aboutsummaryrefslogtreecommitdiff
path: root/mod/src/main/java/moe/ymc/acron/auth/PolicyChecker.java
blob: 2ab7b9774964ded5b07287b3f33fe6839aa99c52 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package moe.ymc.acron.auth;

import moe.ymc.acron.jvav.Pair;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jetbrains.annotations.NotNull;

public class PolicyChecker {
    private static final Logger LOGGER = LogManager.getLogger();

    public static Pair<Action, Boolean> check(@NotNull Client client,
                             @NotNull String command) {
        final String commandToMatch = command.startsWith("/") ?
                command.substring(1) :
                command;
        for (int i = 0; i < client.rules().length; i++) {
            final Rule rule = client.rules()[i];
            if (rule.cmdPattern().matcher(commandToMatch).matches()) {
                if (rule.action() == Action.DENY) {
                    LOGGER.warn("The command from client {}, `{}`, was " +
                                    "explicitly denied by rule #{} (starting from 1).",
                            client.id(),
                            command,
                            i + 1);
                } else {
                    LOGGER.warn("The command from client {}, `{}`, was " +
                                    "explicitly allowed by rule #{} (starting from 1).",
                            client.id(),
                            command,
                            i + 1);
                }
                return new Pair<>(rule.action(), rule.display());
            }
        }
        LOGGER.warn("The command from client {}, `{}`, was " +
                "implicitly {} by the default policy mode.",
                client.id(),
                command,
                client.policyMode() == Action.ALLOW ? "allowed" : "denied");
        return new Pair<>(client.policyMode() == Action.ALLOW ? Action.ALLOW : Action.DENY, false);
    }
}