Bug fixes and spam prevention

Author: Enovale

.idea/.idea.Alibi/.idea/contentModel.xml

@@ -64,12 +64,12 @@ public override void OnModCall(IClient caller, string reason)
             if (_validConfig && _enabled)
             {
                 string decodedMessage = Configuration.ModMessage;
-                decodedMessage = decodedMessage.Replace("%ch", caller.CharacterName);
-                decodedMessage = decodedMessage.Replace("%a", caller.Area.Name);
+                decodedMessage = decodedMessage.Replace("%ch", caller.CharacterName ?? "Spectator");
+                decodedMessage = decodedMessage.Replace("%a", caller.Area!.Name);
                 decodedMessage = decodedMessage.Replace("%r", reason);
                 decodedMessage = decodedMessage.Replace("%ip", caller.IpAddress.ToString());
-                decodedMessage = decodedMessage.Replace("%hwid", caller.HardwareId);
-                decodedMessage = decodedMessage.Replace("%lsm", caller.LastSentMessage);
+                decodedMessage = decodedMessage.Replace("%hwid", caller.HardwareId ?? "");
+                decodedMessage = decodedMessage.Replace("%lsm", caller.LastSentMessage ?? "");
                 _hook.SendMessage(decodedMessage);
             }
         }
@@ -79,13 +79,13 @@ public override void OnBan(IClient banned, string reason, TimeSpan? expires = nu
             if (_validConfig && _enabled)
             {
                 string decodedMessage = Configuration.BanMessage;
-                decodedMessage = decodedMessage.Replace("%ch", banned.CharacterName);
+                decodedMessage = decodedMessage.Replace("%ch", banned.CharacterName ?? "Spectator");
                 decodedMessage = decodedMessage.Replace("%e",
                     expires != null ? expires.Value.LargestIntervalWithUnits() : "Never.");
                 decodedMessage = decodedMessage.Replace("%r", reason);
                 decodedMessage = decodedMessage.Replace("%ip", banned.IpAddress.ToString());
-                decodedMessage = decodedMessage.Replace("%hwid", banned.HardwareId);
-                decodedMessage = decodedMessage.Replace("%lsm", banned.LastSentMessage);
+                decodedMessage = decodedMessage.Replace("%hwid", banned.HardwareId ?? "");
+                decodedMessage = decodedMessage.Replace("%lsm", banned.LastSentMessage ?? "");
                 _hook.SendMessage(decodedMessage);
             }
         }

.idea/.idea.Alibi/.idea/workspace.xml

@@ -139,9 +139,9 @@ public void BanHwid(string reason, TimeSpan? expireDate)
 
         public void BanIp(string reason, TimeSpan? expireDate)
         {
-            foreach (var hdid in Server.Database.GetHwidsfromIp(IpAddress.ToString()))
+            foreach (var hwid in Server.Database.GetHwidsfromIp(IpAddress.ToString()))
             {
-                BanHwid(reason, expireDate);
+                ServerRef.FindUser(hwid)?.BanHwid(reason, expireDate);
             }
         }
 

Alibi.Plugins.Webhook/DiscordWebhook.cs

@@ -27,36 +27,38 @@ protected override void OnConnected()
         {
             if (((Server)Server).ConnectedPlayers >= Alibi.Server.ServerConfiguration.MaxPlayers)
             {
-                Send(new AOPacket("BD", "Max players has been reached."));
+                Send(new AOPacket("BD", "Not a real ban: Max players has been reached."));
                 Task.Delay(500);
                 Disconnect();
+                return;
             }
 
             _banCheckTime = DateTime.Now;
 
             var ip = ((IPEndPoint)Socket.RemoteEndPoint).Address;
             if (Alibi.Server.ServerConfiguration.Advertise && ip.Equals(Alibi.Server.MasterServerIp))
                 Alibi.Server.Logger.Log(LogSeverity.Info, " Probed by master server.", true);
-            if (((Server) Server).ClientsConnected.Count(c => Equals(c.IpAddress, ip)) 
-                > Alibi.Server.ServerConfiguration.MaxMultiClients)
+            if (!IPAddress.IsLoopback(ip) && ((Server) Server).ClientsConnected.Count(c => ip.ToString() == c.IpAddress.ToString()) 
+                >= Alibi.Server.ServerConfiguration.MaxMultiClients)
             {
-                Send(new AOPacket("BD", $"Can't have more than " +
+                Send(new AOPacket("BD", $"Not a real ban: Can't have more than " +
                                         $"{Alibi.Server.ServerConfiguration.MaxMultiClients} clients at a time."));
                 Task.Delay(500);
                 Disconnect();
+                return;
             }
             Client = new Client((Server)Server, this, ip);
             Client.LastAlive = DateTime.Now;
             Client.KickIfBanned();
-
+            
             // fuck fantaencrypt
-            SendAsync(new AOPacket("decryptor", "NOENCRYPT"));
+            Send(new AOPacket("decryptor", "NOENCRYPT"));
         }
 
         protected override void OnDisconnected()
         {
             ((Server)Server).ClientsConnected.Remove(Client);
-            if (Client.Connected)
+            if (Client != null && Client.Connected)
             {
                 ((Server)Server).ConnectedPlayers--;
                 ((Area)Client.Area)!.PlayerCount--;
@@ -79,7 +81,9 @@ protected override void OnReceived(byte[] buffer, long offset, long size)
             string[] packets = msg.Split("%", StringSplitOptions.RemoveEmptyEntries);
             foreach (var packet in packets)
             {
-                if (Client.HardwareId == null && !packet.StartsWith("HI#"))
+                if (Client.HardwareId == null 
+                    && !packet.StartsWith("HI#") 
+                    && !packet.StartsWith("WSIP#"))
                     return;
                 if (DateTime.Now.CompareTo(_banCheckTime.AddSeconds
                     (Alibi.Server.ServerConfiguration.RateLimitResetTime)) >= 0)

Alibi/Client.cs

@@ -27,6 +27,8 @@ public class Configuration
         public int MaxPlayers = 100;
         public int MaxMultiClients = 4;
         public int TimeoutSeconds = 60;
+        public int MaxMessageSize = 256;
+        public int MaxShownameSize = 16;
         public int RateLimit = 50;
         public int RateLimitResetTime = 1;
         public TimeSpan RateLimitBanLength = new TimeSpan(0, 5, 0);

Alibi/ClientSession.cs

@@ -12,6 +12,8 @@ internal static AOPacket ValidateIcPacket(IAOPacket packet, IClient client)
         {
             if (client.Character == null || !client.Connected)
                 throw new IcValidationException("Client does not have a character or isn't connected.");
+            if(packet.Objects.Length < 16)
+                throw new IcValidationException("Didn't provide a full Ic Message.");
 
             List<string> validatedObjects = new List<string>(packet.Objects.Length);
 
@@ -41,6 +43,8 @@ internal static AOPacket ValidateIcPacket(IAOPacket packet, IClient client)
             // Make sure message is sanitized(eventually) and prevent double messages
             // TODO: Sanitization and zalgo cleaning
             string sentMessage = packet.Objects[4].Trim();
+            if(sentMessage.Length > Server.ServerConfiguration.MaxMessageSize)
+                throw new IcValidationException("Message was too long.");
             if (!Server.ServerConfiguration.AllowDoublePostsIfDifferentAnim && sentMessage == client.LastSentMessage)
                 throw new IcValidationException("Cannot double post.");
             if (Server.ServerConfiguration.AllowDoublePostsIfDifferentAnim
@@ -116,6 +120,8 @@ internal static AOPacket ValidateIcPacket(IAOPacket packet, IClient client)
             if (packet.Objects.Length > 15)
             {
                 // Showname
+                if(packet.Objects[15].Length > Server.ServerConfiguration.MaxShownameSize)
+                    throw new IcValidationException($"Showname is longer than {Server.ServerConfiguration.MaxShownameSize}");
                 validatedObjects.Add(packet.Objects[15]);
 
                 // First object is the charID, second is whether or not they're in front

Alibi/Configuration.cs

@@ -19,15 +19,23 @@ public static void HandleMessage(IClient client, IAOPacket packet)
         {
             if (Handlers.ContainsKey(packet.Type))
             {
-                var stateAttr = Handlers[packet.Type].Method.GetCustomAttribute<RequireStateAttribute>();
+                try
+                {
+                    var stateAttr = Handlers[packet.Type].Method.GetCustomAttribute<RequireStateAttribute>();
 
-                if (stateAttr != null)
-                    if (client.CurrentState != stateAttr.State)
-                    {
-                        client.Kick("Protocol violation.");
-                        return;
-                    }
-                Handlers[packet.Type].Method.Invoke(Handlers[packet.Type].Target, new object[] { client, packet });
+                    if (stateAttr != null)
+                        if (client.CurrentState != stateAttr.State)
+                        {
+                            client.Kick("Protocol violation.");
+                            return;
+                        }
+
+                    Handlers[packet.Type].Method.Invoke(Handlers[packet.Type].Target, new object[] {client, packet});
+                }
+                catch (TargetInvocationException e)
+                {
+                    Server.Logger.Log(LogSeverity.Error, $" Error handling message: {e.Message}\n{e.StackTrace}");
+                }
             }
             else
                 Server.Logger.Log(LogSeverity.Warning, $" Unknown client message: '{packet.Type}'", true);

Alibi/Protocol/IcValidator.cs

@@ -7,6 +7,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Net;
+using System.Threading.Tasks;
 
 // ReSharper disable UnusedType.Global
 // ReSharper disable UnusedParameter.Global
@@ -156,7 +157,7 @@ internal static void Ready(IClient client, IAOPacket packet)
             if (client.Connected)
                 return;
 
-            ((Client)client).Area = client.ServerRef.Areas.First();
+            ((Client)client).Area = client.ServerRef.Areas.First(a => a.Locked == "FREE");
             ((Client)client).Connected = true;
             client.CurrentState = ClientState.InArea;
             client.ServerRef.ConnectedPlayers++;
@@ -297,9 +298,17 @@ internal static void IcMessage(IClient client, IAOPacket packet)
         [RequireState(ClientState.InArea)]
         internal static void OocMessage(IClient client, IAOPacket packet)
         {
+            if (packet.Objects.Length < 2)
+                return;
+            
             // TODO: Sanitization and cleaning (especially Zalgo)
             // maybe put this into anti-spam plugin
             string message = packet.Objects[1];
+            if (message.Length > Server.ServerConfiguration.MaxMessageSize)
+            {
+                client.SendOocMessage("Message was too long.");
+                return;
+            }
             ((Client)client).OocName = packet.Objects[0];
             if (message.StartsWith("/"))
             {
@@ -359,7 +368,7 @@ internal static void ModCall(IClient client, IAOPacket packet)
         }
 
         [MessageHandler("WSIP")]
-        [RequireState(ClientState.NewClient)]
+        [RequireState(ClientState.Identified)]
         internal static void UpdateWebsocketIp(IClient client, IAOPacket packet)
         {
             IPAddress ip = IPAddress.Parse(packet.Objects[0]);
@@ -369,6 +378,11 @@ internal static void UpdateWebsocketIp(IClient client, IAOPacket packet)
                 ((Client)client).IpAddress = ip;
                 client.KickIfBanned();
             }
+            if (((Server) client.ServerRef).ClientsConnected.Count(c => ip.ToString() == c.IpAddress.ToString()) 
+                >= Alibi.Server.ServerConfiguration.MaxMultiClients)
+            {
+                client.Kick($"Cannot have more than {Server.ServerConfiguration.MaxMultiClients} clients at the same");
+            }
         }
 
         private static bool CanModifyEvidence(IClient client)

Alibi/Protocol/MessageHandler.cs

@@ -247,12 +247,32 @@ public void OnAllPluginsLoaded()
 
         public void OnModCall(IClient client, IAOPacket packet)
         {
-            _pluginManager.GetAllPlugins().ForEach(p => p.OnModCall(client, packet.Objects[0]));
+            _pluginManager.GetAllPlugins().ForEach(p =>
+            {
+                try
+                {
+                    p.OnModCall(client, packet.Objects[0]);
+                }
+                catch (Exception e)
+                {
+                    p.Log(LogSeverity.Error, $"Error occured during OnModCall(), {e.Message}\n{e.StackTrace}");
+                }
+            });
         }
 
         public void OnBan(IClient client, string reason, TimeSpan? expires = null)
         {
-            _pluginManager.GetAllPlugins().ForEach(p => p.OnBan(client, reason, expires));
+            _pluginManager.GetAllPlugins().ForEach(p =>
+            {
+                try
+                {
+                    p.OnBan(client, reason, expires);
+                }
+                catch (Exception e)
+                {
+                    p.Log(LogSeverity.Error, $"Error occured during OnBan(), {e.Message}\n{e.StackTrace}");
+                }
+            });
         }
 
         protected override TcpSession CreateSession()