summaryrefslogtreecommitdiff
path: root/Game/Lobby/Server/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'Game/Lobby/Server/index.php')
-rw-r--r--Game/Lobby/Server/index.php56
1 files changed, 36 insertions, 20 deletions
diff --git a/Game/Lobby/Server/index.php b/Game/Lobby/Server/index.php
index 16be3ef..ae734a6 100644
--- a/Game/Lobby/Server/index.php
+++ b/Game/Lobby/Server/index.php
@@ -2,9 +2,11 @@
/*
* Routes:
- * /host ?host&port=$port&name=$name
- * /get-list ?get-list
- * /join ?join=$id
+ * /host ?port=$port&name=$name
+ * /get-list ?
+ * /join ?id=$id
+ * /close ?id=$id
+ * /keep-alive ?id=$id
*/
$dbname = $_ENV['DB_NAME'] ?? 'db';
@@ -24,7 +26,8 @@ if (php_sapi_name() == 'cli') {
port integer,
creation_time integer,
ping_time integer,
- name text
+ name text,
+ secret text
);
SQL)
->execute();
@@ -33,14 +36,19 @@ if (php_sapi_name() == 'cli') {
return;
}
-$inputPost = json_decode(file_get_contents('php://input'), true);
-if ($inputPost) {
- $_POST = $inputPost + $_POST;
+$url = parse_url("$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
+$method = $_SERVER['REQUEST_METHOD'];
+
+if ($method == 'POST') {
+ $inputPost = json_decode(file_get_contents('php://input'), true);
+ if ($inputPost) {
+ $_POST = $inputPost + $_POST;
+ }
}
$response = [];
-if (isset($_POST['host'])) {
+if ($method == 'POST' && $url['path'] == '/host') {
$ip = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP);
if ($ip === false) {
@@ -54,9 +62,10 @@ if (isset($_POST['host'])) {
$port = intval($_POST['port']);
$name = $_POST['name'];
$id = md5($name . time());
+ $secret = md5($id . random_bytes($port));
$success = $db->prepare(<<<SQL
- insert or replace into games (id, ip, port, creation_time, ping_time, name) values (:id, :ip, :port, :timestamp, :timestamp, :name)
+ insert or replace into games (id, ip, port, creation_time, ping_time, name, secret) values (:id, :ip, :port, :timestamp, :timestamp, :name, :secret)
SQL)
->execute([
'id' => $id,
@@ -64,13 +73,16 @@ if (isset($_POST['host'])) {
'port' => $port,
'timestamp' => time(),
'name' => $name,
+ 'secret' => $secret,
]);
-
if ($success) {
$response = [
'success' => $success,
- 'data' => $id,
+ 'data' => [
+ 'id' => $id,
+ 'secret' => $secret,
+ ],
];
} else {
$response = [
@@ -81,7 +93,7 @@ if (isset($_POST['host'])) {
}
}
-else if (isset($_GET['get-list'])) {
+else if ($method == 'GET' && $url['path'] == '/get-list') {
$statement = $db->prepare(<<<SQL
select id, name from games
where ping_time > :comparison_time
@@ -105,8 +117,8 @@ else if (isset($_GET['get-list'])) {
];
}
-else if (isset($_GET['join'])) {
- $id = $_GET['join'];
+else if ($method == 'GET' && $url['path'] == '/join') {
+ $id = $_GET['id'];
$statement = $db->prepare(<<<SQL
select ip, port from games
@@ -136,14 +148,16 @@ else if (isset($_GET['join'])) {
}
}
-else if (isset($_POST['close'])) {
- $id = $_POST['close'];
+else if ($method == 'POST' && $url['path'] == '/close') {
+ $id = $_POST['id'];
+ $secret = $_POST['secret'];
$success = $db->prepare(<<<SQL
- delete from games where id = :id
+ delete from games where id = :id and secret = :secret
SQL)
->execute([
'id' => $id,
+ 'secret' => $secret,
]);
$response = [
@@ -151,14 +165,16 @@ else if (isset($_POST['close'])) {
];
}
-else if (isset($_POST['keep-alive'])) {
- $id = $_POST['keep-alive'];
+else if ($method == 'POST' && $url['path'] == '/keep-alive') {
+ $id = $_POST['id'];
+ $secret = $_POST['secret'];
$success = $db->prepare(<<<SQL
- update games set ping_time = :ping_time where id = :id
+ update games set ping_time = :ping_time where id = :id and secret = :secret
SQL)
->execute([
'id' => $id,
+ 'secret' => $secret,
'ping_time' => time(),
]);