Grasscutters/Grasscutter
3
0
Fork 0
mirror of https://github.com/Melledy/Grasscutter.git synced 2024-11-26 22:22:51 +00:00
Code Issues Projects Releases Wiki Activity

Implement proper handbook authentication (pt. 2)

Browse Source
This commit is contained in:
KingRainbow44 2023-05-16 02:45:00 -04:00
parent f1cf6da178
commit 2800cce15a
No known key found for this signature in database
GPG Key ID: FC2CB64B00D257BE
2 changed files with 47 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/main/java/emu/grasscutter/game/HandbookActions.java
View File

@ -5,6 +5,7 @@ import emu.grasscutter.data.GameData;
import emu.grasscutter.game.avatar.Avatar; import emu.grasscutter.game.avatar.Avatar;
import emu.grasscutter.game.entity.EntityMonster; import emu.grasscutter.game.entity.EntityMonster;
import emu.grasscutter.game.inventory.GameItem; import emu.grasscutter.game.inventory.GameItem;
import emu.grasscutter.game.player.Player;
import emu.grasscutter.game.props.ActionReason; import emu.grasscutter.game.props.ActionReason;
import emu.grasscutter.server.packet.send.PacketAddNoGachaAvatarCardNotify; import emu.grasscutter.server.packet.send.PacketAddNoGachaAvatarCardNotify;
import emu.grasscutter.utils.objects.HandbookBody.*; import emu.grasscutter.utils.objects.HandbookBody.*;
@ -12,6 +13,20 @@ import java.util.Objects;
/** Commands executed by the handbook. */ /** Commands executed by the handbook. */
public interface HandbookActions { public interface HandbookActions {
/**
* Checks if the player is authenticated.
*
* @param player The player.
* @param token The player's unique session token.
* @return True if the player is authenticated.
*/
static boolean isAuthenticated(Player player, String token) {
// Check properties.
if (player == null || token == null) return false;
// Compare the session key and token.
return player.getSessionKey().equals(token);
}
/** /**
* Grants an avatar to the player. * Grants an avatar to the player.
* *
@ -37,6 +52,9 @@ public interface HandbookActions {
if (player == null) { if (player == null) {
return Response.builder().status(1).message("Player not found.").build(); return Response.builder().status(1).message("Player not found.").build();
} }
if (!HandbookActions.isAuthenticated(player, request.getPlayerToken())) {
return Response.builder().status(1).message("Player not authorized.").build();
}
if (avatarData == null) { if (avatarData == null) {
return Response.builder().status(400).message("Invalid avatar ID.").build(); return Response.builder().status(400).message("Invalid avatar ID.").build();
} }
@ -92,6 +110,9 @@ public interface HandbookActions {
if (player == null) { if (player == null) {
return Response.builder().status(1).message("Player not found.").build(); return Response.builder().status(1).message("Player not found.").build();
} }
if (!HandbookActions.isAuthenticated(player, request.getPlayerToken())) {
return Response.builder().status(1).message("Player not authorized.").build();
}
if (itemData == null) { if (itemData == null) {
return Response.builder().status(400).message("Invalid player UID or item ID.").build(); return Response.builder().status(400).message("Invalid player UID or item ID.").build();
} }
@ -150,6 +171,9 @@ public interface HandbookActions {
if (player == null) { if (player == null) {
return Response.builder().status(1).message("Player not found.").build(); return Response.builder().status(1).message("Player not found.").build();
} }
if (!HandbookActions.isAuthenticated(player, request.getPlayerToken())) {
return Response.builder().status(1).message("Player not authorized.").build();
}
// Find the scene in the player's world. // Find the scene in the player's world.
var scene = player.getWorld().getSceneById(sceneId); var scene = player.getWorld().getSceneById(sceneId);
@ -201,6 +225,9 @@ public interface HandbookActions {
if (player == null) { if (player == null) {
return Response.builder().status(1).message("Player not found.").build(); return Response.builder().status(1).message("Player not found.").build();
} }
if (!HandbookActions.isAuthenticated(player, request.getPlayerToken())) {
return Response.builder().status(1).message("Player not authorized.").build();
}
if (entityData == null) { if (entityData == null) {
return Response.builder().status(400).message("Invalid entity ID.").build(); return Response.builder().status(400).message("Invalid entity ID.").build();
} }

24
src/main/java/emu/grasscutter/game/player/Player.java
View File

@ -72,10 +72,7 @@ import emu.grasscutter.server.game.GameServer;
import emu.grasscutter.server.game.GameSession; import emu.grasscutter.server.game.GameSession;
import emu.grasscutter.server.game.GameSession.SessionState; import emu.grasscutter.server.game.GameSession.SessionState;
import emu.grasscutter.server.packet.send.*; import emu.grasscutter.server.packet.send.*;
import emu.grasscutter.utils.DateHelper; import emu.grasscutter.utils.*;
import emu.grasscutter.utils.MessageHandler;
import emu.grasscutter.utils.Position;
import emu.grasscutter.utils.Utils;
import it.unimi.dsi.fastutil.ints.Int2ObjectMap; import it.unimi.dsi.fastutil.ints.Int2ObjectMap;
import it.unimi.dsi.fastutil.ints.Int2ObjectOpenHashMap; import it.unimi.dsi.fastutil.ints.Int2ObjectOpenHashMap;
import lombok.Getter; import lombok.Getter;
@ -98,6 +95,7 @@ public class Player implements PlayerHook {
@Getter private String accountId; @Getter private String accountId;
@Setter private transient Account account; @Setter private transient Account account;
@Getter @Setter private transient GameSession session; @Getter @Setter private transient GameSession session;
@Transient private String sessionKey;
@Getter private String nickname; @Getter private String nickname;
@Getter private String signature; @Getter private String signature;
@ -376,6 +374,24 @@ public class Player implements PlayerHook {
return this.account; return this.account;
} }
/**
* @return The player's session key.
*/
public String getSessionKey() {
if (this.sessionKey == null) {
// Check if the account is null.
if (this.account == null) {
this.account = DispatchUtils.getAccountById(this.getAccountId());
}
if (this.account == null) return "";
// Get the session key.
this.sessionKey = this.getAccount().getSessionKey();
}
return this.sessionKey;
}
public boolean isOnline() { public boolean isOnline() {
return this.getSession() != null && this.getSession().isActive(); return this.getSession() != null && this.getSession().isActive();
} }