From d2eea67f6724649613f29d6385c1418b45ccf560 Mon Sep 17 00:00:00 2001 From: Seth <13510767+ZeroEpoch1969@users.noreply.github.com> Date: Sun, 7 Jan 2018 12:33:58 -0700 Subject: [PATCH] Security & improvement update (#19) --- .../totalfreedommod/LoginProcess.java | 27 ++++---- .../totalfreedommod/Monitors.java | 12 ++-- .../blocking/EventBlocker.java | 2 +- .../blocking/PotionBlocker.java | 66 ++++++++++++++----- .../command/Command_adminmode.java | 6 +- .../command/Command_aeclear.java | 36 ++++++++++ .../command/Command_saconfig.java | 3 + .../command/Command_vanish.java | 4 +- .../command/Command_verify.java | 1 + .../totalfreedommod/rank/RankManager.java | 35 +++++++--- .../totalfreedommod/util/FUtil.java | 2 +- 11 files changed, 142 insertions(+), 52 deletions(-) create mode 100644 src/main/java/me/totalfreedom/totalfreedommod/command/Command_aeclear.java diff --git a/src/main/java/me/totalfreedom/totalfreedommod/LoginProcess.java b/src/main/java/me/totalfreedom/totalfreedommod/LoginProcess.java index 67469bdf..34400234 100644 --- a/src/main/java/me/totalfreedom/totalfreedommod/LoginProcess.java +++ b/src/main/java/me/totalfreedom/totalfreedommod/LoginProcess.java @@ -6,6 +6,7 @@ import lombok.Setter; import me.totalfreedom.totalfreedommod.config.ConfigEntry; import me.totalfreedom.totalfreedommod.util.FSync; import me.totalfreedom.totalfreedommod.util.FUtil; +import me.totalfreedom.totalfreedommod.command.Command_vanish; import org.bukkit.ChatColor; import org.bukkit.entity.Player; import org.bukkit.event.EventHandler; @@ -110,11 +111,10 @@ public class LoginProcess extends FreedomService } // Check if player is admin - // Not safe to use TFM_Util.isSuperAdmin(player) because player.getAddress() will return a null until after player login. final boolean isAdmin = plugin.al.getEntryByIp(ip) != null; // Validation below this point - if (isAdmin) // Player is superadmin + if (isAdmin) // Player is admin { // Force-allow log in event.allow(); @@ -168,15 +168,15 @@ public class LoginProcess extends FreedomService return; } -// // Whitelist -// if (plugin.si.isWhitelisted()) -// { -// if (!plugin.si.getWhitelisted().contains(username.toLowerCase())) -// { -// event.disallow(PlayerLoginEvent.Result.KICK_OTHER, "You are not whitelisted on this server."); -// return; -// } -// } + // Whitelist + if (plugin.si.isWhitelisted()) + { + if (!plugin.si.getWhitelisted().contains(username.toLowerCase())) + { + event.disallow(PlayerLoginEvent.Result.KICK_OTHER, "You are not whitelisted on this server."); + return; + } + } } @EventHandler(priority = EventPriority.MONITOR) @@ -184,6 +184,11 @@ public class LoginProcess extends FreedomService { final Player player = event.getPlayer(); + for (Player p : Command_vanish.VANISHED) + { + player.hidePlayer(p); + } + new BukkitRunnable() { @Override diff --git a/src/main/java/me/totalfreedom/totalfreedommod/Monitors.java b/src/main/java/me/totalfreedom/totalfreedommod/Monitors.java index b648a56b..df58a611 100644 --- a/src/main/java/me/totalfreedom/totalfreedommod/Monitors.java +++ b/src/main/java/me/totalfreedom/totalfreedommod/Monitors.java @@ -2,6 +2,7 @@ package me.totalfreedom.totalfreedommod; import java.text.DecimalFormat; import me.totalfreedom.totalfreedommod.util.FUtil; +import org.bukkit.ChatColor; import org.bukkit.Location; import org.bukkit.Material; import org.bukkit.entity.Player; @@ -15,6 +16,7 @@ public class Monitors extends FreedomService { private final DecimalFormat decimalFormat = new DecimalFormat("#"); + private String potionSpyPrefix = ChatColor.DARK_GRAY + "[" + ChatColor.YELLOW + "PotionSpy" + ChatColor.DARK_GRAY + "] "; public Monitors(TotalFreedomMod plugin) { @@ -33,10 +35,10 @@ public class Monitors extends FreedomService public String getMaterial(final int id) { - return String.valueOf(Material.getMaterial(id)); + return String.valueOf(Material.getMaterial(id)).replace("_", " ").toLowerCase(); } - @EventHandler(priority = EventPriority.LOW) + @EventHandler(priority = EventPriority.MONITOR) public void onLingeringPotionSplash(LingeringPotionSplashEvent event) { ProjectileSource source = event.getEntity().getShooter(); @@ -58,12 +60,12 @@ public class Monitors extends FreedomService { if (plugin.al.isAdmin(p) && plugin.pl.getPlayer(p).isPotionMonitorEnabled()) { - FUtil.playerMsg(p, player.getName() + " splashed " + event.getEntity().getItem().getAmount() + " " + getMaterial(droppedItem) + " at [" + decimalFormat.format(location.getX()) + ", " + decimalFormat.format(location.getY()) + ", " + decimalFormat.format(location.getZ()) + "] in the world '" + location.getWorld().getName() + "'."); + FUtil.playerMsg(p, potionSpyPrefix + ChatColor.WHITE + player.getName() + " splashed " + event.getEntity().getItem().getAmount() + " " + getMaterial(droppedItem) + " at X: " + decimalFormat.format(location.getX()) + ", Y: " + decimalFormat.format(location.getY()) + ", Z: " + decimalFormat.format(location.getZ()) + ", in the world '" + location.getWorld().getName() + "'."); } } } - @EventHandler(priority = EventPriority.LOW) + @EventHandler(priority = EventPriority.MONITOR) public void onPotionSplash(PotionSplashEvent event) { ProjectileSource source = event.getEntity().getShooter(); @@ -85,7 +87,7 @@ public class Monitors extends FreedomService { if (plugin.al.isAdmin(p) && plugin.pl.getPlayer(p).isPotionMonitorEnabled()) { - FUtil.playerMsg(p, player.getName() + " splashed " + event.getPotion().getItem().getAmount() + " " + getMaterial(droppedItem) + " at [" + decimalFormat.format(location.getX()) + ", " + decimalFormat.format(location.getY()) + ", " + decimalFormat.format(location.getZ()) + "] in the world '" + location.getWorld().getName() + "'."); + FUtil.playerMsg(p, potionSpyPrefix + ChatColor.WHITE + player.getName() + " splashed " + event.getEntity().getItem().getAmount() + " " + getMaterial(droppedItem) + " at X: " + decimalFormat.format(location.getX()) + ", Y: " + decimalFormat.format(location.getY()) + ", Z: " + decimalFormat.format(location.getZ()) + ", in the world '" + location.getWorld().getName() + "'."); } } } diff --git a/src/main/java/me/totalfreedom/totalfreedommod/blocking/EventBlocker.java b/src/main/java/me/totalfreedom/totalfreedommod/blocking/EventBlocker.java index e422ed93..775d0320 100644 --- a/src/main/java/me/totalfreedom/totalfreedommod/blocking/EventBlocker.java +++ b/src/main/java/me/totalfreedom/totalfreedommod/blocking/EventBlocker.java @@ -3,6 +3,7 @@ package me.totalfreedom.totalfreedommod.blocking; import me.totalfreedom.totalfreedommod.FreedomService; import me.totalfreedom.totalfreedommod.TotalFreedomMod; import me.totalfreedom.totalfreedommod.config.ConfigEntry; +import me.totalfreedom.totalfreedommod.util.FUtil; import org.bukkit.entity.Entity; import org.bukkit.entity.EntityType; import org.bukkit.entity.Projectile; @@ -22,7 +23,6 @@ import org.bukkit.event.entity.EntityDeathEvent; import org.bukkit.event.entity.EntityExplodeEvent; import org.bukkit.event.entity.ExplosionPrimeEvent; import org.bukkit.event.entity.FireworkExplodeEvent; -import org.bukkit.event.entity.ProjectileHitEvent; import org.bukkit.event.player.PlayerDropItemEvent; public class EventBlocker extends FreedomService diff --git a/src/main/java/me/totalfreedom/totalfreedommod/blocking/PotionBlocker.java b/src/main/java/me/totalfreedom/totalfreedommod/blocking/PotionBlocker.java index 3cd84e4b..8562e36e 100644 --- a/src/main/java/me/totalfreedom/totalfreedommod/blocking/PotionBlocker.java +++ b/src/main/java/me/totalfreedom/totalfreedommod/blocking/PotionBlocker.java @@ -3,11 +3,17 @@ package me.totalfreedom.totalfreedommod.blocking; import me.totalfreedom.totalfreedommod.FreedomService; import me.totalfreedom.totalfreedommod.TotalFreedomMod; import org.bukkit.ChatColor; +import org.bukkit.entity.LingeringPotion; +import org.bukkit.entity.ThrownPotion; import org.bukkit.entity.Player; import org.bukkit.event.EventHandler; import org.bukkit.event.EventPriority; import org.bukkit.event.entity.PotionSplashEvent; +import org.bukkit.event.entity.LingeringPotionSplashEvent; +import org.bukkit.potion.PotionEffect; +import org.bukkit.potion.PotionEffectType; import org.bukkit.projectiles.ProjectileSource; +import java.util.Collection; public class PotionBlocker extends FreedomService { @@ -32,31 +38,55 @@ public class PotionBlocker extends FreedomService @EventHandler(priority = EventPriority.LOW, ignoreCancelled = true) public void onThrowPotion(PotionSplashEvent event) { - ProjectileSource source = event.getEntity().getShooter(); - - if (!(source instanceof Player)) + ThrownPotion potion = event.getEntity(); + ProjectileSource projectileSource = potion.getShooter(); + Player player = null; + if (projectileSource instanceof Player) { - event.setCancelled(true); - return; + player = (Player)projectileSource; } - Player thrower = (Player) source; - - if (plugin.al.isAdmin(thrower)) + if (isDeathPotion(potion.getEffects())) { - return; - } - - for (Player player : thrower.getWorld().getPlayers()) - { - if (thrower.getLocation().distanceSquared(player.getLocation()) < POTION_BLOCK_RADIUS_SQUARED) + if (player != null) { - thrower.sendMessage(ChatColor.RED + "You cannot use splash potions close to other players."); - event.setCancelled(true); - return; + player.sendMessage(ChatColor.RED + "You are not allowed to use death potions."); + } + event.setCancelled(true); + } + } + + @EventHandler(priority = EventPriority.LOW, ignoreCancelled = true) + public void onThrowLingeringPotion(LingeringPotionSplashEvent event) + { + LingeringPotion potion = event.getEntity(); + ProjectileSource projectileSource = potion.getShooter(); + Player player = null; + if (projectileSource instanceof Player) + { + player = (Player)projectileSource; + } + + if (isDeathPotion(potion.getEffects())) + { + if (player != null) + { + player.sendMessage(ChatColor.RED + "You are not allowed to use death potions."); + } + event.setCancelled(true); + } + } + + public boolean isDeathPotion(Collection effects) + { + for (PotionEffect effect : effects) + { + if (effect.getType().equals(PotionEffectType.HEAL) && effect.getAmplifier() == 125) + { + return true; } } - + return false; } } diff --git a/src/main/java/me/totalfreedom/totalfreedommod/command/Command_adminmode.java b/src/main/java/me/totalfreedom/totalfreedommod/command/Command_adminmode.java index 173e7f19..d8e6c950 100644 --- a/src/main/java/me/totalfreedom/totalfreedommod/command/Command_adminmode.java +++ b/src/main/java/me/totalfreedom/totalfreedommod/command/Command_adminmode.java @@ -8,7 +8,7 @@ import org.bukkit.command.CommandSender; import org.bukkit.entity.Player; @CommandPermissions(level = Rank.SUPER_ADMIN, source = SourceType.ONLY_CONSOLE, blockHostConsole = true) -@CommandParameters(description = "Close server to non-superadmins.", usage = "/ [on | off]") +@CommandParameters(description = "Close server to non-admins.", usage = "/ [on | off]") public class Command_adminmode extends FreedomCommand { @@ -29,12 +29,12 @@ public class Command_adminmode extends FreedomCommand else if (args[0].equalsIgnoreCase("on")) { ConfigEntry.ADMIN_ONLY_MODE.setBoolean(true); - FUtil.adminAction(sender.getName(), "Closing the server to non-superadmins.", true); + FUtil.adminAction(sender.getName(), "Closing the server to non-admins.", true); for (Player player : server.getOnlinePlayers()) { if (!isAdmin(player)) { - player.kickPlayer("Server is now closed to non-superadmins."); + player.kickPlayer("Server is now closed to non-admins."); } } return true; diff --git a/src/main/java/me/totalfreedom/totalfreedommod/command/Command_aeclear.java b/src/main/java/me/totalfreedom/totalfreedommod/command/Command_aeclear.java new file mode 100644 index 00000000..55bcbf12 --- /dev/null +++ b/src/main/java/me/totalfreedom/totalfreedommod/command/Command_aeclear.java @@ -0,0 +1,36 @@ +package me.totalfreedom.totalfreedommod.command; + +import me.totalfreedom.totalfreedommod.rank.Rank; +import me.totalfreedom.totalfreedommod.util.FUtil; +import org.bukkit.World; +import org.bukkit.command.Command; +import org.bukkit.command.CommandSender; +import org.bukkit.entity.Player; +import org.bukkit.entity.Entity; +import org.bukkit.entity.AreaEffectCloud; + +@CommandPermissions(level = Rank.SUPER_ADMIN, source = SourceType.BOTH) +@CommandParameters(description = "Clears lingering potion area effect clouds.", usage = "/", aliases="aec") +public class Command_aeclear extends FreedomCommand +{ + + @Override + public boolean run(CommandSender sender, Player playerSender, Command cmd, String commandLabel, String[] args, boolean senderIsConsole) + { + FUtil.adminAction(sender.getName(), "Removing all area effect clouds.", true); + int removed = 0; + for (World world : server.getWorlds()) + { + for (Entity entity : world.getEntities()) + { + if (entity instanceof AreaEffectCloud) + { + entity.remove(); + removed++; + } + } + } + msg(removed + " area effect clouds removed."); + return true; + } +} diff --git a/src/main/java/me/totalfreedom/totalfreedommod/command/Command_saconfig.java b/src/main/java/me/totalfreedom/totalfreedommod/command/Command_saconfig.java index aadafb33..9022e106 100644 --- a/src/main/java/me/totalfreedom/totalfreedommod/command/Command_saconfig.java +++ b/src/main/java/me/totalfreedom/totalfreedommod/command/Command_saconfig.java @@ -174,6 +174,7 @@ public class Command_saconfig extends FreedomCommand FUtil.adminAction(sender.getName(), "Adding " + player.getName() + " to the admin list", true); plugin.al.addAdmin(new Admin(player)); + plugin.rm.updateDisplay(player); } else // Existing admin { @@ -190,6 +191,7 @@ public class Command_saconfig extends FreedomCommand plugin.al.save(); plugin.al.updateTables(); + plugin.rm.updateDisplay(player); } if (player != null) @@ -228,6 +230,7 @@ public class Command_saconfig extends FreedomCommand admin.setActive(false); plugin.al.save(); plugin.al.updateTables(); + plugin.rm.updateDisplay(player); return true; } diff --git a/src/main/java/me/totalfreedom/totalfreedommod/command/Command_vanish.java b/src/main/java/me/totalfreedom/totalfreedommod/command/Command_vanish.java index 2dbcc8da..cf0ef574 100644 --- a/src/main/java/me/totalfreedom/totalfreedommod/command/Command_vanish.java +++ b/src/main/java/me/totalfreedom/totalfreedommod/command/Command_vanish.java @@ -1,6 +1,5 @@ package me.totalfreedom.totalfreedommod.command; -import java.util.Iterator; import me.totalfreedom.totalfreedommod.admin.Admin; import me.totalfreedom.totalfreedommod.rank.Displayable; import org.bukkit.potion.PotionEffect; @@ -9,7 +8,6 @@ import org.bukkit.potion.PotionEffectType; import me.totalfreedom.totalfreedommod.util.FLog; import me.totalfreedom.totalfreedommod.util.FUtil; import org.bukkit.ChatColor; -import me.totalfreedom.totalfreedommod.TotalFreedomMod; import org.bukkit.command.Command; import org.bukkit.command.CommandSender; import org.bukkit.entity.Player; @@ -57,7 +55,7 @@ public class Command_vanish extends FreedomCommand player.hidePlayer(playerSender); } plugin.esb.setVanished(playerSender.getName(), true); - playerSender.addPotionEffect(new PotionEffect(PotionEffectType.INVISIBILITY, 1000000, 1000000, true, false)); + playerSender.addPotionEffect(new PotionEffect(PotionEffectType.INVISIBILITY, 1000000, 1, false, true)); VANISHED.add(playerSender); } return true; diff --git a/src/main/java/me/totalfreedom/totalfreedommod/command/Command_verify.java b/src/main/java/me/totalfreedom/totalfreedommod/command/Command_verify.java index 317a9129..0d8ddcf4 100644 --- a/src/main/java/me/totalfreedom/totalfreedommod/command/Command_verify.java +++ b/src/main/java/me/totalfreedom/totalfreedommod/command/Command_verify.java @@ -75,6 +75,7 @@ public class Command_verify extends FreedomCommand admin.setLastLogin(new Date()); plugin.al.save(); plugin.al.updateTables(); + plugin.rm.updateDisplay(playerSender); final FPlayer fPlayer = plugin.pl.getPlayer(playerSender); if (fPlayer.getFreezeData().isFrozen()) { diff --git a/src/main/java/me/totalfreedom/totalfreedommod/rank/RankManager.java b/src/main/java/me/totalfreedom/totalfreedommod/rank/RankManager.java index 288d2504..d9700080 100644 --- a/src/main/java/me/totalfreedom/totalfreedommod/rank/RankManager.java +++ b/src/main/java/me/totalfreedom/totalfreedommod/rank/RankManager.java @@ -55,21 +55,13 @@ public class RankManager extends FreedomService return Title.DEVELOPER; } - final Rank rank = getRank(player); - - // Non-admins don't have titles, display actual rank - if (!rank.isAdmin()) - { - return rank; - } - // If the player's an owner, display that if (ConfigEntry.SERVER_OWNERS.getList().contains(player.getName())) { return Title.OWNER; } - return rank; + return getRank(player); } public Rank getRank(CommandSender sender) @@ -120,6 +112,26 @@ public class RankManager extends FreedomService return player.isOp() ? Rank.OP : Rank.NON_OP; } + public void updateDisplay(Player player) + { + FPlayer fPlayer = plugin.pl.getPlayer(player); + if (plugin.al.isAdmin(player)) + { + Displayable display = getDisplay(player); + if (fPlayer.getTag() == null) + { + fPlayer.setTag(display.getColoredTag()); + } + String displayName = display.getColor() + player.getName(); + player.setPlayerListName(StringUtils.substring(displayName, 0, 16)); + } + else + { + fPlayer.setTag(null); + player.setPlayerListName(null); + } + } + @EventHandler(priority = EventPriority.MONITOR) public void onPlayerJoin(PlayerJoinEvent event) { @@ -145,10 +157,13 @@ public class RankManager extends FreedomService } // Handle impostors - if (plugin.al.isAdminImpostor(player)) + Boolean isImposter = plugin.al.isAdminImpostor(player); + if (isImposter) { FUtil.bcastMsg(ChatColor.AQUA + player.getName() + " is " + Rank.IMPOSTOR.getColoredLoginMessage()); FUtil.bcastMsg("Warning: " + player.getName() + " has been flagged as an impostor and has been frozen!", ChatColor.RED); + String displayName = Rank.IMPOSTOR.getColor() + player.getName(); + player.setPlayerListName(StringUtils.substring(displayName, 0, 16)); player.getInventory().clear(); player.setOp(false); player.setGameMode(GameMode.SURVIVAL); diff --git a/src/main/java/me/totalfreedom/totalfreedommod/util/FUtil.java b/src/main/java/me/totalfreedom/totalfreedommod/util/FUtil.java index 22e14b70..424f986e 100644 --- a/src/main/java/me/totalfreedom/totalfreedommod/util/FUtil.java +++ b/src/main/java/me/totalfreedom/totalfreedommod/util/FUtil.java @@ -37,7 +37,7 @@ public class FUtil // public static final String SAVED_FLAGS_FILENAME = "savedflags.dat"; // See https://github.com/TotalFreedom/License - None of the listed names may be removed. - public static final List DEVELOPERS = Arrays.asList("Madgeek1450", "Prozza", "WickedGamingUK", "aggelosQQ", "OxLemonxO", "Commodore64x", "Wild1145", "marcocorriero"); + public static final List DEVELOPERS = Arrays.asList("Madgeek1450", "Prozza", "WickedGamingUK", "aggelosQQ", "OxLemonxO", "Commodore64x", "Wild1145"); public static String DATE_STORAGE_FORMAT = "EEE, d MMM yyyy HH:mm:ss Z"; public static final Map CHAT_COLOR_NAMES = new HashMap<>(); public static final List CHAT_COLOR_POOL = Arrays.asList(