Fixed NPE on invalid sessions + Improved security for premium logins

2026-01-31 02:19:28 +01:00 · 2015-11-04 19:41:47 +01:00
parent fa46dc690b
commit 834818bb7a
8 changed files with 45 additions and 25 deletions
--- a/src/main/java/com/github/games647/fastlogin/PlayerSession.java
+++ b/src/main/java/com/github/games647/fastlogin/PlayerSession.java
@@ -7,15 +7,30 @@ package com.github.games647.fastlogin;
 */
 public class PlayerSession {

-    private final byte[] verifyToken;
    private final String username;
+    private final String serverId;
+    private final byte[] verifyToken;
    private boolean verified;

-    public PlayerSession(byte[] verifyToken, String username) {
+    public PlayerSession(String username, String serverId, byte[] verifyToken) {
        this.username = username;
+        this.serverId = serverId;
        this.verifyToken = verifyToken;
    }

+    /**
+     * Gets the random generated server id. This makes sure the request
+     * sent from the client is just for this server.
+     *
+     * See this for details
+     * http://www.sk89q.com/2011/09/minecraft-name-spoofing-exploit/
+     *
+     * @return random generated server id
+     */
+    public String getServerId() {
+        return serverId;
+    }
+
    /**
     * Gets the verify token the server sent to the client.
     *