Vpn

Content.Client/Administration/UI/Tabs/PanicBunkerTab/PanicBunkerTab.xaml

@@ -1,4 +1,4 @@
-<controls:PanicBunkerTab
+<controls:PanicBunkerTab
     xmlns="https://spacestation14.io"
     xmlns:controls="clr-namespace:Content.Client.Administration.UI.Tabs.PanicBunkerTab"
     xmlns:cc="clr-namespace:Content.Client.Administration.UI.CustomControls"
@@ -38,6 +38,11 @@
                 <LineEdit Name="MinOverallMinutes" MinWidth="50" Margin="0 0 5 0" />
                 <Label Text="{Loc generic-minutes}" />
             </BoxContainer>
+            <!-- Corvax-VPNGuard-Start -->
+            <BoxContainer Orientation="Horizontal" Margin="2" Visible="True" Name="VPNContainer">
+                <CheckBox Name="DenyVPN" Text="{Loc admin-ui-panic-bunker-deny-vpn}" />
+            </BoxContainer>
+            <!-- Corvax-VPNGuard-End -->
         </BoxContainer>
     </BoxContainer>
 </controls:PanicBunkerTab>

Content.Client/Administration/UI/Tabs/PanicBunkerTab/PanicBunkerTab.xaml.cs

@@ -1,4 +1,5 @@
-using Content.Shared.Administration.Events;
+using Content.Corvax.Interfaces.Shared;
+using Content.Shared.Administration.Events;
 using Robust.Client.AutoGenerated;
 using Robust.Client.UserInterface;
 using Robust.Client.UserInterface.XAML;
@@ -28,6 +29,16 @@ public PanicBunkerTab()
         MinOverallMinutes.OnTextEntered += args => SendMinOverallMinutes(args.Text);
         MinOverallMinutes.OnFocusExit += args => SendMinOverallMinutes(args.Text);
         _minOverallMinutes = MinOverallMinutes.Text;
+
+        // Corvax-VPNGuard-Start
+        var haveSecrets = IoCManager.Instance!.TryResolveType<ISharedSponsorsManager>(out _); // TODO: Probably need better way to detect Secrets module
+        if (haveSecrets)
+        {
+            VPNContainer.Visible = true;
+            DenyVPN.OnPressed += _ => SendDenyVpn(DenyVPN.Pressed);
+        }
+        // Corvax-VPNGuard-End
+
     }
 
     private void SendMinAccountAge(string text)
@@ -54,6 +65,13 @@ private void SendMinOverallMinutes(string text)
         _console.ExecuteCommand($"panicbunker_min_overall_minutes {minutes}");
     }
 
+    // Corvax-VPNGuard-Start
+    private void SendDenyVpn(bool deny)
+    {
+        _console.ExecuteCommand($"panicbunker_deny_vpn {deny}");
+    }
+    // Corvax-VPNGuard-End
+
     public void UpdateStatus(PanicBunkerStatus status)
     {
         EnabledButton.Pressed = status.Enabled;
@@ -73,5 +91,6 @@ public void UpdateStatus(PanicBunkerStatus status)
 
         MinOverallMinutes.Text = status.MinOverallMinutes.ToString();
         _minOverallMinutes = MinOverallMinutes.Text;
+        DenyVPN.Pressed = status.DenyVpn; // Corvax-VPNGuard
     }
 }

Content.Server/Administration/Commands/PanicBunkerCommand.cs

@@ -1,4 +1,4 @@
-using Content.Shared.Administration;
+using Content.Shared.Administration;
 using Content.Shared.CCVar;
 using Robust.Shared.Configuration;
 using Robust.Shared.Console;
@@ -144,7 +144,7 @@ public override void Execute(IConsoleShell shell, string argStr, string[] args)
 
         if (args.Length > 1)
         {
-            shell.WriteError(Loc.GetString("shell-need-between-arguments",("lower", 0), ("upper", 1)));
+            shell.WriteError(Loc.GetString("shell-need-between-arguments", ("lower", 0), ("upper", 1)));
             return;
         }
 
@@ -176,7 +176,7 @@ public override void Execute(IConsoleShell shell, string argStr, string[] args)
 
         if (args.Length > 1)
         {
-            shell.WriteError(Loc.GetString("shell-need-between-arguments",("lower", 0), ("upper", 1)));
+            shell.WriteError(Loc.GetString("shell-need-between-arguments", ("lower", 0), ("upper", 1)));
             return;
         }
 

Content.Server/Administration/ServerApi.cs

@@ -1,4 +1,4 @@
-using System.Linq;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Security.Cryptography;
@@ -470,13 +470,10 @@ Panic bunker status
         {
             var ticker = _entitySystemManager.GetEntitySystem<GameTicker>();
             var adminSystem = _entitySystemManager.GetEntitySystem<AdminSystem>();
-
             var players = new List<InfoResponse.Player>();
-
             foreach (var player in _playerManager.Sessions)
             {
                 var adminData = _adminManager.GetAdminData(player, true);
-
                 players.Add(new InfoResponse.Player
                 {
                     UserId = player.UserId.UserId,
@@ -485,7 +482,6 @@ Panic bunker status
                     IsDeadminned = !adminData?.Active ?? false
                 });
             }
-
             InfoResponse.MapInfo? mapInfo = null;
             if (_gameMapManager.GetSelectedMap() is { } mapPrototype)
             {
@@ -495,14 +491,12 @@ Panic bunker status
                     Name = mapPrototype.MapName
                 };
             }
-
             var gameRules = new List<string>();
             foreach (var addedGameRule in ticker.GetActiveGameRules())
             {
                 var meta = _entityManager.MetaQuery.GetComponent(addedGameRule);
                 gameRules.Add(meta.EntityPrototype?.ID ?? meta.EntityPrototype?.Name ?? "Unknown");
             }
-
             var panicBunkerCVars = PanicBunkerCVars.ToDictionary(c => c, c => _config.GetCVar(c));
             return new InfoResponse
             {

Content.Server/Administration/Systems/AdminSystem.cs

@@ -14,6 +14,7 @@
 using Content.Shared.Bank.Components;
 using Content.Shared.Bank.Events;
 using Content.Shared.CCVar;
+using Content.Shared.Corvax.CCCVars;
 using Content.Shared.GameTicking;
 using Content.Shared.Hands.Components;
 using Content.Shared.IdentityManagement;
@@ -82,6 +83,7 @@ public override void Initialize()
             Subs.CVar(_config, CCVars.PanicBunkerShowReason, OnPanicBunkerShowReasonChanged, true);
             Subs.CVar(_config, CCVars.PanicBunkerMinAccountAge, OnPanicBunkerMinAccountAgeChanged, true);
             Subs.CVar(_config, CCVars.PanicBunkerMinOverallMinutes, OnPanicBunkerMinOverallMinutesChanged, true);
+            Subs.CVar(_config, CCCVars.PanicBunkerDenyVPN, OnPanicBunkerDenyVpnChanged, true); // Corvax-VPNGuard
 
             /*
              * TODO: Remove baby jail code once a more mature gateway process is established. This code is only being issued as a stopgap to help with potential tiding in the immediate future.
@@ -99,8 +101,6 @@ public override void Initialize()
             SubscribeLocalEvent<RoleAddedEvent>(OnRoleEvent);
             SubscribeLocalEvent<RoleRemovedEvent>(OnRoleEvent);
             SubscribeLocalEvent<RoundRestartCleanupEvent>(OnRoundRestartCleanup);
-            SubscribeLocalEvent<BalanceChangedEvent>(OnBalanceChanged);
-
         }
 
         private void OnRoundRestartCleanup(RoundRestartCleanupEvent ev)
@@ -329,17 +329,25 @@ private void OnPanicBunkerMinAccountAgeChanged(int minutes)
             SendPanicBunkerStatusAll();
         }
 
-        private void OnBabyJailMaxAccountAgeChanged(int minutes)
+        private void OnPanicBunkerMinOverallMinutesChanged(int minutes)
         {
-            BabyJail.MaxAccountAgeMinutes = minutes;
-            SendBabyJailStatusAll();
+            PanicBunker.MinOverallMinutes = minutes;
+            SendPanicBunkerStatusAll();
         }
 
-        private void OnPanicBunkerMinOverallMinutesChanged(int minutes)
+        // Corvax-VPNGuard-Start
+        private void OnPanicBunkerDenyVpnChanged(bool deny)
         {
-            PanicBunker.MinOverallMinutes = minutes;
+            PanicBunker.DenyVpn = deny;
             SendPanicBunkerStatusAll();
         }
+        // Corvax-VPNGuard-End
+
+        private void OnBabyJailMaxAccountAgeChanged(int minutes)
+        {
+            BabyJail.MaxAccountAgeMinutes = minutes;
+            SendBabyJailStatusAll();
+        }
 
         private void OnBabyJailMaxOverallMinutesChanged(int minutes)
         {

Content.Server/Connection/ConnectionManager.cs

@@ -1,21 +1,30 @@
 using System.Collections.Immutable;
+using System.Linq;
 using System.Runtime.InteropServices;
 using System.Text.Json.Nodes;
 using System.Threading.Tasks;
+using Content.Corvax.Interfaces.Server;
+using Content.Corvax.Interfaces.Shared;
+using Content.Server.Chat.Managers;
 using Content.Server._NF.Auth;
 using Content.Server.Administration;
 using Content.Server.Database;
-using Content.Corvax.Interfaces.Server;
 using Content.Server.GameTicking;
 using Content.Server.Preferences.Managers;
-using Content.Shared.CCVar;
 using Content.Shared.GameTicking;
+using Content.Shared.CCVar;
+using Content.Shared.Corvax.CCCVars;
 using Content.Shared.Players.PlayTimeTracking;
 using Robust.Server.Player;
 using Robust.Shared.Configuration;
+using Robust.Shared.Enums;
 using Robust.Shared.Network;
+using Robust.Shared.Player;
 using Robust.Shared.Timing;
 
+/*
+ * TODO: Remove baby jail code once a more mature gateway process is established. This code is only being issued as a stopgap to help with potential tiding in the immediate future.
+ */
 
 namespace Content.Server.Connection
 {
@@ -52,11 +61,16 @@ public sealed class ConnectionManager : IConnectionManager
         [Dependency] private readonly ServerDbEntryManager _serverDbEntry = default!;
         [Dependency] private readonly IGameTiming _gameTiming = default!;
         [Dependency] private readonly ILogManager _logManager = default!;
+        [Dependency] private readonly IChatManager _chatManager = default!;
 
         private IServerSponsorsManager? _sponsorsMgr; //
+
         //frontier
         [Dependency] private readonly MiniAuthManager _authManager = default!;
 
+        private ISharedSponsorsManager? _sponsorsMgr; // Corvax-Sponsors
+        private IServerVPNGuardManager? _vpnGuardMgr; // Corvax-VPNGuard
+
         private readonly Dictionary<NetUserId, TimeSpan> _temporaryBypasses = [];
         private ISawmill _sawmill = default!;
 
@@ -67,6 +81,7 @@ public void Initialize()
             IoCManager.Instance!.TryResolveType(out _sponsorsMgr); // Corvax-Sponsors
             _netMgr.Connecting += NetMgrOnConnecting;
             _netMgr.AssignUserIdCallback = AssignUserIdCallback;
+            _plyMgr.PlayerStatusChanged += PlayerStatusChanged;
             // Approval-based IP bans disabled because they don't play well with Happy Eyeballs.
             // _netMgr.HandleApprovalCallback = HandleApproval;
         }
@@ -135,6 +150,46 @@ private async Task NetMgrOnConnecting(NetConnectingArgs e)
             }
         }
 
+        private async void PlayerStatusChanged(object? sender, SessionStatusEventArgs args)
+        {
+            if (args.NewStatus == SessionStatus.Connected)
+            {
+                AdminAlertIfSharedConnection(args.Session);
+            }
+        }
+
+        private void AdminAlertIfSharedConnection(ICommonSession newSession)
+        {
+            var playerThreshold = _cfg.GetCVar(CCVars.AdminAlertMinPlayersSharingConnection);
+            if (playerThreshold < 0)
+                return;
+
+            var addr = newSession.Channel.RemoteEndPoint.Address;
+
+            var otherConnectionsFromAddress = _plyMgr.Sessions.Where(session =>
+                    session.Status is SessionStatus.Connected or SessionStatus.InGame
+                    && session.Channel.RemoteEndPoint.Address.Equals(addr)
+                    && session.UserId != newSession.UserId)
+                .ToList();
+
+            var otherConnectionCount = otherConnectionsFromAddress.Count;
+            if (otherConnectionCount + 1 < playerThreshold) // Add one for the total, not just others, using the address
+                return;
+
+            var username = newSession.Name;
+            var otherUsernames = string.Join(", ",
+                otherConnectionsFromAddress.Select(session => session.Name));
+
+            _chatManager.SendAdminAlert(Loc.GetString("admin-alert-shared-connection",
+                ("player", username),
+                ("otherCount", otherConnectionCount),
+                ("otherList", otherUsernames)));
+        }
+
+        /*
+         * TODO: Jesus H Christ what is this utter mess of a function
+         * TODO: Break this apart into is constituent steps.
+         */
         private async Task<(ConnectionDenyReason, string, List<ServerBanDef>? bansHit)?> ShouldDeny(
             NetConnectingArgs e)
         {
@@ -197,8 +252,8 @@ private async Task NetMgrOnConnecting(NetConnectingArgs e)
                 }
 
                 var minOverallMinutes = _cfg.GetCVar(CCVars.PanicBunkerMinOverallMinutes);
-                var overallTime = ( await _db.GetPlayTimes(e.UserId)).Find(p => p.Tracker == PlayTimeTrackingShared.TrackerOverall);
-                var haveMinOverallTime = overallTime != null && overallTime.TimeSpent.TotalHours > minOverallMinutes;
+                var overallTime = (await _db.GetPlayTimes(e.UserId)).Find(p => p.Tracker == PlayTimeTrackingShared.TrackerOverall);
+                var haveMinOverallTime = overallTime != null && overallTime.TimeSpent.TotalMinutes > minOverallMinutes;
 
                 // Use the custom reason if it exists & they don't have the minimum time
                 if (customReason != string.Empty && !haveMinOverallTime && !bypassAllowed)
@@ -210,10 +265,27 @@ private async Task NetMgrOnConnecting(NetConnectingArgs e)
                 {
                     return (ConnectionDenyReason.Panic,
                         Loc.GetString("panic-bunker-account-denied-reason",
-                            ("reason", Loc.GetString("panic-bunker-account-reason-overall", ("hours", minOverallMinutes)))), null);
+                            ("reason", Loc.GetString("panic-bunker-account-reason-overall", ("minutes", minOverallMinutes)))), null);
                 }
 
-                if (!validAccountAge || !haveMinOverallTime && !bypassAllowed)
+                // Corvax-VPNGuard-Start
+                if (_vpnGuardMgr == null) // "lazyload" because of problems with dependency resolve order
+                    IoCManager.Instance!.TryResolveType(out _vpnGuardMgr);
+
+                var denyVpn = false;
+                if (_cfg.GetCVar(CCCVars.PanicBunkerDenyVPN) && _vpnGuardMgr != null)
+                {
+                    denyVpn = await _vpnGuardMgr.IsConnectionVpn(e.IP.Address);
+                    if (denyVpn)
+                    {
+                        return (ConnectionDenyReason.Panic,
+                            Loc.GetString("panic-bunker-account-denied-reason",
+                                ("reason", Loc.GetString("panic-bunker-account-reason-vpn"))), null);
+                    }
+                }
+                // Corvax-VPNGuard-End
+
+                if ((!validAccountAge || !haveMinOverallTime || denyVpn) && !bypassAllowed) // Corvax-VPNGuard
                 {
                     return (ConnectionDenyReason.Panic, Loc.GetString("panic-bunker-account-denied"), null);
                 }
@@ -231,8 +303,8 @@ private async Task NetMgrOnConnecting(NetConnectingArgs e)
             var adminBypass = _cfg.GetCVar(CCVars.AdminBypassMaxPlayers) && adminData != null;
             // Corvax-Queue-Start
             var isQueueEnabled = IoCManager.Instance!.TryResolveType<IServerJoinQueueManager>(out var mgr) && mgr.IsEnabled;
-            if (_plyMgr.PlayerCount >= _cfg.GetCVar(CCVars.SoftMaxPlayers) && !isPrivileged && !isQueueEnabled)
-                // Corvax-Queue-End
+            if ((_plyMgr.PlayerCount >= _cfg.GetCVar(CCVars.SoftMaxPlayers) && !adminBypass) && !wasInGame && !isQueueEnabled)
+            // Corvax-Queue-End
             {
                 return (ConnectionDenyReason.Full, Loc.GetString("soft-player-cap-full"), null);
             }
@@ -253,6 +325,7 @@ private async Task NetMgrOnConnecting(NetConnectingArgs e)
                     return (ConnectionDenyReason.Whitelist, msg, null);
                 }
             }
+
             // End of modified code
 
             //Frontier
@@ -349,8 +422,8 @@ private bool HasTemporaryBypass(NetUserId user)
         // Corvax-Queue-Start: Make these conditions in one place, for checks in the connection and in the queue
         public async Task<bool> HavePrivilegedJoin(NetUserId userId)
         {
-            var adminBypass = await _dbManager.GetAdminDataForAsync(userId) != null;
-            var havePriorityJoin = _sponsorsMgr != null && _sponsorsMgr.HavePriorityJoin(userId); // Corvax-Sponsors
+            var adminBypass = _cfg.GetCVar(CCVars.AdminBypassMaxPlayers) && await _dbManager.GetAdminDataForAsync(userId) != null;
+            var havePriorityJoin = _sponsorsMgr != null && _sponsorsMgr.HaveServerPriorityJoin(userId); // Corvax-Sponsors
             var wasInGame = EntitySystem.TryGet<GameTicker>(out var ticker) &&
                             ticker.PlayerGameStatuses.TryGetValue(userId, out var status) &&
                             status == PlayerGameStatus.JoinedGame;

Content.Server/Corvax/Administration/Commands/PanicBunkerCommand.cs

@@ -0,0 +1,33 @@
+using Content.Server.Administration;
+using Content.Shared.Administration;
+using Content.Shared.Corvax.CCCVars;
+using Robust.Shared.Configuration;
+using Robust.Shared.Console;
+
+namespace Content.Server.Corvax.Administration.Commands;
+
+[AdminCommand(AdminFlags.Server)]
+public sealed class PanicBunkerDenyVpnCommand : LocalizedCommands
+{
+    [Dependency] private readonly IConfigurationManager _cfg = default!;
+
+    public override string Command => "panicbunker_deny_vpn";
+
+    public override void Execute(IConsoleShell shell, string argStr, string[] args)
+    {
+        if (args.Length != 1)
+        {
+            shell.WriteError(Loc.GetString("shell-need-exactly-one-argument"));
+            return;
+        }
+
+        if (!bool.TryParse(args[0], out var deny))
+        {
+            shell.WriteError(Loc.GetString("shell-argument-must-be-boolean"));
+            return;
+        }
+
+        _cfg.SetCVar(CCCVars.PanicBunkerDenyVPN, deny);
+        shell.WriteLine(Loc.GetString(deny ? "panicbunker-command-deny-vpn-enabled" : "panicbunker-command-deny-vpn-disabled"));
+    }
+}