[ANY] IDEA Reformat

This commit is contained in:
Gravit 2020-09-27 00:49:45 +07:00
parent 78c0e0d54d
commit ef3fbaef18
No known key found for this signature in database
GPG key ID: 98A079490768CCE5
9 changed files with 60 additions and 84 deletions

View file

@ -13,12 +13,10 @@
import java.io.IOException; import java.io.IOException;
import java.net.URI; import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.net.URL;
import java.net.http.HttpClient; import java.net.http.HttpClient;
import java.net.http.HttpRequest; import java.net.http.HttpRequest;
import java.net.http.HttpResponse; import java.net.http.HttpResponse;
import java.time.Duration; import java.time.Duration;
import java.time.temporal.TemporalUnit;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;

View file

@ -1,7 +1,5 @@
package pro.gravit.launchserver.command.service; package pro.gravit.launchserver.command.service;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.util.Store;
import org.fusesource.jansi.Ansi; import org.fusesource.jansi.Ansi;
import pro.gravit.launcher.profiles.ClientProfile; import pro.gravit.launcher.profiles.ClientProfile;
import pro.gravit.launchserver.LaunchServer; import pro.gravit.launchserver.LaunchServer;
@ -12,17 +10,9 @@
import pro.gravit.launchserver.auth.provider.AcceptAuthProvider; import pro.gravit.launchserver.auth.provider.AcceptAuthProvider;
import pro.gravit.launchserver.command.Command; import pro.gravit.launchserver.command.Command;
import pro.gravit.launchserver.config.LaunchServerConfig; import pro.gravit.launchserver.config.LaunchServerConfig;
import pro.gravit.launchserver.helper.SignHelper;
import pro.gravit.utils.helper.FormatHelper; import pro.gravit.utils.helper.FormatHelper;
import pro.gravit.utils.helper.LogHelper; import pro.gravit.utils.helper.LogHelper;
import java.io.File;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.StringTokenizer; import java.util.StringTokenizer;
public class SecurityCheckCommand extends Command { public class SecurityCheckCommand extends Command {
@ -44,74 +34,68 @@ public String getUsageDescription() {
public void invoke(String... args) throws Exception { public void invoke(String... args) throws Exception {
LaunchServerConfig config = server.config; LaunchServerConfig config = server.config;
config.auth.forEach((name, pair) -> { config.auth.forEach((name, pair) -> {
if(pair.provider instanceof AcceptAuthProvider) { if (pair.provider instanceof AcceptAuthProvider) {
printCheckResult(LogHelper.Level.INFO, String.format("auth.%s.provider", name), "Accept auth provider", false); printCheckResult(LogHelper.Level.INFO, String.format("auth.%s.provider", name), "Accept auth provider", false);
} else { } else {
printCheckResult(LogHelper.Level.INFO, String.format("auth.%s.provider", name), "", true); printCheckResult(LogHelper.Level.INFO, String.format("auth.%s.provider", name), "", true);
} }
if(pair.handler instanceof MemoryAuthHandler) { if (pair.handler instanceof MemoryAuthHandler) {
printCheckResult(LogHelper.Level.INFO, String.format("auth.%s.handler", name), "MemoryAuthHandler test-only", false); printCheckResult(LogHelper.Level.INFO, String.format("auth.%s.handler", name), "MemoryAuthHandler test-only", false);
} else { } else {
printCheckResult(LogHelper.Level.INFO, String.format("auth.%s.handler", name), "", true); printCheckResult(LogHelper.Level.INFO, String.format("auth.%s.handler", name), "", true);
} }
}); });
if(config.protectHandler instanceof NoProtectHandler) { if (config.protectHandler instanceof NoProtectHandler) {
printCheckResult(LogHelper.Level.INFO, "protectHandler", "protectHandler none", false); printCheckResult(LogHelper.Level.INFO, "protectHandler", "protectHandler none", false);
} } else if (config.protectHandler instanceof AdvancedProtectHandler) {
else if(config.protectHandler instanceof AdvancedProtectHandler) {
printCheckResult(LogHelper.Level.INFO, "protectHandler", "", true); printCheckResult(LogHelper.Level.INFO, "protectHandler", "", true);
if(!((AdvancedProtectHandler) config.protectHandler).enableHardwareFeature) if (!((AdvancedProtectHandler) config.protectHandler).enableHardwareFeature) {
{
printCheckResult(LogHelper.Level.INFO, "protectHandler.hardwareId", "you can improve security by using hwid provider", null); printCheckResult(LogHelper.Level.INFO, "protectHandler.hardwareId", "you can improve security by using hwid provider", null);
} } else {
else {
printCheckResult(LogHelper.Level.INFO, "protectHandler.hardwareId", "", true); printCheckResult(LogHelper.Level.INFO, "protectHandler.hardwareId", "", true);
} }
} } else if (config.protectHandler instanceof StdProtectHandler) {
else if(config.protectHandler instanceof StdProtectHandler) {
printCheckResult(LogHelper.Level.INFO, "protectHandler", "you can improve security by using advanced", null); printCheckResult(LogHelper.Level.INFO, "protectHandler", "you can improve security by using advanced", null);
} } else {
else {
printCheckResult(LogHelper.Level.INFO, "protectHandler", "unknown protectHandler", null); printCheckResult(LogHelper.Level.INFO, "protectHandler", "unknown protectHandler", null);
} }
if(config.netty.address.startsWith("ws://")) { if (config.netty.address.startsWith("ws://")) {
if(config.netty.ipForwarding) if (config.netty.ipForwarding)
printCheckResult(LogHelper.Level.INFO, "netty.ipForwarding", "ipForwarding may be used to spoofing ip", null); printCheckResult(LogHelper.Level.INFO, "netty.ipForwarding", "ipForwarding may be used to spoofing ip", null);
printCheckResult(LogHelper.Level.INFO, "netty.address", "websocket connection not secure", false); printCheckResult(LogHelper.Level.INFO, "netty.address", "websocket connection not secure", false);
} else if(config.netty.address.startsWith("wss://")) { } else if (config.netty.address.startsWith("wss://")) {
if(!config.netty.ipForwarding) if (!config.netty.ipForwarding)
printCheckResult(LogHelper.Level.INFO, "netty.ipForwarding", "ipForwarding not enabled. authLimiter may be get incorrect ip", null); printCheckResult(LogHelper.Level.INFO, "netty.ipForwarding", "ipForwarding not enabled. authLimiter may be get incorrect ip", null);
printCheckResult(LogHelper.Level.INFO, "netty.address", "", true); printCheckResult(LogHelper.Level.INFO, "netty.address", "", true);
} }
if(config.netty.sendExceptionEnabled) { if (config.netty.sendExceptionEnabled) {
printCheckResult(LogHelper.Level.INFO, "netty.sendExceptionEnabled", "recommend \"false\" in production", false); printCheckResult(LogHelper.Level.INFO, "netty.sendExceptionEnabled", "recommend \"false\" in production", false);
} else { } else {
printCheckResult(LogHelper.Level.INFO, "netty.sendExceptionEnabled", "", true); printCheckResult(LogHelper.Level.INFO, "netty.sendExceptionEnabled", "", true);
} }
if(config.netty.launcherURL.startsWith("http://")) { if (config.netty.launcherURL.startsWith("http://")) {
printCheckResult(LogHelper.Level.INFO, "netty.launcherUrl", "launcher jar download connection not secure", false); printCheckResult(LogHelper.Level.INFO, "netty.launcherUrl", "launcher jar download connection not secure", false);
} else if(config.netty.launcherURL.startsWith("https://")) { } else if (config.netty.launcherURL.startsWith("https://")) {
printCheckResult(LogHelper.Level.INFO, "netty.launcherUrl", "", true); printCheckResult(LogHelper.Level.INFO, "netty.launcherUrl", "", true);
} }
if(config.netty.launcherEXEURL.startsWith("http://")) { if (config.netty.launcherEXEURL.startsWith("http://")) {
printCheckResult(LogHelper.Level.INFO, "netty.launcherExeUrl", "launcher exe download connection not secure", false); printCheckResult(LogHelper.Level.INFO, "netty.launcherExeUrl", "launcher exe download connection not secure", false);
} else if(config.netty.launcherEXEURL.startsWith("https://")) { } else if (config.netty.launcherEXEURL.startsWith("https://")) {
printCheckResult(LogHelper.Level.INFO, "netty.launcherExeUrl", "", true); printCheckResult(LogHelper.Level.INFO, "netty.launcherExeUrl", "", true);
} }
if(config.netty.downloadURL.startsWith("http://")) { if (config.netty.downloadURL.startsWith("http://")) {
printCheckResult(LogHelper.Level.INFO, "netty.downloadUrl", "assets/clients download connection not secure", false); printCheckResult(LogHelper.Level.INFO, "netty.downloadUrl", "assets/clients download connection not secure", false);
} else if(config.netty.downloadURL.startsWith("https://")) { } else if (config.netty.downloadURL.startsWith("https://")) {
printCheckResult(LogHelper.Level.INFO, "netty.downloadUrl", "", true); printCheckResult(LogHelper.Level.INFO, "netty.downloadUrl", "", true);
} }
if(!config.sign.enabled) { if (!config.sign.enabled) {
printCheckResult(LogHelper.Level.INFO, "sign", "it is recommended to use a signature", null); printCheckResult(LogHelper.Level.INFO, "sign", "it is recommended to use a signature", null);
} } else {
else {
/*boolean bad = false; /*boolean bad = false;
KeyStore keyStore = SignHelper.getStore(new File(config.sign.keyStore).toPath(), config.sign.keyStorePass, config.sign.keyStoreType); KeyStore keyStore = SignHelper.getStore(new File(config.sign.keyStore).toPath(), config.sign.keyStorePass, config.sign.keyStoreType);
X509Certificate[] certChain = (X509Certificate[]) keyStore.getCertificateChain(config.sign.keyAlias); X509Certificate[] certChain = (X509Certificate[]) keyStore.getCertificateChain(config.sign.keyAlias);
@ -133,19 +117,18 @@ else if(config.protectHandler instanceof StdProtectHandler) {
printCheckResult(LogHelper.Level.INFO, "sign", "", true); printCheckResult(LogHelper.Level.INFO, "sign", "", true);
} }
if(!config.launcher.enabledProGuard) { if (!config.launcher.enabledProGuard) {
printCheckResult(LogHelper.Level.INFO, "launcher.enabledProGuard", "proguard not enabled", false); printCheckResult(LogHelper.Level.INFO, "launcher.enabledProGuard", "proguard not enabled", false);
} else { } else {
printCheckResult(LogHelper.Level.INFO, "launcher.enabledProGuard", "", true); printCheckResult(LogHelper.Level.INFO, "launcher.enabledProGuard", "", true);
} }
if(!config.launcher.stripLineNumbers) { if (!config.launcher.stripLineNumbers) {
printCheckResult(LogHelper.Level.INFO, "launcher.stripLineNumbers", "stripLineNumbers not enabled", false); printCheckResult(LogHelper.Level.INFO, "launcher.stripLineNumbers", "stripLineNumbers not enabled", false);
} else { } else {
printCheckResult(LogHelper.Level.INFO, "launcher.stripLineNumbers", "", true); printCheckResult(LogHelper.Level.INFO, "launcher.stripLineNumbers", "", true);
} }
switch (config.env) switch (config.env) {
{
case DEV: case DEV:
printCheckResult(LogHelper.Level.INFO, "env", "found env DEV", false); printCheckResult(LogHelper.Level.INFO, "env", "found env DEV", false);
@ -162,40 +145,36 @@ else if(config.protectHandler instanceof StdProtectHandler) {
} }
//Profiles //Profiles
for(ClientProfile profile : server.getProfiles()) for (ClientProfile profile : server.getProfiles()) {
{
boolean bad = false; boolean bad = false;
String profileModuleName = String.format("profiles.%s", profile.getTitle()); String profileModuleName = String.format("profiles.%s", profile.getTitle());
for(String exc : profile.getUpdateExclusions()) for (String exc : profile.getUpdateExclusions()) {
{
StringTokenizer tokenizer = new StringTokenizer(exc, "\\/"); StringTokenizer tokenizer = new StringTokenizer(exc, "\\/");
if(exc.endsWith(".jar")) { if (exc.endsWith(".jar")) {
printCheckResult(LogHelper.Level.INFO, profileModuleName, String.format("updateExclusions %s not safe. Cheats may be injected very easy!", exc), false); printCheckResult(LogHelper.Level.INFO, profileModuleName, String.format("updateExclusions %s not safe. Cheats may be injected very easy!", exc), false);
bad = true; bad = true;
continue; continue;
} }
if(tokenizer.hasMoreTokens() && tokenizer.nextToken().equals("mods")) if (tokenizer.hasMoreTokens() && tokenizer.nextToken().equals("mods")) {
{ if (!tokenizer.hasMoreTokens()) {
if(!tokenizer.hasMoreTokens()) {
printCheckResult(LogHelper.Level.INFO, profileModuleName, String.format("updateExclusions %s not safe. Cheats may be injected very easy!", exc), false); printCheckResult(LogHelper.Level.INFO, profileModuleName, String.format("updateExclusions %s not safe. Cheats may be injected very easy!", exc), false);
bad = true; bad = true;
} else { } else {
String nextToken = tokenizer.nextToken(); String nextToken = tokenizer.nextToken();
if(nextToken.equals("memory_repo") || nextToken.equals("1.12.2") || nextToken.equals("1.7.10")) { if (nextToken.equals("memory_repo") || nextToken.equals("1.12.2") || nextToken.equals("1.7.10")) {
printCheckResult(LogHelper.Level.INFO, profileModuleName, String.format("updateExclusions %s not safe. Cheats may be injected very easy!", exc), false); printCheckResult(LogHelper.Level.INFO, profileModuleName, String.format("updateExclusions %s not safe. Cheats may be injected very easy!", exc), false);
bad = true; bad = true;
} }
} }
} }
} }
if(!bad) if (!bad)
printCheckResult(LogHelper.Level.INFO, profileModuleName, "", true); printCheckResult(LogHelper.Level.INFO, profileModuleName, "", true);
} }
LogHelper.info("Check completed"); LogHelper.info("Check completed");
} }
public static void printCheckResult(LogHelper.Level level, String module, String comment, Boolean status) public static void printCheckResult(LogHelper.Level level, String module, String comment, Boolean status) {
{
LogHelper.rawLog(() -> FormatHelper.rawFormat(level, LogHelper.getDataTime(), false).concat(String.format("[%s] %s - %s", module, comment, status == null ? "WARN" : (status ? "OK" : "FAIL"))), LogHelper.rawLog(() -> FormatHelper.rawFormat(level, LogHelper.getDataTime(), false).concat(String.format("[%s] %s - %s", module, comment, status == null ? "WARN" : (status ? "OK" : "FAIL"))),
() -> FormatHelper.rawAnsiFormat(level, LogHelper.getDataTime(), false) () -> FormatHelper.rawAnsiFormat(level, LogHelper.getDataTime(), false)
.fgBright(Ansi.Color.WHITE) .fgBright(Ansi.Color.WHITE)

View file

@ -12,7 +12,7 @@ public NettyThreadFactory(String poolName) {
protected Thread newThread(Runnable r, String name) { protected Thread newThread(Runnable r, String name) {
Thread thread = super.newThread(r, name); Thread thread = super.newThread(r, name);
thread.setUncaughtExceptionHandler((th, e) -> { thread.setUncaughtExceptionHandler((th, e) -> {
if(LogHelper.isDebugEnabled()) if (LogHelper.isDebugEnabled())
LogHelper.error(e); LogHelper.error(e);
}); });
return thread; return thread;

View file

@ -60,22 +60,19 @@ protected void channelRead0(ChannelHandlerContext ctx, WebSocketFrame frame) {
// ping and pong frames already handled // ping and pong frames already handled
try { try {
if (hooks.hook(ctx, frame)) return; if (hooks.hook(ctx, frame)) return;
} catch (Throwable ex) } catch (Throwable ex) {
{
LogHelper.error(ex); LogHelper.error(ex);
} }
if (frame instanceof TextWebSocketFrame) { if (frame instanceof TextWebSocketFrame) {
try { try {
service.process(ctx, (TextWebSocketFrame) frame, client, context.ip); service.process(ctx, (TextWebSocketFrame) frame, client, context.ip);
} catch (Throwable ex) { } catch (Throwable ex) {
if(LogHelper.isDebugEnabled()) { if (LogHelper.isDebugEnabled()) {
LogHelper.warning("Client %s send invalid request. Connection force closed.", context.ip == null ? IOHelper.getIP(ctx.channel().remoteAddress()) : context.ip); LogHelper.warning("Client %s send invalid request. Connection force closed.", context.ip == null ? IOHelper.getIP(ctx.channel().remoteAddress()) : context.ip);
if(LogHelper.isDevEnabled()) if (LogHelper.isDevEnabled()) {
{
LogHelper.dev("Client message: %s", ((TextWebSocketFrame) frame).text()); LogHelper.dev("Client message: %s", ((TextWebSocketFrame) frame).text());
} }
if(LogHelper.isStacktraceEnabled()) if (LogHelper.isStacktraceEnabled()) {
{
LogHelper.error(ex); LogHelper.error(ex);
} }
} }
@ -97,7 +94,7 @@ protected void channelRead0(ChannelHandlerContext ctx, WebSocketFrame frame) {
@Override @Override
public void channelInactive(ChannelHandlerContext ctx) throws Exception { public void channelInactive(ChannelHandlerContext ctx) throws Exception {
if(future != null) future.cancel(true); if (future != null) future.cancel(true);
super.channelInactive(ctx); super.channelInactive(ctx);
} }
} }

View file

@ -16,14 +16,17 @@
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.nio.file.Path; import java.nio.file.Path;
import java.nio.file.Paths; import java.nio.file.Paths;
import java.text.SimpleDateFormat;
import java.time.Clock; import java.time.Clock;
import java.time.Instant; import java.time.Instant;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.time.ZoneId; import java.time.ZoneId;
import java.time.format.DateTimeFormatter; import java.time.format.DateTimeFormatter;
import java.time.temporal.*; import java.time.temporal.ChronoField;
import java.util.*; import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAccessor;
import java.util.Arrays;
import java.util.Locale;
import java.util.Objects;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import static io.netty.handler.codec.http.HttpMethod.GET; import static io.netty.handler.codec.http.HttpMethod.GET;

View file

@ -57,8 +57,8 @@ public void execute(ChannelHandlerContext ctx, Client clientData) throws Excepti
throw new AuthException("Password decryption error"); throw new AuthException("Password decryption error");
} }
} }
if(clientData.isAuth) { if (clientData.isAuth) {
if(LogHelper.isDevEnabled()) { if (LogHelper.isDevEnabled()) {
LogHelper.warning("Client %s double auth", clientData.username == null ? ip : clientData.username); LogHelper.warning("Client %s double auth", clientData.username == null ? ip : clientData.username);
} }
sendError("You are already logged in"); sendError("You are already logged in");

View file

@ -25,7 +25,7 @@ public void execute(ChannelHandlerContext ctx, Client client) {
sendError("Permissions denied"); sendError("Permissions denied");
return; return;
} }
if(username == null || accessToken == null || serverID == null) { if (username == null || accessToken == null || serverID == null) {
sendError("Invalid request"); sendError("Invalid request");
return; return;
} }

View file

@ -6,7 +6,6 @@
import pro.gravit.launchserver.auth.AuthProviderPair; import pro.gravit.launchserver.auth.AuthProviderPair;
import pro.gravit.launchserver.socket.Client; import pro.gravit.launchserver.socket.Client;
import pro.gravit.launchserver.socket.response.SimpleResponse; import pro.gravit.launchserver.socket.response.SimpleResponse;
import pro.gravit.utils.helper.LogHelper;
import java.util.UUID; import java.util.UUID;
@ -21,7 +20,7 @@ public String getType() {
@Override @Override
public void execute(ChannelHandlerContext ctx, Client client) throws Exception { public void execute(ChannelHandlerContext ctx, Client client) throws Exception {
BatchProfileByUsernameRequestEvent result = new BatchProfileByUsernameRequestEvent(); BatchProfileByUsernameRequestEvent result = new BatchProfileByUsernameRequestEvent();
if(list == null) { if (list == null) {
sendError("Invalid request"); sendError("Invalid request");
return; return;
} }

View file

@ -23,7 +23,7 @@ public void execute(ChannelHandlerContext ctx, Client client) {
sendError("Access denied"); sendError("Access denied");
return; return;
} }
if(dirName == null) { if (dirName == null) {
sendError("Invalid request"); sendError("Invalid request");
return; return;
} }