mirror of
https://github.com/GravitLauncher/Launcher
synced 2025-01-09 00:59:44 +03:00
Защита от хаков протокола. Авторизация сервера ОБЯЗАТЕЛЬНА
This commit is contained in:
parent
b285c81c09
commit
f5289e7681
5 changed files with 20 additions and 1 deletions
|
@ -97,6 +97,7 @@ public void reply() throws Exception {
|
||||||
debug("Auth: '%s' -> '%s', '%s'", login, result.username, result.accessToken);
|
debug("Auth: '%s' -> '%s', '%s'", login, result.username, result.accessToken);
|
||||||
clientData.isAuth = true;
|
clientData.isAuth = true;
|
||||||
clientData.permissions = result.permissions;
|
clientData.permissions = result.permissions;
|
||||||
|
clientData.username = result.username;
|
||||||
// Authenticate on server (and get UUID)
|
// Authenticate on server (and get UUID)
|
||||||
UUID uuid;
|
UUID uuid;
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -77,6 +77,7 @@ public void reply() throws Exception {
|
||||||
throw new AuthException("You profile not found");
|
throw new AuthException("You profile not found");
|
||||||
}
|
}
|
||||||
clientData.type = Client.Type.SERVER;
|
clientData.type = Client.Type.SERVER;
|
||||||
|
clientData.username = result.username;
|
||||||
} catch (AuthException | HWIDException e) {
|
} catch (AuthException | HWIDException e) {
|
||||||
requestError(e.getMessage());
|
requestError(e.getMessage());
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
|
import ru.gravit.launchserver.socket.Client;
|
||||||
import ru.gravit.utils.helper.LogHelper;
|
import ru.gravit.utils.helper.LogHelper;
|
||||||
import ru.gravit.utils.helper.VerifyHelper;
|
import ru.gravit.utils.helper.VerifyHelper;
|
||||||
import ru.gravit.launcher.serialize.HInput;
|
import ru.gravit.launcher.serialize.HInput;
|
||||||
|
@ -25,7 +26,8 @@ public void reply() throws IOException {
|
||||||
String serverID = VerifyHelper.verifyServerID(input.readASCII(41)); // With minus sign
|
String serverID = VerifyHelper.verifyServerID(input.readASCII(41)); // With minus sign
|
||||||
String client = input.readString(SerializeLimits.MAX_CLIENT);
|
String client = input.readString(SerializeLimits.MAX_CLIENT);
|
||||||
debug("Username: %s, Server ID: %s", username, serverID);
|
debug("Username: %s, Server ID: %s", username, serverID);
|
||||||
|
Client clientData = server.sessionManager.getClient(session);
|
||||||
|
if(!clientData.isAuth || clientData.type != Client.Type.SERVER) { requestError("Assess denied"); return;}
|
||||||
// Try check server with auth handler
|
// Try check server with auth handler
|
||||||
UUID uuid;
|
UUID uuid;
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -11,6 +11,8 @@
|
||||||
import ru.gravit.launcher.hasher.HashedDir;
|
import ru.gravit.launcher.hasher.HashedDir;
|
||||||
import ru.gravit.launcher.hasher.HashedEntry;
|
import ru.gravit.launcher.hasher.HashedEntry;
|
||||||
import ru.gravit.launcher.hasher.HashedEntry.Type;
|
import ru.gravit.launcher.hasher.HashedEntry.Type;
|
||||||
|
import ru.gravit.launcher.profiles.ClientProfile;
|
||||||
|
import ru.gravit.launchserver.socket.Client;
|
||||||
import ru.gravit.utils.helper.IOHelper;
|
import ru.gravit.utils.helper.IOHelper;
|
||||||
import ru.gravit.launcher.request.UpdateAction;
|
import ru.gravit.launcher.request.UpdateAction;
|
||||||
import ru.gravit.launcher.serialize.HInput;
|
import ru.gravit.launcher.serialize.HInput;
|
||||||
|
@ -35,6 +37,17 @@ public void reply() throws IOException {
|
||||||
requestError(String.format("Unknown update dir: %s", updateDirName));
|
requestError(String.format("Unknown update dir: %s", updateDirName));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
Client clientData = server.sessionManager.getClient(session);
|
||||||
|
if(!clientData.isAuth || clientData.type != Client.Type.USER) { requestError("Assess denied"); return;}
|
||||||
|
for(SignedObjectHolder<ClientProfile> p : server.getProfiles())
|
||||||
|
{
|
||||||
|
ClientProfile profile = p.object;
|
||||||
|
if(!clientData.profile.getTitle().equals(profile.getTitle())) continue;
|
||||||
|
if(!profile.isWhitelistContains(clientData.username)) {
|
||||||
|
requestError("You don't download this folder");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
writeNoError(output);
|
writeNoError(output);
|
||||||
|
|
||||||
// Write update hdir
|
// Write update hdir
|
||||||
|
|
|
@ -11,6 +11,7 @@ public class Client {
|
||||||
public ClientProfile profile;
|
public ClientProfile profile;
|
||||||
public boolean isAuth;
|
public boolean isAuth;
|
||||||
public ClientPermissions permissions;
|
public ClientPermissions permissions;
|
||||||
|
public String username;
|
||||||
|
|
||||||
public Client(long session) {
|
public Client(long session) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
|
@ -18,6 +19,7 @@ public Client(long session) {
|
||||||
type = Type.USER;
|
type = Type.USER;
|
||||||
isAuth = false;
|
isAuth = false;
|
||||||
permissions = ClientPermissions.DEFAULT;
|
permissions = ClientPermissions.DEFAULT;
|
||||||
|
username = "";
|
||||||
}
|
}
|
||||||
//Данные ваторизации
|
//Данные ваторизации
|
||||||
public void up() {
|
public void up() {
|
||||||
|
|
Loading…
Reference in a new issue