Lanmikeman/Launcher
1
1
Fork 0
mirror of https://github.com/GravitLauncher/Launcher synced 2024-12-22 16:41:46 +03:00
Code Issues Projects Releases Packages Wiki Activity

Защита от хаков протокола. Авторизация сервера ОБЯЗАТЕЛЬНА

Browse source
This commit is contained in:
Gravit 2018-10-07 14:17:37 +07:00
parent b285c81c09
commit f5289e7681
5 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthResponse.java
View file

@ -97,6 +97,7 @@ public void reply() throws Exception {
debug("Auth: '%s' -> '%s', '%s'", login, result.username, result.accessToken);
clientData.isAuth = true;
clientData.permissions = result.permissions;
clientData.username = result.username;
// Authenticate on server (and get UUID)
UUID uuid;
try {

1
LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthServerResponse.java
View file

@ -77,6 +77,7 @@ public void reply() throws Exception {
throw new AuthException("You profile not found");
}
clientData.type = Client.Type.SERVER;
clientData.username = result.username;
} catch (AuthException | HWIDException e) {
requestError(e.getMessage());
return;

4
LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/CheckServerResponse.java
View file

@ -3,6 +3,7 @@
import java.io.IOException;
import java.util.UUID;
import ru.gravit.launchserver.socket.Client;
import ru.gravit.utils.helper.LogHelper;
import ru.gravit.utils.helper.VerifyHelper;
import ru.gravit.launcher.serialize.HInput;
@ -25,7 +26,8 @@ public void reply() throws IOException {
String serverID = VerifyHelper.verifyServerID(input.readASCII(41)); // With minus sign
String client = input.readString(SerializeLimits.MAX_CLIENT);
debug("Username: %s, Server ID: %s", username, serverID);
Client clientData = server.sessionManager.getClient(session);
if(!clientData.isAuth || clientData.type != Client.Type.SERVER) { requestError("Assess denied"); return;}
// Try check server with auth handler
UUID uuid;
try {

13
LaunchServer/src/main/java/ru/gravit/launchserver/response/update/UpdateResponse.java
View file

@ -11,6 +11,8 @@
import ru.gravit.launcher.hasher.HashedDir;
import ru.gravit.launcher.hasher.HashedEntry;
import ru.gravit.launcher.hasher.HashedEntry.Type;
import ru.gravit.launcher.profiles.ClientProfile;
import ru.gravit.launchserver.socket.Client;
import ru.gravit.utils.helper.IOHelper;
import ru.gravit.launcher.request.UpdateAction;
import ru.gravit.launcher.serialize.HInput;
@ -35,6 +37,17 @@ public void reply() throws IOException {
requestError(String.format("Unknown update dir: %s", updateDirName));
return;
}
Client clientData = server.sessionManager.getClient(session);
if(!clientData.isAuth || clientData.type != Client.Type.USER) { requestError("Assess denied"); return;}
for(SignedObjectHolder<ClientProfile> p : server.getProfiles())
{
ClientProfile profile = p.object;
if(!clientData.profile.getTitle().equals(profile.getTitle())) continue;
if(!profile.isWhitelistContains(clientData.username)) {
requestError("You don't download this folder");
return;
}
}
writeNoError(output);
// Write update hdir

2
LaunchServer/src/main/java/ru/gravit/launchserver/socket/Client.java
View file

@ -11,6 +11,7 @@ public class Client {
public ClientProfile profile;
public boolean isAuth;
public ClientPermissions permissions;
public String username;
public Client(long session) {
this.session = session;
@ -18,6 +19,7 @@ public Client(long session) {
type = Type.USER;
isAuth = false;
permissions = ClientPermissions.DEFAULT;
username = "";
}
//Данные ваторизации
public void up() {