SketchyMaze/doodle
SketchyMaze/doodle
1
0
Fork 0
Code Issues 41 Pull Requests 1 Releases Wiki Activity
c4456ac51b
doodle/cmd/doodle-admin/command/verify_level.go

74 lines
1.8 KiB
Go
Raw Normal View History

Signed Levels and Levelpacks Add the ability for the free version of the game to allow loading levels that use embedded custom doodads if those levels are signed. * Uses the same signing keys as the JWT token for license registrations. * Levels and Levelpacks can both be signed. So individual levels with embedded doodads can work in free versions of the game. * Levelpacks now support embedded doodads properly: the individual levels in the pack don't need to embed a custom doodad, but if the doodad exists in the levelpack's doodads/ folder it will load from there instead - for full versions of the game OR when the levelpack is signed. Signatures are computed by getting a listing of embedded assets inside the zipfile (the assets/ folder in levels, and the doodads/ + levels/ folders in levelpacks). Thus for individual signed levels, the level geometry and metadata may be changed without breaking the signature but if custom doodads are changed the signature will break. The doodle-admin command adds subcommands to `sign-level` and `verify-level` to manage signatures on levels and levelpacks. When using the `doodad levelpack create` command, any custom doodads the levels mention that are found in your profile directory get embedded into the zipfile by default (with --doodads custom).
2023-02-19 01:37:54 +00:00
package command
import (
"strings"
"git.kirsle.net/SketchyMaze/doodle/pkg/level"
"git.kirsle.net/SketchyMaze/doodle/pkg/levelpack"
"git.kirsle.net/SketchyMaze/doodle/pkg/log"
Resolve circular import errors for Doodle++ plugin * pkg/plus/dpp is the main plugin bridge, and defines nothing but an interface that defines the Doodle++ surface area (referring to internal game types such as doodad.Doodad or level.Level), but not their implementations. * dpp.Driver (an interface) is the main API that other parts of the game will call, for example "dpp.Driver.IsLevelSigned()" * plus_dpp.go and plus_foss.go provide the dpp.Driver implementation for their build; with plus_dpp.go generally forwarding function calls directly to the proprietary dpp package and plus_foss.go generally returning false/errors. * The bootstrap package simply assigns the above stub function to dpp.Driver * pkg/plus/bootstrap is a package directly imported by main (in the doodle and doodad programs) and it works around circular dependency issues: this package simply assigns dpp.Driver to the DPP or FOSS version. Miscellaneous fixes: * File->Open in the editor and PlayScene will use the new Open Level window instead of loading the legacy GotoLoadMenu scene. * Deprecated legacy scenes: d.GotoLoadMenu() and d.GotoPlayMenu(). * The doodle-admin program depends on the private dpp package, so can not be compiled in FOSS mode.
2024-04-19 05:12:56 +00:00
"git.kirsle.net/SketchyMaze/dpp/license"
"git.kirsle.net/SketchyMaze/dpp/license/levelsigning"
Signed Levels and Levelpacks Add the ability for the free version of the game to allow loading levels that use embedded custom doodads if those levels are signed. * Uses the same signing keys as the JWT token for license registrations. * Levels and Levelpacks can both be signed. So individual levels with embedded doodads can work in free versions of the game. * Levelpacks now support embedded doodads properly: the individual levels in the pack don't need to embed a custom doodad, but if the doodad exists in the levelpack's doodads/ folder it will load from there instead - for full versions of the game OR when the levelpack is signed. Signatures are computed by getting a listing of embedded assets inside the zipfile (the assets/ folder in levels, and the doodads/ + levels/ folders in levelpacks). Thus for individual signed levels, the level geometry and metadata may be changed without breaking the signature but if custom doodads are changed the signature will break. The doodle-admin command adds subcommands to `sign-level` and `verify-level` to manage signatures on levels and levelpacks. When using the `doodad levelpack create` command, any custom doodads the levels mention that are found in your profile directory get embedded into the zipfile by default (with --doodads custom).
2023-02-19 01:37:54 +00:00
"github.com/urfave/cli/v2"
)
// VerifyLevel a license key for Sketchy Maze.
var VerifyLevel *cli.Command
func init() {
VerifyLevel = &cli.Command{
Name: "verify-level",
Usage: "check the signature on a level or levelpack file.",
Flags: []cli.Flag{
&cli.StringFlag{
Name: "key",
Aliases: []string{"k"},
Usage: "Public key .pem file that signed the level",
Required: true,
},
&cli.StringFlag{
Name: "filename",
Aliases: []string{"f"},
Usage: "File name of the .level or .levelpack",
Required: true,
},
},
Action: func(c *cli.Context) error {
key, err := license.AdminLoadPublicKey(c.String("key"))
if err != nil {
return cli.Exit(err.Error(), 1)
}
filename := c.String("filename")
if strings.HasSuffix(filename, ".level") {
lvl, err := level.LoadJSON(filename)
if err != nil {
return cli.Exit(err.Error(), 1)
}
// Verify it.
if ok := levelsigning.VerifyLevel(key, lvl); !ok {
log.Error("Signature is not valid!")
return cli.Exit("", 1)
} else {
log.Info("Level signature is OK!")
}
} else if strings.HasSuffix(filename, ".levelpack") {
lp, err := levelpack.LoadFile(filename)
if err != nil {
return cli.Exit(err.Error(), 1)
}
// Verify it.
if ok := levelsigning.VerifyLevelPack(key, lp); !ok {
log.Error("Signature is not valid!")
return cli.Exit("", 1)
} else {
log.Info("Levelpack signature is OK!")
}
}
return nil
},
}
}
Reference in New Issue Copy Permalink