Закрытие доступа неавторизированным к checkServer/joinServer

2024-11-15 03:31:15 +03:00 · 2019-01-04 22:22:40 +07:00 · 2019-01-04 22:22:40 +07:00 · 0c9bb41bee
commit 0c9bb41bee
parent a8153c9101
2 changed files with 14 additions and 4 deletions
--- a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/CheckServerResponse.java
+++ b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/CheckServerResponse.java
@ -10,6 +10,7 @@
 import ru.gravit.launchserver.auth.AuthException;
 import ru.gravit.launchserver.response.Response;
 import ru.gravit.launchserver.response.profile.ProfileByUUIDResponse;
+import ru.gravit.launchserver.socket.Client;
 import ru.gravit.utils.helper.LogHelper;
 import ru.gravit.utils.helper.VerifyHelper;

@ -25,9 +26,12 @@ public void reply() throws IOException {
        String serverID = VerifyHelper.verifyServerID(input.readASCII(41)); // With minus sign
        String client = input.readString(SerializeLimits.MAX_CLIENT);
        debug("Username: %s, Server ID: %s", username, serverID);
-        //Фитча оставлена до внедрения WebSockets
-        //Client clientData = server.sessionManager.getClient(session);
-        //if(!clientData.isAuth || clientData.type != Client.Type.SERVER) { requestError("Assess denied"); return;}
+        Client clientData = server.sessionManager.getClient(session);
+        if(!clientData.isAuth || clientData.type != Client.Type.SERVER)
+        {
+            requestError("Assess denied");
+            return;
+        }
        // Try check server with auth handler
        UUID uuid;
        try {
--- a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/JoinServerResponse.java
+++ b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/JoinServerResponse.java
@ -8,6 +8,7 @@
 import ru.gravit.launchserver.LaunchServer;
 import ru.gravit.launchserver.auth.AuthException;
 import ru.gravit.launchserver.response.Response;
+import ru.gravit.launchserver.socket.Client;
 import ru.gravit.utils.helper.LogHelper;
 import ru.gravit.utils.helper.SecurityHelper;
 import ru.gravit.utils.helper.VerifyHelper;
@ -23,7 +24,12 @@ public void reply() throws IOException {
        String username = VerifyHelper.verifyUsername(input.readString(SerializeLimits.MAX_LOGIN));
        String accessToken = SecurityHelper.verifyToken(input.readASCII(-SecurityHelper.TOKEN_STRING_LENGTH));
        String serverID = VerifyHelper.verifyServerID(input.readASCII(SerializeLimits.MAX_SERVERID)); // With minus sign
-
+        Client clientData = server.sessionManager.getClient(session);
+        if(!clientData.isAuth || clientData.type != Client.Type.USER)
+        {
+            requestError("Assess denied");
+            return;
+        }
        // Try join server with auth handler
        debug("Username: '%s', Access token: %s, Server ID: %s", username, accessToken, serverID);
        boolean success;