From 3688c202a4ec7b5c15afb8a17c201b60832cdc69 Mon Sep 17 00:00:00 2001 From: j4nk Date: Sun, 23 Mar 2025 17:45:51 -0400 Subject: [PATCH] Server sends out a token with response --- lobby.lua | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/lobby.lua b/lobby.lua index f585e0b..b275e3d 100644 --- a/lobby.lua +++ b/lobby.lua @@ -1,5 +1,6 @@ require("oct_utils") require("termbox_defs") +local sha = require("sha2") json = require "json" -- begin message type constants @@ -8,15 +9,18 @@ OCT_LOBBY_MSG_CLIENTUNREG = 1; -- Client unreg message OCT_LOBBY_MSG_CLIENTLIST = 2; -- Client list broadcast message OCT_LOBBY_MSG_START = 3; -- Start the game message OCT_LOBBY_MSG_PING = 4; -- Querying connection -OCT_LOBBY_MSG_ACK = 5; -- "yes", used to respond to ping and other stuff +OCT_LOBBY_MSG_ACK = 5; -- "yes" OCT_LOBBY_MSG_NAK = 6; -- "no" -- end message type constants +math.randomseed(os.time()) + oct_lobby_clientlist = {}; server_needs_broadcast_client_list = false lobby_server_first_call = true + function lobby_server_checkclients() for k,v in pairs(oct_lobby_clientlist) do @@ -65,15 +69,19 @@ function lobby_server(maxplayers) oct_send(response, req_addr, req_port) else - response = json.encode({ - { msg_type = OCT_LOBBY_MSG_ACK } - }) oct_lobby_clientlist[req_name] = {} oct_lobby_clientlist[req_name]["addr"] = req_addr oct_lobby_clientlist[req_name]["port"] = req_port oct_lobby_clientlist[req_name]["pinged"] = false + local token = sha.sha256(req_addr .. req_port .. tostring(math.random())) + + oct_lobby_clientlist[req_name]["token"] = token OCT_LOG_INFO("Registered new client: " .. req_name .. " @ " .. req_addr .. ":" .. req_port) + + response = json.encode({ + { msg_type = OCT_LOBBY_MSG_ACK, token = token } + }) oct_send(response, req_addr, req_port) -- Everytime client is registered, need to broadcast client list @@ -88,7 +96,7 @@ function lobby_server(maxplayers) -- TODO this is insecure -- have server issue a token based on a random number on registration and check against that -- like SHA256(addr::port::rand()) - if v["addr"] == req_addr and k == msg_obj["name"] + if v["addr"] == req_addr and v["token"] == msg_obj["token"] then v["pinged"] = true break @@ -127,6 +135,7 @@ lobby_connect_message = nil -- messages displayed when attempting connection client_connect_ip = nil client_connect_port = nil client_connect_name = nil +client_connect_token = nil -- Once connected, these elements display client_clientlist_sprite = oct_tb_sprite_new() @@ -148,7 +157,7 @@ end -- every 1 second, ping the server to let it know we are still alive function lobby_client_ping() local msg = json.encode({ - { msg_type=OCT_LOBBY_MSG_PING, name=client_connect_name } + { msg_type=OCT_LOBBY_MSG_PING, token = client_connect_token } }) oct_send(msg, client_connect_ip, client_connect_port) oct_timer_register("ping_server", 1000, "lobby_client_ping", "") @@ -215,6 +224,7 @@ function lobby_client(key, ch, my_port) if (client_wait_for_reg_response == true and msg_obj["msg_type"] == OCT_LOBBY_MSG_ACK) then OCT_LOG_INFO("Server accepted registration request!") + client_connect_token = msg_obj["token"] lobby_connect_message["shape"] = "Connected" lobby_connect_message["fg"] = TB_GREEN client_connected = true @@ -223,7 +233,7 @@ function lobby_client(key, ch, my_port) lobby_clear_connect_form() -- ping the server to let them know we are alive local ping_msg = json.encode({ - { msg_type=OCT_LOBBY_MSG_PING, name=client_connect_name } + { msg_type=OCT_LOBBY_MSG_PING, token = client_connect_token } }) oct_send(ping_msg, client_connect_ip, client_connect_port) -- then ping every second