Lanmikeman/Launcher
1
1
Fork 0
mirror of https://github.com/GravitLauncher/Launcher synced 2024-11-15 11:39:11 +03:00
Code Issues Projects Releases Packages Wiki Activity

Закрытие доступа неавторизированным к checkServer/joinServer

Browse source
This commit is contained in:
Gravit 2019-01-04 22:22:40 +07:00
parent a8153c9101
commit 0c9bb41bee
No known key found for this signature in database
GPG key ID: 061981E1E85D3216
2 changed files with 14 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/CheckServerResponse.java
View file

@ -10,6 +10,7 @@
import ru.gravit.launchserver.auth.AuthException; import ru.gravit.launchserver.auth.AuthException;
import ru.gravit.launchserver.response.Response; import ru.gravit.launchserver.response.Response;
import ru.gravit.launchserver.response.profile.ProfileByUUIDResponse; import ru.gravit.launchserver.response.profile.ProfileByUUIDResponse;
import ru.gravit.launchserver.socket.Client;
import ru.gravit.utils.helper.LogHelper; import ru.gravit.utils.helper.LogHelper;
import ru.gravit.utils.helper.VerifyHelper; import ru.gravit.utils.helper.VerifyHelper;
@ -25,9 +26,12 @@ public void reply() throws IOException {
String serverID = VerifyHelper.verifyServerID(input.readASCII(41)); // With minus sign String serverID = VerifyHelper.verifyServerID(input.readASCII(41)); // With minus sign
String client = input.readString(SerializeLimits.MAX_CLIENT); String client = input.readString(SerializeLimits.MAX_CLIENT);
debug("Username: %s, Server ID: %s", username, serverID); debug("Username: %s, Server ID: %s", username, serverID);
//Фитча оставлена до внедрения WebSockets Client clientData = server.sessionManager.getClient(session);
//Client clientData = server.sessionManager.getClient(session); if(!clientData.isAuth || clientData.type != Client.Type.SERVER)
//if(!clientData.isAuth || clientData.type != Client.Type.SERVER) { requestError("Assess denied"); return;} {
requestError("Assess denied");
return;
}
// Try check server with auth handler // Try check server with auth handler
UUID uuid; UUID uuid;
try { try {

8
LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/JoinServerResponse.java
View file

@ -8,6 +8,7 @@
import ru.gravit.launchserver.LaunchServer; import ru.gravit.launchserver.LaunchServer;
import ru.gravit.launchserver.auth.AuthException; import ru.gravit.launchserver.auth.AuthException;
import ru.gravit.launchserver.response.Response; import ru.gravit.launchserver.response.Response;
import ru.gravit.launchserver.socket.Client;
import ru.gravit.utils.helper.LogHelper; import ru.gravit.utils.helper.LogHelper;
import ru.gravit.utils.helper.SecurityHelper; import ru.gravit.utils.helper.SecurityHelper;
import ru.gravit.utils.helper.VerifyHelper; import ru.gravit.utils.helper.VerifyHelper;
@ -23,7 +24,12 @@ public void reply() throws IOException {
String username = VerifyHelper.verifyUsername(input.readString(SerializeLimits.MAX_LOGIN)); String username = VerifyHelper.verifyUsername(input.readString(SerializeLimits.MAX_LOGIN));
String accessToken = SecurityHelper.verifyToken(input.readASCII(-SecurityHelper.TOKEN_STRING_LENGTH)); String accessToken = SecurityHelper.verifyToken(input.readASCII(-SecurityHelper.TOKEN_STRING_LENGTH));
String serverID = VerifyHelper.verifyServerID(input.readASCII(SerializeLimits.MAX_SERVERID)); // With minus sign String serverID = VerifyHelper.verifyServerID(input.readASCII(SerializeLimits.MAX_SERVERID)); // With minus sign
Client clientData = server.sessionManager.getClient(session);
if(!clientData.isAuth || clientData.type != Client.Type.USER)
{
requestError("Assess denied");
return;
}
// Try join server with auth handler // Try join server with auth handler
debug("Username: '%s', Access token: %s, Server ID: %s", username, accessToken, serverID); debug("Username: '%s', Access token: %s, Server ID: %s", username, accessToken, serverID);
boolean success; boolean success;