Merge pull request #187 from 0xsequence/feature/ValidateWaaSAPISignatures

First Commit for validation

Author: caballoninja

Plugins/SequencePlugin/Source/SequencePlugin/Private/Integrators/SequenceSessionsBP.cpp

@@ -341,15 +341,15 @@ void USequenceSessionsBP::PlayFabLoginRpcAsync(const FString& UsernameIn, const
 	this->PlayFabRpcAsync(Url, RequestBody, OnSuccessResponse, OnFailure);
 }
 
-void USequenceSessionsBP::PlayFabRpcAsync(const FString& Url, const FString& Content, const TSuccessCallback<FString>& OnSuccess, const FFailureCallback& OnFailure)
+void USequenceSessionsBP::PlayFabRpcAsync(const FString& Url, const FString& Content, const TSuccessCallback<FString>& OnSuccess, const FFailureCallback& OnFailure) 
 {
 	NewObject<URequestHandler>()
 		->PrepareRequest()
 		->WithUrl(Url)
 		->WithHeader("Content-type", "application/json")
 		->WithVerb("POST")
 		->WithContentAsString(Content)
-		->ProcessAndThen(OnSuccess, OnFailure);
+		->ProcessAndThen(*RPCManager->Validator, OnSuccess, OnFailure, false);
 }
 
 void USequenceSessionsBP::CallEmailLoginRequiresCode() const

Plugins/SequencePlugin/Source/SequencePlugin/Private/RPCCaller.cpp

@@ -6,6 +6,11 @@
 #include "Serialization/JsonReader.h"
 #include "Util/JsonBuilder.h"
 
+URPCCaller::URPCCaller()
+{
+	Validator = NewObject<UResponseSignatureValidator>();
+}
+
 TSharedPtr<FJsonObject> URPCCaller::Parse(const FString& JsonRaw)
 {
 	TSharedPtr<FJsonObject> JsonParsed;
@@ -59,14 +64,16 @@ TResult<uint64> URPCCaller::ExtractUIntResult(const FString& JsonRaw)
 
 void URPCCaller::SendRPC(const FString& Url, const FString& Content, const TSuccessCallback<FString>& OnSuccess, const FFailureCallback& OnError)
 {
-	NewObject<URequestHandler>()
-		->PrepareRequest()
+
+	URequestHandler* RequestHandler = NewObject<URequestHandler>();
+
+	RequestHandler->PrepareRequest()
 		->WithUrl(Url)
 		->WithHeader("Content-type", "application/json")
 		->WithHeader("Accept", "application/json")
 		->WithVerb("POST")
 		->WithContentAsString(Content)
-		->ProcessAndThen(OnSuccess, OnError);
+		->ProcessAndThen(*Validator, OnSuccess, OnError);
 }
 
 FJsonBuilder URPCCaller::RPCBuilder(const FString& MethodName)

Plugins/SequencePlugin/Source/SequencePlugin/Private/RPCCaller.h

@@ -7,6 +7,7 @@
 #include "Templates/SharedPointer.h"
 #include "Serialization/JsonReader.h"
 #include "Serialization/JsonSerializer.h"
+#include "ResponseSignatureValidator.h"
 #include "RPCCaller.generated.h"
 
 template<typename T> using Extractor = TFunction<TResult<T> (FString)>;
@@ -18,6 +19,11 @@ class SEQUENCEPLUGIN_API URPCCaller : public UObject
 {
 	GENERATED_BODY()
 public:
+
+	URPCCaller();
+
+	UResponseSignatureValidator* Validator;
+
 	static TSharedPtr<FJsonObject> Parse(const FString& JsonRaw);
 	static TResult<TSharedPtr<FJsonObject>> ExtractJsonObjectResult(const FString& JsonRaw);
 	static TResult<FString> ExtractStringResult(const FString& JsonRaw);

Plugins/SequencePlugin/Source/SequencePlugin/Private/RequestHandler.cpp

@@ -69,7 +69,71 @@ FHttpRequestCompleteDelegate& URequestHandler::Process() const
 	return Request->OnProcessRequestComplete();
 }
 
-void URequestHandler::ProcessAndThen(TFunction<void(UTexture2D*)> OnSuccess, FFailureCallback OnFailure)
+
+void URequestHandler::ProcessAndThen(UResponseSignatureValidator& Validator, const TSuccessCallback<FString>& OnSuccess, const FFailureCallback& OnFailure, bool bUseValidator) const
+{
+	if (bUseValidator && Validator.HasFoundTamperedResponse())
+	{
+		UE_LOG(LogTemp, Error, TEXT("Validator is null!"));
+		OnFailure(FSequenceError(RequestFail, "Validator is null."));
+		return;
+	}
+
+	Process().BindLambda([&Validator, bUseValidator, OnSuccess, OnFailure](FHttpRequestPtr Req, const FHttpResponsePtr& Response, const bool bWasSuccessful)
+		{
+			if (bWasSuccessful)
+			{
+				if (!bUseValidator || Validator.ValidateResponseSignature(Response))
+				{
+					UE_LOG(LogTemp, Log, TEXT("Valid Signature or Validator skipped"));
+					OnSuccess(Response->GetContentAsString());
+				}
+				else
+				{
+					UE_LOG(LogTemp, Log, TEXT("Invalid Signature"));
+					OnFailure(FSequenceError(RequestFail, "Invalid response Signature"));
+				}
+			}
+			else
+			{
+				if (Response.IsValid())
+				{
+					OnFailure(FSequenceError(RequestFail, "Request is invalid: " + Response->GetContentAsString()));
+				}
+				else
+				{
+					OnFailure(FSequenceError(RequestFail, "Request failed: No response received!"));
+				}
+			}
+		});
+}
+
+void URequestHandler::ProcessAndThen(const TSuccessCallback<FHttpResponsePtr>& OnSuccess,
+	const FFailureCallback& OnFailure) const
+{
+	Process().BindLambda([OnSuccess, OnFailure](FHttpRequestPtr Req, const FHttpResponsePtr& Response, const bool bWasSuccessful)
+		{
+			if (bWasSuccessful)
+			{
+				OnSuccess(Response);
+			}
+			else
+			{
+				if (!Response.IsValid())
+					OnFailure(FSequenceError(RequestFail, "The Request is invalid!"));
+				else
+				{
+					if (Response.IsValid())
+						OnFailure(FSequenceError(RequestFail, "The Request is invalid!"));
+					else
+						OnFailure(FSequenceError(RequestFail, "Request failed: " + Response->GetContentAsString()));
+				}
+			}
+		});
+}
+
+
+void URequestHandler::ProcessAndThen(const TSuccessCallback<UTexture2D*>& OnSuccess, const FFailureCallback OnFailure) const
 {
 	Process().BindLambda([OnSuccess, OnFailure](FHttpRequestPtr Req, FHttpResponsePtr Response, bool bWasSuccessful)
 	{
@@ -130,55 +194,3 @@ void URequestHandler::ProcessAndThen(TFunction<void(UTexture2D*)> OnSuccess, FFa
 		OnFailure(FSequenceError(RequestFail, "Failed to build QR Image data"));
 	});//lambda
 }
-
-void URequestHandler::ProcessAndThen(TFunction<void (FString)> OnSuccess, FFailureCallback OnFailure) const
-{
-	Process().BindLambda([OnSuccess, OnFailure](FHttpRequestPtr Req, const FHttpResponsePtr& Response, const bool bWasSuccessful)
-    {
-        FString CurlCommand = FString::Printf(
-            TEXT("curl -X %s \"%s\" -H \"Content-Type: application/json\" -H \"Accept: application/json\" -H \"X-Access-Key: %s\" --data \"%s\""),
-            *Req->GetVerb(),
-            *Req->GetURL(),
-            *Req->GetHeader("X-Access-Key"),
-            *FString(UTF8_TO_TCHAR(Req->GetContent().GetData())).Replace(TEXT("\""), TEXT("\\\""))
-        );
-
-        SEQ_LOG_EDITOR(Log, TEXT("%s"), *CurlCommand);
-        SEQ_LOG_EDITOR(Log, TEXT("%s"), *Response->GetContentAsString());
-
-        if (bWasSuccessful)
-        {
-            OnSuccess(Response->GetContentAsString());
-        }
-        else
-        {
-            if (Response.IsValid())
-            {
-                OnFailure(FSequenceError(RequestFail, "Request is invalid: " + Response->GetContentAsString()));
-            }
-            else
-            {
-                OnFailure(FSequenceError(RequestFail, "Request failed: No response received!"));
-            }
-        }
-    });
-}
-
-void URequestHandler::ProcessAndThen(TSuccessCallback<FHttpResponsePtr> OnSuccess,
-                                     const FFailureCallback& OnFailure) const
-{
-	Process().BindLambda([OnSuccess, OnFailure](FHttpRequestPtr Req, const FHttpResponsePtr& Response, const bool bWasSuccessful)
-	{		
-		if(bWasSuccessful)
-		{
-			OnSuccess(Response);
-		}
-		else
-		{
-			if(!Response.IsValid())
-				OnFailure(FSequenceError(RequestFail, "The Request is invalid!"));
-			else
-				OnFailure(FSequenceError(RequestFail, "Request failed: " + Response->GetContentAsString()));
-		}
-	});
-}

Plugins/SequencePlugin/Source/SequencePlugin/Private/RequestHandler.h

@@ -7,6 +7,7 @@
 #include "Interfaces/IHttpRequest.h"
 #include "Engine/Texture2D.h"
 #include "UObject/Object.h"
+#include "ResponseSignatureValidator.h"
 #include "RequestHandler.generated.h"
 
 /**
@@ -16,10 +17,12 @@ UCLASS()
 class SEQUENCEPLUGIN_API URequestHandler : public UObject
 {
 	GENERATED_BODY()
+
 	FHttpRequestPtr Request;
 
 public:
 	URequestHandler* PrepareRequest();
+
 
 	// Setters
 	void SetUrl(FString Url) const;
@@ -35,7 +38,8 @@ class SEQUENCEPLUGIN_API URequestHandler : public UObject
 
 	// Process
 	FHttpRequestCompleteDelegate& Process() const;
-	void ProcessAndThen(TFunction<void(UTexture2D*)> OnSuccess, FFailureCallback OnFailure);
-	void ProcessAndThen(TFunction<void (FString)> OnSuccess, FFailureCallback OnFailure) const;
-	void ProcessAndThen(TSuccessCallback<FHttpResponsePtr> OnSuccess, const FFailureCallback& OnFailure) const;
+	void ProcessAndThen(UResponseSignatureValidator& Validator, const TSuccessCallback<FString>& OnSuccess, const FFailureCallback& OnFailure, bool bUseValidator = true) const;
+	void ProcessAndThen(const TSuccessCallback<FHttpResponsePtr>& OnSuccess, const FFailureCallback& OnFailure) const;
+	void ProcessAndThen(const TSuccessCallback<UTexture2D*>& OnSuccess, const FFailureCallback OnFailure) const;
+
 };