From a306f4b7c4b907cf8c0949a5034c502600852a27 Mon Sep 17 00:00:00 2001
From: AlexProgrammerDE <40795980+AlexProgrammerDE@users.noreply.github.com>
Date: Wed, 29 Jan 2025 14:39:03 +0100
Subject: [PATCH] Add excluded auth for login auth service

---
 proto/src/main/proto/soulfire/login.proto     | 40 +++++++++++
 .../server/grpc/JwtServerInterceptor.java     | 67 ++++++++++---------
 2 files changed, 76 insertions(+), 31 deletions(-)
 create mode 100644 proto/src/main/proto/soulfire/login.proto

diff --git a/proto/src/main/proto/soulfire/login.proto b/proto/src/main/proto/soulfire/login.proto
new file mode 100644
index 000000000..09329f8a6
--- /dev/null
+++ b/proto/src/main/proto/soulfire/login.proto
@@ -0,0 +1,40 @@
+syntax = "proto3";
+
+option java_package = "com.soulfiremc.grpc.generated";
+option java_multiple_files = true;
+
+package soulfire.v1;
+
+message LoginRequest {
+  string username = 1;
+}
+
+message NextAuthFlowResponse {
+  message EmailCode {
+    uint32 digits = 1;
+  }
+
+  message Success {
+    string token = 1;
+  }
+
+  message Failure {
+    string message = 1;
+  }
+
+  string authFlowToken = 1;
+  oneof next {
+    EmailCode email_code = 2;
+    Success success = 3;
+    Failure failure = 4;
+  }
+}
+
+message EmailCodeRequest {
+  repeated uint32 code = 1;
+}
+
+service LoginService {
+  rpc login(LoginRequest) returns (NextAuthFlowResponse);
+  rpc emailCode(EmailCodeRequest) returns (NextAuthFlowResponse);
+}
diff --git a/server/src/main/java/com/soulfiremc/server/grpc/JwtServerInterceptor.java b/server/src/main/java/com/soulfiremc/server/grpc/JwtServerInterceptor.java
index 32bd472b7..5134c275b 100644
--- a/server/src/main/java/com/soulfiremc/server/grpc/JwtServerInterceptor.java
+++ b/server/src/main/java/com/soulfiremc/server/grpc/JwtServerInterceptor.java
@@ -17,11 +17,14 @@
  */
 package com.soulfiremc.server.grpc;
 
+import com.soulfiremc.grpc.generated.LoginServiceGrpc;
 import com.soulfiremc.server.user.AuthSystem;
 import com.soulfiremc.server.util.RPCConstants;
 import io.grpc.*;
 import io.jsonwebtoken.*;
 
+import java.util.Objects;
+
 public class JwtServerInterceptor implements ServerInterceptor {
   private final JwtParser parser;
   private final AuthSystem authSystem;
@@ -36,40 +39,42 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(
     ServerCall<ReqT, RespT> serverCall,
     Metadata metadata,
     ServerCallHandler<ReqT, RespT> serverCallHandler) {
-    var value = metadata.get(RPCConstants.AUTHORIZATION_METADATA_KEY);
 
     var status = Status.OK;
-    if (value == null) {
-      status = Status.UNAUTHENTICATED.withDescription("Authorization token is missing");
-    } else if (!value.startsWith(RPCConstants.BEARER_TYPE)) {
-      status = Status.UNAUTHENTICATED.withDescription("Unknown authorization type");
-    } else {
-      Jws<Claims> claims = null;
-      // remove authorization type prefix
-      var token = value.substring(RPCConstants.BEARER_TYPE.length()).strip();
-      try {
-        // verify token signature and parse claims
-        claims = parser.parseSignedClaims(token);
-      } catch (JwtException e) {
-        status = Status.UNAUTHENTICATED.withDescription(e.getMessage()).withCause(e);
-      }
-      if (claims != null) {
-        var user = authSystem.authenticate(
-          claims.getPayload().getSubject(), claims.getPayload().getIssuedAt().toInstant());
+    if (!Objects.equals(serverCall.getMethodDescriptor().getServiceName(), LoginServiceGrpc.SERVICE_NAME)) {
+      var value = metadata.get(RPCConstants.AUTHORIZATION_METADATA_KEY);
+      if (value == null) {
+        status = Status.UNAUTHENTICATED.withDescription("Authorization token is missing");
+      } else if (!value.startsWith(RPCConstants.BEARER_TYPE)) {
+        status = Status.UNAUTHENTICATED.withDescription("Unknown authorization type");
+      } else {
+        Jws<Claims> claims = null;
+        // remove authorization type prefix
+        var token = value.substring(RPCConstants.BEARER_TYPE.length()).strip();
+        try {
+          // verify token signature and parse claims
+          claims = parser.parseSignedClaims(token);
+        } catch (JwtException e) {
+          status = Status.UNAUTHENTICATED.withDescription(e.getMessage()).withCause(e);
+        }
+        if (claims != null) {
+          var user = authSystem.authenticate(
+            claims.getPayload().getSubject(), claims.getPayload().getIssuedAt().toInstant());
 
-        if (user.isPresent()) {
-          // set client id into current context
-          return Contexts.interceptCall(
-            Context.current()
-              .withValue(
-                ServerRPCConstants.USER_CONTEXT_KEY,
-                user.get()),
-            serverCall,
-            metadata,
-            serverCallHandler
-          );
-        } else {
-          status = Status.UNAUTHENTICATED.withDescription("User not found");
+          if (user.isPresent()) {
+            // set client id into current context
+            return Contexts.interceptCall(
+              Context.current()
+                .withValue(
+                  ServerRPCConstants.USER_CONTEXT_KEY,
+                  user.get()),
+              serverCall,
+              metadata,
+              serverCallHandler
+            );
+          } else {
+            status = Status.UNAUTHENTICATED.withDescription("User not found");
+          }
         }
       }
     }