mirror of
https://github.com/GravitLauncher/Launcher
synced 2025-01-09 00:59:44 +03:00
Защита от хаков протокола. Авторизация сервера ОБЯЗАТЕЛЬНА
This commit is contained in:
parent
b285c81c09
commit
f5289e7681
5 changed files with 20 additions and 1 deletions
|
@ -97,6 +97,7 @@ public void reply() throws Exception {
|
|||
debug("Auth: '%s' -> '%s', '%s'", login, result.username, result.accessToken);
|
||||
clientData.isAuth = true;
|
||||
clientData.permissions = result.permissions;
|
||||
clientData.username = result.username;
|
||||
// Authenticate on server (and get UUID)
|
||||
UUID uuid;
|
||||
try {
|
||||
|
|
|
@ -77,6 +77,7 @@ public void reply() throws Exception {
|
|||
throw new AuthException("You profile not found");
|
||||
}
|
||||
clientData.type = Client.Type.SERVER;
|
||||
clientData.username = result.username;
|
||||
} catch (AuthException | HWIDException e) {
|
||||
requestError(e.getMessage());
|
||||
return;
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
import java.io.IOException;
|
||||
import java.util.UUID;
|
||||
|
||||
import ru.gravit.launchserver.socket.Client;
|
||||
import ru.gravit.utils.helper.LogHelper;
|
||||
import ru.gravit.utils.helper.VerifyHelper;
|
||||
import ru.gravit.launcher.serialize.HInput;
|
||||
|
@ -25,7 +26,8 @@ public void reply() throws IOException {
|
|||
String serverID = VerifyHelper.verifyServerID(input.readASCII(41)); // With minus sign
|
||||
String client = input.readString(SerializeLimits.MAX_CLIENT);
|
||||
debug("Username: %s, Server ID: %s", username, serverID);
|
||||
|
||||
Client clientData = server.sessionManager.getClient(session);
|
||||
if(!clientData.isAuth || clientData.type != Client.Type.SERVER) { requestError("Assess denied"); return;}
|
||||
// Try check server with auth handler
|
||||
UUID uuid;
|
||||
try {
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
import ru.gravit.launcher.hasher.HashedDir;
|
||||
import ru.gravit.launcher.hasher.HashedEntry;
|
||||
import ru.gravit.launcher.hasher.HashedEntry.Type;
|
||||
import ru.gravit.launcher.profiles.ClientProfile;
|
||||
import ru.gravit.launchserver.socket.Client;
|
||||
import ru.gravit.utils.helper.IOHelper;
|
||||
import ru.gravit.launcher.request.UpdateAction;
|
||||
import ru.gravit.launcher.serialize.HInput;
|
||||
|
@ -35,6 +37,17 @@ public void reply() throws IOException {
|
|||
requestError(String.format("Unknown update dir: %s", updateDirName));
|
||||
return;
|
||||
}
|
||||
Client clientData = server.sessionManager.getClient(session);
|
||||
if(!clientData.isAuth || clientData.type != Client.Type.USER) { requestError("Assess denied"); return;}
|
||||
for(SignedObjectHolder<ClientProfile> p : server.getProfiles())
|
||||
{
|
||||
ClientProfile profile = p.object;
|
||||
if(!clientData.profile.getTitle().equals(profile.getTitle())) continue;
|
||||
if(!profile.isWhitelistContains(clientData.username)) {
|
||||
requestError("You don't download this folder");
|
||||
return;
|
||||
}
|
||||
}
|
||||
writeNoError(output);
|
||||
|
||||
// Write update hdir
|
||||
|
|
|
@ -11,6 +11,7 @@ public class Client {
|
|||
public ClientProfile profile;
|
||||
public boolean isAuth;
|
||||
public ClientPermissions permissions;
|
||||
public String username;
|
||||
|
||||
public Client(long session) {
|
||||
this.session = session;
|
||||
|
@ -18,6 +19,7 @@ public Client(long session) {
|
|||
type = Type.USER;
|
||||
isAuth = false;
|
||||
permissions = ClientPermissions.DEFAULT;
|
||||
username = "";
|
||||
}
|
||||
//Данные ваторизации
|
||||
public void up() {
|
||||
|
|
Loading…
Reference in a new issue