Auth token limit (#9)

2025-04-02 11:11:58 -04:00 · 2022-04-29 00:37:24 +02:00 · 2022-04-29 00:37:24 +02:00 · d75d34d5f0
commit d75d34d5f0
parent 8cd33d0770
2 changed files with 9 additions and 0 deletions
--- a/gameserver/src/main/java/brainwine/gameserver/entity/player/Player.java
+++ b/gameserver/src/main/java/brainwine/gameserver/entity/player/Player.java
@ -70,6 +70,7 @@ public class Player extends Entity implements CommandExecutor {
    public static final int MAX_SPEED_X = 12;
    public static final int MAX_SPEED_Y = 25;
    public static final int HEARTBEAT_TIMEOUT = 30000;
+    public static final int MAX_AUTH_TOKENS = 3;
    private static int dialogDiscriminator;
    
    @JacksonInject("documentId")
@ -531,6 +532,12 @@ public class Player extends Entity implements CommandExecutor {
        authTokens.clear();
    }
    
+    protected void clearOldestAuthTokens() {
+        while(authTokens.size() > MAX_AUTH_TOKENS) {
+            authTokens.remove(0);
+        }
+    }
+    
    protected void addAuthToken(String authToken) {
        authTokens.add(authToken);
    }
--- a/gameserver/src/main/java/brainwine/gameserver/entity/player/PlayerManager.java
+++ b/gameserver/src/main/java/brainwine/gameserver/entity/player/PlayerManager.java
@ -127,6 +127,8 @@ public class PlayerManager {
            return false;
        }
        
+        player.clearOldestAuthTokens();
+        
        // Might not be very efficient...
        for(String hashedToken : player.getAuthTokens()) {
            if(BCrypt.checkpw(authToken, hashedToken)) {