This repository has been archived by the owner on Feb 5, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathcheck.go
executable file
·129 lines (110 loc) · 3.42 KB
/
check.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package main
import (
"crypto/hmac"
"crypto/sha1"
"database/sql"
"encoding/hex"
"fmt"
"net/http"
)
var (
// MailCheckKey is used as the basis of the SHA-1 HMAC performed for the challenge.
MailCheckKey = []byte{0xce, 0x4c, 0xf2, 0x9a, 0x3d, 0x6b, 0xe1, 0xc2, 0x61, 0x91, 0x72, 0xb5, 0xcb, 0x29, 0x8c, 0x89, 0x72, 0xd4, 0x50, 0xad}
)
func initCheckDB() {
var err error
userExistsStmt, err = db.Prepare("SELECT `mlid` FROM accounts WHERE `mlchkid` = ?")
if err != nil {
LogError("Unable to prepare user exists statement", err)
panic(err)
}
hasMailStmt, err = db.Prepare(`SELECT COUNT(*) > 0
FROM mails
USE INDEX(recipient_id_index)
WHERE mails.recipient_id = ?
AND mails.sent = 0`)
if err != nil {
LogError("Unable to prepare length statement", err)
panic(err)
}
}
var userExistsStmt *sql.Stmt
var hasMailStmt *sql.Stmt
// Check handles adding the proper interval for check.cgi along with future
// challenge solving and future mail existence checking.
func Check(w http.ResponseWriter, r *http.Request, db *sql.DB, interval string) {
// Used later on for challenge solving.
var res string
// Add required headers
w.Header().Add("Content-Type", "text/plain;charset=utf-8")
w.Header().Add("X-Wii-Mail-Download-Span", interval)
w.Header().Add("X-Wii-Mail-Check-Span", interval)
mlchkid := r.Form.Get("mlchkid")
if mlchkid == "" {
fmt.Fprintf(w, GenNormalErrorCode(320, "Unable to parse parameters."))
return
}
// Check mlchkid
var mlid string
hash := hashAuthParam(mlchkid)
result := userExistsStmt.QueryRow(hash)
err := result.Scan(&mlid)
if err == sql.ErrNoRows {
// Looks like that user didn't exist.
fmt.Fprintf(w, GenNormalErrorCode(321, "User not found."))
return
} else if err != nil {
fmt.Fprintf(w, GenNormalErrorCode(320, "Unable to parse parameters."))
LogError("Unable to run check query", err)
return
}
// By default, we'll assume there's no mail.
mailFlag := "000000000000000000000000000000000"
var hasMail bool
// recipient_id has no w as a prefix to its mlid, so we must strip when querying.
result = hasMailStmt.QueryRow(mlid[1:])
err = result.Scan(&hasMail)
if err != nil {
fmt.Fprintf(w, GenNormalErrorCode(320, "Unable to query mail availability"))
LogError("Unable to query mail availability", err)
return
}
if hasMail {
// mailFlag needs to be not one, apparently.
// The Wii will refuse to check otherwise.
mailFlag = RandStringBytesMaskImprSrc(33) // This isn't how Nintendo did the mail flag, how they did it is currently unknown.
} else {
// mailFlag was already set to 0 above.
}
chlng := r.Form.Get("chlng")
if chlng == "" {
fmt.Fprintf(w, GenNormalErrorCode(320, "Unable to parse parameters."))
return
}
h := hmac.New(sha1.New, MailCheckKey)
h.Write([]byte(chlng))
h.Write([]byte("\n"))
h.Write([]byte(mlid))
h.Write([]byte("\n"))
h.Write([]byte(mailFlag))
h.Write([]byte("\n"))
h.Write([]byte(interval))
res = hex.EncodeToString(h.Sum(nil))
err = result.Err()
if err != nil {
fmt.Fprintf(w, GenNormalErrorCode(420, "Unable to formulate authentication statement."))
LogError("Generic database issue", err)
return
}
if global.Datadog {
err := dataDogClient.Incr("mail.checked", nil, 1)
if err != nil {
LogError("Unable to update checked.", err)
}
}
// https://github.com/RiiConnect24/Mail-Go/wiki/check.cgi for response format
fmt.Fprint(w, GenSuccessResponse(),
"res=", res, "\n",
"mail.flag=", mailFlag, "\n",
"interval=", interval)
}