Block connections if the default tokens are still configured

lucko · lucko · commit 1686cb7a4c43 · 2022-10-02T16:56:32.000+01:00
diff --git a/INSTALLATION.md b/INSTALLATION.md
@@ -32,8 +32,9 @@ The latest versions of BungeeGuard can be found from:
 4. Navigate to `/plugins/BungeeGuard/config.yml`. Add the token(s) generated by the proxy(ies) to the `allowed-tokens` list.
    > e.g.
    > ```yml
-	> # Allowed authentication tokens.  
-	> allowed-tokens:
-	>   - "AUSXEwebkOGVnbihJM8gBS0QUutDzvIG009xoAfo1Huba9pGvhfjrA21r8dWVsa8"
-	> ```
+   > # Allowed authentication tokens.  
+   > allowed-tokens:
+   >   - "AUSXEwebkOGVnbihJM8gBS0QUutDzvIG009xoAfo1Huba9pGvhfjrA21r8dWVsa8"
+   > ```
+   > **Please make sure you remove the default tokens, so the only values in the list are your allowed tokens.**
 5. Run `bungeeguard reload` from console.
diff --git a/bungeeguard-backend/src/main/java/me/lucko/bungeeguard/backend/TokenStore.java b/bungeeguard-backend/src/main/java/me/lucko/bungeeguard/backend/TokenStore.java
@@ -59,4 +59,14 @@ public boolean isAllowed(String token) {
         return this.allowedTokens.contains(token);
     }
 
+    /**
+     * Has the server owner bothered to configure their tokens correctly...?
+     *
+     * @return true if BungeeGuard has not yet been configured
+     */
+    public boolean isUsingDefaultConfig() {
+        return this.allowedTokens.contains("the token generated by the proxy goes here") ||
+                this.allowedTokens.contains("you can add as many as you like.");
+    }
+
 }
diff --git a/bungeeguard-spigot/src/main/java/me/lucko/bungeeguard/spigot/BungeeCordHandshake.java b/bungeeguard-spigot/src/main/java/me/lucko/bungeeguard/spigot/BungeeCordHandshake.java
@@ -75,6 +75,10 @@ public static BungeeCordHandshake decodeAndVerify(String handshake, TokenStore t
     }
 
     private static BungeeCordHandshake decodeAndVerify0(String handshake, TokenStore tokenStore) throws Exception {
+        if (tokenStore.isUsingDefaultConfig()) {
+            return new Fail(Fail.Reason.INCORRECT_TOKEN, "Allowed tokens have not been configured! Please refer to https://github.com/lucko/BungeeGuard/blob/master/INSTALLATION.md for help.");
+        }
+
         if (handshake.length() > HANDSHAKE_LENGTH_LIMIT) {
             return new Fail(Fail.Reason.INVALID_HANDSHAKE, "handshake length " + handshake.length() + " is > " + HANDSHAKE_LENGTH_LIMIT);
         }
diff --git a/bungeeguard-spigot/src/main/java/me/lucko/bungeeguard/spigot/BungeeGuardBackendPlugin.java b/bungeeguard-spigot/src/main/java/me/lucko/bungeeguard/spigot/BungeeGuardBackendPlugin.java
@@ -54,6 +54,17 @@ public void onEnable() {
         this.tokenStore = new TokenStore(this);
         this.tokenStore.load();
 
+        if (!getServer().spigot().getSpigotConfig().getBoolean("settings.bungeecord", false)) {
+            getLogger().severe("------------------------------------------------------------");
+            getLogger().severe("'settings.bungeecord' is set to false in spigot.yml.");
+            getLogger().severe("");
+            getLogger().severe("BungeeGuard cannot function unless this property is set to true.");
+            getLogger().severe("The server will now shutdown as a precaution.");
+            getLogger().severe("------------------------------------------------------------");
+            getServer().shutdown();
+            return;
+        }
+
         if (isPaperHandshakeEvent()) {
             getLogger().info("Using Paper's PlayerHandshakeEvent to listen for connections.");
 

Original file line number	Diff line number	Diff line change
`@@ -59,4 +59,14 @@ public boolean isAllowed(String token) {`
`59`	`59`	`return this.allowedTokens.contains(token);`
`60`	`60`	`}`
`61`	`61`
	`62`	`+ /**`
	`63`	`+ * Has the server owner bothered to configure their tokens correctly...?`
	`64`	`+ *`
	`65`	`+ * @return true if BungeeGuard has not yet been configured`
	`66`	`+ */`
	`67`	`+ public boolean isUsingDefaultConfig() {`
	`68`	`+ return this.allowedTokens.contains("the token generated by the proxy goes here") \|\|`
	`69`	`+ this.allowedTokens.contains("you can add as many as you like.");`
	`70`	`+ }`
	`71`	`+`
`62`	`72`	`}`
Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,10 @@ public static BungeeCordHandshake decodeAndVerify(String handshake, TokenStore t`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`private static BungeeCordHandshake decodeAndVerify0(String handshake, TokenStore tokenStore) throws Exception {`
	`78`	`+ if (tokenStore.isUsingDefaultConfig()) {`
	`79`	`+ return new Fail(Fail.Reason.INCORRECT_TOKEN, "Allowed tokens have not been configured! Please refer to https://github.com/lucko/BungeeGuard/blob/master/INSTALLATION.md for help.");`
	`80`	`+ }`
	`81`	`+`
`78`	`82`	`if (handshake.length() > HANDSHAKE_LENGTH_LIMIT) {`
`79`	`83`	`return new Fail(Fail.Reason.INVALID_HANDSHAKE, "handshake length " + handshake.length() + " is > " + HANDSHAKE_LENGTH_LIMIT);`
`80`	`84`	`}`