TuxCoding/FastLogin
1
0
Fork 1
mirror of https://github.com/TuxCoding/FastLogin.git synced 2025-07-31 11:17:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow configuring SSL requirements for MySQL instances

Browse Source 
Fixes #433
This commit is contained in:
games647
2021-09-23 14:55:23 +02:00
parent 17ecb186a5
commit cd55441e4e
3 changed files with 31 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/src/main/java/com/github/games647/fastlogin/core/shared/FastLoginCore.java
View File

@ -211,6 +211,12 @@ public class FastLoginCore<P extends C, C, T extends PlatformPlugin<C>> {
int port = config.get("port", 3306); int port = config.get("port", 3306);
boolean useSSL = config.get("useSSL", false); boolean useSSL = config.get("useSSL", false);
if (useSSL) {
databaseConfig.addDataSourceProperty("allowPublicKeyRetrieval", config.getBoolean("allowPublicKeyRetrieval", false));
databaseConfig.addDataSourceProperty("serverRSAPublicKeyFile", config.getString("ServerRSAPublicKeyFile"));
databaseConfig.addDataSourceProperty("sslMode", config.getString("sslMode", "Required"));
}
databaseConfig.setUsername(config.get("username", "")); databaseConfig.setUsername(config.get("username", ""));
databaseConfig.setPassword(config.getString("password")); databaseConfig.setPassword(config.getString("password"));
storage = new MySQLStorage(this, host, port, database, databaseConfig, useSSL); storage = new MySQLStorage(this, host, port, database, databaseConfig, useSSL);

23
core/src/main/java/com/github/games647/fastlogin/core/storage/MySQLStorage.java
View File

@ -3,30 +3,35 @@ package com.github.games647.fastlogin.core.storage;
import com.github.games647.fastlogin.core.shared.FastLoginCore; import com.github.games647.fastlogin.core.shared.FastLoginCore;
import com.zaxxer.hikari.HikariConfig; import com.zaxxer.hikari.HikariConfig;
import java.util.Map;
public class MySQLStorage extends SQLStorage { public class MySQLStorage extends SQLStorage {
public MySQLStorage(FastLoginCore<?, ?, ?> core, String host, int port, String database, HikariConfig config, boolean useSSL) { public MySQLStorage(FastLoginCore<?, ?, ?> core, String host, int port, String database, HikariConfig config,
Map<String, Object> sslOptions) {
super(core, super(core,
"mysql://" + host + ':' + port + '/' + database, "mysql://" + host + ':' + port + '/' + database,
setParams(config, useSSL)); setParams(config, sslOptions));
} }
private static HikariConfig setParams(HikariConfig config, boolean useSSL) { private static HikariConfig setParams(HikariConfig config, Map<String, Object> sslOptions) {
boolean useSSL = (boolean) sslOptions.get("useSSL");
// Require SSL on the server if requested in config - this will also verify certificate // Require SSL on the server if requested in config - this will also verify certificate
// Those values are deprecated in favor of sslMode // Those values are deprecated in favor of sslMode
config.addDataSourceProperty("useSSL", useSSL); config.addDataSourceProperty("useSSL", useSSL);
config.addDataSourceProperty("requireSSL", useSSL); config.addDataSourceProperty("requireSSL", useSSL);
if (useSSL) {
// require encrypted if possible
config.addDataSourceProperty("sslMode", "VerifyFull");
}
// adding paranoid hides hostname, username, version and so // adding paranoid hides hostname, username, version and so
// could be useful for hiding server details // could be useful for hiding server details
config.addDataSourceProperty("paranoid", true); config.addDataSourceProperty("paranoid", true);
// enable MySQL specific optimizations // enable MySQL specific optimizations
addPerformanceProperties(config);
return config;
}
private static void addPerformanceProperties(HikariConfig config) {
// disabled by default - will return the same prepared statement instance // disabled by default - will return the same prepared statement instance
config.addDataSourceProperty("cachePrepStmts", true); config.addDataSourceProperty("cachePrepStmts", true);
// default prepStmtCacheSize 25 - amount of cached statements // default prepStmtCacheSize 25 - amount of cached statements
@ -55,7 +60,5 @@ public class MySQLStorage extends SQLStorage {
// performance gems presentation // performance gems presentation
// In our case it can be useful to see the time in error messages // In our case it can be useful to see the time in error messages
// config.addDataSourceProperty("maintainTimeStats", false); // config.addDataSourceProperty("maintainTimeStats", false);
return config;
} }
} }

14
core/src/main/resources/config.yml
View File

@ -264,9 +264,19 @@ database: '{pluginDir}/FastLogin.db'
#timeout: 30 #timeout: 30
#lifetime: 30 #lifetime: 30
# It's strongly recommended to enable SSL and setup a SSL certificate if the MySQL server isn't running on the same ## It's recommended to enable SSL if the MySQL server isn't running on the same host
# machine ## This will encrypt the connection for secure transportation of the sql server password
#useSSL: false #useSSL: false
## Verification requirements for the server cert,
## Values: Required (unchecked SSL connection), VerifyCA (verify CA), VerifyFull (verify CA and matching hostname)
#sslMode=Required
## TLS is preferred for this technique, then your host stored certificate store will be used to verify the server cert
## Similar to HTTPS. If that's not possible RSA can be used with the following options.
## This allows to request the public RSA key from the server to encrypt the data to it. True would allow machine-in-the-
## middle attacks.
#allowPublicKeyRetrieval=false
## Path to the RSA public key if key retrieval is forbidden
#ServerRSAPublicKeyFile=
# HTTP proxies for connecting to the Mojang servers in order to check if the username of a player is premium. # HTTP proxies for connecting to the Mojang servers in order to check if the username of a player is premium.
# This is a workaround to prevent rate-limiting by Mojang. These proxies will only be used once your server hit # This is a workaround to prevent rate-limiting by Mojang. These proxies will only be used once your server hit