mirror of
https://github.com/plan-player-analytics/Plan.git
synced 2024-12-28 12:07:35 +01:00
Fixed Security Vulnerability: #477
This commit is contained in:
parent
80018df960
commit
f7ec19b8b3
@ -167,7 +167,6 @@ public class Plan extends BukkitPlugin implements IPlan {
|
||||
|
||||
serverInfoManager = new BukkitServerInfoManager(this);
|
||||
infoManager = new BukkitInformationManager(this);
|
||||
|
||||
WebServerSystem.getInstance().init();
|
||||
if (!WebServerSystem.isWebServerEnabled()) {
|
||||
if (Settings.WEBSERVER_DISABLED.isTrue()) {
|
||||
@ -178,6 +177,7 @@ public class Plan extends BukkitPlugin implements IPlan {
|
||||
}
|
||||
}
|
||||
serverInfoManager.updateServerInfo();
|
||||
infoManager.updateConnection();
|
||||
|
||||
Benchmark.stop("Enable", "WebServer Initialization");
|
||||
|
||||
|
@ -8,6 +8,8 @@ import com.djrapitops.plugin.BungeePlugin;
|
||||
import com.djrapitops.plugin.StaticHolder;
|
||||
import com.djrapitops.plugin.api.Benchmark;
|
||||
import com.djrapitops.plugin.api.config.Config;
|
||||
import com.djrapitops.plugin.api.systems.TaskCenter;
|
||||
import com.djrapitops.plugin.api.utility.log.DebugLog;
|
||||
import com.djrapitops.plugin.api.utility.log.Log;
|
||||
import com.djrapitops.plugin.settings.ColorScheme;
|
||||
import com.djrapitops.plugin.task.RunnableFactory;
|
||||
@ -53,6 +55,8 @@ public class PlanBungee extends BungeePlugin implements IPlan {
|
||||
|
||||
private ProcessingQueue processingQueue;
|
||||
|
||||
private boolean setupAllowed = false;
|
||||
|
||||
@Override
|
||||
public void onEnable() {
|
||||
super.onEnable();
|
||||
@ -72,8 +76,6 @@ public class PlanBungee extends BungeePlugin implements IPlan {
|
||||
Theme.getInstance().init();
|
||||
DBSystem.getInstance().init();
|
||||
|
||||
registerCommand("planbungee", new PlanBungeeCommand(this));
|
||||
|
||||
String ip = variableHolder.getIp();
|
||||
if ("0.0.0.0".equals(ip)) {
|
||||
Log.error("IP setting still 0.0.0.0 - Configure AlternativeIP/IP that connects to the Proxy server.");
|
||||
@ -103,8 +105,8 @@ public class PlanBungee extends BungeePlugin implements IPlan {
|
||||
} catch (Exception e) {
|
||||
Log.error("Plugin Failed to Initialize Correctly.");
|
||||
Log.toLog(this.getClass().getName(), e);
|
||||
onDisable();
|
||||
}
|
||||
registerCommand("planbungee", new PlanBungeeCommand(this));
|
||||
}
|
||||
|
||||
public static PlanBungee getInstance() {
|
||||
@ -122,7 +124,9 @@ public class PlanBungee extends BungeePlugin implements IPlan {
|
||||
}
|
||||
systems.close();
|
||||
Log.info(Locale.get(Msg.DISABLED).toString());
|
||||
super.onDisable();
|
||||
Benchmark.pluginDisabled(PlanBungee.class);
|
||||
DebugLog.pluginDisabled(PlanBungee.class);
|
||||
TaskCenter.cancelAllKnownTasks(PlanBungee.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -200,4 +204,12 @@ public class PlanBungee extends BungeePlugin implements IPlan {
|
||||
public Systems getSystems() {
|
||||
return systems;
|
||||
}
|
||||
|
||||
public boolean isSetupAllowed() {
|
||||
return setupAllowed;
|
||||
}
|
||||
|
||||
public void setSetupAllowed(boolean setupAllowed) {
|
||||
this.setupAllowed = setupAllowed;
|
||||
}
|
||||
}
|
@ -27,7 +27,7 @@ public class PlanBungeeCommand extends TreeCommand<PlanBungee> {
|
||||
* @param plugin Current instance of Plan
|
||||
*/
|
||||
public PlanBungeeCommand(PlanBungee plugin) {
|
||||
super(plugin, "planbungee", CommandType.CONSOLE, "", "", "planbungee");
|
||||
super(plugin, "planbungee", CommandType.CONSOLE, Permissions.MANAGE.getPermission(), "", "planbungee");
|
||||
super.setDefaultCommand("help");
|
||||
super.setColorScheme(plugin.getColorScheme());
|
||||
}
|
||||
@ -42,7 +42,8 @@ public class PlanBungeeCommand extends TreeCommand<PlanBungee> {
|
||||
add(
|
||||
new ReloadCommand(plugin),
|
||||
new StatusCommand<>(plugin, Permissions.MANAGE.getPermission(), plugin.getColorScheme()),
|
||||
new ListCommand()
|
||||
new ListCommand(),
|
||||
new BungeeSetupToggleCommand(plugin)
|
||||
);
|
||||
RegisterCommand registerCommand = new RegisterCommand(plugin);
|
||||
add(
|
||||
|
@ -0,0 +1,39 @@
|
||||
/*
|
||||
* Licence is provided in the jar as license.yml also here:
|
||||
* https://github.com/Rsl1122/Plan-PlayerAnalytics/blob/master/Plan/src/main/resources/license.yml
|
||||
*/
|
||||
package main.java.com.djrapitops.plan.command.commands;
|
||||
|
||||
import com.djrapitops.plugin.command.CommandType;
|
||||
import com.djrapitops.plugin.command.ISender;
|
||||
import com.djrapitops.plugin.command.SubCommand;
|
||||
import main.java.com.djrapitops.plan.PlanBungee;
|
||||
import main.java.com.djrapitops.plan.settings.Permissions;
|
||||
|
||||
/**
|
||||
* //TODO Class Javadoc Comment
|
||||
*
|
||||
* @author Rsl1122
|
||||
*/
|
||||
public class BungeeSetupToggleCommand extends SubCommand {
|
||||
|
||||
private final PlanBungee plugin;
|
||||
|
||||
public BungeeSetupToggleCommand(PlanBungee plugin) {
|
||||
super("setup", CommandType.ALL, Permissions.MANAGE.getPermission(), "Toggle Setup mode for Bungee");
|
||||
this.plugin = plugin;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean onCommand(ISender sender, String s, String[] strings) {
|
||||
boolean setupAllowed = plugin.isSetupAllowed();
|
||||
if (setupAllowed) {
|
||||
plugin.setSetupAllowed(false);
|
||||
} else {
|
||||
plugin.setSetupAllowed(true);
|
||||
}
|
||||
String msg = !setupAllowed ? "§aSet-up is now Allowed" : "§cSet-up is now Forbidden";
|
||||
sender.sendMessage(msg);
|
||||
return true;
|
||||
}
|
||||
}
|
@ -7,6 +7,7 @@ import com.djrapitops.plugin.command.ISender;
|
||||
import com.djrapitops.plugin.command.SubCommand;
|
||||
import main.java.com.djrapitops.plan.Plan;
|
||||
import main.java.com.djrapitops.plan.api.exceptions.WebAPIException;
|
||||
import main.java.com.djrapitops.plan.api.exceptions.WebAPIForbiddenException;
|
||||
import main.java.com.djrapitops.plan.settings.Permissions;
|
||||
import main.java.com.djrapitops.plan.settings.Settings;
|
||||
import main.java.com.djrapitops.plan.settings.locale.Locale;
|
||||
@ -70,6 +71,8 @@ public class ManageSetupCommand extends SubCommand {
|
||||
// plugin.getWebServer().getWebAPI().getAPI(PingWebAPI.class).sendRequest(address);
|
||||
plugin.getWebServer().getWebAPI().getAPI(RequestSetupWebAPI.class).sendRequest(address);
|
||||
sender.sendMessage("§eConnection successful, Plan may restart in a few seconds, if it doesn't something has gone wrong.");
|
||||
} catch (WebAPIForbiddenException e) {
|
||||
sender.sendMessage("§eConnection succeeded, but Bungee has set-up mode disabled - use '/planbungee setup' to enable it.");
|
||||
} catch (WebAPIException e) {
|
||||
Log.toLog(this.getClass().getName(), e);
|
||||
sender.sendMessage("§cConnection to Bungee WebServer failed: More info on console");
|
||||
|
@ -20,6 +20,7 @@ import main.java.com.djrapitops.plan.systems.info.parsing.AnalysisPageParser;
|
||||
import main.java.com.djrapitops.plan.systems.info.parsing.InspectPageParser;
|
||||
import main.java.com.djrapitops.plan.systems.processing.Processor;
|
||||
import main.java.com.djrapitops.plan.systems.webserver.WebServer;
|
||||
import main.java.com.djrapitops.plan.systems.webserver.WebServerSystem;
|
||||
import main.java.com.djrapitops.plan.systems.webserver.pagecache.PageCache;
|
||||
import main.java.com.djrapitops.plan.systems.webserver.pagecache.PageId;
|
||||
import main.java.com.djrapitops.plan.systems.webserver.response.*;
|
||||
@ -63,8 +64,7 @@ public class BukkitInformationManager extends InformationManager {
|
||||
dataCache = new DataCache(plugin);
|
||||
analysis = new Analysis(plugin);
|
||||
pluginsTabContents = new HashMap<>();
|
||||
|
||||
updateConnection();
|
||||
usingAnotherWebServer = false;
|
||||
}
|
||||
|
||||
public void updateConnection() {
|
||||
@ -323,8 +323,7 @@ public class BukkitInformationManager extends InformationManager {
|
||||
|
||||
@Override
|
||||
public boolean attemptConnection() {
|
||||
WebServer webServer = plugin.getWebServer();
|
||||
boolean webServerIsEnabled = webServer.isEnabled();
|
||||
boolean webServerIsEnabled = WebServerSystem.isWebServerEnabled();
|
||||
boolean previousState = usingAnotherWebServer;
|
||||
|
||||
try {
|
||||
@ -350,6 +349,7 @@ public class BukkitInformationManager extends InformationManager {
|
||||
} finally {
|
||||
boolean changedState = previousState != usingAnotherWebServer;
|
||||
if (webServerIsEnabled && changedState) {
|
||||
WebServer webServer = WebServerSystem.getInstance().getWebServer();
|
||||
webServer.stop();
|
||||
webServer.initServer();
|
||||
}
|
||||
|
@ -13,7 +13,7 @@ public class ForbiddenResponse extends ErrorResponse {
|
||||
}
|
||||
|
||||
public ForbiddenResponse(String msg) {
|
||||
super.setHeader("HTTP/1.1 404 Not Found");
|
||||
super.setHeader("HTTP/1.1 403 Forbidden");
|
||||
super.setTitle("403 Forbidden - Access Denied");
|
||||
super.setParagraph(msg);
|
||||
super.replacePlaceholders();
|
||||
|
@ -1,4 +1,4 @@
|
||||
/*
|
||||
/*
|
||||
* Licence is provided in the jar as license.yml also here:
|
||||
* https://github.com/Rsl1122/Plan-PlayerAnalytics/blob/master/Plan/src/main/resources/license.yml
|
||||
*/
|
||||
@ -13,6 +13,7 @@ import main.java.com.djrapitops.plan.PlanBungee;
|
||||
import main.java.com.djrapitops.plan.api.IPlan;
|
||||
import main.java.com.djrapitops.plan.api.exceptions.WebAPIException;
|
||||
import main.java.com.djrapitops.plan.systems.info.server.ServerInfo;
|
||||
import main.java.com.djrapitops.plan.systems.webserver.response.ForbiddenResponse;
|
||||
import main.java.com.djrapitops.plan.systems.webserver.response.Response;
|
||||
import main.java.com.djrapitops.plan.systems.webserver.webapi.WebAPI;
|
||||
|
||||
@ -31,6 +32,11 @@ public class RequestSetupWebAPI extends WebAPI {
|
||||
if (!Check.isBungeeAvailable()) {
|
||||
return badRequest("Called a Bukkit server.");
|
||||
}
|
||||
|
||||
if (!((PlanBungee) plugin).isSetupAllowed()) {
|
||||
return new ForbiddenResponse("Setup mode disabled, use /planbungee setup to enable");
|
||||
}
|
||||
|
||||
String serverUUIDS = variables.get("sender");
|
||||
String webAddress = variables.get("webAddress");
|
||||
String accessCode = variables.get("accessKey");
|
||||
@ -38,7 +44,8 @@ public class RequestSetupWebAPI extends WebAPI {
|
||||
return badRequest("Variable was null");
|
||||
}
|
||||
ServerInfo serverInfo = new ServerInfo(-1, UUID.fromString(serverUUIDS), "", webAddress, 0);
|
||||
PlanBungee.getInstance().getServerInfoManager().attemptConnection(serverInfo, accessCode);
|
||||
|
||||
((PlanBungee) plugin).getServerInfoManager().attemptConnection(serverInfo, accessCode);
|
||||
return success();
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user