[FIX] Backport "Strict profile access, update gradle"

This commit is contained in:
Gravita 2024-04-10 16:49:05 +07:00
parent a02a5b6af3
commit ced13d2cb4
7 changed files with 3 additions and 57 deletions

View file

@ -29,12 +29,12 @@ public void init(LaunchServer server) {
@Override @Override
public boolean canGetProfile(ClientProfile profile, Client client) { public boolean canGetProfile(ClientProfile profile, Client client) {
return !profile.isLimited() || isWhitelisted("launchserver.profile.%s.show", profile, client); return (client.isAuth && !profile.isLimited()) || isWhitelisted("launchserver.profile.%s.show", profile, client);
} }
@Override @Override
public boolean canChangeProfile(ClientProfile profile, Client client) { public boolean canChangeProfile(ClientProfile profile, Client client) {
return !profile.isLimited() || isWhitelisted("launchserver.profile.%s.enter", profile, client); return (client.isAuth && !profile.isLimited()) || isWhitelisted("launchserver.profile.%s.enter", profile, client);
} }
@Override @Override

View file

@ -30,7 +30,6 @@
import pro.gravit.launchserver.socket.response.secure.SecurityReportResponse; import pro.gravit.launchserver.socket.response.secure.SecurityReportResponse;
import pro.gravit.launchserver.socket.response.secure.VerifySecureLevelKeyResponse; import pro.gravit.launchserver.socket.response.secure.VerifySecureLevelKeyResponse;
import pro.gravit.launchserver.socket.response.update.LauncherResponse; import pro.gravit.launchserver.socket.response.update.LauncherResponse;
import pro.gravit.launchserver.socket.response.update.UpdateListResponse;
import pro.gravit.launchserver.socket.response.update.UpdateResponse; import pro.gravit.launchserver.socket.response.update.UpdateResponse;
import pro.gravit.utils.BiHookSet; import pro.gravit.utils.BiHookSet;
import pro.gravit.utils.HookSet; import pro.gravit.utils.HookSet;
@ -64,7 +63,6 @@ public static void registerResponses() {
providers.register("joinServer", JoinServerResponse.class); providers.register("joinServer", JoinServerResponse.class);
providers.register("profiles", ProfilesResponse.class); providers.register("profiles", ProfilesResponse.class);
providers.register("launcher", LauncherResponse.class); providers.register("launcher", LauncherResponse.class);
providers.register("updateList", UpdateListResponse.class);
providers.register("setProfile", SetProfileResponse.class); providers.register("setProfile", SetProfileResponse.class);
providers.register("update", UpdateResponse.class); providers.register("update", UpdateResponse.class);
providers.register("batchProfileByUsername", BatchProfileByUsername.class); providers.register("batchProfileByUsername", BatchProfileByUsername.class);

View file

@ -1,27 +0,0 @@
package pro.gravit.launchserver.socket.response.update;
import io.netty.channel.ChannelHandlerContext;
import pro.gravit.launcher.events.request.UpdateListRequestEvent;
import pro.gravit.launchserver.socket.Client;
import pro.gravit.launchserver.socket.response.SimpleResponse;
import java.util.HashSet;
public class UpdateListResponse extends SimpleResponse {
@Override
public String getType() {
return "updateList";
}
@Override
public void execute(ChannelHandlerContext ctx, Client client) {
if (!client.isAuth) {
sendError("Access denied");
return;
}
HashSet<String> set = server.updatesManager.getUpdatesList();
sendResult(new UpdateListRequestEvent(set));
}
}

View file

@ -1,24 +0,0 @@
package pro.gravit.launcher.events.request;
import pro.gravit.launcher.LauncherNetworkAPI;
import pro.gravit.launcher.events.RequestEvent;
import java.util.HashSet;
import java.util.UUID;
public class UpdateListRequestEvent extends RequestEvent {
@SuppressWarnings("unused")
private static final UUID uuid = UUID.fromString("5fa836ae-6b61-401c-96ac-d8396f07ec6b");
@LauncherNetworkAPI
public final HashSet<String> dirs;
public UpdateListRequestEvent(HashSet<String> dirs) {
this.dirs = dirs;
}
@Override
public String getType() {
return "updateList";
}
}

View file

@ -94,7 +94,6 @@ public void registerResults() {
results.register("batchProfileByUsername", BatchProfileByUsernameRequestEvent.class); results.register("batchProfileByUsername", BatchProfileByUsernameRequestEvent.class);
results.register("profiles", ProfilesRequestEvent.class); results.register("profiles", ProfilesRequestEvent.class);
results.register("setProfile", SetProfileRequestEvent.class); results.register("setProfile", SetProfileRequestEvent.class);
results.register("updateList", UpdateListRequestEvent.class);
results.register("error", ErrorRequestEvent.class); results.register("error", ErrorRequestEvent.class);
results.register("update", UpdateRequestEvent.class); results.register("update", UpdateRequestEvent.class);
results.register("getAvailabilityAuth", GetAvailabilityAuthRequestEvent.class); results.register("getAvailabilityAuth", GetAvailabilityAuthRequestEvent.class);

Binary file not shown.

View file

@ -1,6 +1,6 @@
distributionBase=GRADLE_USER_HOME distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-all.zip distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-all.zip
networkTimeout=10000 networkTimeout=10000
validateDistributionUrl=true validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME zipStoreBase=GRADLE_USER_HOME