Require version 4 UUIDs from clients
This commit is contained in:
parent
d863b4f8a5
commit
6200cefd39
|
@ -11,8 +11,8 @@ import net.frozenorb.apiv3.APIv3;
|
||||||
import net.frozenorb.apiv3.serialization.ExcludeFromReplies;
|
import net.frozenorb.apiv3.serialization.ExcludeFromReplies;
|
||||||
import net.frozenorb.apiv3.utils.MojangUtils;
|
import net.frozenorb.apiv3.utils.MojangUtils;
|
||||||
import net.frozenorb.apiv3.utils.PermissionUtils;
|
import net.frozenorb.apiv3.utils.PermissionUtils;
|
||||||
|
import net.frozenorb.apiv3.utils.UUIDUtils;
|
||||||
import org.bson.Document;
|
import org.bson.Document;
|
||||||
import org.mindrot.jbcrypt.BCrypt;
|
|
||||||
import org.mongodb.morphia.annotations.Entity;
|
import org.mongodb.morphia.annotations.Entity;
|
||||||
import org.mongodb.morphia.annotations.Id;
|
import org.mongodb.morphia.annotations.Id;
|
||||||
import org.mongodb.morphia.annotations.Indexed;
|
import org.mongodb.morphia.annotations.Indexed;
|
||||||
|
@ -46,7 +46,11 @@ public final class User {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static User byId(UUID id) {
|
public static User byId(UUID id) {
|
||||||
return APIv3.getDatastore().createQuery(User.class).field("id").equal(id).get();
|
if (UUIDUtils.isAcceptableUUID(id)) {
|
||||||
|
return APIv3.getDatastore().createQuery(User.class).field("id").equal(id).get();
|
||||||
|
} else {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static User byEmailToken(String name) {
|
public static User byEmailToken(String name) {
|
||||||
|
|
|
@ -11,6 +11,7 @@ import net.frozenorb.apiv3.models.ServerGroup;
|
||||||
import net.frozenorb.apiv3.models.User;
|
import net.frozenorb.apiv3.models.User;
|
||||||
import net.frozenorb.apiv3.utils.ErrorUtils;
|
import net.frozenorb.apiv3.utils.ErrorUtils;
|
||||||
import net.frozenorb.apiv3.utils.PermissionUtils;
|
import net.frozenorb.apiv3.utils.PermissionUtils;
|
||||||
|
import net.frozenorb.apiv3.utils.UUIDUtils;
|
||||||
import org.bson.Document;
|
import org.bson.Document;
|
||||||
import spark.Request;
|
import spark.Request;
|
||||||
import spark.Response;
|
import spark.Response;
|
||||||
|
@ -37,12 +38,18 @@ public final class POSTServerHeartbeat implements Route {
|
||||||
|
|
||||||
for (Object player : (List<Object>) reqJson.get("players")) {
|
for (Object player : (List<Object>) reqJson.get("players")) {
|
||||||
Document playerJson = (Document) player;
|
Document playerJson = (Document) player;
|
||||||
User user = User.byId(playerJson.getString("uuid"));
|
UUID uuid = UUID.fromString(playerJson.getString("uuid"));
|
||||||
|
|
||||||
|
if (!UUIDUtils.isAcceptableUUID(uuid)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
User user = User.byId(uuid);
|
||||||
String username = playerJson.getString("username");
|
String username = playerJson.getString("username");
|
||||||
|
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
// Will be saved by the save command a few lines down.
|
// Will be saved by the save command a few lines down.
|
||||||
user = new User(UUID.fromString(playerJson.getString("uuid")), username);
|
user = new User(uuid, username);
|
||||||
}
|
}
|
||||||
|
|
||||||
user.seenOnServer(actorServer);
|
user.seenOnServer(actorServer);
|
||||||
|
|
|
@ -7,6 +7,7 @@ import net.frozenorb.apiv3.models.Server;
|
||||||
import net.frozenorb.apiv3.models.User;
|
import net.frozenorb.apiv3.models.User;
|
||||||
import net.frozenorb.apiv3.utils.ErrorUtils;
|
import net.frozenorb.apiv3.utils.ErrorUtils;
|
||||||
import net.frozenorb.apiv3.utils.IPUtils;
|
import net.frozenorb.apiv3.utils.IPUtils;
|
||||||
|
import net.frozenorb.apiv3.utils.UUIDUtils;
|
||||||
import spark.Request;
|
import spark.Request;
|
||||||
import spark.Response;
|
import spark.Response;
|
||||||
import spark.Route;
|
import spark.Route;
|
||||||
|
@ -16,7 +17,13 @@ import java.util.UUID;
|
||||||
public final class POSTUserLogin implements Route {
|
public final class POSTUserLogin implements Route {
|
||||||
|
|
||||||
public Object handle(Request req, Response res) {
|
public Object handle(Request req, Response res) {
|
||||||
User user = User.byId(req.params("id"));
|
UUID uuid = UUID.fromString(req.params("id"));
|
||||||
|
|
||||||
|
if (!UUIDUtils.isAcceptableUUID(uuid)) {
|
||||||
|
return ErrorUtils.invalidInput("UUID \"" + uuid + "\" is not valid - must be version 4 UUID.");
|
||||||
|
}
|
||||||
|
|
||||||
|
User user = User.byId(uuid);
|
||||||
String username = req.queryParams("username");
|
String username = req.queryParams("username");
|
||||||
String userIp = req.queryParams("userIp");
|
String userIp = req.queryParams("userIp");
|
||||||
Actor actor = req.attribute("actor");
|
Actor actor = req.attribute("actor");
|
||||||
|
@ -30,7 +37,7 @@ public final class POSTUserLogin implements Route {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
user = new User(UUID.fromString(req.params("id")), username);
|
user = new User(uuid, username);
|
||||||
APIv3.getDatastore().save(user);
|
APIv3.getDatastore().save(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
package net.frozenorb.apiv3.utils;
|
||||||
|
|
||||||
|
import lombok.experimental.UtilityClass;
|
||||||
|
|
||||||
|
import java.util.UUID;
|
||||||
|
|
||||||
|
@UtilityClass
|
||||||
|
public class UUIDUtils {
|
||||||
|
|
||||||
|
public static boolean isAcceptableUUID(UUID uuid) {
|
||||||
|
return uuid.version() == 4;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue