implement token verification

2025-12-13 15:34:38 +01:00 · 2022-08-04 10:51:31 +10:00
parent bf851b5c67
commit ed11b5ced9
3 changed files with 14 additions and 13 deletions
--- a/server/channelserver/handlers.go
+++ b/server/channelserver/handlers.go
@@ -135,20 +135,19 @@ func handleMsgSysTerminalLog(s *Session, p mhfpacket.MHFPacket) {
 func handleMsgSysLogin(s *Session, p mhfpacket.MHFPacket) {
 	pkt := p.(*mhfpacket.MsgSysLogin)

-	rights := uint32(0x0E)
-	// 0e with normal sub 4e when having premium
-	// 01 = Character can take quests at allows
-	// 02 = Hunter Life, normal quests core sub
-	// 03 = Extra Course, extra quests, town boxes, QOL course, core sub
-	// 06 = Premium Course, standard 'premium' which makes ranking etc. faster
-	// 06 0A 0B = Boost Course, just actually 3 subs combined
-	// 08 09 1E = N Course, gives you the benefits of being in a netcafe (extra quests, N Points, daily freebies etc.) minimal and pointless
-	// 0C = N Boost course, ultra luxury course that ruins the game if in use
-	err := s.server.db.QueryRow("SELECT rights FROM users u INNER JOIN characters c ON u.id = c.user_id WHERE c.id = $1", pkt.CharID0).Scan(&rights)
-	if err != nil {
-		panic(err)
+	if s.server.erupeConfig.DevMode && !s.server.erupeConfig.DevModeOptions.DisableTokenCheck {
+		var token string
+		err := s.server.db.QueryRow("SELECT token FROM sign_sessions WHERE token=$1", pkt.LoginTokenString).Scan(&token)
+		if err != nil {
+			s.rawConn.Close()
+			s.logger.Warn(fmt.Sprintf("Invalid login token, offending CID: (%d)", pkt.CharID0))
+			return
+		}
 	}

+	rights := uint32(0x0E)
+	s.server.db.QueryRow("SELECT rights FROM users u INNER JOIN characters c ON u.id = c.user_id WHERE c.id = $1", pkt.CharID0).Scan(&rights)
+
 	s.Lock()
 	s.charID = pkt.CharID0
 	s.rights = rights
@@ -157,7 +156,7 @@ func handleMsgSysLogin(s *Session, p mhfpacket.MHFPacket) {
 	bf := byteframe.NewByteFrame()
 	bf.WriteUint32(uint32(Time_Current_Adjusted().Unix())) // Unix timestamp

-	_, err = s.server.db.Exec("UPDATE servers SET current_players=$1 WHERE server_id=$2", len(s.server.sessions), s.server.ID)
+	_, err := s.server.db.Exec("UPDATE servers SET current_players=$1 WHERE server_id=$2", len(s.server.sessions), s.server.ID)
 	if err != nil {
 		panic(err)
 	}