Mirror von
https://github.com/PaperMC/Velocity.git
synchronisiert 2024-11-17 05:20:14 +01:00
Fix login with IPv6 and other potential security issues
Dieser Commit ist enthalten in:
Ursprung
9a15a80627
Commit
10293aa542
@ -6,6 +6,7 @@ import static com.velocitypowered.proxy.connection.VelocityConstants.VELOCITY_IP
|
|||||||
import static com.velocitypowered.api.network.ProtocolVersion.*;
|
import static com.velocitypowered.api.network.ProtocolVersion.*;
|
||||||
|
|
||||||
import com.google.common.base.Preconditions;
|
import com.google.common.base.Preconditions;
|
||||||
|
import com.google.common.net.UrlEscapers;
|
||||||
import com.velocitypowered.api.event.connection.LoginEvent;
|
import com.velocitypowered.api.event.connection.LoginEvent;
|
||||||
import com.velocitypowered.api.event.connection.PostLoginEvent;
|
import com.velocitypowered.api.event.connection.PostLoginEvent;
|
||||||
import com.velocitypowered.api.event.connection.PreLoginEvent;
|
import com.velocitypowered.api.event.connection.PreLoginEvent;
|
||||||
@ -15,7 +16,6 @@ import com.velocitypowered.api.event.player.GameProfileRequestEvent;
|
|||||||
import com.velocitypowered.api.proxy.InboundConnection;
|
import com.velocitypowered.api.proxy.InboundConnection;
|
||||||
import com.velocitypowered.api.proxy.server.RegisteredServer;
|
import com.velocitypowered.api.proxy.server.RegisteredServer;
|
||||||
import com.velocitypowered.api.util.GameProfile;
|
import com.velocitypowered.api.util.GameProfile;
|
||||||
import com.velocitypowered.api.network.ProtocolVersion;
|
|
||||||
import com.velocitypowered.proxy.VelocityServer;
|
import com.velocitypowered.proxy.VelocityServer;
|
||||||
import com.velocitypowered.proxy.connection.MinecraftConnection;
|
import com.velocitypowered.proxy.connection.MinecraftConnection;
|
||||||
import com.velocitypowered.proxy.connection.MinecraftSessionHandler;
|
import com.velocitypowered.proxy.connection.MinecraftSessionHandler;
|
||||||
@ -121,7 +121,9 @@ public class LoginSessionHandler implements MinecraftSessionHandler {
|
|||||||
.generateServerId(decryptedSharedSecret, serverKeyPair.getPublic());
|
.generateServerId(decryptedSharedSecret, serverKeyPair.getPublic());
|
||||||
|
|
||||||
String playerIp = ((InetSocketAddress) inbound.getRemoteAddress()).getHostString();
|
String playerIp = ((InetSocketAddress) inbound.getRemoteAddress()).getHostString();
|
||||||
String url = String.format(MOJANG_HASJOINED_URL, login.getUsername(), serverId, playerIp);
|
String url = String.format(MOJANG_HASJOINED_URL,
|
||||||
|
UrlEscapers.urlFormParameterEscaper().escape(login.getUsername()), serverId,
|
||||||
|
UrlEscapers.urlFormParameterEscaper().escape(playerIp));
|
||||||
server.getHttpClient()
|
server.getHttpClient()
|
||||||
.get(new URL(url))
|
.get(new URL(url))
|
||||||
.thenAcceptAsync(profileResponse -> {
|
.thenAcceptAsync(profileResponse -> {
|
||||||
|
Laden…
In neuem Issue referenzieren
Einen Benutzer sperren