diff --git a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthResponse.java b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthResponse.java index 37e6a74a..bffafd67 100644 --- a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthResponse.java +++ b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthResponse.java @@ -97,6 +97,7 @@ public void reply() throws Exception { debug("Auth: '%s' -> '%s', '%s'", login, result.username, result.accessToken); clientData.isAuth = true; clientData.permissions = result.permissions; + clientData.username = result.username; // Authenticate on server (and get UUID) UUID uuid; try { diff --git a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthServerResponse.java b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthServerResponse.java index 5c620287..c050540f 100644 --- a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthServerResponse.java +++ b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthServerResponse.java @@ -77,6 +77,7 @@ public void reply() throws Exception { throw new AuthException("You profile not found"); } clientData.type = Client.Type.SERVER; + clientData.username = result.username; } catch (AuthException | HWIDException e) { requestError(e.getMessage()); return; diff --git a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/CheckServerResponse.java b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/CheckServerResponse.java index 2e701989..d9b7b59f 100644 --- a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/CheckServerResponse.java +++ b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/CheckServerResponse.java @@ -3,6 +3,7 @@ import java.io.IOException; import java.util.UUID; +import ru.gravit.launchserver.socket.Client; import ru.gravit.utils.helper.LogHelper; import ru.gravit.utils.helper.VerifyHelper; import ru.gravit.launcher.serialize.HInput; @@ -25,7 +26,8 @@ public void reply() throws IOException { String serverID = VerifyHelper.verifyServerID(input.readASCII(41)); // With minus sign String client = input.readString(SerializeLimits.MAX_CLIENT); debug("Username: %s, Server ID: %s", username, serverID); - + Client clientData = server.sessionManager.getClient(session); + if(!clientData.isAuth || clientData.type != Client.Type.SERVER) { requestError("Assess denied"); return;} // Try check server with auth handler UUID uuid; try { diff --git a/LaunchServer/src/main/java/ru/gravit/launchserver/response/update/UpdateResponse.java b/LaunchServer/src/main/java/ru/gravit/launchserver/response/update/UpdateResponse.java index 4cd5816c..f9f7b1b5 100644 --- a/LaunchServer/src/main/java/ru/gravit/launchserver/response/update/UpdateResponse.java +++ b/LaunchServer/src/main/java/ru/gravit/launchserver/response/update/UpdateResponse.java @@ -11,6 +11,8 @@ import ru.gravit.launcher.hasher.HashedDir; import ru.gravit.launcher.hasher.HashedEntry; import ru.gravit.launcher.hasher.HashedEntry.Type; +import ru.gravit.launcher.profiles.ClientProfile; +import ru.gravit.launchserver.socket.Client; import ru.gravit.utils.helper.IOHelper; import ru.gravit.launcher.request.UpdateAction; import ru.gravit.launcher.serialize.HInput; @@ -35,6 +37,17 @@ public void reply() throws IOException { requestError(String.format("Unknown update dir: %s", updateDirName)); return; } + Client clientData = server.sessionManager.getClient(session); + if(!clientData.isAuth || clientData.type != Client.Type.USER) { requestError("Assess denied"); return;} + for(SignedObjectHolder p : server.getProfiles()) + { + ClientProfile profile = p.object; + if(!clientData.profile.getTitle().equals(profile.getTitle())) continue; + if(!profile.isWhitelistContains(clientData.username)) { + requestError("You don't download this folder"); + return; + } + } writeNoError(output); // Write update hdir diff --git a/LaunchServer/src/main/java/ru/gravit/launchserver/socket/Client.java b/LaunchServer/src/main/java/ru/gravit/launchserver/socket/Client.java index de41fa88..7feb8a78 100644 --- a/LaunchServer/src/main/java/ru/gravit/launchserver/socket/Client.java +++ b/LaunchServer/src/main/java/ru/gravit/launchserver/socket/Client.java @@ -11,6 +11,7 @@ public class Client { public ClientProfile profile; public boolean isAuth; public ClientPermissions permissions; + public String username; public Client(long session) { this.session = session; @@ -18,6 +19,7 @@ public Client(long session) { type = Type.USER; isAuth = false; permissions = ClientPermissions.DEFAULT; + username = ""; } //Данные ваторизации public void up() {