From 1686cb7a4c43eedffc87f9fdbd981732f9f04122 Mon Sep 17 00:00:00 2001 From: Luck Date: Sun, 2 Oct 2022 16:56:32 +0100 Subject: [PATCH] Block connections if the default tokens are still configured --- INSTALLATION.md | 9 +++++---- .../java/me/lucko/bungeeguard/backend/TokenStore.java | 10 ++++++++++ .../lucko/bungeeguard/spigot/BungeeCordHandshake.java | 4 ++++ .../bungeeguard/spigot/BungeeGuardBackendPlugin.java | 11 +++++++++++ 4 files changed, 30 insertions(+), 4 deletions(-) diff --git a/INSTALLATION.md b/INSTALLATION.md index 0cc87a0..2c1040a 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -32,8 +32,9 @@ The latest versions of BungeeGuard can be found from: 4. Navigate to `/plugins/BungeeGuard/config.yml`. Add the token(s) generated by the proxy(ies) to the `allowed-tokens` list. > e.g. > ```yml - > # Allowed authentication tokens. - > allowed-tokens: - > - "AUSXEwebkOGVnbihJM8gBS0QUutDzvIG009xoAfo1Huba9pGvhfjrA21r8dWVsa8" - > ``` + > # Allowed authentication tokens. + > allowed-tokens: + > - "AUSXEwebkOGVnbihJM8gBS0QUutDzvIG009xoAfo1Huba9pGvhfjrA21r8dWVsa8" + > ``` + > **Please make sure you remove the default tokens, so the only values in the list are your allowed tokens.** 5. Run `bungeeguard reload` from console. diff --git a/bungeeguard-backend/src/main/java/me/lucko/bungeeguard/backend/TokenStore.java b/bungeeguard-backend/src/main/java/me/lucko/bungeeguard/backend/TokenStore.java index 5430b79..1155b89 100644 --- a/bungeeguard-backend/src/main/java/me/lucko/bungeeguard/backend/TokenStore.java +++ b/bungeeguard-backend/src/main/java/me/lucko/bungeeguard/backend/TokenStore.java @@ -59,4 +59,14 @@ public boolean isAllowed(String token) { return this.allowedTokens.contains(token); } + /** + * Has the server owner bothered to configure their tokens correctly...? + * + * @return true if BungeeGuard has not yet been configured + */ + public boolean isUsingDefaultConfig() { + return this.allowedTokens.contains("the token generated by the proxy goes here") || + this.allowedTokens.contains("you can add as many as you like."); + } + } diff --git a/bungeeguard-spigot/src/main/java/me/lucko/bungeeguard/spigot/BungeeCordHandshake.java b/bungeeguard-spigot/src/main/java/me/lucko/bungeeguard/spigot/BungeeCordHandshake.java index 641813e..364f4e8 100644 --- a/bungeeguard-spigot/src/main/java/me/lucko/bungeeguard/spigot/BungeeCordHandshake.java +++ b/bungeeguard-spigot/src/main/java/me/lucko/bungeeguard/spigot/BungeeCordHandshake.java @@ -75,6 +75,10 @@ public static BungeeCordHandshake decodeAndVerify(String handshake, TokenStore t } private static BungeeCordHandshake decodeAndVerify0(String handshake, TokenStore tokenStore) throws Exception { + if (tokenStore.isUsingDefaultConfig()) { + return new Fail(Fail.Reason.INCORRECT_TOKEN, "Allowed tokens have not been configured! Please refer to https://github.com/lucko/BungeeGuard/blob/master/INSTALLATION.md for help."); + } + if (handshake.length() > HANDSHAKE_LENGTH_LIMIT) { return new Fail(Fail.Reason.INVALID_HANDSHAKE, "handshake length " + handshake.length() + " is > " + HANDSHAKE_LENGTH_LIMIT); } diff --git a/bungeeguard-spigot/src/main/java/me/lucko/bungeeguard/spigot/BungeeGuardBackendPlugin.java b/bungeeguard-spigot/src/main/java/me/lucko/bungeeguard/spigot/BungeeGuardBackendPlugin.java index b5e3a96..2be23fa 100644 --- a/bungeeguard-spigot/src/main/java/me/lucko/bungeeguard/spigot/BungeeGuardBackendPlugin.java +++ b/bungeeguard-spigot/src/main/java/me/lucko/bungeeguard/spigot/BungeeGuardBackendPlugin.java @@ -54,6 +54,17 @@ public void onEnable() { this.tokenStore = new TokenStore(this); this.tokenStore.load(); + if (!getServer().spigot().getSpigotConfig().getBoolean("settings.bungeecord", false)) { + getLogger().severe("------------------------------------------------------------"); + getLogger().severe("'settings.bungeecord' is set to false in spigot.yml."); + getLogger().severe(""); + getLogger().severe("BungeeGuard cannot function unless this property is set to true."); + getLogger().severe("The server will now shutdown as a precaution."); + getLogger().severe("------------------------------------------------------------"); + getServer().shutdown(); + return; + } + if (isPaperHandshakeEvent()) { getLogger().info("Using Paper's PlayerHandshakeEvent to listen for connections.");