Merge pull request #5 from PretendoNetwork/modernize

Modernize

.gitignore

@@ -1,18 +1,28 @@
+# If you prefer the allow list template instead of the deny list, see community template:
+# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
+#
 # Binaries for programs and plugins
 *.exe
 *.exe~
 *.dll
 *.so
 *.dylib
 
-# Test binary, build with `go test -c`
+# Test binary, built with `go test -c`
 *.test
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
 
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Go workspace file
+go.work
+go.work.sum
+
 # custom
-build
+.vscode
 .env
-*.key
+build
 log

Makefile

@@ -0,0 +1,60 @@
+# TODO - Assumes a UNIX-like OS
+
+RED    := $(shell tput setaf 1)
+BLUE   := $(shell tput setaf 4)
+CYAN   := $(shell tput setaf 14)
+ORANGE := $(shell tput setaf 202)
+YELLOW := $(shell tput setaf 214)
+RESET  := $(shell tput sgr0)
+
+ifeq ($(shell which go),)
+# TODO - Read contents from .git folder instead?
+$(error "$(RED)go command not found. Install go to continue $(BLUE)https://go.dev/doc/install$(RESET)")
+endif
+
+ifneq ($(wildcard .git),)
+# * .git folder exists, build server build string from repo info
+ifeq ($(shell which git),)
+# TODO - Read contents from .git folder instead?
+$(error "$(RED)git command not found. Install git to continue $(ORANGE)https://git-scm.com/downloads$(RESET)")
+endif
+$(info "$(CYAN)Building server build string from repository info$(RESET)")
+# * Build server build string from repo info
+BRANCH        := $(shell git rev-parse --abbrev-ref HEAD)
+REMOTE_ORIGIN := $(shell git config --get remote.origin.url)
+
+# * Handle multiple origin URL formats
+HTTPS_PREFIX_CHECK := $(shell echo $(REMOTE_ORIGIN) | head -c 8)
+HTTP_PREFIX_CHECK  := $(shell echo $(REMOTE_ORIGIN) | head -c 7)
+GIT@_PREFIX_CHECK  := $(shell echo $(REMOTE_ORIGIN) | head -c 4)
+
+ifeq ($(HTTPS_PREFIX_CHECK), https://)
+REMOTE_PATH := $(shell echo $(REMOTE_ORIGIN) | cut -d/ -f4-)
+else ifeq ($(HTTP_PREFIX_CHECK), http://)
+REMOTE_PATH := $(shell echo $(REMOTE_ORIGIN) | cut -d/ -f4-)
+else ifeq ($(GIT@_PREFIX_CHECK), git@)
+REMOTE_PATH := $(shell echo $(REMOTE_ORIGIN) | cut -d: -f2-)
+else
+REMOTE_PATH := $(shell echo $(REMOTE_ORIGIN) | cut -d/ -f2-)
+endif
+
+HASH         := $(shell git rev-parse --short HEAD)
+SERVER_BUILD := $(BRANCH):$(REMOTE_PATH)@$(HASH)
+
+else
+# * .git folder not present, assume downloaded from zip file and just use folder name
+$(info "$(CYAN)git repository not found. Building server build string from folder name$(RESET)")
+SERVER_BUILD := super-mario-maker
+endif
+
+# * Final build string
+DATE_TIME    := $(shell date --iso=seconds)
+BUILD_STRING := $(SERVER_BUILD), $(DATE_TIME)
+
+default:
+ifeq ($(wildcard .env),)
+	$(warning "$(YELLOW).env file not found, environment variables may not be populated correctly$(RESET)")
+endif
+	go get -u
+	go mod tidy
+	go build -ldflags "-X 'main.serverBuildString=$(BUILD_STRING)'" -o ./build/super-mario-maker

README.md

@@ -1,6 +1,65 @@
-# Super Mario Maker - Secure
-### Pretendo Super Mario Maker secure server
+# Super Mario Maker replacement server
+Includes both the authentication and secure servers. Works on both WiiU and 3DS
 
-## About
-Only handles WiiU at this point. Only has enough implemented to get the Super Mario Maker app booting. Lots of things are not implemented
-Does not actually authenticate users atm!
+## DataStore (S3)
+This server requires an S3 compatible server to store user generated content. The WiiU and 3DS only support TLS versions 1.0 and 1.1 with RSA SSL ciphers, so an S3 server supporting these is required. The server must also support presigned `POST` URLs. This does not leave many options, as nearly all S3 cloud providers no longer support one of these 2 things. Even AWS, the creators of S3 and the provider Nintendo uses, is [dropping support for TLS versions below 1.2 in December 2023](https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints/)
+
+For this reason, the recommended setup is using [MinIO](https://min.io/) to self host your S3 server and using [Cloudflare Tunnels](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/) to act as your reverse proxy. Tunnels support TLS versions 1.0 and 1.1 with the required ciphers, essentially using it as a TLS proxy. This does come at some cost, and you now must manage data storage and security yourself through MinIO, but there are no other options at this time outside of self hosting
+
+## Compiling
+
+### Setup
+Install [Go](https://go.dev/doc/install) and [git](https://git-scm.com/downloads), then clone and enter the repository
+
+```bash
+$ git clone https://github.com/PretendoNetwork/super-mario-maker
+$ cd super-mario-maker
+```
+
+### Compiling using `go`
+To compile using Go, `go get` the required modules and then `go build` to your desired location. You may also want to tidy the go modules, though this is optional
+
+```bash
+$ go get -u
+$ go mod tidy
+$ go build -o build/super-mario-maker
+```
+
+The server is now built to `build/super-mario-maker`
+
+When compiling with only Go, the authentication servers build string is not automatically set. This should not cause any issues with gameplay, but it means that the server build will not be visible in any packet dumps or logs a title may produce
+
+To compile the servers with the authentication server build string, add `-ldflags "-X 'main.serverBuildString=BUILD_STRING_HERE'"` to the build command, or use `make` to compile the server
+
+### Compiling using `make`
+Compiling using `make` will read the local `.git` directory to create a dynamic authentication server build string, based on your repositories remote origin and current commit
+
+Install `make` either through your systems package manager or the [official download](https://www.gnu.org/software/make/). We provide a `default` rule which compiles [using `go`](#compiling-using-go)
+
+To build using `go`
+
+```bash
+$ make
+```
+
+The server is now built to `build/super-mario-maker`
+
+## Configuration
+All configuration options are handled via environment variables
+
+`.env` files are supported
+
+| Name                                | Description                                                           | Required                                      |
+|-------------------------------------|-----------------------------------------------------------------------|-----------------------------------------------|
+| `PN_SMM_POSTGRES_URI`               | Fully qualified URI to your Postgres server                           | Yes                                           |
+| `PN_SMM_AUTHENTICATION_SERVER_PORT` | Port for the authentication server                                    | Yes                                           |
+| `PN_SMM_SECURE_SERVER_HOST`         | Host name for the secure server                                       | Yes                                           |
+| `PN_SMM_SECURE_SERVER_PORT`         | Port for the secure server                                            | Yes                                           |
+| `PN_SMM_KERBEROS_PASSWORD`          | Password used as part of the internal server data in Kerberos tickets | No (Default password `password` will be used) |
+| `PN_SMM_CONFIG_S3_ENDPOINT`         | S3 server endpoint                                                    | Yes                                           |
+| `PN_SMM_CONFIG_S3_ACCESS_KEY`       | S3 access key ID                                                      | Yes                                           |
+| `PN_SMM_CONFIG_S3_ACCESS_SECRET`    | S3 secret                                                             | Yes                                           |
+| `PN_SMM_CONFIG_S3_BUCKET`           | S3 bucket                                                             | Yes                                           |
+| `PN_SMM_ACCOUNT_GRPC_HOST`          | Host name for your account server gRPC service                        | Yes                                           |
+| `PN_SMM_ACCOUNT_GRPC_PORT`          | Port for your account server gRPC service                             | Yes                                           |
+| `PN_SMM_ACCOUNT_GRPC_API_KEY`       | API key for your account server gRPC service                          | No (Assumed to be an open gRPC API)           |

database/connect_postgres.go

@@ -0,0 +1,24 @@
+package database
+
+import (
+	"database/sql"
+	"os"
+
+	"github.com/PretendoNetwork/super-mario-maker-secure/globals"
+	_ "github.com/lib/pq"
+)
+
+var Postgres *sql.DB
+
+func ConnectPostgres() {
+	var err error
+
+	Postgres, err = sql.Open("postgres", os.Getenv("PN_SMM_POSTGRES_URI"))
+	if err != nil {
+		globals.Logger.Critical(err.Error())
+	}
+
+	globals.Logger.Success("Connected to Postgres!")
+
+	initPostgres()
+}

database/datastore/delete_object_by_data_id.go

@@ -0,0 +1,23 @@
+package datastore_db
+
+import (
+	"github.com/PretendoNetwork/nex-go"
+	"github.com/PretendoNetwork/super-mario-maker-secure/database"
+	"github.com/PretendoNetwork/super-mario-maker-secure/globals"
+)
+
+func DeleteObjectByDataID(dataID uint64) uint32 {
+	errCode := IsObjectAvailable(dataID)
+	if errCode != 0 {
+		return errCode
+	}
+
+	_, err := database.Postgres.Exec(`UPDATE datastore.objects SET deleted=TRUE WHERE data_id=$1`, dataID)
+	if err != nil {
+		globals.Logger.Error(err.Error())
+		// TODO - Send more specific errors?
+		return nex.Errors.DataStore.Unknown
+	}
+
+	return 0
+}