feat(client-verification): add client verification (#104)

New configurations: - `CHECK_CLIENT_VERSION` enables the check (default=True) - `CLIENT_VERSION_URLS` contains a chain of valid client hashes. [osu!](https://osu.ppy.sh/home/download) and [osu! GU](https://github.com/GooGuTeam/osu/releases) are valid by default. View [g0v0-client-versions](https://github.com/GooGuTeam/g0v0-client-versions) to learn how to support your own client. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-01-11 16:30:25 +08:00
parent e5802aefbb
commit 8923d714a7
8 changed files with 252 additions and 1 deletions
--- a/app/config.py
+++ b/app/config.py
@@ -705,6 +705,21 @@ CALCULATOR_CONFIG='{}'
        Field(default=True, description="检查自定义 ruleset 版本"),
        "反作弊设置",
    ]
    check_client_version: Annotated[
        bool,
        Field(default=True, description="检查客户端版本"),
        "反作弊设置",
    ]
    client_version_urls: Annotated[
        list[str],
        Field(
            default=["https://raw.githubusercontent.com/GooGuTeam/g0v0-client-versions/main/version_list.json"],
            description=(
                "客户端版本列表 URL, 查看 https://github.com/GooGuTeam/g0v0-client-versions 来添加你自己的客户端"
            ),
        ),
        "反作弊设置",
    ]
    # 存储设置
    storage_service: Annotated[
--- a/app/dependencies/client_verification.py
+++ b/app/dependencies/client_verification.py
@@ -0,0 +1,10 @@
 from typing import Annotated
 from app.service.client_verification_service import (
    ClientVerificationService as OriginalClientVerificationService,
    get_client_verification_service,
 )
 from fastapi import Depends
 ClientVerificationService = Annotated[OriginalClientVerificationService, Depends(get_client_verification_service)]
--- a/app/models/version.py
+++ b/app/models/version.py
@@ -0,0 +1,27 @@
 from typing import NamedTuple, TypedDict
 class VersionInfo(TypedDict):
    version: str
    release_date: str
    hashes: dict[str, str]
 class VersionList(TypedDict):
    name: str
    versions: list[VersionInfo]
 class VersionCheckResult(NamedTuple):
    is_valid: bool
    client_name: str = ""
    version: str = ""
    os: str = ""
    def __bool__(self) -> bool:
        return self.is_valid
    def __str__(self) -> str:
        if self.is_valid:
            return f"{self.client_name} {self.version} ({self.os})"
        return "Invalid Client Version"
--- a/app/router/v2/score.py
+++ b/app/router/v2/score.py
@@ -35,6 +35,7 @@ from app.database.score import (
 )
 from app.dependencies.api_version import APIVersion
 from app.dependencies.cache import UserCacheService
 from app.dependencies.client_verification import ClientVerificationService
 from app.dependencies.database import Database, Redis, get_redis, with_db
 from app.dependencies.fetcher import Fetcher, get_fetcher
 from app.dependencies.storage import StorageService
@@ -415,6 +416,8 @@ async def get_user_all_beatmap_scores(
 async def create_solo_score(
    background_task: BackgroundTasks,
    db: Database,
    fetcher: Fetcher,
    verification_service: ClientVerificationService,
    beatmap_id: Annotated[int, Path(description="谱面 ID")],
    beatmap_hash: Annotated[str, Form(description="谱面文件哈希")],
    ruleset_id: Annotated[int, Form(..., description="ruleset 数字 ID (0-3)")],
@@ -430,6 +433,21 @@ async def create_solo_score(
    except ValueError:
        raise HTTPException(status_code=400, detail="Invalid ruleset ID")
    if not (
        client_version := await verification_service.validate_client_version(
            version_hash,
        )
    ):
        logger.info(
            f"Client version check failed for user {current_user.id} on beatmap {beatmap_id} "
            f"(version hash: {version_hash})"
        )
        raise HTTPException(status_code=422, detail="invalid client hash")
    beatmap = await Beatmap.get_or_fetch(db, fetcher, md5=beatmap_hash)
    if not beatmap or beatmap.id != beatmap_id:
        raise HTTPException(status_code=422, detail="invalid or missing beatmap_hash")
    if not (result := gamemode.check_ruleset_version(ruleset_hash)):
        logger.info(
            f"Ruleset version check failed for user {current_user.id} on beatmap {beatmap_id} "
@@ -450,6 +468,15 @@ async def create_solo_score(
        db.add(score_token)
        await db.commit()
        await db.refresh(score_token)
        logger.debug(
            "User {user_id} created solo score {score_token} for beatmap {beatmap_id} "
            "(mode: {mode}), using client {client_version}",
            user_id=user_id,
            score_token=score_token.id,
            beatmap_id=beatmap_id,
            mode=ruleset_id,
            client_version=str(client_version),
        )
        return ScoreTokenResp.from_db(score_token)
@@ -485,8 +512,9 @@ async def create_playlist_score(
    background_task: BackgroundTasks,
    room_id: int,
    playlist_id: int,
    verification_service: ClientVerificationService,
    beatmap_id: Annotated[int, Form(description="谱面 ID")],
-    beatmap_hash: Annotated[str, Form(description="游戏版本哈希")],
+    beatmap_hash: Annotated[str, Form(description="谱面文件哈希")],
    ruleset_id: Annotated[int, Form(..., description="ruleset 数字 ID (0-3)")],
    current_user: ClientUser,
    version_hash: Annotated[str, Form(description="谱面版本哈希")] = "",
@@ -497,6 +525,17 @@ async def create_playlist_score(
    except ValueError:
        raise HTTPException(status_code=400, detail="Invalid ruleset ID")
    if not (
        client_version := await verification_service.validate_client_version(
            version_hash,
        )
    ):
        logger.info(
            f"Client version check failed for user {current_user.id} on room {room_id}, playlist {playlist_id} "
            f"(version hash: {version_hash})"
        )
        raise HTTPException(status_code=422, detail="invalid client hash")
    if not (result := gamemode.check_ruleset_version(ruleset_hash)):
        logger.info(
            f"Ruleset version check failed for user {current_user.id} on room {room_id}, playlist {playlist_id},"
@@ -556,6 +595,17 @@ async def create_playlist_score(
    session.add(score_token)
    await session.commit()
    await session.refresh(score_token)
    logger.debug(
        "User {user_id} created playlist score {score_token} for beatmap {beatmap_id} "
        "(mode: {mode}, room {room_id}, item {playlist_id}), using client {client_version}",
        user_id=user_id,
        score_token=score_token.id,
        beatmap_id=beatmap_id,
        mode=ruleset_id,
        room_id=room_id,
        playlist_id=playlist_id,
        client_version=str(client_version),
    )
    return ScoreTokenResp.from_db(score_token)
--- a/app/service/client_verification_service.py
+++ b/app/service/client_verification_service.py
@@ -0,0 +1,131 @@
 """Service for verifying client versions against known valid versions."""
 import asyncio
 import json
 from app.config import settings
 from app.log import logger
 from app.models.version import VersionCheckResult, VersionList
 from app.path import CONFIG_DIR
 import aiofiles
 import httpx
 from httpx import AsyncClient
 HASHES_DIR = CONFIG_DIR / "client_versions.json"
 class ClientVerificationService:
    """A service to verify client versions against known valid versions.
    Attributes:
        version_lists (list[VersionList]): A list of version lists fetched from remote sources.
    Methods:
        init(): Initialize the service by loading version data from disk and refreshing from remote.
        refresh(): Fetch the latest version lists from configured URLs and store them locally.
        load_from_disk(): Load version lists from the local JSON file.
        validate_client_version(client_version: str) -> VersionCheckResult: Validate a given client version against the known versions.
    """  # noqa: E501
    def __init__(self) -> None:
        self.original_version_lists: dict[str, list[VersionList]] = {}
        self.versions: dict[str, tuple[str, str, str]] = {}
        self._lock = asyncio.Lock()
    async def init(self) -> None:
        """Initialize the service by loading version data from disk and refreshing from remote."""
        await self.load_from_disk(first_load=True)
        await self.refresh()
        await self.load_from_disk()
    async def refresh(self) -> None:
        """Fetch the latest version lists from configured URLs and store them locally."""
        lists: dict[str, list[VersionList]] = self.original_version_lists.copy()
        async with AsyncClient() as client:
            for url in settings.client_version_urls:
                try:
                    resp = await client.get(url, timeout=10)
                    resp.raise_for_status()
                    data = resp.json()
                    if len(data) == 0:
                        logger.warning(f"Client version list from {url} is empty")
                        continue
                    lists[url] = data
                    logger.info(f"Fetched client version list from {url}, total {len(data)} clients")
                except httpx.TimeoutException:
                    logger.warning(f"Timeout when fetching client version list from {url}")
                except Exception as e:
                    logger.warning(f"Failed to fetch client version list from {url}: {e}")
        async with aiofiles.open(HASHES_DIR, "wb") as f:
            await f.write(json.dumps(lists).encode("utf-8"))
    async def load_from_disk(self, first_load: bool = False) -> None:
        """Load version lists from the local JSON file."""
        async with self._lock:
            self.versions.clear()
            try:
                if not HASHES_DIR.is_file() and not first_load:
                    logger.warning("Client version list file does not exist on disk")
                    return
                async with aiofiles.open(HASHES_DIR, "rb") as f:
                    content = await f.read()
                    self.original_version_lists = json.loads(content.decode("utf-8"))
                    for version_list_group in self.original_version_lists.values():
                        for version_list in version_list_group:
                            for version_info in version_list["versions"]:
                                for client_hash, os_name in version_info["hashes"].items():
                                    self.versions[client_hash] = (
                                        version_list["name"],
                                        version_info["version"],
                                        os_name,
                                    )
                    if not first_load:
                        if len(self.versions) == 0:
                            logger.warning("Client version list is empty after loading from disk")
                        else:
                            logger.info(
                                "Loaded client version list from disk, "
                                f"total {len(self.versions)} clients, {len(self.versions)} versions"
                            )
            except Exception as e:
                logger.exception(f"Failed to load client version list from disk: {e}")
    async def validate_client_version(self, client_version: str) -> VersionCheckResult:
        """Validate a given client version against the known versions.
        Args:
            client_version (str): The client version string to validate.
        Returns:
            VersionCheckResult: The result of the validation.
        """
        if not settings.check_client_version:
            return VersionCheckResult(is_valid=True)
        async with self._lock:
            if client_version in self.versions:
                name, version, os_name = self.versions[client_version]
                return VersionCheckResult(is_valid=True, client_name=name, version=version, os=os_name)
        return VersionCheckResult(is_valid=False)
 _client_verification_service: ClientVerificationService | None = None
 def get_client_verification_service() -> ClientVerificationService:
    """Get the singleton instance of ClientVerificationService.
    Returns:
        ClientVerificationService: The singleton instance.
    """
    global _client_verification_service
    if _client_verification_service is None:
        _client_verification_service = ClientVerificationService()
    return _client_verification_service
 async def init_client_verification_service() -> None:
    """Initialize the ClientVerificationService singleton."""
    service = get_client_verification_service()
    logger.info("Initializing ClientVerificationService...")
    await service.init()
--- a/app/tasks/init.py
+++ b/app/tasks/init.py
@@ -6,6 +6,7 @@ from . import (
    database_cleanup,
    recalculate_banned_beatmap,
    recalculate_failed_score,
    update_client_version,
 )
 from .cache import start_cache_tasks, stop_cache_tasks
 from .calculate_all_user_rank import calculate_user_rank
--- a/app/tasks/update_client_version.py
+++ b/app/tasks/update_client_version.py
@@ -0,0 +1,13 @@
 from app.config import settings
 from app.dependencies.scheduler import get_scheduler
 from app.log import logger
 from app.service.client_verification_service import get_client_verification_service
 if settings.check_client_version:
    @get_scheduler().scheduled_job("interval", id="update_client_version", hours=2)
    async def update_client_version():
        logger.info("Updating client version lists...")
        client_verification_service = get_client_verification_service()
        await client_verification_service.refresh()
        await client_verification_service.load_from_disk()
--- a/main.py
+++ b/main.py
@@ -33,6 +33,7 @@ from app.router.redirect import redirect_router
 from app.router.v1 import api_v1_public_router
 from app.service.beatmap_download_service import download_service
 from app.service.beatmapset_update_service import init_beatmapset_update_service
 from app.service.client_verification_service import init_client_verification_service
 from app.service.email_queue import start_email_processor, stop_email_processor
 from app.service.redis_message_system import redis_message_system
 from app.service.subscribers.user_cache import user_online_subscriber
@@ -68,6 +69,9 @@ async def lifespan(app: FastAPI):  # noqa: ARG001
    load_achievements()
    await init_calculator()
    if settings.check_client_version:
        await init_client_verification_service()
    # init rate limiter
    await FastAPILimiter.init(redis_rate_limit_client)