[FIX] Альтернатива whitelist профилей

This commit is contained in:
Gravit 2020-03-22 04:16:15 +07:00
parent 58a208a3f5
commit 9ccaf3b1d7
No known key found for this signature in database
GPG key ID: 061981E1E85D3216
5 changed files with 91 additions and 11 deletions

View file

@ -1,18 +1,48 @@
package pro.gravit.launchserver.auth.protect;
import pro.gravit.launcher.profiles.ClientProfile;
import pro.gravit.launchserver.auth.protect.interfaces.ProfilesProtectHandler;
import pro.gravit.launchserver.socket.Client;
import pro.gravit.launchserver.socket.response.auth.AuthResponse;
import pro.gravit.utils.helper.SecurityHelper;
public class StdProtectHandler extends ProtectHandler {
public final boolean checkSecure = true;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class StdProtectHandler extends ProtectHandler implements ProfilesProtectHandler {
public Map<String, List<String>> profileWhitelist = new HashMap<>();
public List<String> allowUpdates = new ArrayList<>();
@Override
public boolean allowGetAccessToken(AuthResponse.AuthContext context) {
return (context.authType == AuthResponse.ConnectTypes.CLIENT) && (!checkSecure || context.client.checkSign);
return (context.authType == AuthResponse.ConnectTypes.CLIENT) && context.client.checkSign;
}
@Override
public void checkLaunchServerLicense() {
}
@Override
public boolean canGetProfile(ClientProfile profile, Client client) {
return canChangeProfile(profile, client);
}
@Override
public boolean canChangeProfile(ClientProfile profile, Client client) {
return client.isAuth && client.username != null && isWhitelisted(profile.getTitle(), client.username);
}
@Override
public boolean canGetUpdates(String updatesDirName, Client client) {
return client.profile != null && ( client.profile.getDir().equals(updatesDirName) || client.profile.getAssetDir().equals(updatesDirName) || allowUpdates.contains(updatesDirName));
}
public boolean isWhitelisted(String profileTitle, String username)
{
List<String> allowedUsername = profileWhitelist.get(profileTitle);
if(allowedUsername == null) return true;
return allowedUsername.contains(username);
}
}

View file

@ -0,0 +1,23 @@
package pro.gravit.launchserver.auth.protect.interfaces;
import pro.gravit.launcher.profiles.ClientProfile;
import pro.gravit.launchserver.socket.Client;
public interface ProfilesProtectHandler {
default boolean canGetProfiles(Client client)
{
return true;
}
default boolean canGetProfile(ClientProfile profile, Client client)
{
return true;
}
default boolean canChangeProfile(ClientProfile profile, Client client)
{
return client.isAuth;
}
default boolean canGetUpdates(String updatesDirName, Client client)
{
return true;
}
}

View file

@ -3,9 +3,14 @@
import io.netty.channel.ChannelHandlerContext;
import pro.gravit.launcher.events.request.ErrorRequestEvent;
import pro.gravit.launcher.events.request.ProfilesRequestEvent;
import pro.gravit.launcher.profiles.ClientProfile;
import pro.gravit.launchserver.auth.protect.interfaces.ProfilesProtectHandler;
import pro.gravit.launchserver.socket.Client;
import pro.gravit.launchserver.socket.response.SimpleResponse;
import java.util.ArrayList;
import java.util.List;
public class ProfilesResponse extends SimpleResponse {
@Override
public String getType() {
@ -14,10 +19,29 @@ public String getType() {
@Override
public void execute(ChannelHandlerContext ctx, Client client) {
if (!client.checkSign && !client.isAuth) {
service.sendObject(ctx, new ErrorRequestEvent("Access denied"));
if (server.config.protectHandler instanceof ProfilesProtectHandler && !((ProfilesProtectHandler) server.config.protectHandler).canGetProfiles(client)) {
sendError("Access denied");
return;
}
sendResult(new ProfilesRequestEvent(server.getProfiles()));
List<ClientProfile> profileList;
List<ClientProfile> serverProfiles = server.getProfiles();
if (server.config.protectHandler instanceof ProfilesProtectHandler)
{
ProfilesProtectHandler protectHandler = (ProfilesProtectHandler) server.config.protectHandler;
profileList = new ArrayList<>(4);
for(ClientProfile profile : serverProfiles)
{
if(protectHandler.canGetProfile(profile, client))
{
profileList.add(profile);
}
}
}
else
{
profileList = serverProfiles;
}
sendResult(new ProfilesRequestEvent(profileList));
}
}

View file

@ -3,6 +3,7 @@
import io.netty.channel.ChannelHandlerContext;
import pro.gravit.launcher.events.request.SetProfileRequestEvent;
import pro.gravit.launcher.profiles.ClientProfile;
import pro.gravit.launchserver.auth.protect.interfaces.ProfilesProtectHandler;
import pro.gravit.launchserver.socket.Client;
import pro.gravit.launchserver.socket.response.SimpleResponse;
import pro.gravit.utils.HookException;
@ -19,10 +20,6 @@ public String getType() {
@Override
public void execute(ChannelHandlerContext ctx, Client client) {
if (!client.isAuth) {
sendError("Access denied");
return;
}
try {
server.authHookManager.setProfileHook.hook(this, client);
} catch (HookException e) {
@ -31,6 +28,11 @@ public void execute(ChannelHandlerContext ctx, Client client) {
Collection<ClientProfile> profiles = server.getProfiles();
for (ClientProfile p : profiles) {
if (p.getTitle().equals(this.client)) {
if (server.config.protectHandler instanceof ProfilesProtectHandler &&
((ProfilesProtectHandler) server.config.protectHandler).canChangeProfile(p, client)) {
sendError("Access denied");
return;
}
client.profile = p;
sendResult(new SetProfileRequestEvent(p));
return;

View file

@ -4,6 +4,7 @@
import pro.gravit.launcher.events.request.UpdateRequestEvent;
import pro.gravit.launcher.hasher.HashedDir;
import pro.gravit.launcher.profiles.ClientProfile;
import pro.gravit.launchserver.auth.protect.interfaces.ProfilesProtectHandler;
import pro.gravit.launchserver.config.LaunchServerConfig;
import pro.gravit.launchserver.socket.Client;
import pro.gravit.launchserver.socket.response.SimpleResponse;
@ -20,7 +21,7 @@ public String getType() {
@Override
public void execute(ChannelHandlerContext ctx, Client client) {
if (!client.isAuth || client.type != AuthResponse.ConnectTypes.CLIENT || client.profile == null) {
if (server.config.protectHandler instanceof ProfilesProtectHandler && ((ProfilesProtectHandler) server.config.protectHandler).canGetUpdates(dirName, client)) {
sendError("Access denied");
return;
}