From 7f9323c72f97caf496bb4f7c743b6371fd3d4ab7 Mon Sep 17 00:00:00 2001
From: "Jill \"oatmealine\" Monoids" <oatmealine@disroot.org>
Date: Mon, 2 Jan 2023 19:07:33 +0300
Subject: [PATCH] cache gjp checks for performance; switch everything to
 Accounts.auth

---
 src/endpoints/levels/levelScores.cr |  4 ++--
 src/lib/accounts.cr                 | 22 ++++++++++++++++++++--
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/src/endpoints/levels/levelScores.cr b/src/endpoints/levels/levelScores.cr
index a7ad7e7..ec5b2b8 100644
--- a/src/endpoints/levels/levelScores.cr
+++ b/src/endpoints/levels/levelScores.cr
@@ -6,8 +6,8 @@ CrystalGauntlet.endpoints["/getGJLevelScores211.php"] = ->(body : String): Strin
   params = URI::Params.parse(body)
   LOG.debug { params.inspect }
 
-  account_id = Accounts.get_account_id_from_params(params)
-  if !account_id || !Accounts.verify_gjp(account_id, params["gjp"])
+  user_id, account_id = Accounts.auth(params)
+  if !(user_id && account_id)
     return "-1"
   end
 
diff --git a/src/lib/accounts.cr b/src/lib/accounts.cr
index 0544424..6028e27 100644
--- a/src/lib/accounts.cr
+++ b/src/lib/accounts.cr
@@ -6,15 +6,16 @@ include CrystalGauntlet
 module CrystalGauntlet::Accounts
   extend self
 
+  # DOESN'T VERIFY PASSWORD
   def get_account_id_from_params(params : URI::Params) : Int32 | Nil
     if params["accountID"]? && params["accountID"]? != "0"
-      # todo: validate password
       params["accountID"].to_i32
     else
       nil
     end
   end
 
+  # DOESN'T VERIFY PASSWORD
   def get_ext_id_from_params(params : URI::Params) : Int32 | Nil
     if params.has_key?("udid") && params["udid"] != ""
       params["udid"].to_i32?
@@ -23,10 +24,23 @@ module CrystalGauntlet::Accounts
     end
   end
 
+  # todo: clean this periodically
+  AUTH_CACHE = Hash(Tuple(String | Nil, String | Nil, String | Nil), Tuple(Int32, Int32) | Tuple(Nil, Nil)).new
+
   # returns userid, accountid
   def auth(params : URI::Params) : (Tuple(Int32, Int32) | Tuple(Nil, Nil))
+    gjp = params["gjp"]?
+    udid = params["udid"]?
+    account_id = params["account_id"]?
+
+    if AUTH_CACHE[{gjp, udid, account_id}]?
+      LOG.debug {"#{account_id || udid || "???"}: gjp cache hit"}
+      return AUTH_CACHE[{gjp, udid, account_id}]
+    end
+    LOG.debug {"#{account_id || udid || "???"}: gjp cache miss"}
+
     ext_id = Accounts.get_ext_id_from_params(params)
-    if !ext_id || !Accounts.verify_gjp(ext_id.to_i, params["gjp"])
+    if !ext_id || !Accounts.verify_gjp(ext_id.to_i, gjp || "")
       return nil, nil
     end
     user_id = Accounts.get_user_id(ext_id)
@@ -34,6 +48,7 @@ module CrystalGauntlet::Accounts
       return nil, nil
     end
 
+    AUTH_CACHE[{gjp, udid, account_id}] = {user_id, ext_id.to_i}
     return user_id, ext_id.to_i
   end
 
@@ -48,6 +63,9 @@ module CrystalGauntlet::Accounts
   end
 
   def verify_gjp(account_id : Int32, gjp : String) : Bool
+    if gjp == ""
+      return false
+    end
     hash = DATABASE.scalar("select password from accounts where id = ?", account_id).as(String)
     bcrypt = Crypto::Bcrypt::Password.new(hash)
     bcrypt.verify(GJP.decrypt(gjp))