Security fix

TheoBong · Jul 10, 2022 · 3ba9f8f · 3ba9f8f
1 parent 70c5070
commit 3ba9f8f
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 3 deletions.
diff --git a/pom.xml b/pom.xml
@@ -48,7 +48,7 @@
         <dependency>
             <groupId>xyz.leuo</groupId>
             <artifactId>Gooey</artifactId>
-            <version>1.2.2</version>
+            <version>1.2.3</version>
         </dependency>
         <!-- MongoDB Driver -->
         <dependency>

diff --git a/src/main/java/io/github/punishmentsx/ConfigValues.java b/src/main/java/io/github/punishmentsx/ConfigValues.java
@@ -8,7 +8,6 @@ public enum ConfigValues {
     REDIS_CHANNEL("DATABASE.REDIS.CHANNEL"),
     MONGO_DATABASE("DATABASE.MONGO.DB"),
     MONGO_URI("DATABASE.MONGO.URI"),
-
     CONSOLE_NAME("GENERAL.CONSOLE_NAME");
 
     private String path;

diff --git a/src/main/java/io/github/punishmentsx/utils/PlayerUtil.java b/src/main/java/io/github/punishmentsx/utils/PlayerUtil.java
@@ -13,7 +13,12 @@ public static Profile findPlayer(PunishmentsX plugin, String target) {
         Profile targetProfile;
 
         if (targetPlayer == null) {
-            targetProfile = plugin.getProfileManager().find(target, false);
+            if (plugin.getConfig().getBoolean("GENERAL.ONLINE_MODE")) {
+                WebPlayer webPlayer = new WebPlayer(target);
+                targetProfile = plugin.getProfileManager().find(webPlayer.getUuid(), false);
+            } else {
+                targetProfile = plugin.getProfileManager().find(target, false);
+            }
         } else {
             targetProfile = plugin.getProfileManager().get(targetPlayer.getUniqueId());
         }

diff --git a/src/main/java/io/github/punishmentsx/utils/WebPlayer.java b/src/main/java/io/github/punishmentsx/utils/WebPlayer.java
@@ -0,0 +1,56 @@
+package io.github.punishmentsx.utils;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import lombok.Data;
+
+import javax.net.ssl.HttpsURLConnection;
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+import java.net.URL;
+import java.util.UUID;
+
+public @Data class WebPlayer {
+
+    private String name;
+    private UUID uuid;
+    private boolean valid;
+
+    public WebPlayer(String name) {
+        fromUrl("https://api.mojang.com/users/profiles/minecraft/" + name);
+    }
+
+    private void fromUrl(String s) {
+        try {
+
+            URL url = new URL(s);
+            HttpsURLConnection c = (HttpsURLConnection) url.openConnection();
+            c.setRequestMethod("GET");
+            c.setHostnameVerifier((hostname, session) -> true);
+            BufferedReader reader = new BufferedReader(new InputStreamReader(c.getInputStream()));
+
+            StringBuilder stringBuilder = new StringBuilder();
+            int cp;
+            while ((cp = reader.read()) != -1) {
+                stringBuilder.append((char) cp);
+            }
+
+            String jsonString = stringBuilder.toString();
+            JsonObject json = new JsonParser().parse(jsonString).getAsJsonObject();
+            if (json != null) {
+                this.uuid = UUID.fromString(json.get("id").getAsString().replaceFirst(
+                        "(\\p{XDigit}{8})(\\p{XDigit}{4})(\\p{XDigit}{4})(\\p{XDigit}{4})(\\p{XDigit}+)",
+                        "$1-$2-$3-$4-$5"
+                ));
+                this.name = json.get("name").getAsString();
+                this.valid = true;
+            } else {
+                this.name = null;
+                this.uuid = null;
+                this.valid = false;
+            }
+        } catch(Exception e) {
+            e.printStackTrace();
+        }
+    }
+}
diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml
@@ -36,6 +36,7 @@ DATABASE:
 
 GENERAL:
   SERVER_NAME: "Unspecified" # Example: lobby, kitpvp, factions, etc
+  ONLINE_MODE: true
   CONSOLE_NAME: "CONSOLE"
 
   # REGULAR Example: Tue May 31 23:13:07 GMT 2022