summaryrefslogtreecommitdiffstats
path: root/src/ClientHandle.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/ClientHandle.cpp')
-rw-r--r--src/ClientHandle.cpp75
1 files changed, 75 insertions, 0 deletions
diff --git a/src/ClientHandle.cpp b/src/ClientHandle.cpp
index cf70f870e..bbf018587 100644
--- a/src/ClientHandle.cpp
+++ b/src/ClientHandle.cpp
@@ -222,6 +222,28 @@ bool cClientHandle::IsUUIDOnline(const cUUID & a_UUID)
+void cClientHandle::ProxyInit(const AString & a_IPString, const cUUID & a_UUID)
+{
+ this->SetIPString(a_IPString);
+ this->SetUUID(a_UUID);
+
+ this->m_ProxyConnection = true;
+}
+
+
+
+
+
+void cClientHandle::ProxyInit(const AString & a_IPString, const cUUID & a_UUID, const Json::Value & a_Properties)
+{
+ this->SetProperties(a_Properties);
+ this->ProxyInit(a_IPString, a_UUID);
+}
+
+
+
+
+
void cClientHandle::ProcessProtocolOut()
{
decltype(m_OutgoingData) OutgoingData;
@@ -264,6 +286,54 @@ void cClientHandle::Kick(const AString & a_Reason)
+bool cClientHandle::BungeeAuthenticate()
+{
+ if (!m_ProxyConnection && cRoot::Get()->GetServer()->OnlyAllowBungeeCord())
+ {
+ Kick("You can only connect to this server using a Proxy.");
+
+ return false;
+ }
+
+ cServer * Server = cRoot::Get()->GetServer();
+
+ // Proxy Shared Secret Check (BungeeGuard)
+ const AString & ForwardSecret = Server->GetProxySharedSecret();
+ const bool AllowBungee = Server->ShouldAllowBungeeCord();
+ const bool RequireForwardSecret = AllowBungee && !ForwardSecret.empty();
+
+ if (RequireForwardSecret)
+ {
+ for (auto & Node : GetProperties())
+ {
+ if (Node.get("name", "").asString() == "bungeeguard-token")
+ {
+ AString SentToken = Node.get("value", "").asString();
+
+ if (ForwardSecret.compare(SentToken) == 0)
+ {
+ return true;
+ }
+
+ break;
+ }
+ }
+
+ Kick("Unable to authenticate.");
+ return false;
+ }
+ else if (m_ProxyConnection)
+ {
+ LOG("A player connected through a proxy without requiring a forwarding secret. If open to the internet, this is very insecure!");
+ }
+
+ return true;
+}
+
+
+
+
+
void cClientHandle::Authenticate(const AString & a_Name, const cUUID & a_UUID, const Json::Value & a_Properties)
{
{
@@ -281,6 +351,11 @@ void cClientHandle::Authenticate(const AString & a_Name, const cUUID & a_UUID, c
ASSERT(m_Player == nullptr);
+ if (!BungeeAuthenticate())
+ {
+ return;
+ }
+
m_Username = a_Name;
// Only assign UUID and properties if not already pre-assigned (BungeeCord sends those in the Handshake packet):