whale-town/scripts/SecurityConfig.gd

extends Node
class_name SecurityConfig
## 安全配置类
## 集中管理所有安全相关的配置和常量

# 输入验证配置
const INPUT_VALIDATION = {
	"max_message_length": 500,
	"max_username_length": 50,
	"max_character_name_length": 20,
	"min_character_name_length": 2,
	"max_json_size": 10000  # 10KB
}

# 会话管理配置
const SESSION_MANAGEMENT = {
	"session_timeout": 1800.0,  # 30分钟
	"max_failed_attempts": 5,
	"lockout_duration": 300.0,  # 5分钟
	"cleanup_interval": 300.0   # 5分钟清理间隔
}

# 网络安全配置
const NETWORK_SECURITY = {
	"max_message_rate": 10,     # 每秒最大消息数
	"rate_limit_window": 1.0,   # 速率限制窗口（秒）
	"connection_timeout": 10.0,  # 连接超时
	"heartbeat_interval": 30.0   # 心跳间隔
}

# 内容过滤配置
const CONTENT_FILTERING = {
	"enable_html_filtering": true,
	"enable_script_detection": true,
	"enable_injection_detection": true,
	"max_repetition_ratio": 0.7,  # 最大重复字符比例
	"enable_profanity_filter": false  # 可选：脏话过滤
}

# 日志和监控配置
const LOGGING = {
	"log_security_events": true,
	"log_failed_attempts": true,
	"log_suspicious_activity": true,
	"max_log_entries": 1000
}

# 加密和哈希配置
const ENCRYPTION = {
	"use_secure_tokens": true,
	"token_complexity": "high",  # low, medium, high
	"hash_algorithm": "sha256"
}

## 获取配置值
static func get_config(category: String, key: String, default_value = null):
	"""
	获取配置值
	@param category: 配置类别
	@param key: 配置键
	@param default_value: 默认值
	@return: 配置值
	"""
	var config_dict = null
	
	match category:
		"input_validation":
			config_dict = INPUT_VALIDATION
		"session_management":
			config_dict = SESSION_MANAGEMENT
		"network_security":
			config_dict = NETWORK_SECURITY
		"content_filtering":
			config_dict = CONTENT_FILTERING
		"logging":
			config_dict = LOGGING
		"encryption":
			config_dict = ENCRYPTION
		_:
			return default_value
	
	if config_dict and config_dict.has(key):
		return config_dict[key]
	
	return default_value

## 验证配置完整性
static func validate_config() -> bool:
	"""
	验证安全配置的完整性
	@return: 配置是否有效
	"""
	# 检查关键配置项
	var critical_configs = [
		["input_validation", "max_message_length"],
		["session_management", "session_timeout"],
		["network_security", "connection_timeout"],
		["content_filtering", "enable_script_detection"]
	]
	
	for config in critical_configs:
		var value = get_config(config[0], config[1])
		if value == null:
			print("ERROR: Missing critical security config: %s.%s" % [config[0], config[1]])
			return false
	
	return true

## 获取安全级别
static func get_security_level() -> String:
	"""
	获取当前安全级别
	@return: 安全级别 ("low", "medium", "high")
	"""
	# 基于配置确定安全级别
	var script_detection = get_config("content_filtering", "enable_script_detection", false)
	var injection_detection = get_config("content_filtering", "enable_injection_detection", false)
	var secure_tokens = get_config("encryption", "use_secure_tokens", false)
	var max_attempts = get_config("session_management", "max_failed_attempts", 10)
	
	if script_detection and injection_detection and secure_tokens and max_attempts <= 5:
		return "high"
	elif (script_detection or injection_detection) and max_attempts <= 10:
		return "medium"
	else:
		return "low"

## 应用安全配置到游戏配置
static func apply_to_game_config():
	"""将安全配置应用到GameConfig"""
	# GameConfig可能不存在，这是正常的
	pass

## 获取推荐的安全设置
static func get_recommended_settings() -> Dictionary:
	"""
	获取推荐的安全设置
	@return: 推荐设置字典
	"""
	return {
		"description": "推荐的高安全级别设置",
		"settings": {
			"input_validation": {
				"max_message_length": 300,  # 更严格的消息长度限制
				"max_username_length": 30,
				"enable_strict_validation": true
			},
			"session_management": {
				"session_timeout": 900.0,  # 15分钟更短的会话
				"max_failed_attempts": 3,  # 更严格的失败尝试限制
				"lockout_duration": 600.0  # 10分钟锁定
			},
			"content_filtering": {
				"enable_html_filtering": true,
				"enable_script_detection": true,
				"enable_injection_detection": true,
				"max_repetition_ratio": 0.5  # 更严格的重复检测
			}
		}
	}

## 初始化安全配置
static func initialize():
	"""初始化安全配置"""
	if validate_config():
		var security_level = get_security_level()
		print("Security configuration initialized - Level: " + security_level)
		apply_to_game_config()
	else:
		print("ERROR: Security configuration validation failed")