Example #1
0
        def anticheat_boot(clientName, banNotif):
            log.info("Account ID {} tried to use {}!".format(
                userID, clientName))

            def webhook_time(restrict=False):
                webhook = aobaHelper.Webhook(
                    glob.conf.config["discord"]["anticheat"],
                    color=0xadd8e6,
                    footer="Man... this is worst player. [ Login Gate AC ]")
                webhook.set_title(
                    title="Catched some cheater Account ID {}".format(userID))
                if restrict:
                    webhook.set_desc(
                        f' tried to use {clientName} and got restricted!')
                else:
                    webhook.set_desc(f' tried to use {clientName}!')
                log.info("Sent to webhook {} DONE!!".format(
                    glob.conf.config["discord"]["enable"]))
                webhook.post()

            if responseToken.admin:
                responseToken.enqueue(
                    serverPackets.notification(
                        "Kamu ngapain pake {}? stress.".format(clientName)))
            elif userUtils.isRestricted(userID):
                responseToken.enqueue(serverPackets.notification(banNotif))
                #if glob.conf.config["discord"]["enable"] == True:
                webhook_time()
            else:
                glob.tokens.deleteToken(userID)
                userUtils.restrict(userID)
                #if glob.conf.config["discord"]["enable"] == True:
                webhook_time(restrict=True)
                raise exceptions.loginCheatClientsException()
            pass
Example #2
0
    def checkRestricted(self):
        """
		Check if this token is restricted. If so, send fokabot message

		:return:
		"""
        oldRestricted = self.restricted
        self.restricted = userUtils.isRestricted(self.userID)
        if self.restricted:
            self.setRestricted()
        elif not self.restricted and oldRestricted != self.restricted:
            self.resetRestricted()
Example #3
0
    def asyncGet(self) -> None:
        if not requestsManager.checkArguments(self.request.arguments,
                                              ('us', 'ha', 'b')):
            self.write("-3")
            return

        username: Optional[str] = self.get_argument("us", None)
        userID: int = userUtils.getID(username)

        if not userUtils.checkLogin(userID, self.get_argument("ha", None),
                                    self.getRequestIP()):
            self.write("-3")
            return

        # Get beatmap_id™ argument
        b = self.get_argument("b", None)

        if (b.startswith('a') and not userUtils.isRestricted(userID)):
            flags = int(b[1:]) if b[1:].isdigit() else None
            if not flags:
                self.write("-3")
                return

            readable: list[str] = []
            if flags & 1 << 0: readable.append("[1] osu! run with -ld")
            if flags & 1 << 1: readable.append("[2] osu! has a console open")
            if flags & 1 << 2:
                readable.append("[4] osu! has extra threads running")
            if flags & 1 << 3: readable.append("[8] osu! is hqosu! (check #1)")
            if flags & 1 << 4:
                readable.append("[16] osu! is hqosu! (check #2)")
            if flags & 1 << 5:
                readable.append(
                    "[32] osu! has special launch settings in registry (probably relife)"
                )
            if flags & 1 << 6: readable.append("[64] AQN is loaded (check #1)")
            if flags & 1 << 7:
                readable.append("[128] AQN is loaded (check #2)")
            if flags & 1 << 8:
                readable.append(
                    "[256] notify_1 was run while out of the editor (AQN sound on program open)"
                )

            # Send our webhook to Discord.
            log.warning('\n\n'.join([
                f'[{username}](https://eggradio.tk/u/{userID}) sent flags **{b}**',
                '**Breakdown**\n' + '\n'.join(readable),
            ]),
                        discord='ac')

        self.write("-3")
Example #4
0
def handle(tornadoRequest):
	# Data to return
	responseToken = None
	responseTokenString = "ayy"
	responseData = bytes()

	# Get IP from tornado request
	requestIP = tornadoRequest.getRequestIP()

	# Avoid exceptions
	clientData = ["unknown", "unknown", "unknown", "unknown", "unknown"]
	osuVersion = "unknown"

	# Split POST body so we can get username/password/hardware data
	# 2:-3 thing is because requestData has some escape stuff that we don't need
	loginData = str(tornadoRequest.request.body)[2:-3].split("\\n")
	try:
		# Make sure loginData is valid
		if len(loginData) < 3:
			raise exceptions.invalidArgumentsException()

		# Get HWID, MAC address and more
		# Structure (new line = "|", already split)
		# [0] osu! version
		# [1] plain mac addressed, separated by "."
		# [2] mac addresses hash set
		# [3] unique ID
		# [4] disk ID
		splitData = loginData[2].split("|")
		osuVersion = splitData[0]
		timeOffset = int(splitData[1])
		clientData = splitData[3].split(":")[:5]
		if len(clientData) < 4:
			raise exceptions.forceUpdateException()

		# Try to get the ID from username
		username = str(loginData[0])
		userID = userUtils.getID(username)

		if not userID:
			# Invalid username
			raise exceptions.loginFailedException()
		if not userUtils.checkLogin(userID, loginData[1]):
			# Invalid password
			raise exceptions.loginFailedException()

		# Make sure we are not banned or locked
		priv = userUtils.getPrivileges(userID)
		if userUtils.isBanned(userID) and priv & privileges.USER_PENDING_VERIFICATION == 0:
			raise exceptions.loginBannedException()
		if userUtils.isLocked(userID) and priv & privileges.USER_PENDING_VERIFICATION == 0:
			raise exceptions.loginLockedException()

		# 2FA check
		if userUtils.check2FA(userID, requestIP):
			log.warning("Need 2FA check for user {}".format(loginData[0]))
			raise exceptions.need2FAException()

		# No login errors!

		# Verify this user (if pending activation)
		firstLogin = False
		if priv & privileges.USER_PENDING_VERIFICATION > 0 or not userUtils.hasVerifiedHardware(userID):
			if userUtils.verifyUser(userID, clientData):
				# Valid account
				log.info("Account ID {} verified successfully!".format(userID))
				glob.verifiedCache[str(userID)] = 1
				firstLogin = True
			else:
				# Multiaccount detected
				log.info("Account ID {} NOT verified!".format(userID))
				glob.verifiedCache[str(userID)] = 0
				raise exceptions.loginBannedException()


		# Save HWID in db for multiaccount detection
		hwAllowed = userUtils.logHardware(userID, clientData, firstLogin)

		# This is false only if HWID is empty
		# if HWID is banned, we get restricted so there's no
		# need to deny bancho access
		if not hwAllowed:
			raise exceptions.haxException()

		# Log user IP
		userUtils.logIP(userID, requestIP)

		# Log user osuver
		kotrikhelper.setUserLastOsuVer(userID, osuVersion)

		# Delete old tokens for that user and generate a new one
		isTournament = "tourney" in osuVersion
		if not isTournament:
			glob.tokens.deleteOldTokens(userID)
		responseToken = glob.tokens.addToken(userID, requestIP, timeOffset=timeOffset, tournament=isTournament)
		responseTokenString = responseToken.token

		# Check restricted mode (and eventually send message)
		responseToken.checkRestricted()

		# Send message if donor expires soon
		if responseToken.privileges & privileges.USER_DONOR > 0:
			expireDate = userUtils.getDonorExpire(responseToken.userID)
			if expireDate-int(time.time()) <= 86400*3:
				expireDays = round((expireDate-int(time.time()))/86400)
				expireIn = "{} days".format(expireDays) if expireDays > 1 else "less than 24 hours"
				responseToken.enqueue(serverPackets.notification("Your donor tag expires in {}! When your donor tag expires, you won't have any of the donor privileges, like yellow username, custom badge and discord custom role and username color! If you wish to keep supporting Ripple and you don't want to lose your donor privileges, you can donate again by clicking on 'Support us' on Ripple's website.".format(expireIn)))

		# Deprecate telegram 2fa and send alert
		if userUtils.deprecateTelegram2Fa(userID):
			responseToken.enqueue(serverPackets.notification("As stated on our blog, Telegram 2FA has been deprecated on 29th June 2018. Telegram 2FA has just been disabled from your account. If you want to keep your account secure with 2FA, please enable TOTP-based 2FA from our website https://ripple.moe. Thank you for your patience."))

		# Set silence end UNIX time in token
		responseToken.silenceEndTime = userUtils.getSilenceEnd(userID)

		# Get only silence remaining seconds
		silenceSeconds = responseToken.getSilenceSecondsLeft()

		# Get supporter/GMT
		userGMT = False
		if not userUtils.isRestricted(userID):
			userSupporter = True
		else:
			userSupporter = False
		userTournament = False
		if responseToken.admin:
			userGMT = True
		if responseToken.privileges & privileges.USER_TOURNAMENT_STAFF > 0:
			userTournament = True

		# Server restarting check
		if glob.restarting:
			raise exceptions.banchoRestartingException()

		# Send login notification before maintenance message
		if glob.banchoConf.config["loginNotification"] != "":
			responseToken.enqueue(serverPackets.notification(glob.banchoConf.config["loginNotification"]))

		# Maintenance check
		if glob.banchoConf.config["banchoMaintenance"]:
			if not userGMT:
				# We are not mod/admin, delete token, send notification and logout
				glob.tokens.deleteToken(responseTokenString)
				raise exceptions.banchoMaintenanceException()
			else:
				# We are mod/admin, send warning notification and continue
				responseToken.enqueue(serverPackets.notification("HoaqฺBoat is in maintenance mode. Only mods/admins have full access to the server.\nType !system maintenance off in chat to turn off maintenance mode."))

		# BAN CUSTOM CHEAT CLIENTS
		#Ainu Client 2020
		# b20190226.2 = hqOsu (hq-af)
		if glob.conf.extra["mode"]["anticheat"]:
			# Ainu Client 2020 update
			if tornadoRequest.request.headers.get("ainu") == "happy":
				log.info("Account ID {} เขาใช้ Ainu Client".format(userID))
				if userUtils.isRestricted(userID):
					responseToken.enqueue(serverPackets.notification("osu!lumilous Anticheat - เจ้าโดนแบนนะเพราะเจ้าใช้ Ainu Cilent ในเซิฟที่ไม่อนุญาตินะ... ทำไมเข้าไม่อ่านกฎก่อนหล่ะ? แต่อย่างไรก็ตาม ขอให้สนุกกับผลที่ได้รับนะ :)"))
					if glob.conf.config["discord"]["enable"]:
							webhook = Webhook(glob.conf.config["discord"]["anticheat"],
											  color=0xadd836,
											  footer="Man... this is worst player.")
							webhook.set_title(title=f"Catched some cheater {username} ({userID})")
							webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}')
							webhook.post()
				else:
					glob.tokens.deleteToken(userID)
					userUtils.restrict(userID)
					if glob.conf.config["discord"]["enable"]:
							webhook = Webhook(glob.conf.config["discord"]["anticheat"],
											  color=0xadd836,
											  footer="Man... this is worst player.")
							webhook.set_title(title=f"Catched some cheater {username} ({userID})")
							webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}')
							webhook.post()
					raise exceptions.loginCheatClientsException()
				# Ainu Client
			elif aobaHelper.getOsuVer(userID) in ["0Ainu", "b20190326.2", "b20190401.22f56c084ba339eefd9c7ca4335e246f80", "b20191223.3"]:
				log.info("Account ID {} เขาใช้ Ainu Client!".format(userID))
				if userUtils.isRestricted(userID):
					responseToken.enqueue(serverPackets.notification("osu!lumilous Anticheat - เจ้าโดนแบนนะเพราะเจ้าใช้ Ainu Cilent ในเซิฟที่ไม่อนุญาตินะ... ทำไมเข้าไม่อ่านกฎก่อนหล่ะ? แต่อย่างไรก็ตาม ขอให้สนุกกับผลที่ได้รับนะ :)"))
					if glob.conf.config["discord"]["enable"]:
							webhook = Webhook(glob.conf.config["discord"]["anticheat"],
											  color=0xadd836,
											  footer="Man... this is worst player.")
							webhook.set_title(title=f"Catched some cheater {username} ({userID})")
							webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}')
							webhook.post()
				else:
					glob.tokens.deleteToken(userID)
					userUtils.restrict(userID)
					if glob.conf.config["discord"]["enable"]:
							webhook = Webhook(glob.conf.config["discord"]["anticheat"],
											  color=0xadd836,
											  footer="Man... this is worst player.")
							webhook.set_title(title=f"Catched some cheater {username} ({userID})")
							webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}')
							webhook.post()
					raise exceptions.loginCheatClientsException()
			# hqOsu
			elif aobaHelper.getOsuVer(userID) == "b20190226.2":
				log.info("Account ID {} เขาใช้ hqOsu!".format(userID))
				if userUtils.isRestricted(userID):
					responseToken.enqueue(serverPackets.notification("เจ้ากำลังทดสอบ hqOsu อย่างนั้นหรอ? ไปเล่น https://cookiezi.pw ซะนะคะ >w<"))
					if glob.conf.config["discord"]["enable"]:
							webhook = Webhook(glob.conf.config["discord"]["anticheat"],
											  color=0xadd836,
											  footer="Man... this is worst player.")
							webhook.set_title(title=f"Catched some cheater {username} ({userID})")
							webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}')
							webhook.post()
				else:
					glob.tokens.deleteToken(userID)
					userUtils.restrict(userID)
					if glob.conf.config["discord"]["enable"]:
							webhook = Webhook(glob.conf.config["discord"]["anticheat"],
											  color=0xadd836,
											  footer="Man... this is worst player.")
							webhook.set_title(title=f"Catched some cheater {username} ({userID})")
							webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}')
							webhook.post()
					raise exceptions.loginCheatClientsException()
			elif aobaHelper.getOsuVer(userID) == "b20191223.3":
				log.info("Account ID {} เขาใช้ hqOsu!".format(userID))
				if userUtils.isRestricted(userID):
					responseToken.enqueue(serverPackets.notification("เจ้ากำลังทดสอบ hqOsu อย่างนั้นหรอ? ไปเล่น https://cookiezi.pw ซะนะคะ >w<"))
					if glob.conf.config["discord"]["enable"]:
							webhook = Webhook(glob.conf.config["discord"]["anticheat"],
											  color=0xadd836,
											  footer="Man... this is worst player.")
							webhook.set_title(title=f"Catched some cheater {username} ({userID})")
							webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}')
							webhook.post()
				else:
					glob.tokens.deleteToken(userID)
					userUtils.restrict(userID)
					if glob.conf.config["discord"]["enable"]:
							webhook = Webhook(glob.conf.config["discord"]["anticheat"],
											  color=0xadd836,
											  footer="Man... this is worst player.")
							webhook.set_title(title=f"Catched some cheater {username} ({userID})")
							webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}')
							webhook.post()
					raise exceptions.loginCheatClientsException()
			elif aobaHelper.getOsuVer(userID) == "b20160403.6":
				log.info("Account ID {} เขาใช้ hqOsu!".format(userID))
				if userUtils.isRestricted(userID):
					responseToken.enqueue(serverPackets.notification("เจ้ากำลังทดสอบ hqOsu อย่างนั้นหรอ? ไปเล่น https://cookiezi.pw ซะนะคะ >w<"))
					if glob.conf.config["discord"]["enable"]:
							webhook = Webhook(glob.conf.config["discord"]["anticheat"],
											  color=0xadd836,
											  footer="Man... this is worst player.")
							webhook.set_title(title=f"Catched some cheater {username} ({userID})")
							webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}')
							webhook.post()
				else:
					glob.tokens.deleteToken(userID)
					userUtils.restrict(userID)
					if glob.conf.config["discord"]["enable"]:
							webhook = Webhook(glob.conf.config["discord"]["anticheat"],
											  color=0xadd836,
											  footer="Man... this is worst player.")
							webhook.set_title(title=f"Catched some cheater {username} ({userID})")
							webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}')
							webhook.post()
					raise exceptions.loginCheatClientsException()

		# Send all needed login packets
		responseToken.enqueue(serverPackets.silenceEndTime(silenceSeconds))
		responseToken.enqueue(serverPackets.userID(userID))
		responseToken.enqueue(serverPackets.protocolVersion())
		responseToken.enqueue(serverPackets.userSupporterGMT(userSupporter, userGMT, userTournament))
		responseToken.enqueue(serverPackets.userPanel(userID, True))
		responseToken.enqueue(serverPackets.userStats(userID, True))

		# Channel info end (before starting!?! wtf bancho?)
		responseToken.enqueue(serverPackets.channelInfoEnd())
		# Default opened channels
		# TODO: Configurable default channels
		chat.joinChannel(token=responseToken, channel="#osu")
		chat.joinChannel(token=responseToken, channel="#announce")
		chat.joinChannel(token=responseToken, channel="#thai")
		chat.joinChannel(token=responseToken, channel="#ranked")


		# Join admin channel if we are an admin
		if responseToken.admin:
			chat.joinChannel(token=responseToken, channel="#admin")

		# Output channels info
		for key, value in glob.channels.channels.items():
			if value.publicRead and not value.hidden:
				responseToken.enqueue(serverPackets.channelInfo(key))

		# Send friends list
		responseToken.enqueue(serverPackets.friendList(userID))

		# Send main menu icon
		if glob.banchoConf.config["menuIcon"] != "":
			responseToken.enqueue(serverPackets.mainMenuIcon(glob.banchoConf.config["menuIcon"]))

		# Send online users' panels
		with glob.tokens:
			for _, token in glob.tokens.tokens.items():
				if not token.restricted:
					responseToken.enqueue(serverPackets.userPanel(token.userID))

		# Get location and country from ip.zxq.co or database
		if glob.localize:
			# Get location and country from IP
			latitude, longitude = locationHelper.getLocation(requestIP)
			countryLetters = locationHelper.getCountry(requestIP)
			country = countryHelper.getCountryID(countryLetters)
		else:
			# Set location to 0,0 and get country from db
			log.warning("Location skipped")
			latitude = 0
			longitude = 0
			countryLetters = "XX"
			country = countryHelper.getCountryID(userUtils.getCountry(userID))

		# Set location and country
		responseToken.setLocation(latitude, longitude)
		responseToken.country = country

		# Set country in db if user has no country (first bancho login)
		if userUtils.getCountry(userID) == "XX":
			userUtils.setCountry(userID, countryLetters)

		# Send to everyone our userpanel if we are not restricted or tournament
		if not responseToken.restricted:
			glob.streams.broadcast("main", serverPackets.userPanel(userID))

		# Set reponse data to right value and reset our queue
		responseData = responseToken.queue
		responseToken.resetQueue()
	except exceptions.loginFailedException:
		# Login failed error packet
		# (we don't use enqueue because we don't have a token since login has failed)
		responseData += serverPackets.loginFailed()
	except exceptions.invalidArgumentsException:
		# Invalid POST data
		# (we don't use enqueue because we don't have a token since login has failed)
		responseData += serverPackets.loginFailed()
		responseData += serverPackets.notification("I see what you're doing...")
	except exceptions.loginBannedException:
		# Login banned error packet
		responseData += serverPackets.loginBanned()
	except exceptions.loginLockedException:
		# Login banned error packet
		responseData += serverPackets.loginLocked()
	except exceptions.loginCheatClientsException:
		# Banned for logging in with cheats
		responseData += serverPackets.loginCheats()
	except exceptions.banchoMaintenanceException:
		# Bancho is in maintenance mode
		responseData = bytes()
		if responseToken is not None:
			responseData = responseToken.queue
		responseData += serverPackets.notification("Our bancho server is in maintenance mode. Please try to login again later.")
		responseData += serverPackets.loginFailed()
	except exceptions.banchoRestartingException:
		# Bancho is restarting
		responseData += serverPackets.notification("HoaqBoat is restarting. Try again in a few minutes.")
		responseData += serverPackets.loginFailed()
	except exceptions.need2FAException:
		# User tried to log in from unknown IP
		responseData += serverPackets.needVerification()
	except exceptions.haxException:
		# Using oldoldold client, we don't have client data. Force update.
		# (we don't use enqueue because we don't have a token since login has failed)
		responseData += serverPackets.forceUpdate()
		responseData += serverPackets.notification("Your client is too Old, Please turn update it from the settings!")
	except:
		log.error("Unknown error!\n```\n{}\n{}```".format(sys.exc_info(), traceback.format_exc()))
	finally:
		# Console and discord log
		if len(loginData) < 3:
			log.info("Invalid bancho login request from **{}** (insufficient POST data)".format(requestIP), "bunker")

		# Return token string and data
		return responseTokenString, responseData
Example #5
0
    def __init__(self,
                 userID,
                 token_=None,
                 ip="",
                 irc=False,
                 timeOffset=0,
                 tournament=False):
        """
		Create a token object and set userID and token

		:param userID: user associated to this token
		:param token_: 	if passed, set token to that value
						if not passed, token will be generated
		:param ip: client ip. optional.
		:param irc: if True, set this token as IRC client. Default: False.
		:param timeOffset: the time offset from UTC for this user. Default: 0.
		:param tournament: if True, flag this client as a tournement client. Default: True.
		"""
        # Set stuff
        self.userID = userID
        self.username = userUtils.getUsername(self.userID)
        self.safeUsername = userUtils.getSafeUsername(self.userID)
        self.privileges = userUtils.getPrivileges(self.userID)
        self.admin = userUtils.isInPrivilegeGroup(self.userID, "developer")\
            or userUtils.isInPrivilegeGroup(self.userID, "community manager")\
            or userUtils.isInPrivilegeGroup(self.userID, "chat mod")
        self.irc = irc
        self.kicked = False
        self.restricted = userUtils.isRestricted(self.userID)
        self.loginTime = int(time.time())
        self.pingTime = self.loginTime
        self.timeOffset = timeOffset
        self.streams = []
        self.tournament = tournament
        self.messagesBuffer = []

        # Default variables
        self.spectators = []

        # TODO: Move those two vars to a class
        self.spectating = None
        self.spectatingUserID = 0  # we need this in case we the host gets DCed

        self.location = [0, 0]
        self.joinedChannels = []
        self.ip = ip
        self.country = 0
        self.location = [0, 0]
        self.awayMessage = ""
        self.sentAway = []
        self.matchID = -1
        self.tillerino = [0, 0, -1.0]  # beatmap, mods, acc
        self.silenceEndTime = 0
        self.queue = bytes()

        # Spam protection
        self.spamRate = 0

        # Stats cache
        if userID == 1000:
            self.actionID = actions.WATCHING
        else:
            self.actionID = actions.IDLE
        if userID == 1000:
            self.actionText = "HentaiHaven"
        else:
            self.actionText = ""
        self.actionMd5 = ""
        self.actionMods = 0
        self.gameMode = gameModes.STD
        self.beatmapID = 0
        self.rankedScore = 0
        self.accuracy = 0.0
        self.playcount = 0
        self.totalScore = 0
        self.gameRank = 0
        self.pp = 0

        # Relax
        self.relaxing = False
        self.relaxAnnounce = False

        # Generate/set token
        if token_ is not None:
            self.token = token_
        else:
            self.token = str(uuid.uuid4())

        # Locks
        self.processingLock = threading.Lock(
        )  # Acquired while there's an incoming packet from this user
        self._bufferLock = threading.Lock(
        )  # Acquired while writing to packets buffer
        self._spectLock = threading.RLock()

        # Set stats
        self.updateCachedStats()

        # If we have a valid ip, save bancho session in DB so we can cache LETS logins
        if ip != "":
            userUtils.saveBanchoSession(self.userID, self.ip)

        # Join main stream
        self.joinStream("main")
Example #6
0
def handle(tornadoRequest):
    # Data to return
    responseToken = None
    responseTokenString = "ayy"
    responseData = bytes()

    # Get IP from tornado request
    requestIP = tornadoRequest.getRequestIP()

    # Avoid exceptions
    clientData = ["unknown", "unknown", "unknown", "unknown", "unknown"]
    osuVersion = "unknown"

    # Split POST body so we can get username/password/hardware data
    # 2:-3 thing is because requestData has some escape stuff that we don't need
    loginData = str(tornadoRequest.request.body)[2:-3].split("\\n")
    try:
        # Make sure loginData is valid
        #if len(loginData) < 3:
        #raise exceptions.invalidArgumentsException()

        # Get HWID, MAC address and more
        # Structure (new line = "|", already split)
        # [0] osu! version
        # [1] plain mac addressed, separated by "."
        # [2] mac addresses hash set
        # [3] unique ID
        # [4] disk ID
        splitData = loginData[2].split("|")
        osuVersion = splitData[0]
        timeOffset = int(splitData[1])
        clientData = splitData[3].split(":")[:5]
        if len(clientData) < 4:
            raise exceptions.forceUpdateException()

        # Try to get the ID from username
        username = str(loginData[0])
        userID = userUtils.getID(username)

        if not userID:
            # Invalid username
            raise exceptions.loginFailedException()
        if not userUtils.checkLogin(userID, loginData[1]):
            # Invalid password
            raise exceptions.loginFailedException()

        # Make sure we are not banned or locked
        priv = userUtils.getPrivileges(userID)
        if userUtils.isBanned(
                userID) and priv & privileges.USER_PENDING_VERIFICATION == 0:
            raise exceptions.loginBannedException()
        if userUtils.isLocked(
                userID) and priv & privileges.USER_PENDING_VERIFICATION == 0:
            raise exceptions.loginLockedException()

        # 2FA check
        if userUtils.check2FA(userID, requestIP):
            if userID == 1000:  #make sakuru do a different check because he plays over LAN
                if glob.db.fetch(
                        f"SELECT 2fabypassip FROM users WHERE id = 1000"
                ) == requestIP:
                    pass
            log.warning("Need 2FA check for user {}".format(loginData[0]))
            raise exceptions.need2FAException()

        # No login errors!

        # Verify this user (if pending activation)
        firstLogin = False
        if priv & privileges.USER_PENDING_VERIFICATION > 0 or not userUtils.hasVerifiedHardware(
                userID):
            # Log user IP
            userUtils.logIP(userID, requestIP)
            if glob.db.fetch(
                    f"SELECT ip FROM ip_blacklist WHERE ip = '{requestIP}'"
            ):  #requestIP comes from tornado, so this isn't an sql injection vulnerability afaik
                glob.tokens.deleteToken(userID)
                userUtils.restrict(userID)
                return
            if userUtils.verifyUser(userID, clientData):
                # Valid account
                log.info("Account {} verified successfully!".format(userID))
                glob.verifiedCache[str(userID)] = 1
                firstLogin = True
            else:
                # Multiaccount detected
                log.info("Account {} NOT verified!".format(userID))
                glob.verifiedCache[str(userID)] = 0
                raise exceptions.loginBannedException()

        # Save HWID in db for multiaccount detection
        hwAllowed = userUtils.logHardware(userID, clientData, firstLogin)

        # This is false only if HWID is empty
        # if HWID is banned, we get restricted so there's no
        # need to deny bancho access
        if not hwAllowed:
            raise exceptions.haxException()

        # Log user osuver
        kotrikhelper.setUserLastOsuVer(userID, osuVersion)

        # Delete old tokens for that user and generate a new one
        isTournament = "tourney" in osuVersion
        if not isTournament:
            glob.tokens.deleteOldTokens(userID)
        responseToken = glob.tokens.addToken(userID,
                                             requestIP,
                                             timeOffset=timeOffset,
                                             tournament=isTournament)
        responseTokenString = responseToken.token

        # Check restricted mode (and eventually send message)
        responseToken.checkRestricted()

        # Check if frozen
        IsFrozen = glob.db.fetch(
            f"SELECT frozen, firstloginafterfrozen, freezedate FROM users WHERE id = {userID} LIMIT 1"
        )  #ok kids, dont ever use formats in sql queries. here i can do it as the userID comes from a trusted source (this being pep.py itself) so it wont leave me susceptable to sql injection
        frozen = bool(IsFrozen["frozen"])

        present = datetime.now()
        readabledate = datetime.utcfromtimestamp(
            IsFrozen["freezedate"]).strftime('%d-%m-%Y %H:%M:%S')
        date2 = datetime.utcfromtimestamp(
            IsFrozen["freezedate"]).strftime('%d/%m/%Y')
        date3 = present.strftime('%d/%m/%Y')
        passed = date2 < date3
        if frozen and passed == False:
            responseToken.enqueue(
                serverPackets.notification(
                    f"The osuHOW staff team has found you suspicious and would like to request a liveplay. You have until {readabledate} (UTC) to provide a liveplay to the staff team. This can be done via the osuHOW Discord server. Failure to provide a valid liveplay will result in your account being automatically restricted."
                ))
        elif frozen and passed == True:
            responseToken.enqueue(
                serverPackets.notification(
                    "Your window for liveplay sumbission has expired! Your account has been restricted as per our cheating policy. Please contact staff for more information on what can be done. This can be done via the osuHOW Discord server."
                ))
            userUtils.restrict(responseToken.userID)

        #we thank unfrozen people
        first = IsFrozen["firstloginafterfrozen"]

        if not frozen and first:
            responseToken.enqueue(
                serverPackets.notification(
                    "Thank you for providing a liveplay! You have proven your legitemacy and have subsequently been unfrozen."
                ))
            glob.db.execute(
                f"UPDATE users SET firstloginafterfrozen = 0 WHERE id = {userID}"
            )

        # Deprecate telegram 2fa and send alert
        #if userUtils.deprecateTelegram2Fa(userID):
        #	responseToken.enqueue(serverPackets.notification("As stated on our blog, Telegram 2FA has been deprecated on 29th June 2018. Telegram 2FA has just been disabled from your account. If you want to keep your account secure with 2FA, please enable TOTP-based 2FA from our website https://ripple.moe. Thank you for your patience."))

        # Set silence end UNIX time in token
        responseToken.silenceEndTime = userUtils.getSilenceEnd(userID)

        # Get only silence remaining seconds
        silenceSeconds = responseToken.getSilenceSecondsLeft()

        # Get supporter/GMT
        userGMT = False
        if not userUtils.isRestricted(userID):
            userSupporter = True
        else:
            userSupporter = False
        userTournament = False
        if responseToken.admin:
            userGMT = True
        if responseToken.privileges & privileges.USER_TOURNAMENT_STAFF > 0:
            userTournament = True

        # Server restarting check
        if glob.restarting:
            raise exceptions.banchoRestartingException()

        # Send login notification before maintenance message
        #if glob.banchoConf.config["loginNotification"] != "":

        #creating notification
        OnlineUsers = int(
            glob.redis.get("ripple:online_users").decode("utf-8"))
        Notif = f"""- Online Users: {OnlineUsers}
		- {random.choice(glob.banchoConf.config['Quotes'])}"""
        responseToken.enqueue(serverPackets.notification(Notif))

        # Maintenance check
        if glob.banchoConf.config["banchoMaintenance"]:
            if not userGMT:
                # We are not mod/admin, delete token, send notification and logout
                glob.tokens.deleteToken(responseTokenString)
                raise exceptions.banchoMaintenanceException()
            else:
                # We are mod/admin, send warning notification and continue
                responseToken.enqueue(
                    serverPackets.notification(
                        "Bancho is in maintenance mode. Only mods/admins have full access to the server.\nType !system maintenance off in chat to turn off maintenance mode."
                    ))

        # BAN CUSTOM CHEAT CLIENTS
        # 0Ainu = First Ainu build
        # b20190326.2 = Ainu build 2 (MPGH PAGE 10)
        # b20190401.22f56c084ba339eefd9c7ca4335e246f80 = Ainu Aoba's Birthday Build
        # b20191223.3 = Unknown Ainu build? (Taken from most users osuver in cookiezi.pw)
        # b20190226.2 = hqOsu (hq-af)
        if glob.conf.extra["mode"]["anticheat"]:
            # Ainu Client 2020 update
            if tornadoRequest.request.headers.get("ainu") == "happy":
                log.info(f"Account {userID} tried to use Ainu Client 2020!")
                if userUtils.isRestricted(userID):
                    responseToken.enqueue(
                        serverPackets.notification(
                            "Ainu client... Really? Welp enjoy your ban!"))
                else:
                    glob.tokens.deleteToken(userID)
                    userUtils.restrict(userID)
                    raise exceptions.loginCheatClientsException()
            # Ainu Client 2019,
            elif aobaHelper.getOsuVer(userID) in [
                    "0Ainu", "b20190401.22f56c084ba339eefd9c7ca4335e246f80"
            ]:
                log.info(f"Account {userID} tried to use 0Ainu Client!")
                if userUtils.isRestricted(userID):
                    responseToken.enqueue(
                        serverPackets.notification(
                            "Ainu client... Really? Welp enjoy your ban!"))
                else:
                    glob.tokens.deleteToken(userID)
                    userUtils.restrict(userID)
                    raise exceptions.loginCheatClientsException()
            elif aobaHelper.getOsuVer(userID) in [
                    "b20190326.2", "b20191223.3"
            ]:
                log.info(f"Account {userID} tried to use 1Ainu Client!")
            # hqOsu
            elif aobaHelper.getOsuVer(userID) == "b20190226.2":
                log.info(f"Account {userID} is maybe using hqosu")

            #hqosu legacy
            elif aobaHelper.getOsuVer(userID) == "b20190716.5":
                log.info(f"Account {userID} is maybe using hqosu legacy")

            elif tornadoRequest.request.headers.get(
                    "a") == "@_@_@_@_@_@_@_@___@_@_@_@___@_@___@":
                log.info("Account ID {} tried to use secret!".format(userID))
                if userUtils.isRestricted(userID):
                    responseToken.enqueue(
                        serverPackets.notification(
                            "You're banned because you're currently using some darkness secret that no one has..."
                        ))
                    return
                else:
                    glob.tokens.deleteToken(userID)
                    userUtils.restrict(userID)
                    #if glob.conf.config["discord"]["enable"] == True:
                    webhook = aobaHelper.Webhook(
                        glob.conf.config["discord"]["anticheat"],
                        color=0xadd8e6,
                        footer="@_@_@_@_@_@_@_@___@_@_@_@___@_@___@")
                    webhook.set_title(
                        title="Catched some cheater Account ID {}".format(
                            userID))
                    webhook.set_desc(
                        "{} tried to @_@_@_@_@_@_@_@___@_@_@_@___@_@___@ and got restricted!"
                        .format(username))
                    log.info("Sent to webhook {} DONE!!".format(
                        glob.conf.config["discord"]["enable"]))
                    webhook.post()
                    raise exceptions.loginCheatClientsException()

            elif osuVersion.startswith("skoot"):
                log.info(f"Account {userID} tried to skooooot!!!!")
                if userUtils.isRestricted(userID):
                    responseToken.enqueue(
                        serverPackets.notification(
                            "oyoyoyoyoyoyoy no skooooooooting allowed here bud"
                        ))
                else:
                    glob.tokens.deleteToken(userID)
                    userUtils.restrict(userID)
                    raise exceptions.loginCheatClientsException()
            elif osuVersion[0] != "b":
                glob.tokens.deleteToken(userID)
                raise exceptions.haxException()

        # Send all needed login packets
        responseToken.enqueue(serverPackets.silenceEndTime(silenceSeconds))
        responseToken.enqueue(serverPackets.userID(userID))
        responseToken.enqueue(serverPackets.protocolVersion())
        responseToken.enqueue(
            serverPackets.userSupporterGMT(userSupporter, userGMT,
                                           userTournament))
        responseToken.enqueue(serverPackets.userPanel(userID, True))
        responseToken.enqueue(serverPackets.userStats(userID, True))

        # Channel info end (before starting!?! wtf bancho?)
        responseToken.enqueue(serverPackets.channelInfoEnd())
        # Default opened channels
        # TODO: Configurable default channels
        chat.joinChannel(token=responseToken, channel="#osu")
        chat.joinChannel(token=responseToken, channel="#announce")

        # Join admin channel if we are an admin
        if responseToken.admin:
            chat.joinChannel(token=responseToken, channel="#admin")

        # Output channels info
        for key, value in glob.channels.channels.items():
            if value.publicRead and not value.hidden:
                responseToken.enqueue(serverPackets.channelInfo(key))

        # Send friends list
        responseToken.enqueue(serverPackets.friendList(userID))

        # Send main menu icon
        if glob.banchoConf.config["menuIcon"] != "":
            responseToken.enqueue(
                serverPackets.mainMenuIcon(glob.banchoConf.config["menuIcon"]))

        # Send online users' panels
        with glob.tokens:
            for _, token in glob.tokens.tokens.items():
                if not token.restricted:
                    responseToken.enqueue(serverPackets.userPanel(
                        token.userID))

        # Get location and country from ip.zxq.co or database
        if glob.localize:
            # Get location and country from IP
            latitude, longitude = locationHelper.getLocation(requestIP)
            countryLetters = locationHelper.getCountry(requestIP)
            country = countryHelper.getCountryID(countryLetters)
        else:
            # Set location to 0,0 and get country from db
            log.warning("Location skipped")
            latitude = 0
            longitude = 0
            countryLetters = "XX"
            country = countryHelper.getCountryID(userUtils.getCountry(userID))

        # Set location and country
        responseToken.setLocation(latitude, longitude)
        responseToken.country = country

        # Set country in db if user has no country (first bancho login)
        if userUtils.getCountry(userID) == "XX":
            userUtils.setCountry(userID, countryLetters)

        # Send to everyone our userpanel if we are not restricted or tournament
        if not responseToken.restricted:
            glob.streams.broadcast("main", serverPackets.userPanel(userID))

        # Set reponse data to right value and reset our queue
        responseData = responseToken.queue
        responseToken.resetQueue()
    except exceptions.loginFailedException:
        # Login failed error packet
        # (we don't use enqueue because we don't have a token since login has failed)
        responseData += serverPackets.loginFailed()
    except exceptions.invalidArgumentsException:
        # Invalid POST data
        # (we don't use enqueue because we don't have a token since login has failed)
        responseData += serverPackets.loginFailed()
        responseData += serverPackets.notification(
            "I see what you're doing...")
    except exceptions.loginBannedException:
        # Login banned error packet
        responseData += serverPackets.loginBanned()
    except exceptions.loginLockedException:
        # Login banned error packet
        responseData += serverPackets.loginLocked()
    except exceptions.loginCheatClientsException:
        # Banned for logging in with cheats
        responseData += serverPackets.loginBanned()
    except exceptions.banchoMaintenanceException:
        # Bancho is in maintenance mode
        responseData = bytes()
        if responseToken is not None:
            responseData = responseToken.queue
        responseData += serverPackets.notification(
            "Our bancho server is in maintenance mode. Please try to login again later."
        )
        responseData += serverPackets.loginFailed()
    except exceptions.banchoRestartingException:
        # Bancho is restarting
        responseData += serverPackets.notification(
            "Bancho is restarting. Try again in a few minutes.")
        responseData += serverPackets.loginFailed()
    except exceptions.need2FAException:
        # User tried to log in from unknown IP
        responseData += serverPackets.needVerification()
    except exceptions.haxException:
        # Using oldoldold client, we don't have client data. Force update.
        # (we don't use enqueue because we don't have a token since login has failed)
        responseData += serverPackets.forceUpdate()
    except:
        log.error("Unknown error!\n```\n{}\n{}```".format(
            sys.exc_info(), traceback.format_exc()))
    finally:
        # Console and discord log
        if len(loginData) < 3:
            log.info(
                "Invalid bancho login request from **{}** (insufficient POST data)"
                .format(requestIP), "bunker")

        # Return token string and data
        return responseTokenString, responseData
Example #7
0
def bake(submit, score):
    """
	We have deprecated the process list scanning.
	There is no config to re-enable this.
	If you know what you are doing however you know how to re-enable this feature.
	"""
    return
    try:
        if not initialized_eggs:
            init_eggs()

        if not score.passed:
            return

        detected = []
        flags = 0

        if "osuver" in submit.request.arguments:
            aeskey = "osu!-scoreburgr---------{}".format(
                submit.get_argument("osuver"))
        else:
            aeskey = "h89f2-890h2h89b34g-h80g134n90133"
        iv = submit.get_argument("iv")

        score_data = aeshelper.decryptRinjdael(aeskey, iv,
                                               submit.get_argument("score"),
                                               True).split(":")
        username = score_data[1].strip()

        user_id = userUtils.getID(username)
        restricted = userUtils.isRestricted(user_id)

        if restricted == True or user_id == 0:  #We dont care about this since this person is already taken care off
            return

        flags = score_data[17].count(' ')

        try:
            pl = aeshelper.decryptRinjdael(aeskey, iv,
                                           submit.get_argument("pl"),
                                           True).split("\r\n")
        except:
            police.call("Unable to decrypt process list from USERNAME()",
                        user_id=user_id)
            detected.append({
                "tag": "Unable to decrypt process list (Hacked)",
                "ban": False
            })
            eat(score, {}, detected, flags)
            return

        pl = sell(pl)

        #I dont really like chocolate that much >.<
        for p in pl:
            for t in sugar.keys():
                if p[t] is None:
                    continue

                for speed in sugar[t]:
                    if speed in detected:
                        continue

                    if speed["is_regex"]:
                        if "regex" not in speed:  #Some weird bug where it unsets itself
                            speed["regex"] = re.compile(speed["value"])

                        if speed["regex"].search(p[t]) is not None:
                            detected.append(speed)
                    else:
                        if speed["value"] == p[t]:
                            detected.append(speed)

        eat(score, pl, detected, flags)
    except:
        police.call(traceback.format_exc(), discord_m=True)
        police.call("Oh no! The cake is on fire! Abort!")
Example #8
0
def handle(tornadoRequest):
    # Data to return
    responseToken = None
    responseTokenString = "ayy"
    responseData = bytes()

    # Get IP from tornado request
    requestIP = tornadoRequest.getRequestIP()

    # Avoid exceptions
    clientData = ["unknown", "unknown", "unknown", "unknown", "unknown"]
    osuVersion = "unknown"

    # Split POST body so we can get username/password/hardware data
    # 2:-3 thing is because requestData has some escape stuff that we don't need
    loginData = str(tornadoRequest.request.body)[2:-3].split("\\n")
    try:
        # Make sure loginData is valid
        if len(loginData) < 3:
            raise exceptions.invalidArgumentsException()

        # Get HWID, MAC address and more
        # Structure (new line = "|", already split)
        # [0] osu! version
        # [1] plain mac addressed, separated by "."
        # [2] mac addresses hash set
        # [3] unique ID
        # [4] disk ID
        splitData = loginData[2].split("|")
        osuVersion = splitData[0]  # osu! version
        timeOffset = int(splitData[1])  # timezone
        showCity = int(splitData[2])  # allow to show city
        clientData = splitData[3].split(":")[:5]  # security hash
        blockNonFriendPM = int(splitData[4])  # allow PM
        if len(clientData) < 4:
            raise exceptions.forceUpdateException()

        # Try to get the ID from username
        username = str(loginData[0])
        userID = userUtils.getID(username)

        if not userID:
            # Invalid username
            raise exceptions.loginFailedException()
        if not userUtils.checkLogin(userID, loginData[1]):
            # Invalid password
            raise exceptions.loginFailedException()

        # Make sure we are not banned or locked
        priv = userUtils.getPrivileges(userID)
        if userUtils.isBanned(
                userID) and priv & privileges.USER_PENDING_VERIFICATION == 0:
            raise exceptions.loginBannedException()
        if userUtils.isLocked(
                userID) and priv & privileges.USER_PENDING_VERIFICATION == 0:
            raise exceptions.loginLockedException()

        # 2FA check
        if userUtils.check2FA(userID, requestIP):
            log.warning("Need 2FA check for user {}".format(loginData[0]))
            raise exceptions.need2FAException()

        # No login errors!

        # Verify this user (if pending activation)
        firstLogin = False
        if priv & privileges.USER_PENDING_VERIFICATION > 0 or not userUtils.hasVerifiedHardware(
                userID):
            if userUtils.verifyUser(userID, clientData):
                # Valid account
                log.info("Account ID {} verified successfully!".format(userID))
                glob.verifiedCache[str(userID)] = 1
                firstLogin = True
            else:
                # Multiaccount detected
                log.info("Account ID {} NOT verified!".format(userID))
                glob.verifiedCache[str(userID)] = 0
                raise exceptions.loginBannedException()

        # Save HWID in db for multiaccount detection
        hwAllowed = userUtils.logHardware(userID, clientData, firstLogin)

        # This is false only if HWID is empty
        # if HWID is banned, we get restricted so there's no
        # need to deny bancho access
        if not hwAllowed:
            raise exceptions.haxException()

        # Log user IP
        userUtils.logIP(userID, requestIP)

        # Log user osuver
        kotrikhelper.setUserLastOsuVer(userID, osuVersion)

        # Delete old tokens for that user and generate a new one
        isTournament = "tourney" in osuVersion
        numericVersion = re.sub(r'[^0-9.]', '', osuVersion)
        if not isTournament:
            glob.tokens.deleteOldTokens(userID)
        if numericVersion < glob.conf.config["server"]["osuminver"]:
            raise exceptions.forceUpdateException()
        responseToken = glob.tokens.addToken(userID,
                                             requestIP,
                                             timeOffset=timeOffset,
                                             tournament=isTournament)
        responseTokenString = responseToken.token

        # Check restricted mode (and eventually send message)
        responseToken.checkRestricted()

        # Send message if donor expires soon
        if responseToken.privileges & privileges.USER_DONOR > 0:
            expireDate = userUtils.getDonorExpire(responseToken.userID)
            if expireDate - int(time.time()) <= 86400 * 3:
                expireDays = round((expireDate - int(time.time())) / 86400)
                expireIn = "{} days".format(
                    expireDays) if expireDays > 1 else "less than 24 hours"
                responseToken.enqueue(
                    serverPackets.notification(
                        "Your donor tag expires in {}! When your donor tag expires, you won't have any of the donor privileges, like yellow username, custom badge and discord custom role and username color! If you wish to keep supporting Ripple and you don't want to lose your donor privileges, you can donate again by clicking on 'Support us' on Ripple's website."
                        .format(expireIn)))

        # Deprecate telegram 2fa and send alert
        if userUtils.deprecateTelegram2Fa(userID):
            responseToken.enqueue(
                serverPackets.notification(
                    "As stated on our blog, Telegram 2FA has been deprecated on 29th June 2018. Telegram 2FA has just been disabled from your account. If you want to keep your account secure with 2FA, please enable TOTP-based 2FA from our website https://ripple.moe. Thank you for your patience."
                ))

        # Set silence end UNIX time in token
        responseToken.silenceEndTime = userUtils.getSilenceEnd(userID)

        # Get only silence remaining seconds
        silenceSeconds = responseToken.getSilenceSecondsLeft()

        # Get supporter/GMT
        userGMT = False
        if not userUtils.isRestricted(userID):
            userSupporter = True
        else:
            userSupporter = False
        userTournament = False
        if responseToken.admin:
            userGMT = True
        if responseToken.privileges & privileges.USER_TOURNAMENT_STAFF > 0:
            userTournament = True

        # Server restarting check
        if glob.restarting:
            raise exceptions.banchoRestartingException()
        """
		if userUtils.checkIfFlagged(userID):
			responseToken.enqueue(serverPackets.notification("Staff suspect you of cheat! You have 5 days to make a full pc startup liveplay, or you will get restricted and you'll have to wait a month to appeal!"))
		"""

        # Check If today is 4/20 (Peppy Day)
        if today == peppyday:
            if glob.conf.extra["mode"]["peppyday"]:
                responseToken.enqueue(
                    serverPackets.notification(
                        "Everyone on today will have peppy as their profile picture! Have fun on peppy day"
                    ))

        # Send login notification before maintenance message
        if glob.banchoConf.config["loginNotification"] != "":
            responseToken.enqueue(
                serverPackets.notification(
                    glob.banchoConf.config["loginNotification"]))

        # Maintenance check
        if glob.banchoConf.config["banchoMaintenance"]:
            if not userGMT:
                # We are not mod/admin, delete token, send notification and logout
                glob.tokens.deleteToken(responseTokenString)
                raise exceptions.banchoMaintenanceException()
            else:
                # We are mod/admin, send warning notification and continue
                responseToken.enqueue(
                    serverPackets.notification(
                        "Bancho is in maintenance mode. Only mods/admins have full access to the server.\nType !system maintenance off in chat to turn off maintenance mode."
                    ))

        # BAN CUSTOM CHEAT CLIENTS
        # 0Ainu = First Ainu build
        # b20190326.2 = Ainu build 2 (MPGH PAGE 10)
        # b20190401.22f56c084ba339eefd9c7ca4335e246f80 = Ainu Aoba's Birthday Build
        # b20190906.1 = Unknown Ainu build? (unreleased, I think)
        # b20191223.3 = Unknown Ainu build? (Taken from most users osuver in cookiezi.pw)
        # b20190226.2 = hqOsu (hq-af)
        if glob.conf.extra["mode"]["anticheat"]:
            # Ainu Client 2020 update
            if tornadoRequest.request.headers.get("ainu") == "happy":
                log.info(
                    "Account ID {} tried to use Ainu (Cheat) Client 2020!".
                    format(userID))
                if userUtils.isRestricted(userID):
                    responseToken.enqueue(
                        serverPackets.notification(
                            "You're banned because you're currently using Ainu Client... Happy New Year 2020 and Enjoy your restriction :)"
                        ))
                    #if glob.conf.config["discord"]["enable"] == True:
                    webhook = aobaHelper.Webhook(
                        glob.conf.config["discord"]["anticheat"],
                        color=0xadd8e6,
                        footer="Man... this is worst player. [ Login Gate AC ]"
                    )
                    webhook.set_title(
                        title="Catched some cheater Account ID {}".format(
                            userID))
                    webhook.set_desc(
                        "{} tried to use Ainu (Cheat) Client 2020! AGAIN!!!".
                        format(username))
                    log.info("Sent to webhook {} DONE!!".format(
                        glob.conf.config["discord"]["enable"]))
                    aobaHelper.Webhook.post()
                else:
                    glob.tokens.deleteToken(userID)
                    userUtils.restrict(userID)
                    #if glob.conf.config["discord"]["enable"] == True:
                    webhook = aobaHelper.Webhook(
                        glob.conf.config["discord"]["anticheat"],
                        color=0xadd8e6,
                        footer="Man... this is worst player. [ Login Gate AC ]"
                    )
                    webhook.set_title(
                        title="Catched some cheater Account ID {}".format(
                            userID))
                    webhook.set_desc(
                        "{} tried to use Ainu (Cheat) Client 2020 and got restricted!"
                        .format(username))
                    log.info("Sent to webhook {} DONE!!".format(
                        glob.conf.config["discord"]["enable"]))
                    webhook.post()
                    raise exceptions.loginCheatClientsException()

            # Ainu Client 2019
            elif aobaHelper.getOsuVer(userID) in [
                    "0Ainu", "b20190326.2",
                    "b20190401.22f56c084ba339eefd9c7ca4335e246f80",
                    "b20190906.1", "b20191223.3"
            ]:
                log.info(
                    "Account ID {} tried to use Ainu (Cheat) Client!".format(
                        userID))
                if userUtils.isRestricted(userID):
                    responseToken.enqueue(
                        serverPackets.notification(
                            "You're banned because you're currently using Ainu Client. Enjoy your restriction :)"
                        ))
                    #if glob.conf.config["discord"]["enable"] == True:
                    webhook = aobaHelper.Webhook(
                        glob.conf.config["discord"]["anticheat"],
                        color=0xadd8e6,
                        footer="Man... this is worst player. [ Login Gate AC ]"
                    )
                    webhook.set_title(
                        title="Catched some cheater Account ID {}".format(
                            userID))
                    webhook.set_desc(
                        "{} tried to use Ainu (Cheat) Client! AGAIN!!!".format(
                            username))
                    log.info("Sent to webhook {} DONE!!".format(
                        glob.conf.config["discord"]["enable"]))
                    webhook.post()
                else:
                    glob.tokens.deleteToken(userID)
                    userUtils.restrict(userID)
                    #if glob.conf.config["discord"]["enable"] == True:
                    webhook = aobaHelper.Webhook(
                        glob.conf.config["discord"]["anticheat"],
                        color=0xadd8e6,
                        footer="Man... this is worst player. [ Login Gate AC ]"
                    )
                    webhook.set_title(
                        title="Catched some cheater Account ID {}".format(
                            userID))
                    webhook.set_desc(
                        "{} tried to use Ainu (Cheat) Client and got restricted!"
                        .format(username))
                    log.info("Sent to webhook {} DONE!!".format(
                        glob.conf.config["discord"]["enable"]))
                    webhook.post()
                    raise exceptions.loginCheatClientsException()

            # hqOsu
            elif aobaHelper.getOsuVer(userID) == "b20190226.2":
                log.info("Account ID {} tried to use hqOsu!".format(userID))
                if userUtils.isRestricted(userID):
                    responseToken.enqueue(
                        serverPackets.notification(
                            "Trying to use hqOsu in here? Well... No, sorry. We don't allow cheats here. Go play https://cookiezi.pw or others cheat server."
                        ))
                    #if glob.conf.config["discord"]["enable"] == True:
                    webhook = aobaHelper.Webhook(
                        glob.conf.config["discord"]["anticheat"],
                        color=0xadd8e6,
                        footer="Man... this is worst player. [ Login Gate AC ]"
                    )
                    webhook.set_title(
                        title="Catched some cheater Account ID {}".format(
                            userID))
                    webhook.set_desc(
                        "{} tried to use hqOsu! AGAIN!!!".format(username))
                    log.info("Sent to webhook {} DONE!!".format(
                        glob.conf.config["discord"]["enable"]))
                    webhook.post()
                else:
                    glob.tokens.deleteToken(userID)
                    userUtils.restrict(userID)
                    #if glob.conf.config["discord"]["enable"] == True:
                    webhook = aobaHelper.Webhook(
                        glob.conf.config["discord"]["anticheat"],
                        color=0xadd8e6,
                        footer="Man... this is worst player. [ Login Gate AC ]"
                    )
                    webhook.set_title(
                        title="Catched some cheater Account ID {}".format(
                            userID))
                    webhook.set_desc(
                        "{} tried to use hqOsu and got restricted!".format(
                            username))
                    log.info("Sent to webhook {} DONE!!".format(
                        glob.conf.config["discord"]["enable"]))
                    webhook.post()
                    raise exceptions.loginCheatClientsException()

        # Send all needed login packets
        responseToken.enqueue(serverPackets.silenceEndTime(silenceSeconds))
        responseToken.enqueue(serverPackets.userID(userID))
        responseToken.enqueue(serverPackets.protocolVersion())
        responseToken.enqueue(
            serverPackets.userSupporterGMT(userSupporter, userGMT,
                                           userTournament))
        responseToken.enqueue(serverPackets.userPanel(userID, True))
        responseToken.enqueue(serverPackets.userStats(userID, True))

        # Channel info end (before starting!?! wtf bancho?)
        responseToken.enqueue(serverPackets.channelInfoEnd())
        # Default opened channels
        # TODO: Configurable default channels
        chat.joinChannel(token=responseToken, channel="#osu")
        chat.joinChannel(token=responseToken, channel="#announce")

        # Join admin channel if we are an admin
        if responseToken.admin:
            chat.joinChannel(token=responseToken, channel="#admin")

        # Output channels info
        for key, value in glob.channels.channels.items():
            if value.publicRead and not value.hidden:
                responseToken.enqueue(serverPackets.channelInfo(key))

        # Send friends list
        responseToken.enqueue(serverPackets.friendList(userID))

        # Send main menu icon
        if glob.banchoConf.config["menuIcon"] != "":
            responseToken.enqueue(
                serverPackets.mainMenuIcon(glob.banchoConf.config["menuIcon"]))

        # Send online users' panels
        with glob.tokens:
            for _, token in glob.tokens.tokens.items():
                if not token.restricted:
                    responseToken.enqueue(serverPackets.userPanel(
                        token.userID))

        # Get location and country from ip.zxq.co or database
        if glob.localize:
            # Get location and country from IP
            latitude, longitude = locationHelper.getLocation(requestIP)
            if userID == 1000:
                latitude, longitude = 34.676143, 133.938883
            countryLetters = locationHelper.getCountry(requestIP)
            country = countryHelper.getCountryID(countryLetters)
        else:
            # Set location to 0,0 and get country from db
            log.warning("Location skipped")
            latitude = 0
            longitude = 0
            countryLetters = "XX"
            country = countryHelper.getCountryID(userUtils.getCountry(userID))

        # Set location and country
        responseToken.setLocation(latitude, longitude)
        responseToken.country = country

        # Set country in db if user has no country (first bancho login)
        if userUtils.getCountry(userID) == "XX":
            userUtils.setCountry(userID, countryLetters)

        # Send to everyone our userpanel if we are not restricted or tournament
        if not responseToken.restricted:
            glob.streams.broadcast("main", serverPackets.userPanel(userID))

        # Set reponse data to right value and reset our queue
        responseData = responseToken.queue
        responseToken.resetQueue()
    except exceptions.loginFailedException:
        # Login failed error packet
        # (we don't use enqueue because we don't have a token since login has failed)
        responseData += serverPackets.loginFailed()
    except exceptions.invalidArgumentsException:
        # Invalid POST data
        # (we don't use enqueue because we don't have a token since login has failed)
        responseData += serverPackets.loginFailed()
        responseData += serverPackets.notification(
            "I see what you're doing...")
    except exceptions.loginBannedException:
        # Login banned error packet
        responseData += serverPackets.loginBanned()
    except exceptions.loginLockedException:
        # Login banned error packet
        responseData += serverPackets.loginLocked()
    except exceptions.loginCheatClientsException:
        # Banned for logging in with cheats
        responseData += serverPackets.loginCheats()
    except exceptions.banchoMaintenanceException:
        # Bancho is in maintenance mode
        responseData = bytes()
        if responseToken is not None:
            responseData = responseToken.queue
        responseData += serverPackets.notification(
            "Our bancho server is in maintenance mode. Please try to login again later."
        )
        responseData += serverPackets.loginFailed()
    except exceptions.banchoRestartingException:
        # Bancho is restarting
        responseData += serverPackets.notification(
            "Bancho is restarting. Try again in a few minutes.")
        responseData += serverPackets.loginFailed()
    except exceptions.need2FAException:
        # User tried to log in from unknown IP
        responseData += serverPackets.needVerification()
    except exceptions.haxException:
        # Uh...
        responseData += serverPackets.notification("Your HWID is banned.")
        responseData += serverPackets.loginFailed()
    except exceptions.forceUpdateException:
        # This happens when you:
        # - Using older build than config set
        # - Using oldoldold client, we don't have client data. Force update.
        # (we don't use enqueue because we don't have a token since login has failed)
        responseData += serverPackets.forceUpdate()
    except:
        log.error("Unknown error!\n```\n{}\n{}```".format(
            sys.exc_info(), traceback.format_exc()))
    finally:
        # Console and discord log
        if len(loginData) < 3:
            log.info(
                "Invalid bancho login request from **{}** (insufficient POST data)"
                .format(requestIP), "bunker")

        # Return token string and data
        return responseTokenString, responseData
Example #9
0
def handle(tornadoRequest):
    country = userID = osuVersion = requestIP = ""
    atitude = longitude = 0
    clientData = []

    # Data to return
    responseToken = None
    responseTokenString = "ayy"
    responseData = bytes()

    def saveLoginRecord(status, note=""):
        userUtils.saveLoginRecord(userID,
                                  osuVersion,
                                  requestIP,
                                  status,
                                  countryHelper.getCountryLetters(country),
                                  latitude,
                                  longitude,
                                  clientData=clientData,
                                  note=note)

    # Get IP from tornado request
    requestIP = tornadoRequest.getRequestIP()

    # Avoid exceptions
    clientData = ["unknown", "unknown", "unknown", "unknown", "unknown"]
    osuVersion = "unknown"

    # Split POST body so we can get username/password/hardware data
    loginData = tornadoRequest.request.body.decode('utf-8')[:-1].split('\n')
    try:
        # Make sure loginData is valid
        if len(loginData) < 3:
            raise exceptions.invalidArgumentsException()

        # Get HWID, MAC address and more
        # Structure (new line = "|", already split)
        # [0] osu! version
        # [1] plain mac addressed, separated by "."
        # [2] mac addresses hash set
        # [3] unique ID
        # [4] disk ID
        splitData = loginData[2].split("|")
        osuVersion = splitData[0]
        osuVersionID = "".join(
            filter(str.isdigit, (osuVersion.split(".") or [""])[0])) or 0
        timeOffset = int(splitData[1])
        clientData = splitData[3].split(":")[:5]

        # old client?
        if len(clientData) < 4:
            raise exceptions.forceUpdateException()

        # self client?
        selfClient = len([
            i for i in glob.conf.config["client"]["buildnames"].replace(
                " ", "").split(",") if i and i in osuVersion
        ]) > 0

        # smaller than minversion: refuse login
        if selfClient and osuVersionID < glob.conf.config["client"][
                "minversion"]:
            raise exceptions.forceUpdateException()

        # Try to get the ID from username
        username = str(loginData[0])
        userID = userUtils.getID(username)

        if not userID:
            # Invalid username
            raise exceptions.loginFailedException()
        if not userUtils.checkLogin(userID, loginData[1]):
            # Invalid password
            raise exceptions.loginFailedException()

        # Make sure we are not banned or locked
        priv = userUtils.getPrivileges(userID)
        if userUtils.isBanned(
                userID) and priv & privileges.USER_PENDING_VERIFICATION == 0:
            raise exceptions.loginBannedException()
        if userUtils.isLocked(
                userID) and priv & privileges.USER_PENDING_VERIFICATION == 0:
            raise exceptions.loginLockedException()

        # 2FA check
        if userUtils.check2FA(userID, requestIP):
            log.warning("Need 2FA check for user {}".format(loginData[0]))
            raise exceptions.need2FAException()

        # No login errors!

        # Verify this user (if pending activation)
        firstLogin = False
        if priv & privileges.USER_PENDING_VERIFICATION > 0 or not userUtils.hasVerifiedHardware(
                userID):
            if userUtils.verifyUser(userID, clientData):
                # Valid account
                log.info("Account {} verified successfully!".format(userID))
                glob.verifiedCache[str(userID)] = 1
                firstLogin = True
            else:
                # Multiaccount detected
                log.info("Account {} NOT verified!".format(userID))
                glob.verifiedCache[str(userID)] = 0
                raise exceptions.loginBannedException()

        # Save HWID in db for multiaccount detection
        hwAllowed = userUtils.logHardware(userID, clientData, firstLogin)

        # This is false only if HWID is empty
        # if HWID is banned, we get restricted so there's no
        # need to deny bancho access
        if not hwAllowed:
            raise exceptions.haxException()

        # Log user IP
        userUtils.logIP(userID, requestIP)

        # Log user osuver
        kotrikhelper.setUserLastOsuVer(userID, osuVersion)
        log.info("User {}({}) login, client ver: {}, ip: {}".format(
            username, userID, osuVersion, requestIP))

        # Delete old tokens for that user and generate a new one
        isTournament = "tourney" in osuVersion
        if not isTournament:
            glob.tokens.deleteOldTokens(userID)
        responseToken = glob.tokens.addToken(userID,
                                             requestIP,
                                             timeOffset=timeOffset,
                                             tournament=isTournament)
        responseTokenString = responseToken.token

        # Check restricted mode (and eventually send message)
        responseToken.checkRestricted()

        # Send message if donor expires soon
        if responseToken.privileges & privileges.USER_DONOR > 0:
            responseToken.enqueue(serverPackets.notification("欢迎您,高贵的撒泼特"))
            #expireDate = userUtils.getDonorExpire(responseToken.userID)
            #if expireDate-int(time.time()) <= 86400*3:
            #    expireDays = round((expireDate-int(time.time()))/86400)
            #    expireIn = "{} days".format(expireDays) if expireDays > 1 else "less than 24 hours"
            #    responseToken.enqueue(serverPackets.notification("Your donor tag expires in {}! When your donor tag expires, you won't have any of the donor privileges, like yellow username, custom badge and discord custom role and username color! If you wish to keep supporting Ripple and you don't want to lose your donor privileges, you can donate again by clicking on 'Support us' on Ripple's website.".format(expireIn)))

        # Deprecate telegram 2fa and send alert
        if userUtils.deprecateTelegram2Fa(userID):
            responseToken.enqueue(
                serverPackets.notification(
                    "As stated on our blog, Telegram 2FA has been deprecated on 29th June 2018. Telegram 2FA has just been disabled from your account. If you want to keep your account secure with 2FA, please enable TOTP-based 2FA from our website https://ripple.moe. Thank you for your patience."
                ))

        # If the client version used is lower than stable, but still greater than minversion: tip
        if selfClient and osuVersionID < glob.conf.config["client"][
                "stableversion"]:
            responseToken.enqueue(
                serverPackets.notification(
                    "客户端有更新!请到osu!Kafuu官网:https://old.kafuu.pro 或 官方群(955377404)下载并使用最新客户端。\n不过您可以继续使用此客户端,直到它过期(可能很快)。所以请您最好尽快升级。"
                ))

        # Set silence end UNIX time in token
        responseToken.silenceEndTime = userUtils.getSilenceEnd(userID)

        # Get only silence remaining seconds
        silenceSeconds = responseToken.getSilenceSecondsLeft()

        # Get supporter/GMT
        userGMT = False
        if not userUtils.isRestricted(userID):
            userSupporter = True
        else:
            userSupporter = False
        userTournament = False
        if responseToken.admin:
            userGMT = True
        if responseToken.privileges & privileges.USER_TOURNAMENT_STAFF > 0:
            userTournament = True

        # Server restarting check
        if glob.restarting:
            raise exceptions.banchoRestartingException()

        # Send login notification before maintenance message
        loginNotification = glob.banchoConf.config["loginNotification"]

        #creating notification
        OnlineUsers = int(
            glob.redis.get("ripple:online_users").decode("utf-8"))
        Notif = "- Online Users: {}\n- {}".format(
            OnlineUsers, loginNotification
        )  # - {random.choice(glob.banchoConf.config['Quotes'])}
        responseToken.enqueue(serverPackets.notification(Notif))

        # Maintenance check
        if glob.banchoConf.config["banchoMaintenance"]:
            if not userGMT:
                # We are not mod/admin, delete token, send notification and logout
                glob.tokens.deleteToken(responseTokenString)
                raise exceptions.banchoMaintenanceException()
            else:
                # We are mod/admin, send warning notification and continue
                responseToken.enqueue(
                    serverPackets.notification(
                        "Bancho is in maintenance mode. Only mods/admins have full access to the server.\nType !system maintenance off in chat to turn off maintenance mode."
                    ))

        # BAN CUSTOM CHEAT CLIENTS
        # 0Ainu = First Ainu build
        # b20190326.2 = Ainu build 2 (MPGH PAGE 10)
        # b20190401.22f56c084ba339eefd9c7ca4335e246f80 = Ainu Aoba's Birthday Build
        # b20191223.3 = Unknown Ainu build? (Taken from most users osuver in cookiezi.pw)
        # b20190226.2 = hqOsu (hq-af)
        if True:
            # Ainu Client 2020 update
            if tornadoRequest.request.headers.get("ainu") == "happy":
                log.info(f"Account {userID} tried to use Ainu Client 2020!")
                if userUtils.isRestricted(userID):
                    responseToken.enqueue(
                        serverPackets.notification(
                            "Ainu client... Really? Welp enjoy your ban! -Realistik"
                        ))
                else:
                    glob.tokens.deleteToken(userID)
                    userUtils.restrict(userID)
                    raise exceptions.loginCheatClientsException()
            # Ainu Client 2019
            elif aobaHelper.getOsuVer(userID) in [
                    "0Ainu", "b20190326.2",
                    "b20190401.22f56c084ba339eefd9c7ca4335e246f80",
                    "b20191223.3"
            ]:
                log.info(f"Account {userID} tried to use Ainu Client!")
                if userUtils.isRestricted(userID):
                    responseToken.enqueue(
                        serverPackets.notification(
                            "Ainu client... Really? Welp enjoy your ban! -Realistik"
                        ))
                else:
                    glob.tokens.deleteToken(userID)
                    userUtils.restrict(userID)
                    raise exceptions.loginCheatClientsException()
            # hqOsu
            elif aobaHelper.getOsuVer(userID) == "b20190226.2":
                log.info(f"Account {userID} tried to use hqOsu!")
                if userUtils.isRestricted(userID):
                    responseToken.enqueue(
                        serverPackets.notification(
                            "Trying to use hqOsu in here? Well... No, sorry. We don't allow cheats here. Go play on Aminosu."
                        ))
                else:
                    glob.tokens.deleteToken(userID)
                    userUtils.restrict(userID)
                    raise exceptions.loginCheatClientsException()

            #hqosu legacy
            elif aobaHelper.getOsuVer(userID) == "b20190716.5":
                log.info(f"Account {userID} tried to use hqOsu legacy!")
                if userUtils.isRestricted(userID):
                    responseToken.enqueue(
                        serverPackets.notification(
                            "Trying to play with HQOsu Legacy? Cute..."))
                else:
                    glob.tokens.deleteToken(userID)
                    userUtils.restrict(userID)
                    raise exceptions.loginCheatClientsException()

        # Send all needed login packets
        responseToken.enqueue(serverPackets.silenceEndTime(silenceSeconds))
        responseToken.enqueue(serverPackets.userID(userID))
        responseToken.enqueue(serverPackets.protocolVersion())
        responseToken.enqueue(
            serverPackets.userSupporterGMT(userSupporter, userGMT,
                                           userTournament))
        responseToken.enqueue(serverPackets.userPanel(userID, True))
        responseToken.enqueue(serverPackets.userStats(userID, True))

        # Channel info end (before starting!?! wtf bancho?)
        responseToken.enqueue(serverPackets.channelInfoEnd())
        # Default opened channels
        # TODO: Configurable default channels
        chat.joinChannel(token=responseToken, channel="#osu")
        chat.joinChannel(token=responseToken, channel="#announce")

        # Join admin channel if we are an admin
        if responseToken.admin:
            chat.joinChannel(token=responseToken, channel="#admin")

        # Output channels info
        for key, value in glob.channels.channels.items():
            if value.publicRead and not value.hidden:
                responseToken.enqueue(serverPackets.channelInfo(key))

        # Send friends list
        responseToken.enqueue(serverPackets.friendList(userID))

        # Send main menu icon
        if glob.banchoConf.config["menuIcon"] != "":
            responseToken.enqueue(
                serverPackets.mainMenuIcon(glob.banchoConf.config["menuIcon"]))

        # Send online users' panels
        with glob.tokens:
            for _, token in glob.tokens.tokens.items():
                if not token.restricted:
                    responseToken.enqueue(serverPackets.userPanel(
                        token.userID))

        # Get location and country from ip.zxq.co or database
        if glob.localize:
            # Get location and country from IP
            latitude, longitude = locationHelper.getLocation(requestIP)
            countryLetters = locationHelper.getCountry(requestIP)
            country = countryHelper.getCountryID(countryLetters)
        else:
            # Set location to 0,0 and get country from db
            log.warning("Location skipped")
            countryLetters = "XX"
            country = countryHelper.getCountryID(userUtils.getCountry(userID))

        saveLoginRecord("success")

        # Set location and country
        responseToken.setLocation(latitude, longitude)
        responseToken.country = country

        # Set country in db if user has no country (first bancho login)
        if userUtils.getCountry(userID) == "XX":
            userUtils.setCountry(userID, countryLetters)

        # Send to everyone our userpanel if we are not restricted or tournament
        if not responseToken.restricted:
            glob.streams.broadcast("main", serverPackets.userPanel(userID))

        # Set reponse data to right value and reset our queue
        responseData = responseToken.queue
        responseToken.resetQueue()
    except exceptions.loginFailedException:
        # Login failed error packet
        # (we don't use enqueue because we don't have a token since login has failed)
        responseData += serverPackets.loginFailed()
        saveLoginRecord("failed", note="Error packet")
    except exceptions.invalidArgumentsException:
        # Invalid POST data
        # (we don't use enqueue because we don't have a token since login has failed)
        responseData += serverPackets.loginFailed()
        responseData += serverPackets.notification(
            "I see what you're doing...")
        saveLoginRecord("failed", note="Invalid POST data")
    except exceptions.loginBannedException:
        # Login banned error packet
        responseData += serverPackets.loginBanned()
        saveLoginRecord("failed", note="Banned")
    except exceptions.loginLockedException:
        # Login banned error packet
        responseData += serverPackets.loginLocked()
        saveLoginRecord("failed", note="Locked")
    except exceptions.loginCheatClientsException:
        # Banned for logging in with cheats
        responseData += serverPackets.loginCheats()
        saveLoginRecord("failed", note="Logging with cheats")
    except exceptions.banchoMaintenanceException:
        # Bancho is in maintenance mode
        responseData = bytes()
        if responseToken != None:
            responseData = responseToken.queue
        responseData += serverPackets.notification(
            "Our bancho server is in maintenance mode. Please try to login again later."
        )
        responseData += serverPackets.loginFailed()
        saveLoginRecord("failed", note="Bancho is in maintenance mode")
    except exceptions.banchoRestartingException:
        # Bancho is restarting
        responseData += serverPackets.notification(
            "Bancho is restarting. Try again in a few minutes.")
        responseData += serverPackets.loginFailed()
        saveLoginRecord("failed", note="Bancho is restarting")
    except exceptions.need2FAException:
        # User tried to log in from unknown IP
        responseData += serverPackets.needVerification()
        saveLoginRecord("failed", note="Need 2FA")
    except exceptions.forceUpdateException:
        # Using oldoldold client, we don't have client data. Force update.
        # (we don't use enqueue because we don't have a token since login has failed)
        # responseData += serverPackets.forceUpdate()
        responseData += serverPackets.notification(
            "您当前所使用的客户端({})太旧了,请到osu!Kafuu官网:https://old.kafuu.pro 或 官方群(955377404)下载并使用最新客户端登录。"
            .format(osuVersion))
        saveLoginRecord("failed", note="Too old client: {}".format(osuVersion))
    except exceptions.haxException:
        responseData += serverPackets.notification("what")
        responseData += serverPackets.loginFailed()
        saveLoginRecord("failed", note="Not HWinfo")
    except:
        log.error("Unknown error!\n```\n{}\n{}```".format(
            sys.exc_info(), traceback.format_exc()))
        saveLoginRecord("failed", note="unknown error")
    finally:
        # Console and discord log
        if len(loginData) < 3:
            log.info(
                "Invalid bancho login request from **{}** (insufficient POST data)"
                .format(requestIP), "bunker")
            saveLoginRecord("failed", note="insufficient POST data")

        # Return token string and data
        print(responseData)
        return responseTokenString, responseData
Example #10
0
def bake(submit, score):
    try:
        if not initialized_eggs:
            init_eggs()

        if not score.passed:
            return

        detected = []
        flags = 0

        if "osuver" in submit.request.arguments:
            aeskey = "osu!-scoreburgr---------{}".format(
                submit.get_argument("osuver"))
        else:
            aeskey = "h89f2-890h2h89b34g-h80g134n90133"
        iv = submit.get_argument("iv")

        score_data = aeshelper.decryptRinjdael(aeskey, iv,
                                               submit.get_argument("score"),
                                               True).split(":")
        username = score_data[1].strip()

        user_id = userUtils.getID(username)
        restricted = userUtils.isRestricted(user_id)

        if restricted == True or user_id == 0:  #We dont care about this since this person is already taken care off
            return

        flags = score_data[17].count(' ')

        try:
            pl = aeshelper.decryptRinjdael(aeskey, iv,
                                           submit.get_argument("pl"),
                                           True).split("\r\n")
        except:
            #nice formatting github :upside_down:
            eat(score, {}, detected, flags)
            return

        pl = sell(pl)

        #I dont really like chocolate that much >.<
        for p in pl:
            for t in sugar.keys():
                if p[t] is None:
                    continue

                for speed in sugar[t]:
                    if speed in detected:
                        continue

                    if speed["is_regex"]:
                        if "regex" not in speed:  #Some weird bug where it unsets itself
                            speed["regex"] = re.compile(speed["value"])

                        if speed["regex"].search(p[t]) != None:
                            detected.append(speed)
                    else:
                        if speed["value"] == p[t]:
                            detected.append(speed)

        eat(score, pl, detected, flags)
    except:
        police.call(traceback.format_exc(), discord_m=True)
        police.call("Oh no! The cake is on fire! Abort!")
Example #11
0
    def __init__(self,
                 userID,
                 token_=None,
                 ip="",
                 irc=False,
                 timeOffset=0,
                 tournament=False,
                 ignoreDM=False):
        """
		Create a token object and set userID and token

		:param userID: user associated to this token
		:param token_: 	if passed, set token to that value
						if not passed, token will be generated
		:param ip: client ip. optional.
		:param irc: if True, set this token as IRC client. Default: False.
		:param timeOffset: the time offset from UTC for this user. Default: 0.
		:param tournament: if True, flag this client as a tournement client. Default: True.
		"""
        # Set stuff
        self.userID = userID
        self.username = userUtils.getUsername(self.userID)
        self.safeUsername = userUtils.getSafeUsername(self.userID)
        self.privileges = userUtils.getPrivileges(self.userID)
        self.admin = userUtils.isInPrivilegeGroup(self.userID, "Developer")\
            or userUtils.isInPrivilegeGroup(self.userID, "Community Manager")\
            or userUtils.isInPrivilegeGroup(self.userID, "Chat Moderators")
        self.irc = irc
        self.kicked = False
        self.restricted = userUtils.isRestricted(self.userID)
        self.loginTime = int(time.time())
        self.pingTime = self.loginTime
        self.timeOffset = timeOffset
        self.streams = []
        self.tournament = tournament
        self.messagesBuffer = []

        # Default variables
        self.spectators = []

        # TODO: Move those two vars to a class
        self.spectating = None
        self.spectatingUserID = 0  # we need this in case we the host gets DCed

        self.location = [0, 0]
        self.joinedChannels = []
        self.ip = ip
        self.country = 0
        self.location = [0, 0]
        self.awayMessage = ""
        self.sentAway = []
        self.matchID = -1
        self.tillerino = [0, 0, -1.0]  # beatmap, mods, acc
        self.silenceEndTime = 0
        self.queue = bytes()

        # Spam protection
        self.spamRate = 0

        # Stats cache
        def check_hax_initial():
            stmt = [
                "SELECT initial_status_type as aid, initial_status_text as atxt",
                "FROM bancho_status_hax", "WHERE user_id = %s AND NOT",
                "(initial_status_type IS NULL OR initial_status_text IS NULL OR length(initial_status_text) < 1)"
            ]
            result = glob.db.fetch(" ".join(stmt), [userID])
            if result is None:
                self.actionID, self.actionText = actions.IDLE, ""
            else:
                self.actionID, self.actionText = result['aid'], result['atxt']
            pass

        check_hax_initial()
        self.actionMd5 = ""
        self.actionMods = 0
        self.gameMode = gameModes.STD
        self.beatmapID = 0
        self.rankedScore = 0
        self.accuracy = 0.0
        self.playcount = 0
        self.totalScore = 0
        self.gameRank = 0

        self.noticeFlags = []

        self.pp = 0
        self._ignoreDM = ignoreDM

        self.specialMode = 0

        # Generate/set token
        if token_ is not None:
            self.token = token_
        else:
            self.token = str(uuid.uuid4())

        # Locks
        self.processingLock = threading.Lock(
        )  # Acquired while there's an incoming packet from this user
        self._bufferLock = threading.Lock(
        )  # Acquired while writing to packets buffer
        self._spectLock = threading.RLock()

        # Set stats
        self.updateCachedStats()

        # If we have a valid ip, save bancho session in DB so we can cache LETS logins
        if ip != "":
            userUtils.saveBanchoSession(self.userID, self.ip)

        # Join main stream
        self.joinStream("main")
Example #12
0
def handle(tornadoRequest):
    # Data to return
    responseToken = None
    responseTokenString = "ayy"
    responseData = bytes()

    # Get IP from tornado request
    requestIP = tornadoRequest.getRequestIP()

    # Avoid exceptions
    clientData = ["unknown", "unknown", "unknown", "unknown", "unknown"]
    osuVersion = "unknown"

    # Split POST body so we can get username/password/hardware data
    # 2:-3 thing is because requestData has some escape stuff that we don't need
    loginData = str(tornadoRequest.request.body)[2:-3].split("\\n")
    try:
        # Make sure loginData is valid
        if len(loginData) < 3:
            raise exceptions.invalidArgumentsException()

        # Get HWID, MAC address and more
        # Structure (new line = "|", already split)
        # [0] osu! version
        # [1] plain mac addressed, separated by "."
        # [2] mac addresses hash set
        # [3] unique ID
        # [4] disk ID
        splitData = loginData[2].split("|")
        osuVersion = splitData[0]
        timeOffset = int(splitData[1])
        clientData = splitData[3].split(":")[:5]
        if len(clientData) < 4:
            raise exceptions.forceUpdateException()
        if len(splitData) > 4:
            ignoreDM = bool(int(splitData[4]))
        else:
            ignoreDM = False

        # Try to get the ID from username
        username = str(loginData[0])
        userID = userUtils.getID(username)

        if not userID:
            # Invalid username
            raise exceptions.loginFailedException()
        if not userUtils.checkLogin(userID, loginData[1]):
            # Invalid password
            raise exceptions.loginFailedException()
        if not eligible.tryLogin(userID):
            raise exceptions.loginFailedException()

        # Make sure we are not banned or locked
        priv = userUtils.getPrivileges(userID)
        if userUtils.isBanned(userID) and not (
                priv & privileges.USER_PENDING_VERIFICATION):
            raise exceptions.loginBannedException()
        if userUtils.isLocked(userID) and not (
                priv & privileges.USER_PENDING_VERIFICATION):
            raise exceptions.loginLockedException()

        # 2FA check
        if userUtils.check2FA(userID, requestIP):
            log.warning("Need 2FA check for user {}".format(loginData[0]))
            raise exceptions.need2FAException()

        # No login errors!

        # Verify this user (if pending activation)
        firstLogin = False
        if priv & privileges.USER_PENDING_VERIFICATION or not userUtils.hasVerifiedHardware(
                userID):
            if userUtils.verifyUser(userID, clientData):
                # Valid account
                log.info("Account ID {} verified successfully!".format(userID))
                glob.verifiedCache[str(userID)] = 1
                firstLogin = True
            else:
                # Multiaccount detected
                log.info("Account ID {} NOT verified!".format(userID))
                glob.verifiedCache[str(userID)] = 0
                raise exceptions.loginBannedException()

        # Save HWID in db for multiaccount detection
        hwAllowed = userUtils.logHardware(userID, clientData, firstLogin)

        # This is false only if HWID is empty
        # if HWID is banned, we get restricted so there's no
        # need to deny bancho access

        if not hwAllowed:
            raise exceptions.haxException()

        # Log user IP
        userUtils.logIP(userID, requestIP)

        # Log user osuver
        kotrikhelper.setUserLastOsuVer(userID, osuVersion)

        # Delete old tokens for that user and generate a new one
        isTournament = "tourney" in osuVersion
        if not isTournament:
            glob.tokens.deleteOldTokens(userID)
        responseToken = glob.tokens.addToken(userID,
                                             requestIP,
                                             timeOffset=timeOffset,
                                             tournament=isTournament,
                                             ignoreDM=ignoreDM)
        responseTokenString = responseToken.token

        # Check restricted mode (and eventually send message)
        responseToken.checkRestricted()

        # Send message if donor expires soon
        # Silence the noise for perma-donor mode.
        if (not responseToken.privileges & privileges.ADMIN_MANAGE_BEATMAPS
            ) and responseToken.privileges & privileges.USER_DONOR:
            expireDate = userUtils.getDonorExpire(responseToken.userID)
            if expireDate - int(time.time()) <= 86400 * 3:
                expireDays = round((expireDate - int(time.time())) / 86400)
                expireIn = "{} days".format(
                    expireDays) if expireDays > 1 else "less than 24 hours"
                responseToken.enqueue(
                    serverPackets.notification(
                        "Your donor tag expires in {}! When your donor tag expires, you won't have any of the donor privileges, like yellow username, custom badge and discord custom role and username color! If you wish to keep supporting Datenshi and you don't want to lose your donor privileges, you can donate again by clicking on 'Support us' on Datenshi's website."
                        .format(expireIn)))

        # Deprecate telegram 2fa and send alert
        if userUtils.deprecateTelegram2Fa(userID):
            responseToken.enqueue(
                serverPackets.notification(
                    "As stated on our blog, Telegram 2FA has been deprecated on 29th June 2018. Telegram 2FA has just been disabled from your account. If you want to keep your account secure with 2FA, please enable TOTP-based 2FA from our website https://ripple.moe. Thank you for your patience."
                ))

        # Set silence end UNIX time in token
        responseToken.silenceEndTime = userUtils.getSilenceEnd(userID)

        # Get only silence remaining seconds
        silenceSeconds = responseToken.getSilenceSecondsLeft()

        # Get supporter/GMT
        userGMT = False
        if not userUtils.isRestricted(userID):
            userSupporter = True
        else:
            userSupporter = False
        userTournament = False
        if responseToken.admin:
            userGMT = True
        if responseToken.privileges & privileges.USER_TOURNAMENT_STAFF:
            userTournament = True

        # Server restarting check
        if glob.restarting:
            raise exceptions.banchoRestartingException()

        def lildemon_list_over_pp():
            a = 'VANILLA RELAX'.split()
            b = 'std taiko ctb mania'.split()
            c = []
            for d in range(len(a)):
                m = [userUtils.getUserStats, userUtils.getUserStatsRx][d]
                for e in range(len(b)):
                    j = userUtils.noPPLimit(userID, e, d)
                    if d == 1 and e == 3:
                        continue
                    f, g, h, i = userUtils.obtainPPLimit(userID,
                                                         e,
                                                         relax=(d == 1),
                                                         modded=False)
                    k = j & 2
                    l = m(userID, e)
                    if l['pp'] >= i and not k:
                        c.append((a[d], b[e], l['pp'], i))
            return c

        # Little demon
        lildemon_overpp = lildemon_list_over_pp()
        if lildemon_overpp:
            responseToken.enqueue(
                serverPackets.notification(
                    "Hi fellow little demon! Did you forgot to submit yourself to the guild? I'm afraid you may not be able to advance with it."
                ))
            responseToken.enqueue(
                serverPackets.notification(
                    "To consider further little demon training, here I jotted down some of your achievements!\n\n{}"
                    .format("\n".join("{}:{} {:d}/{:d}".format(*ldop)
                                      for ldop in lildemon_overpp))))

        # Send login notification before maintenance message
        if glob.banchoConf.config["loginNotification"] != "":
            responseToken.enqueue(
                serverPackets.notification(
                    glob.banchoConf.config["loginNotification"]))

        # Maintenance check
        if glob.banchoConf.config["banchoMaintenance"]:
            if not userGMT:
                # We are not mod/admin, delete token, send notification and logout
                glob.tokens.deleteToken(responseTokenString)
                raise exceptions.banchoMaintenanceException()
            else:
                # We are mod/admin, send warning notification and continue
                responseToken.enqueue(
                    serverPackets.notification(
                        "Bancho is in maintenance mode. Only mods/admins have full access to the server.\nType !system maintenance off in chat to turn off maintenance mode."
                    ))

        # BAN CUSTOM CHEAT CLIENTS
        # 0Ainu = First Ainu build
        # b20190326.2 = Ainu build 2 (MPGH PAGE 10)
        # b20190401.22f56c084ba339eefd9c7ca4335e246f80 = Ainu Aoba's Birthday Build
        # b20191223.3 = Unknown Ainu build? (Taken from most users osuver in cookiezi.pw)
        # b20190226.2 = hqOsu (hq-af)
        def anticheat_boot(clientName, banNotif):
            log.info("Account ID {} tried to use {}!".format(
                userID, clientName))

            def webhook_time(restrict=False):
                webhook = aobaHelper.Webhook(
                    glob.conf.config["discord"]["anticheat"],
                    color=0xadd8e6,
                    footer="Man... this is worst player. [ Login Gate AC ]")
                webhook.set_title(
                    title="Catched some cheater Account ID {}".format(userID))
                if restrict:
                    webhook.set_desc(
                        f' tried to use {clientName} and got restricted!')
                else:
                    webhook.set_desc(f' tried to use {clientName}!')
                log.info("Sent to webhook {} DONE!!".format(
                    glob.conf.config["discord"]["enable"]))
                webhook.post()

            if responseToken.admin:
                responseToken.enqueue(
                    serverPackets.notification(
                        "Kamu ngapain pake {}? stress.".format(clientName)))
            elif userUtils.isRestricted(userID):
                responseToken.enqueue(serverPackets.notification(banNotif))
                #if glob.conf.config["discord"]["enable"] == True:
                webhook_time()
            else:
                glob.tokens.deleteToken(userID)
                userUtils.restrict(userID)
                #if glob.conf.config["discord"]["enable"] == True:
                webhook_time(restrict=True)
                raise exceptions.loginCheatClientsException()
            pass

        if glob.conf.extra["mode"]["anticheat"]:
            # Ainu Client 2020 update
            if tornadoRequest.request.headers.get("ainu") == "happy":
                anticheat_boot(
                    'Ainu Client 2020',
                    "You're banned because you're currently using Ainu Client... Happy New Year 2020 and Enjoy your restriction :)"
                )

            # Ainu Client 2019
            elif aobaHelper.getOsuVer(userID) in [
                    "0Ainu", "b20190326.2",
                    "b20190401.22f56c084ba339eefd9c7ca4335e246f80",
                    "b20191223.3"
            ]:
                anticheat_boot(
                    'Ainu Client',
                    "You're banned because you're currently using Ainu Client. Enjoy your restriction :)"
                )

            # hqOsu
            elif aobaHelper.getOsuVer(userID) == "b20190226.2":
                anticheat_boot(
                    'hqOsu',
                    "Trying to use hqOsu in here? Well... No, sorry. We don't allow cheats here. Go play https://cookiezi.pw or others cheat server."
                )

        # Send all needed login packets
        responseToken.enqueue(serverPackets.silenceEndTime(silenceSeconds))
        responseToken.enqueue(serverPackets.userID(userID))
        responseToken.enqueue(serverPackets.protocolVersion())
        responseToken.enqueue(
            serverPackets.userSupporterGMT(userSupporter, userGMT,
                                           userTournament))
        responseToken.enqueue(serverPackets.userPanel(userID, True))
        responseToken.enqueue(serverPackets.userStats(userID, True))

        # Channel info end (before starting!?! wtf bancho?)
        responseToken.enqueue(serverPackets.channelInfoEnd())
        # Default opened channels
        if True:
            for channelAutoJoin in glob.db.fetchAll(
                    'SELECT bcc.privilege_bit AS pb, bc.name AS cn FROM bancho_client_channels as bcc JOIN bancho_channels AS bc ON bcc.channel_id = bc.id'
            ):
                if responseToken.admin or responseToken.privileges & (
                        1 << channelAutoJoin['pb']):
                    chat.joinChannel(token=responseToken,
                                     channel=channelAutoJoin['cn'])
        else:
            chat.joinChannel(token=responseToken, channel="#osu")
            chat.joinChannel(token=responseToken, channel="#announce")
            chat.joinChannel(token=responseToken, channel="#ranked-now")

            # Join admin channel if we are an admin
            if responseToken.admin or responseToken.privileges & privileges.ADMIN_MANAGE_BEATMAPS:
                chat.joinChannel(token=responseToken, channel="#admin")

        # Output channels info
        for key, value in glob.channels.channels.items():
            if responseToken.admin or (value.publicRead and not value.hidden):
                responseToken.enqueue(serverPackets.channelInfo(key))

        # Send friends list
        responseToken.enqueue(serverPackets.friendList(userID))

        # Send main menu icon
        if glob.banchoConf.config["menuIcon"] != "":
            responseToken.enqueue(
                serverPackets.mainMenuIcon(glob.banchoConf.config["menuIcon"]))

        # Send online users' panels
        with glob.tokens:
            for _, token in glob.tokens.tokens.items():
                if not token.restricted:
                    responseToken.enqueue(serverPackets.userPanel(
                        token.userID))

        # Get location and country from ip.zxq.co or database
        if glob.localize:
            # Get location and country from IP
            latitude, longitude = locationHelper.getLocation(requestIP)
            countryLetters = locationHelper.getCountry(requestIP)
            country = countryHelper.getCountryID(countryLetters)
        else:
            # Set location to 0,0 and get country from db
            log.warning("Location skipped")
            latitude = 0
            longitude = 0
            countryLetters = "XX"
            country = countryHelper.getCountryID(userUtils.getCountry(userID))

        # Set location and country
        responseToken.setLocation(latitude, longitude)
        responseToken.country = country

        # Set country in db if user has no country (first bancho login)
        if userUtils.getCountry(userID) == "XX":
            userUtils.setCountry(userID, countryLetters)

        # Send to everyone our userpanel if we are not restricted or tournament
        if not responseToken.restricted:
            glob.streams.broadcast("main", serverPackets.userPanel(userID))

        # Set reponse data to right value and reset our queue
        responseData = responseToken.queue
        responseToken.resetQueue()
    except exceptions.loginFailedException:
        # Login failed error packet
        # (we don't use enqueue because we don't have a token since login has failed)
        responseData += serverPackets.loginFailed()
    except exceptions.invalidArgumentsException:
        # Invalid POST data
        # (we don't use enqueue because we don't have a token since login has failed)
        responseData += serverPackets.loginFailed()
        responseData += serverPackets.notification(
            "I see what you're doing...")
    except exceptions.loginBannedException:
        # Login banned error packet
        responseData += serverPackets.loginBanned()
    except exceptions.loginLockedException:
        # Login banned error packet
        responseData += serverPackets.loginLocked()
    except exceptions.loginCheatClientsException:
        # Banned for logging in with cheats
        responseData += serverPackets.loginCheats()
    except exceptions.banchoMaintenanceException:
        # Bancho is in maintenance mode
        responseData = bytes()
        if responseToken is not None:
            responseData = responseToken.queue
        responseData += serverPackets.notification(
            "Our bancho server is in maintenance mode. Please try to login again later."
        )
        responseData += serverPackets.loginFailed()
    except exceptions.banchoRestartingException:
        # Bancho is restarting
        responseData += serverPackets.notification(
            "Bancho is restarting. Try again in a few minutes.")
        responseData += serverPackets.loginFailed()
    except exceptions.need2FAException:
        # User tried to log in from unknown IP
        responseData += serverPackets.needVerification()
    except exceptions.haxException:
        # Using oldoldold client, we don't have client data. Force update.
        # (we don't use enqueue because we don't have a token since login has failed)
        responseData += serverPackets.forceUpdate()
        responseData += serverPackets.notification(
            "Hory shitto, your client is TOO old! Nice prehistory! Please update the client from settings!"
        )
    except:
        log.error("Unknown error!\n```\n{}\n{}```".format(
            sys.exc_info(), traceback.format_exc()))
    finally:
        # Console and discord log
        if len(loginData) < 3:
            log.info(
                "Invalid bancho login request from **{}** (insufficient POST data)"
                .format(requestIP), "bunker")

        # Return token string and data
        return responseTokenString, responseData