Защита от хаков протокола. Авторизация сервера ОБЯЗАТЕЛЬНА

This commit is contained in:
Gravit 2018-10-07 14:17:37 +07:00
parent b285c81c09
commit f5289e7681
5 changed files with 20 additions and 1 deletions

View file

@ -97,6 +97,7 @@ public void reply() throws Exception {
debug("Auth: '%s' -> '%s', '%s'", login, result.username, result.accessToken); debug("Auth: '%s' -> '%s', '%s'", login, result.username, result.accessToken);
clientData.isAuth = true; clientData.isAuth = true;
clientData.permissions = result.permissions; clientData.permissions = result.permissions;
clientData.username = result.username;
// Authenticate on server (and get UUID) // Authenticate on server (and get UUID)
UUID uuid; UUID uuid;
try { try {

View file

@ -77,6 +77,7 @@ public void reply() throws Exception {
throw new AuthException("You profile not found"); throw new AuthException("You profile not found");
} }
clientData.type = Client.Type.SERVER; clientData.type = Client.Type.SERVER;
clientData.username = result.username;
} catch (AuthException | HWIDException e) { } catch (AuthException | HWIDException e) {
requestError(e.getMessage()); requestError(e.getMessage());
return; return;

View file

@ -3,6 +3,7 @@
import java.io.IOException; import java.io.IOException;
import java.util.UUID; import java.util.UUID;
import ru.gravit.launchserver.socket.Client;
import ru.gravit.utils.helper.LogHelper; import ru.gravit.utils.helper.LogHelper;
import ru.gravit.utils.helper.VerifyHelper; import ru.gravit.utils.helper.VerifyHelper;
import ru.gravit.launcher.serialize.HInput; import ru.gravit.launcher.serialize.HInput;
@ -25,7 +26,8 @@ public void reply() throws IOException {
String serverID = VerifyHelper.verifyServerID(input.readASCII(41)); // With minus sign String serverID = VerifyHelper.verifyServerID(input.readASCII(41)); // With minus sign
String client = input.readString(SerializeLimits.MAX_CLIENT); String client = input.readString(SerializeLimits.MAX_CLIENT);
debug("Username: %s, Server ID: %s", username, serverID); debug("Username: %s, Server ID: %s", username, serverID);
Client clientData = server.sessionManager.getClient(session);
if(!clientData.isAuth || clientData.type != Client.Type.SERVER) { requestError("Assess denied"); return;}
// Try check server with auth handler // Try check server with auth handler
UUID uuid; UUID uuid;
try { try {

View file

@ -11,6 +11,8 @@
import ru.gravit.launcher.hasher.HashedDir; import ru.gravit.launcher.hasher.HashedDir;
import ru.gravit.launcher.hasher.HashedEntry; import ru.gravit.launcher.hasher.HashedEntry;
import ru.gravit.launcher.hasher.HashedEntry.Type; import ru.gravit.launcher.hasher.HashedEntry.Type;
import ru.gravit.launcher.profiles.ClientProfile;
import ru.gravit.launchserver.socket.Client;
import ru.gravit.utils.helper.IOHelper; import ru.gravit.utils.helper.IOHelper;
import ru.gravit.launcher.request.UpdateAction; import ru.gravit.launcher.request.UpdateAction;
import ru.gravit.launcher.serialize.HInput; import ru.gravit.launcher.serialize.HInput;
@ -35,6 +37,17 @@ public void reply() throws IOException {
requestError(String.format("Unknown update dir: %s", updateDirName)); requestError(String.format("Unknown update dir: %s", updateDirName));
return; return;
} }
Client clientData = server.sessionManager.getClient(session);
if(!clientData.isAuth || clientData.type != Client.Type.USER) { requestError("Assess denied"); return;}
for(SignedObjectHolder<ClientProfile> p : server.getProfiles())
{
ClientProfile profile = p.object;
if(!clientData.profile.getTitle().equals(profile.getTitle())) continue;
if(!profile.isWhitelistContains(clientData.username)) {
requestError("You don't download this folder");
return;
}
}
writeNoError(output); writeNoError(output);
// Write update hdir // Write update hdir

View file

@ -11,6 +11,7 @@ public class Client {
public ClientProfile profile; public ClientProfile profile;
public boolean isAuth; public boolean isAuth;
public ClientPermissions permissions; public ClientPermissions permissions;
public String username;
public Client(long session) { public Client(long session) {
this.session = session; this.session = session;
@ -18,6 +19,7 @@ public Client(long session) {
type = Type.USER; type = Type.USER;
isAuth = false; isAuth = false;
permissions = ClientPermissions.DEFAULT; permissions = ClientPermissions.DEFAULT;
username = "";
} }
//Данные ваторизации //Данные ваторизации
public void up() { public void up() {