Add check for the server key

.gitignore

@@ -12,4 +12,8 @@
 /Filetool/nbproject/private/
 /Filetool/build/
 /PlanPluginBridge/target/
-/MakroS/nbproject/private/
+/MakroS/nbproject/private/
+*.xml
+Plan/Plan.iml
+Plan/.sonar/.sonar_lock
+Plan/.sonar/report-task.txt

Plan/src/main/java/com/djrapitops/plan/Plan.java

@@ -189,7 +189,7 @@ public class Plan extends BukkitPlugin<Plan> {
             }
 
             Benchmark.start("ServerInfo Registration");
-                serverInfoManager = new ServerInfoManager(this);
+            serverInfoManager = new ServerInfoManager(this);
             Benchmark.stop("Enable", "ServerInfo Registration");
 
             setupFilter(); // TODO Move to RegisterCommand Constructor
@@ -455,4 +455,14 @@ public class Plan extends BukkitPlugin<Plan> {
     public ServerVariableHolder getVariable() {
         return serverVariableHolder;
     }
+
+    /**
+     * Used to get the object storing server info
+     *
+     * @return ServerInfoManager
+     * @see ServerInfoManager
+     */
+    public ServerInfoManager getServerInfoManager() {
+        return serverInfoManager;
+    }
 }

Plan/src/main/java/com/djrapitops/plan/data/handling/PlaytimeHandling.java

@@ -20,11 +20,7 @@ public class PlaytimeHandling {
         data.setLastPlayed(time);
 
         GMTimes gmTimes = data.getGmTimes();
-        if (gamemode != null) {
-            gmTimes.changeState(gamemode, playTime);
-        } else {
-            gmTimes.changeState(gmTimes.getState(), playTime);
-        }
+        gmTimes.changeState(gamemode != null ? gamemode : gmTimes.getState(), playTime);
 
         WorldTimes worldTimes = data.getWorldTimes();
         worldTimes.changeState(worldName, playTime);

Plan/src/main/java/com/djrapitops/plan/ui/webserver/WebServer.java

@@ -308,11 +308,19 @@ public class WebServer {
         }
 
         Map<String, String> variables = readVariables(response);
-
-        //TODO ADD CHECK IF SERVER KEY VALID
+        String key = variables.get("key");
 
         Plan plan = Plan.getInstance();
 
+        if (!checkKey(plan, key)) {
+            String error = "Server Key not given or invalid";
+            return PageCacheHandler.loadPage(error, () -> {
+                ForbiddenResponse forbidden = new ForbiddenResponse();
+                forbidden.setContent(error);
+                return forbidden;
+            });
+        }
+
         WebAPI api = WebAPIManager.getAPI(method);
 
         if (api == null) {
@@ -328,6 +336,18 @@ public class WebServer {
         }
     }
 
+    private boolean checkKey(Plan plan, String key) {
+        UUID uuid = plan.getServerInfoManager().getServerUUID();
+        UUID keyUUID;
+        try {
+            keyUUID = UUID.fromString(key);
+        } catch (IllegalArgumentException e) {
+            return false;
+        }
+
+        return uuid.equals(keyUUID);
+    }
+
     private Map<String, String> readVariables(String response) {
         String[] variables = response.split("&");
 

Plan/src/main/java/com/djrapitops/plan/ui/webserver/api/bukkit/InspectWebAPI.java

@@ -35,7 +35,7 @@ public class InspectWebAPI implements WebAPI {
             return PageCacheHandler.loadPage(error, () -> new BadRequestResponse(error));
         }
 
-        Plan.getInstance().getInspectCache().cache(uuid);
+        plan.getInspectCache().cache(uuid);
 
         return PageCacheHandler.loadPage("success", SuccessResponse::new);
     }

Plan/test/test/java/main/java/com/djrapitops/plan/PermissionsTest.java

@@ -28,5 +28,4 @@ public class PermissionsTest {
     public void testGetPermission() {
         assertEquals("plan.inspect.other", Permissions.INSPECT_OTHER.getPerm());
     }
-
 }