Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login response handler validation rework #54

Merged
merged 3 commits into from
Jan 25, 2025
Merged

Login response handler validation rework #54

merged 3 commits into from
Jan 25, 2025

Conversation

Z-Kris
Copy link
Contributor

@Z-Kris Z-Kris commented Jan 25, 2025

Changes the GameLoginResponseHandler#writeSuccessfulResponse function to return a non-nullable Session.

The old implementation performed certain checks in the writeSuccessfulResponse functions, which meant it could fail and return null. This however lead to some annoying server-side code, as servers had to allocate a slot in the world for the player, try to send it to the client, then continue on normally if it succeeded, and de-allocate if it failed.

The client type check has been migrated to occur during login block decoding - if it fails, the login block itself will not even be decoded (no RSA-decrypting etc), actually improving one potential attack vector.
The activity check has been removed as it happens in plenty of situations after it, and the connection limit has been migrated to its own function, meaning servers will have to implement it themselves now.

@Z-Kris Z-Kris merged commit e947e32 into master Jan 25, 2025
3 checks passed
@Z-Kris Z-Kris deleted the login-response-handler-validation-rework branch January 25, 2025 09:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Z-Kris