From 06a1bf887cc046873a57011e2a0ea8f9208dfe76 Mon Sep 17 00:00:00 2001 From: Nobody <17956512+n0bodysec@users.noreply.github.com> Date: Mon, 10 Jul 2023 08:41:57 -0300 Subject: [PATCH 01/10] fix: server crash exploit --- src/handlers/GameHandler.js | 49 ++++++++++++++++++-------------- src/plugin/plugins/game/Join.js | 4 +++ src/plugin/plugins/game/Table.js | 5 ++++ 3 files changed, 36 insertions(+), 22 deletions(-) diff --git a/src/handlers/GameHandler.js b/src/handlers/GameHandler.js index 6c37b5f..03e869c 100644 --- a/src/handlers/GameHandler.js +++ b/src/handlers/GameHandler.js @@ -55,35 +55,40 @@ export default class GameHandler extends BaseHandler { } close(user) { - if (!user) { - return - } + try { + if (!user) { + return + } - if (!user.authenticated) { - return this.closeAndUpdatePopulation(user) - } + if (!user.authenticated) { + return this.closeAndUpdatePopulation(user) + } - if (user.room) { - user.room.remove(user) - } + if (user.room) { + user.room.remove(user) + } - if (user.buddies) { - user.buddies.sendOffline() - } + if (user.buddies) { + user.buddies.sendOffline() + } - if (user.minigameRoom) { - user.minigameRoom.remove(user) - } + if (user.minigameRoom) { + user.minigameRoom.remove(user) + } - if (user.id && user.id in this.usersById) { - delete this.usersById[user.id] - } + if (user.id && user.id in this.usersById) { + delete this.usersById[user.id] + } - if (user.id) { - this.openIgloos.remove(user) - } + if (user.id) { + this.openIgloos.remove(user) + } - this.closeAndUpdatePopulation(user) + this.closeAndUpdatePopulation(user) + } + catch (error) { + this.error(error) + } } get joined() { diff --git a/src/plugin/plugins/game/Join.js b/src/plugin/plugins/game/Join.js index 7f76208..e4c7642 100644 --- a/src/plugin/plugins/game/Join.js +++ b/src/plugin/plugins/game/Join.js @@ -49,6 +49,10 @@ export default class Join extends GamePlugin { } joinRoom(args, user) { + if (!isNumber(args.room)) { + return + } + user.joinRoom(this.rooms[args.room], args.x, args.y) } diff --git a/src/plugin/plugins/game/Table.js b/src/plugin/plugins/game/Table.js index 5fa58ca..fc683d7 100644 --- a/src/plugin/plugins/game/Table.js +++ b/src/plugin/plugins/game/Table.js @@ -1,5 +1,6 @@ import GamePlugin from '@plugin/GamePlugin' +import { isNumber } from '@utils/validation' export default class Table extends GamePlugin { @@ -24,6 +25,10 @@ export default class Table extends GamePlugin { } joinTable(args, user) { + if (!isNumber(args.table)) { + return + } + let table = user.room.tables[args.table] user.joinTable(table) From 105ebc06c60dbbd4093f15e062a11bac800f9ca3 Mon Sep 17 00:00:00 2001 From: wizguin <16276645+wizguin@users.noreply.github.com> Date: Sun, 29 Oct 2023 20:34:57 +0000 Subject: [PATCH 02/10] typo --- src/objects/room/matchmaker/MatchmakerFactory.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/objects/room/matchmaker/MatchmakerFactory.js b/src/objects/room/matchmaker/MatchmakerFactory.js index 99f9fbf..3f9d2dd 100644 --- a/src/objects/room/matchmaker/MatchmakerFactory.js +++ b/src/objects/room/matchmaker/MatchmakerFactory.js @@ -1,7 +1,7 @@ import CardMatchmaker from './CardMatchmaker' -export default class TableFactory { +export default class MatchmakerFactory { static types = { 'card': CardMatchmaker From d35e57845bf748e9cf31ecd57bfea97ea58eb6c9 Mon Sep 17 00:00:00 2001 From: wizguin <16276645+wizguin@users.noreply.github.com> Date: Sun, 29 Oct 2023 20:37:00 +0000 Subject: [PATCH 03/10] Add Puck plugin --- src/plugin/plugins/game/Puck.js | 44 +++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 src/plugin/plugins/game/Puck.js diff --git a/src/plugin/plugins/game/Puck.js b/src/plugin/plugins/game/Puck.js new file mode 100644 index 0000000..37f392e --- /dev/null +++ b/src/plugin/plugins/game/Puck.js @@ -0,0 +1,44 @@ +import GamePlugin from '@plugin/GamePlugin' + +import { hasProps, isNumber } from '@utils/validation' + + +export default class Puck extends GamePlugin { + + constructor(handler) { + super(handler) + + this.events = { + 'get_puck': this.getPuck, + 'move_puck': this.movePuck + } + + this.rinkRoomId = 802 + + this.puckX = 0 + this.puckY = 0 + } + + getPuck(args, user) { + if (user.room.id !== this.rinkRoomId) return + + user.send('get_puck', { x: this.puckX, y: this.puckY }) + } + + movePuck(args, user) { + if (user.room.id !== this.rinkRoomId) return + + if (!hasProps(args, 'x', 'y', 'speedX', 'speedY')) return + + if (!isNumber(args.x)) return + if (!isNumber(args.y)) return + if (!isNumber(args.speedX)) return + if (!isNumber(args.speedY)) return + + this.puckX = args.x + this.puckY = args.y + + user.room.send(user, 'move_puck', { x: args.x, y: args.y, speedX: args.speedX, speedY: args.speedY }) + } + +} From bff736a7ae0022101b1f84a1c8d105526cc12fe7 Mon Sep 17 00:00:00 2001 From: wizguin <16276645+wizguin@users.noreply.github.com> Date: Fri, 3 Nov 2023 22:49:38 +0000 Subject: [PATCH 04/10] Add defaults to BaseInstance --- src/objects/instance/BaseInstance.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/objects/instance/BaseInstance.js b/src/objects/instance/BaseInstance.js index 2243c8b..e61ac9a 100644 --- a/src/objects/instance/BaseInstance.js +++ b/src/objects/instance/BaseInstance.js @@ -6,6 +6,11 @@ export default class BaseInstance { // Don't start until all users are ready this.ready = [] + // Game room ID + this.id = null + + this.started = false + this.handleStartGame = this.handleStartGame.bind(this) } From e207af7a64ded205bc82a98227f330826d9ba456 Mon Sep 17 00:00:00 2001 From: wizguin <16276645+wizguin@users.noreply.github.com> Date: Fri, 3 Nov 2023 22:53:14 +0000 Subject: [PATCH 05/10] Reimplement SledInstance --- src/objects/instance/InstanceFactory.js | 4 ++- src/objects/instance/sled/SledInstance.js | 43 +++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 src/objects/instance/sled/SledInstance.js diff --git a/src/objects/instance/InstanceFactory.js b/src/objects/instance/InstanceFactory.js index 860ea4f..fe63931 100644 --- a/src/objects/instance/InstanceFactory.js +++ b/src/objects/instance/InstanceFactory.js @@ -1,10 +1,12 @@ import CardInstance from './card/CardInstance' +import SledInstance from './sled/SledInstance' export default class InstanceFactory { static types = { - 'card': CardInstance + 'card': CardInstance, + 'sled': SledInstance } static createInstance(waddle) { diff --git a/src/objects/instance/sled/SledInstance.js b/src/objects/instance/sled/SledInstance.js new file mode 100644 index 0000000..2ae514d --- /dev/null +++ b/src/objects/instance/sled/SledInstance.js @@ -0,0 +1,43 @@ +import BaseInstance from '../BaseInstance' + + +export default class SledInstance extends BaseInstance { + + constructor(waddle) { + super(waddle) + + this.id = 999 + } + + addListeners(user) { + //user.events.on('send_move', this.handleSendMove) + + super.addListeners(user) + } + + removeListeners(user) { + //user.events.off('send_move', this.handleSendMove) + + super.removeListeners(user) + } + + start() { + const users = this.users.map(user => { + return { + username: user.username, + color: user.color, + hand: user.hand + } + }) + + this.send('start_game', { users: users }) + + super.start() + } + + // Uncomment event in addListeners when updating all minigame events to new system + sendMove(args, user) { + this.send('send_move', { id: args.id, x: args.x, y: args.y }, user) + } + +} From 25c403dff183038a6c8dc9548a3e8205afd71096 Mon Sep 17 00:00:00 2001 From: wizguin <16276645+wizguin@users.noreply.github.com> Date: Sun, 5 Nov 2023 23:27:25 +0000 Subject: [PATCH 06/10] Move handleLeaveGame to BaseInstance --- src/objects/instance/BaseInstance.js | 7 +++++++ src/objects/instance/card/CardInstance.js | 7 ------- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/objects/instance/BaseInstance.js b/src/objects/instance/BaseInstance.js index e61ac9a..db4a265 100644 --- a/src/objects/instance/BaseInstance.js +++ b/src/objects/instance/BaseInstance.js @@ -12,6 +12,7 @@ export default class BaseInstance { this.started = false this.handleStartGame = this.handleStartGame.bind(this) + this.handleLeaveGame = this.handleLeaveGame.bind(this) } init() { @@ -26,10 +27,12 @@ export default class BaseInstance { addListeners(user) { user.events.on('start_game', this.handleStartGame) + user.events.on('leave_game', this.handleLeaveGame) } removeListeners(user) { user.events.off('start_game', this.handleStartGame) + user.events.off('leave_game', this.handleLeaveGame) } handleStartGame(args, user) { @@ -40,6 +43,10 @@ export default class BaseInstance { } } + handleLeaveGame(args, user) { + this.remove(user) + } + checkStart() { // Compare with non null values in case user disconnects if (this.ready.length == this.users.length) { diff --git a/src/objects/instance/card/CardInstance.js b/src/objects/instance/card/CardInstance.js index 2d1ec5a..c01d74e 100644 --- a/src/objects/instance/card/CardInstance.js +++ b/src/objects/instance/card/CardInstance.js @@ -25,7 +25,6 @@ export default class CardInstance extends BaseInstance { this.handleSendDeal = this.handleSendDeal.bind(this) this.handlePickCard = this.handlePickCard.bind(this) - this.handleLeaveGame = this.handleLeaveGame.bind(this) } init() { @@ -45,7 +44,6 @@ export default class CardInstance extends BaseInstance { addListeners(user) { user.events.on('send_deal', this.handleSendDeal) user.events.on('pick_card', this.handlePickCard) - user.events.on('leave_game', this.handleLeaveGame) super.addListeners(user) } @@ -53,7 +51,6 @@ export default class CardInstance extends BaseInstance { removeListeners(user) { user.events.off('send_deal', this.handleSendDeal) user.events.off('pick_card', this.handlePickCard) - user.events.off('leave_game', this.handleLeaveGame) super.removeListeners(user) } @@ -82,10 +79,6 @@ export default class CardInstance extends BaseInstance { this.judgeRound(me) } - handleLeaveGame(args, user) { - this.remove(user) - } - start() { let users = this.users.map(user => { return { From c4ff59c5da7e64e7370b55dd4e505c0c1d762dbf Mon Sep 17 00:00:00 2001 From: wizguin <16276645+wizguin@users.noreply.github.com> Date: Mon, 6 Nov 2023 21:43:50 +0000 Subject: [PATCH 07/10] Updated sled handleSendMove --- src/objects/instance/sled/SledInstance.js | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/objects/instance/sled/SledInstance.js b/src/objects/instance/sled/SledInstance.js index 2ae514d..1800167 100644 --- a/src/objects/instance/sled/SledInstance.js +++ b/src/objects/instance/sled/SledInstance.js @@ -1,5 +1,7 @@ import BaseInstance from '../BaseInstance' +import { hasProps, isInRange } from '@utils/validation' + export default class SledInstance extends BaseInstance { @@ -37,7 +39,15 @@ export default class SledInstance extends BaseInstance { // Uncomment event in addListeners when updating all minigame events to new system sendMove(args, user) { - this.send('send_move', { id: args.id, x: args.x, y: args.y }, user) + if (!hasProps(args, 'move')) { + return + } + + if (!isInRange(args.move, 1, 4)) { + return + } + + this.send('send_move', { id: this.getSeat(user), move: args.move }, user) } } From 3b79402e9a9da47c1840006ad8de704997e28ae3 Mon Sep 17 00:00:00 2001 From: wizguin <16276645+wizguin@users.noreply.github.com> Date: Tue, 7 Nov 2023 10:51:14 +0000 Subject: [PATCH 08/10] Add game over handling for sled --- src/objects/instance/sled/SledInstance.js | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/objects/instance/sled/SledInstance.js b/src/objects/instance/sled/SledInstance.js index 1800167..8ebb556 100644 --- a/src/objects/instance/sled/SledInstance.js +++ b/src/objects/instance/sled/SledInstance.js @@ -9,17 +9,15 @@ export default class SledInstance extends BaseInstance { super(waddle) this.id = 999 + + this.coins = [20, 10, 5, 5] } addListeners(user) { - //user.events.on('send_move', this.handleSendMove) - super.addListeners(user) } removeListeners(user) { - //user.events.off('send_move', this.handleSendMove) - super.removeListeners(user) } @@ -43,11 +41,20 @@ export default class SledInstance extends BaseInstance { return } - if (!isInRange(args.move, 1, 4)) { + if (!isInRange(args.move, 1, 5)) { return } + if (args.move === 5) { + return this.sendGameOver(user) + } + this.send('send_move', { id: this.getSeat(user), move: args.move }, user) } + sendGameOver(user) { + this.remove(user) + user.updateCoins(this.coins.shift(), true) + } + } From c16fa0ae7f2f6436e492384625ab0d0f80c1286b Mon Sep 17 00:00:00 2001 From: wizguin <16276645+wizguin@users.noreply.github.com> Date: Tue, 7 Nov 2023 12:36:55 +0000 Subject: [PATCH 09/10] Remove comment --- src/objects/instance/sled/SledInstance.js | 1 - 1 file changed, 1 deletion(-) diff --git a/src/objects/instance/sled/SledInstance.js b/src/objects/instance/sled/SledInstance.js index 8ebb556..a9b7702 100644 --- a/src/objects/instance/sled/SledInstance.js +++ b/src/objects/instance/sled/SledInstance.js @@ -35,7 +35,6 @@ export default class SledInstance extends BaseInstance { super.start() } - // Uncomment event in addListeners when updating all minigame events to new system sendMove(args, user) { if (!hasProps(args, 'move')) { return From 0fba2e49997e65d346e3c010bc968b4ed331ac23 Mon Sep 17 00:00:00 2001 From: wizguin <16276645+wizguin@users.noreply.github.com> Date: Fri, 17 Nov 2023 19:17:38 +0000 Subject: [PATCH 10/10] Updated version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 65a3b57..11f29ea 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "yukon-server", - "version": "1.6.0-beta", + "version": "1.7.0-beta", "description": "A server for https://github.com/wizguin/yukon", "scripts": { "dev": "babel-watch ./src/World.js Login Blizzard",