SteamWar/Velocity
13
0
Fork 0
geforkt von Mirrors/Velocity
Code Issues Pull-Requests Aktivität

Strictly validate usernames for online mode.

Quellcode durchsuchen
Dieser Commit ist enthalten in:
Andrew Steinborn 2018-12-14 15:04:21 -05:00
Ursprung 10293aa542
Commit 2884c2ea90
2 geänderte Dateien mit 19 neuen und 0 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

17
proxy/src/main/java/com/velocitypowered/proxy/connection/client/LoginSessionHandler.java
Datei anzeigen

@ -43,6 +43,7 @@ import java.util.Arrays;
import java.util.Optional; import java.util.Optional;
import java.util.concurrent.CompletableFuture; import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ThreadLocalRandom; import java.util.concurrent.ThreadLocalRandom;
import java.util.regex.Pattern;
import net.kyori.text.Component; import net.kyori.text.Component;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
@ -53,6 +54,7 @@ public class LoginSessionHandler implements MinecraftSessionHandler {
private static final Logger logger = LogManager.getLogger(LoginSessionHandler.class); private static final Logger logger = LogManager.getLogger(LoginSessionHandler.class);
private static final String MOJANG_HASJOINED_URL = private static final String MOJANG_HASJOINED_URL =
"https://sessionserver.mojang.com/session/minecraft/hasJoined?username=%s&serverId=%s&ip=%s"; "https://sessionserver.mojang.com/session/minecraft/hasJoined?username=%s&serverId=%s&ip=%s";
private static final Pattern VALID_MINECRAFT_USERNAME = Pattern.compile("^[a-zA-Z0-9_]{1,16}$");
private final VelocityServer server; private final VelocityServer server;
private final MinecraftConnection inbound; private final MinecraftConnection inbound;
@ -71,6 +73,21 @@ public class LoginSessionHandler implements MinecraftSessionHandler {
@Override @Override
public boolean handle(ServerLogin packet) { public boolean handle(ServerLogin packet) {
// Disallow logins from invalid usernames.
if (server.getConfiguration().isOnlineMode()) {
// In online-mode, follow Mojang's username rules.
if (!VALID_MINECRAFT_USERNAME.matcher(packet.getUsername()).matches()) {
inbound.closeWith(Disconnect.create(VelocityMessages.INVALID_USERNAME));
return true;
}
} else {
// Offline mode accepts any username, as long as we don't exceed 16 characters.
if (packet.getUsername().length() > 16) {
inbound.closeWith(Disconnect.create(VelocityMessages.INVALID_USERNAME));
return true;
}
}
this.login = packet; this.login = packet;
if (inbound.getProtocolVersion().compareTo(MINECRAFT_1_13) >= 0) { if (inbound.getProtocolVersion().compareTo(MINECRAFT_1_13) >= 0) {
playerInfoId = ThreadLocalRandom.current().nextInt(); playerInfoId = ThreadLocalRandom.current().nextInt();

2
proxy/src/main/java/com/velocitypowered/proxy/util/VelocityMessages.java
Datei anzeigen

@ -14,6 +14,8 @@ public class VelocityMessages {
.of("No available servers", TextColor.RED); .of("No available servers", TextColor.RED);
public static final Component ALREADY_CONNECTED = TextComponent public static final Component ALREADY_CONNECTED = TextComponent
.of("You are already connected to this proxy!", TextColor.RED); .of("You are already connected to this proxy!", TextColor.RED);
public static final Component INVALID_USERNAME = TextComponent
.of("Trying to login with invalid username", TextColor.RED);
private VelocityMessages() { private VelocityMessages() {
throw new AssertionError(); throw new AssertionError();