archive
/
AquaDX
mirror of https://github.com/hykilpikonna/AquaDX
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

[O] Security: keychip check on remove

pull/110/head
Azalea 2025-01-16 19:01:51 -05:00
parent 10933046d6
commit a374f7a44b
2 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/main/java/icu/samnyan/aqua/sega/maimai2/worldslink/FutariLobby.kt
View File

@ -28,8 +28,6 @@ private val KJson = Json {
// Maximum time to live for a recruit record // Maximum time to live for a recruit record
const val MAX_TTL = 30 * 1000 const val MAX_TTL = 30 * 1000
data class RecruitRecord(val d: RecruitInfo, val time: Long = millis())
@RestController @RestController
@RequestMapping(path = ["/mai2-futari"]) @RequestMapping(path = ["/mai2-futari"])
class FutariLobby(paths: PathProps) { class FutariLobby(paths: PathProps) {
@ -52,16 +50,16 @@ class FutariLobby(paths: PathProps) {
writer.flush() writer.flush()
} }
fun log(data: StartRecruit, msg: String) = fun log(data: RecruitRecord, msg: String) =
log("${LocalDateTime.now().isoDateTime()}: $msg: ${data.RecruitInfo.toJson()}") log("${LocalDateTime.now().isoDateTime()}: $msg: ${KJson.encodeToString(data)}")
val StartRecruit.ip get() = RecruitInfo.MechaInfo.IpAddress val RecruitRecord.ip get() = RecruitInfo.MechaInfo.IpAddress
@API("recruit/start") @API("recruit/start")
fun startRecruit(@RB data: String) { fun startRecruit(@RB data: String) {
val d = parsing { KJson.decodeFromString<StartRecruit>(data) } val d = parsing { KJson.decodeFromString<RecruitRecord>(data) }.apply { Time = millis() }
val exists = d.ip in recruits val exists = d.ip in recruits
recruits[d.ip] = RecruitRecord(d.RecruitInfo) recruits[d.ip] = d
if (!exists) log(d, "StartRecruit") if (!exists) log(d, "StartRecruit")
d.RecruitInfo.MechaInfo.UserIDs = d.RecruitInfo.MechaInfo.UserIDs.map { it.str.hashToUInt().toLong() } d.RecruitInfo.MechaInfo.UserIDs = d.RecruitInfo.MechaInfo.UserIDs.map { it.str.hashToUInt().toLong() }
@ -69,8 +67,9 @@ class FutariLobby(paths: PathProps) {
@API("recruit/finish") @API("recruit/finish")
fun finishRecruit(@RB data: String) { fun finishRecruit(@RB data: String) {
val d = parsing { KJson.decodeFromString<StartRecruit>(data) } val d = parsing { KJson.decodeFromString<RecruitRecord>(data) }
if (d.ip !in recruits) 400 - "Recruit not found" if (d.ip !in recruits) 400 - "Recruit not found"
if (d.Keychip != recruits[d.ip]!!.Keychip) 400 - "Keychip mismatch"
recruits.remove(d.ip) recruits.remove(d.ip)
log(d, "EndRecruit") log(d, "EndRecruit")
} }
@ -78,16 +77,16 @@ class FutariLobby(paths: PathProps) {
@API("recruit/list") @API("recruit/list")
fun listRecruit(): String { fun listRecruit(): String {
val time = millis() val time = millis()
recruits.filterValues { time - it.time > MAX_TTL }.keys.forEach { recruits.remove(it) } recruits.filterValues { time - it.Time > MAX_TTL }.keys.forEach { recruits.remove(it) }
return recruits.values.toList().joinToString("\n") { KJson.encodeToString(it.d) } return recruits.values.toList().joinToString("\n") { KJson.encodeToString(it.RecruitInfo) }
} }
} }
fun main(args: Array<String>) { fun main(args: Array<String>) {
val json = """{"RecruitInfo":{"MechaInfo":{"IsJoin":true,"IpAddress":1820162433,"MusicID":11692,"Entrys":[true,false],"UserIDs":[281474976710657,281474976710657],"UserNames":["",""],"IconIDs":[1,1],"FumenDifs":[0,-1],"Rateing":[0,0],"ClassValue":[0,0],"MaxClassValue":[0,0],"UserType":[0,0]},"MusicID":11692,"GroupID":0,"EventModeID":false,"JoinNumber":1,"PartyStance":0,"_startTimeTicks":638725464510308001,"_recvTimeTicks":0}}""" val json = """{"RecruitInfo":{"MechaInfo":{"IsJoin":true,"IpAddress":1820162433,"MusicID":11692,"Entrys":[true,false],"UserIDs":[281474976710657,281474976710657],"UserNames":["",""],"IconIDs":[1,1],"FumenDifs":[0,-1],"Rateing":[0,0],"ClassValue":[0,0],"MaxClassValue":[0,0],"UserType":[0,0]},"MusicID":11692,"GroupID":0,"EventModeID":false,"JoinNumber":1,"PartyStance":0,"_startTimeTicks":638725464510308001,"_recvTimeTicks":0}}"""
println(json.jsonMap().toJson()) println(json.jsonMap().toJson())
val data = KJson.decodeFromString<StartRecruit>(json) val data = KJson.decodeFromString<RecruitRecord>(json)
println(json) println(json)
println(KJson.encodeToString(StartRecruit.serializer(), data)) println(KJson.encodeToString(data))
println(data) println(data)
} }

4
src/main/java/icu/samnyan/aqua/sega/maimai2/worldslink/FutariModels.kt
View File

@ -34,6 +34,8 @@ data class RecruitInfo(
) )
@Serializable @Serializable
data class StartRecruit( data class RecruitRecord(
val RecruitInfo: RecruitInfo, val RecruitInfo: RecruitInfo,
val Keychip: String,
var Time: Long = 0
) )