Закрытие доступа неавторизированным к checkServer/joinServer

This commit is contained in:
Gravit 2019-01-04 22:22:40 +07:00
parent a8153c9101
commit 0c9bb41bee
No known key found for this signature in database
GPG key ID: 061981E1E85D3216
2 changed files with 14 additions and 4 deletions

View file

@ -10,6 +10,7 @@
import ru.gravit.launchserver.auth.AuthException;
import ru.gravit.launchserver.response.Response;
import ru.gravit.launchserver.response.profile.ProfileByUUIDResponse;
import ru.gravit.launchserver.socket.Client;
import ru.gravit.utils.helper.LogHelper;
import ru.gravit.utils.helper.VerifyHelper;
@ -25,9 +26,12 @@ public void reply() throws IOException {
String serverID = VerifyHelper.verifyServerID(input.readASCII(41)); // With minus sign
String client = input.readString(SerializeLimits.MAX_CLIENT);
debug("Username: %s, Server ID: %s", username, serverID);
//Фитча оставлена до внедрения WebSockets
//Client clientData = server.sessionManager.getClient(session);
//if(!clientData.isAuth || clientData.type != Client.Type.SERVER) { requestError("Assess denied"); return;}
Client clientData = server.sessionManager.getClient(session);
if(!clientData.isAuth || clientData.type != Client.Type.SERVER)
{
requestError("Assess denied");
return;
}
// Try check server with auth handler
UUID uuid;
try {

View file

@ -8,6 +8,7 @@
import ru.gravit.launchserver.LaunchServer;
import ru.gravit.launchserver.auth.AuthException;
import ru.gravit.launchserver.response.Response;
import ru.gravit.launchserver.socket.Client;
import ru.gravit.utils.helper.LogHelper;
import ru.gravit.utils.helper.SecurityHelper;
import ru.gravit.utils.helper.VerifyHelper;
@ -23,7 +24,12 @@ public void reply() throws IOException {
String username = VerifyHelper.verifyUsername(input.readString(SerializeLimits.MAX_LOGIN));
String accessToken = SecurityHelper.verifyToken(input.readASCII(-SecurityHelper.TOKEN_STRING_LENGTH));
String serverID = VerifyHelper.verifyServerID(input.readASCII(SerializeLimits.MAX_SERVERID)); // With minus sign
Client clientData = server.sessionManager.getClient(session);
if(!clientData.isAuth || clientData.type != Client.Type.USER)
{
requestError("Assess denied");
return;
}
// Try join server with auth handler
debug("Username: '%s', Access token: %s, Server ID: %s", username, accessToken, serverID);
boolean success;