From f5289e76819f679f16a6d338c39ce3c37297cfba Mon Sep 17 00:00:00 2001 From: Gravit Date: Sun, 7 Oct 2018 14:17:37 +0700 Subject: [PATCH] =?UTF-8?q?=D0=97=D0=B0=D1=89=D0=B8=D1=82=D0=B0=20=D0=BE?= =?UTF-8?q?=D1=82=20=D1=85=D0=B0=D0=BA=D0=BE=D0=B2=20=D0=BF=D1=80=D0=BE?= =?UTF-8?q?=D1=82=D0=BE=D0=BA=D0=BE=D0=BB=D0=B0.=20=D0=90=D0=B2=D1=82?= =?UTF-8?q?=D0=BE=D1=80=D0=B8=D0=B7=D0=B0=D1=86=D0=B8=D1=8F=20=D1=81=D0=B5?= =?UTF-8?q?=D1=80=D0=B2=D0=B5=D1=80=D0=B0=20=D0=9E=D0=91=D0=AF=D0=97=D0=90?= =?UTF-8?q?=D0=A2=D0=95=D0=9B=D0=AC=D0=9D=D0=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../launchserver/response/auth/AuthResponse.java | 1 + .../response/auth/AuthServerResponse.java | 1 + .../response/auth/CheckServerResponse.java | 4 +++- .../response/update/UpdateResponse.java | 13 +++++++++++++ .../java/ru/gravit/launchserver/socket/Client.java | 2 ++ 5 files changed, 20 insertions(+), 1 deletion(-) diff --git a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthResponse.java b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthResponse.java index 37e6a74a..bffafd67 100644 --- a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthResponse.java +++ b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthResponse.java @@ -97,6 +97,7 @@ public void reply() throws Exception { debug("Auth: '%s' -> '%s', '%s'", login, result.username, result.accessToken); clientData.isAuth = true; clientData.permissions = result.permissions; + clientData.username = result.username; // Authenticate on server (and get UUID) UUID uuid; try { diff --git a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthServerResponse.java b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthServerResponse.java index 5c620287..c050540f 100644 --- a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthServerResponse.java +++ b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/AuthServerResponse.java @@ -77,6 +77,7 @@ public void reply() throws Exception { throw new AuthException("You profile not found"); } clientData.type = Client.Type.SERVER; + clientData.username = result.username; } catch (AuthException | HWIDException e) { requestError(e.getMessage()); return; diff --git a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/CheckServerResponse.java b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/CheckServerResponse.java index 2e701989..d9b7b59f 100644 --- a/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/CheckServerResponse.java +++ b/LaunchServer/src/main/java/ru/gravit/launchserver/response/auth/CheckServerResponse.java @@ -3,6 +3,7 @@ import java.io.IOException; import java.util.UUID; +import ru.gravit.launchserver.socket.Client; import ru.gravit.utils.helper.LogHelper; import ru.gravit.utils.helper.VerifyHelper; import ru.gravit.launcher.serialize.HInput; @@ -25,7 +26,8 @@ public void reply() throws IOException { String serverID = VerifyHelper.verifyServerID(input.readASCII(41)); // With minus sign String client = input.readString(SerializeLimits.MAX_CLIENT); debug("Username: %s, Server ID: %s", username, serverID); - + Client clientData = server.sessionManager.getClient(session); + if(!clientData.isAuth || clientData.type != Client.Type.SERVER) { requestError("Assess denied"); return;} // Try check server with auth handler UUID uuid; try { diff --git a/LaunchServer/src/main/java/ru/gravit/launchserver/response/update/UpdateResponse.java b/LaunchServer/src/main/java/ru/gravit/launchserver/response/update/UpdateResponse.java index 4cd5816c..f9f7b1b5 100644 --- a/LaunchServer/src/main/java/ru/gravit/launchserver/response/update/UpdateResponse.java +++ b/LaunchServer/src/main/java/ru/gravit/launchserver/response/update/UpdateResponse.java @@ -11,6 +11,8 @@ import ru.gravit.launcher.hasher.HashedDir; import ru.gravit.launcher.hasher.HashedEntry; import ru.gravit.launcher.hasher.HashedEntry.Type; +import ru.gravit.launcher.profiles.ClientProfile; +import ru.gravit.launchserver.socket.Client; import ru.gravit.utils.helper.IOHelper; import ru.gravit.launcher.request.UpdateAction; import ru.gravit.launcher.serialize.HInput; @@ -35,6 +37,17 @@ public void reply() throws IOException { requestError(String.format("Unknown update dir: %s", updateDirName)); return; } + Client clientData = server.sessionManager.getClient(session); + if(!clientData.isAuth || clientData.type != Client.Type.USER) { requestError("Assess denied"); return;} + for(SignedObjectHolder p : server.getProfiles()) + { + ClientProfile profile = p.object; + if(!clientData.profile.getTitle().equals(profile.getTitle())) continue; + if(!profile.isWhitelistContains(clientData.username)) { + requestError("You don't download this folder"); + return; + } + } writeNoError(output); // Write update hdir diff --git a/LaunchServer/src/main/java/ru/gravit/launchserver/socket/Client.java b/LaunchServer/src/main/java/ru/gravit/launchserver/socket/Client.java index de41fa88..7feb8a78 100644 --- a/LaunchServer/src/main/java/ru/gravit/launchserver/socket/Client.java +++ b/LaunchServer/src/main/java/ru/gravit/launchserver/socket/Client.java @@ -11,6 +11,7 @@ public class Client { public ClientProfile profile; public boolean isAuth; public ClientPermissions permissions; + public String username; public Client(long session) { this.session = session; @@ -18,6 +19,7 @@ public Client(long session) { type = Type.USER; isAuth = false; permissions = ClientPermissions.DEFAULT; + username = ""; } //Данные ваторизации public void up() {