Fix missing animations for grain gathering for pikemen. is workarounds a bug in UnitA...
[0ad.git] / source / ps / ModIo.h
blob3bfd83c319538473ff76a1792c04c58a10d69314
1 /* Copyright (C) 2021 Wildfire Games.
3 * Permission is hereby granted, free of charge, to any person obtaining
4 * a copy of this software and associated documentation files (the
5 * "Software"), to deal in the Software without restriction, including
6 * without limitation the rights to use, copy, modify, merge, publish,
7 * distribute, sublicense, and/or sell copies of the Software, and to
8 * permit persons to whom the Software is furnished to do so, subject to
9 * the following conditions:
11 * The above copyright notice and this permission notice shall be included
12 * in all copies or substantial portions of the Software.
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
17 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
18 * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
19 * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
20 * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 #ifndef INCLUDED_MODIO
24 #define INCLUDED_MODIO
26 #include "lib/external_libraries/curl.h"
27 #include "lib/os_path.h"
28 #include "scriptinterface/ScriptForward.h"
30 #include <map>
31 #include <sodium.h>
32 #include <string>
33 #include <vector>
35 // TODO: Allocate instance of the below two using sodium_malloc?
36 struct PKStruct
38 unsigned char sig_alg[2] = {}; // == "Ed"
39 unsigned char keynum[8] = {}; // should match the keynum in the sigstruct, else this is the wrong key
40 unsigned char pk[crypto_sign_PUBLICKEYBYTES] = {};
43 struct SigStruct
45 unsigned char sig_alg[2] = {}; // "ED" (since we only support the hashed mode)
46 unsigned char keynum[8] = {}; // should match the keynum in the PKStruct
47 unsigned char sig[crypto_sign_BYTES] = {};
50 struct ModIoModData
52 std::map<std::string, std::string> properties;
53 std::vector<std::string> dependencies;
54 SigStruct sig;
57 enum class DownloadProgressStatus {
58 NONE, // Default state
59 GAMEID, // The game ID is being downloaded
60 READY, // The game ID has been downloaded
61 LISTING, // The mod list is being downloaded
62 LISTED, // The mod list has been downloaded
63 DOWNLOADING, // A mod file is being downloaded
64 SUCCESS, // A mod file has been downloaded
66 FAILED_GAMEID, // Game ID couldn't be retrieved
67 FAILED_LISTING, // Mod list couldn't be retrieved
68 FAILED_DOWNLOADING, // File couldn't be retrieved
69 FAILED_FILECHECK // The file is corrupted
72 struct DownloadProgressData
74 DownloadProgressStatus status;
75 double progress;
76 std::string error;
79 struct DownloadCallbackData;
81 /**
82 * mod.io API interfacing code.
84 * Overview
86 * This class interfaces with a remote API provider that returns a list of mod files.
87 * These can then be downloaded after some cursory checking of well-formedness of the returned
88 * metadata.
89 * Downloaded files are checked for well formedness by validating that they fit the size and hash
90 * indicated by the API, then we check if the file is actually signed by a trusted key, and only
91 * if all of that is success the file is actually possible to be loaded as a mod.
93 * Security considerations
95 * This both distrusts the loaded JS mods, and the API as much as possible.
96 * We do not want a malicious mod to use this to download arbitrary files, nor do we want the API
97 * to make us download something we have not verified.
98 * Therefore we only allow mods to download one of the mods returned by this class (using indices).
100 * This (mostly) necessitates parsing the API responses here, as opposed to in JS.
101 * One could alternatively parse the responses in a locked down JS context, but that would require
102 * storing that code in here, or making sure nobody can overwrite it. Also this would possibly make
103 * some of the needed accesses for downloading and verifying files a bit more complicated.
105 * Everything downloaded from the API has its signature verified against our public key.
106 * This is a requirement, as otherwise a compromise of the API would result in users installing
107 * possibly malicious files.
108 * So a compromised API can just serve old files that we signed, so in that case there would need
109 * to be an issue in that old file that was missed.
111 * To limit the extend to how old those files could be the signing key should be rotated
112 * regularly (e.g. every release). To allow old versions of the engine to still use the API
113 * files can be signed by both the old and the new key for some amount of time, that however
114 * only makes sense in case a mod is compatible with both engine versions.
116 * Note that this does not prevent all possible attacks a package manager/update system should
117 * defend against. This is intentionally not an update system since proper package managers already
118 * exist. However there is some possible overlap in attack vectors and these should be evalutated
119 * whether they apply and to what extend we can fix that on our side (or how to get the API provider
120 * to help us do so). For a list of some possible issues see:
121 * https://github.com/theupdateframework/specification/blob/master/tuf-spec.md
123 * The mod.io settings are also locked down such that only mods that have been authorized by us
124 * show up in API queries. This is both done so that all required information (dependencies)
125 * are stored for the files, and that only mods that have been checked for being ok are actually
126 * shown to users.
128 class ModIo
130 NONCOPYABLE(ModIo);
131 public:
132 ModIo();
133 ~ModIo();
135 // Async requests
136 void StartGetGameId();
137 void StartListMods();
138 void StartDownloadMod(u32 idx);
141 * Advance the current async request and perform final steps if the download is complete.
143 * @param scriptInterface used for parsing the data and possibly install the mod.
144 * @return true if the download is complete (successful or not), false otherwise.
146 bool AdvanceRequest(const ScriptInterface& scriptInterface);
149 * Cancel the current async request and clean things up
151 void CancelRequest();
153 const std::vector<ModIoModData>& GetMods() const
155 return m_ModData;
157 const DownloadProgressData& GetDownloadProgress() const
159 return m_DownloadProgressData;
162 private:
163 static size_t ReceiveCallback(void* buffer, size_t size, size_t nmemb, void* userp);
164 static size_t DownloadCallback(void* buffer, size_t size, size_t nmemb, void* userp);
165 static int DownloadProgressCallback(void* clientp, curl_off_t dltotal, curl_off_t dlnow, curl_off_t ultotal, curl_off_t ulnow);
167 CURLMcode SetupRequest(const std::string& url, bool fileDownload);
168 void TearDownRequest();
170 bool ParseGameId(const ScriptInterface& scriptInterface, std::string& err);
171 bool ParseMods(const ScriptInterface& scriptInterface, std::string& err);
173 void DeleteDownloadedFile();
174 bool VerifyDownloadedFile(std::string& err);
176 // Utility methods for parsing mod.io responses and metadata
177 static bool ParseGameIdResponse(const ScriptInterface& scriptInterface, const std::string& responseData, int& id, std::string& err);
178 static bool ParseModsResponse(const ScriptInterface& scriptInterface, const std::string& responseData, std::vector<ModIoModData>& modData, const PKStruct& pk, std::string& err);
179 static bool ParseSignature(const std::vector<std::string>& minisigs, SigStruct& sig, const PKStruct& pk, std::string& err);
181 // Url parts
182 std::string m_BaseUrl;
183 std::string m_GamesRequest;
184 std::string m_GameId;
186 // Query parameters
187 std::string m_ApiKey;
188 std::string m_IdQuery;
190 CURL* m_Curl;
191 CURLM* m_CurlMulti;
192 curl_slist* m_Headers;
193 char m_ErrorBuffer[CURL_ERROR_SIZE];
194 std::string m_ResponseData;
196 // Current mod download
197 int m_DownloadModID;
198 OsPath m_DownloadFilePath;
199 DownloadCallbackData* m_CallbackData;
200 DownloadProgressData m_DownloadProgressData;
202 PKStruct m_pk;
204 std::vector<ModIoModData> m_ModData;
206 friend class TestModIo;
209 extern ModIo* g_ModIo;
211 #endif // INCLUDED_MODIO