Require version 4 UUIDs from clients
This commit is contained in:
Colin McDonald
parent
d863b4f8a5
commit
6200cefd39
|
|
@ -11,8 +11,8 @@ import net.frozenorb.apiv3.APIv3;
|
|||
import net.frozenorb.apiv3.serialization.ExcludeFromReplies;
|
||||
import net.frozenorb.apiv3.utils.MojangUtils;
|
||||
import net.frozenorb.apiv3.utils.PermissionUtils;
|
||||
import net.frozenorb.apiv3.utils.UUIDUtils;
|
||||
import org.bson.Document;
|
||||
import org.mindrot.jbcrypt.BCrypt;
|
||||
import org.mongodb.morphia.annotations.Entity;
|
||||
import org.mongodb.morphia.annotations.Id;
|
||||
import org.mongodb.morphia.annotations.Indexed;
|
||||
|
|
@ -46,7 +46,11 @@ public final class User {
|
|||
}
|
||||
|
||||
public static User byId(UUID id) {
|
||||
return APIv3.getDatastore().createQuery(User.class).field("id").equal(id).get();
|
||||
if (UUIDUtils.isAcceptableUUID(id)) {
|
||||
return APIv3.getDatastore().createQuery(User.class).field("id").equal(id).get();
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public static User byEmailToken(String name) {
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import net.frozenorb.apiv3.models.ServerGroup;
|
|||
import net.frozenorb.apiv3.models.User;
|
||||
import net.frozenorb.apiv3.utils.ErrorUtils;
|
||||
import net.frozenorb.apiv3.utils.PermissionUtils;
|
||||
import net.frozenorb.apiv3.utils.UUIDUtils;
|
||||
import org.bson.Document;
|
||||
import spark.Request;
|
||||
import spark.Response;
|
||||
|
|
@ -37,12 +38,18 @@ public final class POSTServerHeartbeat implements Route {
|
|||
|
||||
for (Object player : (List<Object>) reqJson.get("players")) {
|
||||
Document playerJson = (Document) player;
|
||||
User user = User.byId(playerJson.getString("uuid"));
|
||||
UUID uuid = UUID.fromString(playerJson.getString("uuid"));
|
||||
|
||||
if (!UUIDUtils.isAcceptableUUID(uuid)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
User user = User.byId(uuid);
|
||||
String username = playerJson.getString("username");
|
||||
|
||||
if (user == null) {
|
||||
// Will be saved by the save command a few lines down.
|
||||
user = new User(UUID.fromString(playerJson.getString("uuid")), username);
|
||||
user = new User(uuid, username);
|
||||
}
|
||||
|
||||
user.seenOnServer(actorServer);
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import net.frozenorb.apiv3.models.Server;
|
|||
import net.frozenorb.apiv3.models.User;
|
||||
import net.frozenorb.apiv3.utils.ErrorUtils;
|
||||
import net.frozenorb.apiv3.utils.IPUtils;
|
||||
import net.frozenorb.apiv3.utils.UUIDUtils;
|
||||
import spark.Request;
|
||||
import spark.Response;
|
||||
import spark.Route;
|
||||
|
|
@ -16,7 +17,13 @@ import java.util.UUID;
|
|||
public final class POSTUserLogin implements Route {
|
||||
|
||||
public Object handle(Request req, Response res) {
|
||||
User user = User.byId(req.params("id"));
|
||||
UUID uuid = UUID.fromString(req.params("id"));
|
||||
|
||||
if (!UUIDUtils.isAcceptableUUID(uuid)) {
|
||||
return ErrorUtils.invalidInput("UUID \"" + uuid + "\" is not valid - must be version 4 UUID.");
|
||||
}
|
||||
|
||||
User user = User.byId(uuid);
|
||||
String username = req.queryParams("username");
|
||||
String userIp = req.queryParams("userIp");
|
||||
Actor actor = req.attribute("actor");
|
||||
|
|
@ -30,7 +37,7 @@ public final class POSTUserLogin implements Route {
|
|||
}
|
||||
|
||||
if (user == null) {
|
||||
user = new User(UUID.fromString(req.params("id")), username);
|
||||
user = new User(uuid, username);
|
||||
APIv3.getDatastore().save(user);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,14 @@
|
|||
package net.frozenorb.apiv3.utils;
|
||||
|
||||
import lombok.experimental.UtilityClass;
|
||||
|
||||
import java.util.UUID;
|
||||
|
||||
@UtilityClass
|
||||
public class UUIDUtils {
|
||||
|
||||
public static boolean isAcceptableUUID(UUID uuid) {
|
||||
return uuid.version() == 4;
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
Reference in New Issue