Make session key creation actually unique

2025-12-13 05:44:36 +01:00 · 2023-11-23 18:10:31 -08:00
parent fed64f48d3
commit 502323a1c7
2 changed files with 20 additions and 7 deletions
--- a/src/main/java/emu/lunarcore/game/account/Account.java
+++ b/src/main/java/emu/lunarcore/game/account/Account.java
@@ -4,11 +4,12 @@ import java.util.*;
 import java.util.stream.Stream;

 import dev.morphia.annotations.*;
+
 import emu.lunarcore.LunarCore;
 import emu.lunarcore.database.AccountDatabaseOnly;
 import emu.lunarcore.util.Crypto;
 import emu.lunarcore.util.Snowflake32;
-import emu.lunarcore.util.Utils;
+
 import lombok.Getter;

@Getter
@@ -137,13 +138,13 @@ public class Account {
    // Tokens

    public String generateComboToken() {
-        this.comboToken = Utils.bytesToHex(Crypto.createSessionKey(32)); // TODO make unique
+        this.comboToken = Crypto.createSessionKey(this.getUid());
        this.save();
        return this.comboToken;
    }

    public String generateDispatchToken() {
-        this.dispatchToken = Utils.bytesToHex(Crypto.createSessionKey(32)); // TODO make unique
+        this.dispatchToken = Crypto.createSessionKey(this.getUid());
        this.save();
        return this.dispatchToken;
    }
--- a/src/main/java/emu/lunarcore/util/Crypto.java
+++ b/src/main/java/emu/lunarcore/util/Crypto.java
@@ -1,6 +1,8 @@
 package emu.lunarcore.util;

+import java.security.MessageDigest;
 import java.security.SecureRandom;
+import java.util.Base64;

 import emu.lunarcore.LunarCore;

@@ -17,9 +19,19 @@ public final class Crypto {
        }
    }

-    public static byte[] createSessionKey(int length) {
-        byte[] bytes = new byte[length];
-        secureRandom.nextBytes(bytes);
-        return bytes;
+    // Simple way to create a unique session key
+    public static String createSessionKey(String accountUid) {
+        byte[] random = new byte[64];
+        secureRandom.nextBytes(random);
+        
+        String temp = accountUid + "." + System.currentTimeMillis() + "." + secureRandom.toString();
+        
+        try {
+            MessageDigest md = MessageDigest.getInstance("SHA-512");
+            byte[] bytes = md.digest(temp.getBytes());
+            return Base64.getEncoder().encodeToString(bytes);
+        } catch (Exception e) {
+            return Base64.getEncoder().encodeToString(temp.getBytes());
+        }
    }
 }