Mirror von
https://github.com/GeyserMC/Geyser.git
synchronisiert 2024-10-03 08:21:06 +02:00
Kick player with invalid chain data for additional security
The client should disallow players to join servers if they're not logged in, however this just adds a second layer of security in the event that it's somehow bypassed.
Dieser Commit ist enthalten in:
Ursprung
e02495ca7f
Commit
e2a9566926
@ -105,6 +105,10 @@ public class LoginEncryptionUtils {
|
|||||||
|
|
||||||
connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
|
connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
|
||||||
|
|
||||||
|
if (!validChain) {
|
||||||
|
session.disconnect(LanguageUtils.getLocaleStringLog("geyser.auth.login.form.notice.desc"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
|
JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
|
||||||
JsonNode payload = JSON_MAPPER.readTree(jwt.getPayload().toBytes());
|
JsonNode payload = JSON_MAPPER.readTree(jwt.getPayload().toBytes());
|
||||||
|
|
||||||
|
Laden…
In neuem Issue referenzieren
Einen Benutzer sperren