diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/provider/RequestAuthProvider.java b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/provider/RequestAuthProvider.java index b3f07895..f37c7d71 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/provider/RequestAuthProvider.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/provider/RequestAuthProvider.java @@ -13,12 +13,10 @@ import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; -import java.net.URL; import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpResponse; import java.time.Duration; -import java.time.temporal.TemporalUnit; import java.util.regex.Matcher; import java.util.regex.Pattern; diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/SecurityCheckCommand.java b/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/SecurityCheckCommand.java index 273a319a..e0af9f4f 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/SecurityCheckCommand.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/command/service/SecurityCheckCommand.java @@ -1,7 +1,5 @@ package pro.gravit.launchserver.command.service; -import org.bouncycastle.cert.jcajce.JcaCertStore; -import org.bouncycastle.util.Store; import org.fusesource.jansi.Ansi; import pro.gravit.launcher.profiles.ClientProfile; import pro.gravit.launchserver.LaunchServer; @@ -12,17 +10,9 @@ import pro.gravit.launchserver.auth.provider.AcceptAuthProvider; import pro.gravit.launchserver.command.Command; import pro.gravit.launchserver.config.LaunchServerConfig; -import pro.gravit.launchserver.helper.SignHelper; import pro.gravit.utils.helper.FormatHelper; import pro.gravit.utils.helper.LogHelper; -import java.io.File; -import java.security.KeyStore; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; import java.util.StringTokenizer; public class SecurityCheckCommand extends Command { @@ -44,74 +34,68 @@ public String getUsageDescription() { public void invoke(String... args) throws Exception { LaunchServerConfig config = server.config; config.auth.forEach((name, pair) -> { - if(pair.provider instanceof AcceptAuthProvider) { + if (pair.provider instanceof AcceptAuthProvider) { printCheckResult(LogHelper.Level.INFO, String.format("auth.%s.provider", name), "Accept auth provider", false); } else { printCheckResult(LogHelper.Level.INFO, String.format("auth.%s.provider", name), "", true); } - if(pair.handler instanceof MemoryAuthHandler) { + if (pair.handler instanceof MemoryAuthHandler) { printCheckResult(LogHelper.Level.INFO, String.format("auth.%s.handler", name), "MemoryAuthHandler test-only", false); } else { printCheckResult(LogHelper.Level.INFO, String.format("auth.%s.handler", name), "", true); } }); - if(config.protectHandler instanceof NoProtectHandler) { + if (config.protectHandler instanceof NoProtectHandler) { printCheckResult(LogHelper.Level.INFO, "protectHandler", "protectHandler none", false); - } - else if(config.protectHandler instanceof AdvancedProtectHandler) { + } else if (config.protectHandler instanceof AdvancedProtectHandler) { printCheckResult(LogHelper.Level.INFO, "protectHandler", "", true); - if(!((AdvancedProtectHandler) config.protectHandler).enableHardwareFeature) - { + if (!((AdvancedProtectHandler) config.protectHandler).enableHardwareFeature) { printCheckResult(LogHelper.Level.INFO, "protectHandler.hardwareId", "you can improve security by using hwid provider", null); - } - else { + } else { printCheckResult(LogHelper.Level.INFO, "protectHandler.hardwareId", "", true); } - } - else if(config.protectHandler instanceof StdProtectHandler) { + } else if (config.protectHandler instanceof StdProtectHandler) { printCheckResult(LogHelper.Level.INFO, "protectHandler", "you can improve security by using advanced", null); - } - else { + } else { printCheckResult(LogHelper.Level.INFO, "protectHandler", "unknown protectHandler", null); } - if(config.netty.address.startsWith("ws://")) { - if(config.netty.ipForwarding) + if (config.netty.address.startsWith("ws://")) { + if (config.netty.ipForwarding) printCheckResult(LogHelper.Level.INFO, "netty.ipForwarding", "ipForwarding may be used to spoofing ip", null); printCheckResult(LogHelper.Level.INFO, "netty.address", "websocket connection not secure", false); - } else if(config.netty.address.startsWith("wss://")) { - if(!config.netty.ipForwarding) + } else if (config.netty.address.startsWith("wss://")) { + if (!config.netty.ipForwarding) printCheckResult(LogHelper.Level.INFO, "netty.ipForwarding", "ipForwarding not enabled. authLimiter may be get incorrect ip", null); printCheckResult(LogHelper.Level.INFO, "netty.address", "", true); } - if(config.netty.sendExceptionEnabled) { + if (config.netty.sendExceptionEnabled) { printCheckResult(LogHelper.Level.INFO, "netty.sendExceptionEnabled", "recommend \"false\" in production", false); } else { printCheckResult(LogHelper.Level.INFO, "netty.sendExceptionEnabled", "", true); } - if(config.netty.launcherURL.startsWith("http://")) { + if (config.netty.launcherURL.startsWith("http://")) { printCheckResult(LogHelper.Level.INFO, "netty.launcherUrl", "launcher jar download connection not secure", false); - } else if(config.netty.launcherURL.startsWith("https://")) { + } else if (config.netty.launcherURL.startsWith("https://")) { printCheckResult(LogHelper.Level.INFO, "netty.launcherUrl", "", true); } - if(config.netty.launcherEXEURL.startsWith("http://")) { + if (config.netty.launcherEXEURL.startsWith("http://")) { printCheckResult(LogHelper.Level.INFO, "netty.launcherExeUrl", "launcher exe download connection not secure", false); - } else if(config.netty.launcherEXEURL.startsWith("https://")) { + } else if (config.netty.launcherEXEURL.startsWith("https://")) { printCheckResult(LogHelper.Level.INFO, "netty.launcherExeUrl", "", true); } - if(config.netty.downloadURL.startsWith("http://")) { + if (config.netty.downloadURL.startsWith("http://")) { printCheckResult(LogHelper.Level.INFO, "netty.downloadUrl", "assets/clients download connection not secure", false); - } else if(config.netty.downloadURL.startsWith("https://")) { + } else if (config.netty.downloadURL.startsWith("https://")) { printCheckResult(LogHelper.Level.INFO, "netty.downloadUrl", "", true); } - if(!config.sign.enabled) { + if (!config.sign.enabled) { printCheckResult(LogHelper.Level.INFO, "sign", "it is recommended to use a signature", null); - } - else { + } else { /*boolean bad = false; KeyStore keyStore = SignHelper.getStore(new File(config.sign.keyStore).toPath(), config.sign.keyStorePass, config.sign.keyStoreType); X509Certificate[] certChain = (X509Certificate[]) keyStore.getCertificateChain(config.sign.keyAlias); @@ -130,22 +114,21 @@ else if(config.protectHandler instanceof StdProtectHandler) { certificate.checkValidity(); } if(!bad)*/ - printCheckResult(LogHelper.Level.INFO, "sign", "", true); + printCheckResult(LogHelper.Level.INFO, "sign", "", true); } - if(!config.launcher.enabledProGuard) { + if (!config.launcher.enabledProGuard) { printCheckResult(LogHelper.Level.INFO, "launcher.enabledProGuard", "proguard not enabled", false); } else { printCheckResult(LogHelper.Level.INFO, "launcher.enabledProGuard", "", true); } - if(!config.launcher.stripLineNumbers) { + if (!config.launcher.stripLineNumbers) { printCheckResult(LogHelper.Level.INFO, "launcher.stripLineNumbers", "stripLineNumbers not enabled", false); } else { printCheckResult(LogHelper.Level.INFO, "launcher.stripLineNumbers", "", true); } - switch (config.env) - { + switch (config.env) { case DEV: printCheckResult(LogHelper.Level.INFO, "env", "found env DEV", false); @@ -162,50 +145,46 @@ else if(config.protectHandler instanceof StdProtectHandler) { } //Profiles - for(ClientProfile profile : server.getProfiles()) - { + for (ClientProfile profile : server.getProfiles()) { boolean bad = false; String profileModuleName = String.format("profiles.%s", profile.getTitle()); - for(String exc : profile.getUpdateExclusions()) - { + for (String exc : profile.getUpdateExclusions()) { StringTokenizer tokenizer = new StringTokenizer(exc, "\\/"); - if(exc.endsWith(".jar")) { + if (exc.endsWith(".jar")) { printCheckResult(LogHelper.Level.INFO, profileModuleName, String.format("updateExclusions %s not safe. Cheats may be injected very easy!", exc), false); bad = true; continue; } - if(tokenizer.hasMoreTokens() && tokenizer.nextToken().equals("mods")) - { - if(!tokenizer.hasMoreTokens()) { + if (tokenizer.hasMoreTokens() && tokenizer.nextToken().equals("mods")) { + if (!tokenizer.hasMoreTokens()) { printCheckResult(LogHelper.Level.INFO, profileModuleName, String.format("updateExclusions %s not safe. Cheats may be injected very easy!", exc), false); bad = true; } else { String nextToken = tokenizer.nextToken(); - if(nextToken.equals("memory_repo") || nextToken.equals("1.12.2") || nextToken.equals("1.7.10")) { + if (nextToken.equals("memory_repo") || nextToken.equals("1.12.2") || nextToken.equals("1.7.10")) { printCheckResult(LogHelper.Level.INFO, profileModuleName, String.format("updateExclusions %s not safe. Cheats may be injected very easy!", exc), false); bad = true; } } } } - if(!bad) + if (!bad) printCheckResult(LogHelper.Level.INFO, profileModuleName, "", true); } LogHelper.info("Check completed"); } - public static void printCheckResult(LogHelper.Level level, String module, String comment, Boolean status) - { + public static void printCheckResult(LogHelper.Level level, String module, String comment, Boolean status) { LogHelper.rawLog(() -> FormatHelper.rawFormat(level, LogHelper.getDataTime(), false).concat(String.format("[%s] %s - %s", module, comment, status == null ? "WARN" : (status ? "OK" : "FAIL"))), - () -> FormatHelper.rawAnsiFormat(level, LogHelper.getDataTime(), false) - .fgBright(Ansi.Color.WHITE) - .a("[") - .fgBright(Ansi.Color.BLUE) - .a(module) - .fgBright(Ansi.Color.WHITE) - .a("] ".concat(comment).concat(" - ")) - .fgBright(status == null ? Ansi.Color.YELLOW : (status ? Ansi.Color.GREEN : Ansi.Color.RED)) - .a(status == null ? "WARN" : (status ? "OK" : "FAIL")) - .reset().toString()); + () -> FormatHelper.rawAnsiFormat(level, LogHelper.getDataTime(), false) + .fgBright(Ansi.Color.WHITE) + .a("[") + .fgBright(Ansi.Color.BLUE) + .a(module) + .fgBright(Ansi.Color.WHITE) + .a("] ".concat(comment).concat(" - ")) + .fgBright(status == null ? Ansi.Color.YELLOW : (status ? Ansi.Color.GREEN : Ansi.Color.RED)) + .a(status == null ? "WARN" : (status ? "OK" : "FAIL")) + .reset().toString()); } } diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/NettyThreadFactory.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/NettyThreadFactory.java index 98b81f14..15a45712 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/NettyThreadFactory.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/NettyThreadFactory.java @@ -12,7 +12,7 @@ public NettyThreadFactory(String poolName) { protected Thread newThread(Runnable r, String name) { Thread thread = super.newThread(r, name); thread.setUncaughtExceptionHandler((th, e) -> { - if(LogHelper.isDebugEnabled()) + if (LogHelper.isDebugEnabled()) LogHelper.error(e); }); return thread; diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/WebSocketFrameHandler.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/WebSocketFrameHandler.java index 0d75f4da..b8948f25 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/WebSocketFrameHandler.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/WebSocketFrameHandler.java @@ -60,22 +60,19 @@ protected void channelRead0(ChannelHandlerContext ctx, WebSocketFrame frame) { // ping and pong frames already handled try { if (hooks.hook(ctx, frame)) return; - } catch (Throwable ex) - { + } catch (Throwable ex) { LogHelper.error(ex); } if (frame instanceof TextWebSocketFrame) { try { service.process(ctx, (TextWebSocketFrame) frame, client, context.ip); } catch (Throwable ex) { - if(LogHelper.isDebugEnabled()) { + if (LogHelper.isDebugEnabled()) { LogHelper.warning("Client %s send invalid request. Connection force closed.", context.ip == null ? IOHelper.getIP(ctx.channel().remoteAddress()) : context.ip); - if(LogHelper.isDevEnabled()) - { + if (LogHelper.isDevEnabled()) { LogHelper.dev("Client message: %s", ((TextWebSocketFrame) frame).text()); } - if(LogHelper.isStacktraceEnabled()) - { + if (LogHelper.isStacktraceEnabled()) { LogHelper.error(ex); } } @@ -97,7 +94,7 @@ protected void channelRead0(ChannelHandlerContext ctx, WebSocketFrame frame) { @Override public void channelInactive(ChannelHandlerContext ctx) throws Exception { - if(future != null) future.cancel(true); + if (future != null) future.cancel(true); super.channelInactive(ctx); } } diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/fileserver/FileServerHandler.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/fileserver/FileServerHandler.java index f9190de5..54c5cee4 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/fileserver/FileServerHandler.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/fileserver/FileServerHandler.java @@ -16,14 +16,17 @@ import java.net.URISyntaxException; import java.nio.file.Path; import java.nio.file.Paths; -import java.text.SimpleDateFormat; import java.time.Clock; import java.time.Instant; import java.time.LocalDateTime; import java.time.ZoneId; import java.time.format.DateTimeFormatter; -import java.time.temporal.*; -import java.util.*; +import java.time.temporal.ChronoField; +import java.time.temporal.ChronoUnit; +import java.time.temporal.TemporalAccessor; +import java.util.Arrays; +import java.util.Locale; +import java.util.Objects; import java.util.regex.Pattern; import static io.netty.handler.codec.http.HttpMethod.GET; diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/AuthResponse.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/AuthResponse.java index 1a13ea04..6465617a 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/AuthResponse.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/AuthResponse.java @@ -57,8 +57,8 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti throw new AuthException("Password decryption error"); } } - if(clientData.isAuth) { - if(LogHelper.isDevEnabled()) { + if (clientData.isAuth) { + if (LogHelper.isDevEnabled()) { LogHelper.warning("Client %s double auth", clientData.username == null ? ip : clientData.username); } sendError("You are already logged in"); diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/JoinServerResponse.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/JoinServerResponse.java index 1b67931b..d3da4bfc 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/JoinServerResponse.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/auth/JoinServerResponse.java @@ -25,7 +25,7 @@ public void execute(ChannelHandlerContext ctx, Client client) { sendError("Permissions denied"); return; } - if(username == null || accessToken == null || serverID == null) { + if (username == null || accessToken == null || serverID == null) { sendError("Invalid request"); return; } diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/profile/BatchProfileByUsername.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/profile/BatchProfileByUsername.java index 61f44ba0..007a1cfa 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/profile/BatchProfileByUsername.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/profile/BatchProfileByUsername.java @@ -6,7 +6,6 @@ import pro.gravit.launchserver.auth.AuthProviderPair; import pro.gravit.launchserver.socket.Client; import pro.gravit.launchserver.socket.response.SimpleResponse; -import pro.gravit.utils.helper.LogHelper; import java.util.UUID; @@ -21,7 +20,7 @@ public String getType() { @Override public void execute(ChannelHandlerContext ctx, Client client) throws Exception { BatchProfileByUsernameRequestEvent result = new BatchProfileByUsernameRequestEvent(); - if(list == null) { + if (list == null) { sendError("Invalid request"); return; } diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/update/UpdateResponse.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/update/UpdateResponse.java index d278e82a..c823acd4 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/update/UpdateResponse.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/response/update/UpdateResponse.java @@ -23,7 +23,7 @@ public void execute(ChannelHandlerContext ctx, Client client) { sendError("Access denied"); return; } - if(dirName == null) { + if (dirName == null) { sendError("Invalid request"); return; }