateScript}`];
-    }
-
-    get webSockets() {
-        return this._userOptions.webSockets;
-    }
-    get useHttps() {
-        return this._userOptions.useHttps;
-    }
-    get scheme() {
-        return (this._userOptions.useHttps ? 'https' : 'http');
-    }
-    get httpsCertificate() {
-        return this._userOptions.httpsCertificate;
-    }
-    get httpsPrivateKey() {
-        return this._userOptions.httpsPrivateKey;
-    }
-    get httpsCa() {
-        return this._userOptions.httpsCa;
-    }
-
-    get corsOrigin() {
-        return this._userOptions.corsOrigin;
-    }
-    get sessionSecret() {
-        return this._userOptions.sessionSecret;
-    }
-
-    script(type) {
-        return this._userOptions[`${type}Script`];
-    }
-
-    get logFile() {
-        return this._userOptions.logFile;
-    }
-    get logLevel() {
-        return this._userOptions.logLevel;
-    }
-    get logDays() {
-        return this._userOptions.logDays;
-    }
+var config = {
+    // Network interface over which the server is communicating. We set this and not the 
+    // IP-address, in case the server is using DHCP in a LAN and not a static address.
+    "iface": "eth0",
+    // Hostname of the machine, this script runs on (e.g.: yourdomain.org).
+    // Leave empty if you use the IP of iface.
+    "host": "",
+    // steam serverToken. To get one see https://steamcommunity.com/dev/managegameservers
+    "serverToken": "<token>",
+    // Well, the rcon password...
+    "rconPass": "YourRconPass",
+    // SteamID64 of Users who are allowed to control the server. For info on SteamID64 see:
+    // https://steamcommunity.com/discussions/forum/1/364039785160857002/
+    "admins": [],
+    // The Page the client is redirected to after login - see README for more info.
+    "redirectPage": "/loginStatus",
+    // Time in minutes, after which a new login is needed.
+    "loginValidity": 300,
+    // Use http authentication [true/false]
+    "httpAuth": false,
+    // User for digest Authentication. Password needs to be hashed with TBD
+    "httpUser": { "username": "", "password": "" },
+    // Port, the webserver for API calls listens on.
+    "apiPort": 8090,
+    // Set to true if you use Websockets for status updates.
+    "webSockets": false,
+    // Port, the websocket is listening on.
+    "socketPort": 8091,
+    // https settings
+    "useHttps": false,
+    // Optional: If you use https, add the path to the certificate files here.
+    "httpsCertificate": "",
+    "httpsPrivateKey": "",
+    // Optional: In case your CA is not trusted by default (e.g. letsencrypt), you can add 
+    // the CA-Cert here.
+    "httpsCa": "",
+    // CORS origin setting. "*" is not allowed since login credentials are sent with requests.
+    // For possible values see:
+    // https://expressjs.com/en/resources/middleware/cors.html#configuration-options
+    "corsOrigin": "localhost",
+    // Change this to any string of your liking to make it harder for attackers to profile your cookies.
+    "sessionSecret": "nodejs-csgo-api",
+    // The folder, where your srcds_run is located.
+    "csgoDir": "/home/csgo/csgo_ds",
+    // Anything you want your server command line to have additional to:
+    //   -game csgo -console -usercon +sv_setsteamaccount
+    "csgoOptionalArgs": "-insecure +sv_lan 1 +sv_pure 0 -ip 0.0.0.0 +mapgroup mg_all",
+    // The path to screen.
+    "screen": "/usr/bin/screen",
+    // The name screen will give the process (no spaces allowed).
+    "screenName": "csgoServer",
+    // The screen Logfile where the console output of screen and the server will be logged.
+    // New logs are appended, so you may need to delete or rotate this log periodically.
+    "screenLog": "/home/csgo/screen.log",
+    // Path to steamcmd, can stay like this if installed via package manager.
+    "steamExe": "steamcmd",
+    // Script to pass into steamcmd to update.
+    // See https://developer.valvesoftware.com/wiki/SteamCMD under heading "Automating SteamCMD" for more info.
+    "updateScript": "/home/csgo/update_csgo.txt",
+    // Scripts to run on various events. Use absolute path.
+    "logStartScript": "",
+    "mapStartScript": "",
+    "matchStartScript": "",
+    "roundStartScript": "",
+    "roundEndScript": "",
+    "matchEndScript": "",
+    //"mapEndScript": "", // For the moment I have no definite way to sense the end of map.
+    "logEndScript": "",
+    // Logfile for API
+    "logFile": "./logs/csgoapi",
+    // logLevel for API-Logfiles. In case "debug" is set, logs will also be written to console.
+    "logLevel": "http",
+    // how many Days should logfiles be kept?
+    "logDays": "14"
 };
+
+module.exports = config;