search

JaraLowell / OgarServ

Jara's version of Agar.io's private server prodject in Javascript modified from OgarProject using JXCore.
http://ogar.mivabe.nl
Other
29 stars 14 forks source link

Make the server just plug in my agar and not in another ?? #129

Closed ghost closed 8 years ago

ghost commented 8 years ago

Hi programmers, i have a doubt. The question is this. For example, this is the ip and port of agarabi.com: 212.83.57.138:450 But if we do this: http://agar.io/?ip=212.83.57.138:450 or http://ogar.mivabe.nl/?ip=212.83.57.138:450

¡NO CONNECT! Neither in no other agar! I want to do something like that, how I do him?

Thanks.

makandz commented 8 years ago

https://github.com/OgarProject/Ogar/blob/master/src/GameServer.js#L169-L188

ghost commented 8 years ago

My agar is http://agareoz.com/ Then is...

    // ----- Client authenticity check code -----
    // !!!!! WARNING !!!!!
    // THE BELOW SECTION OF CODE CHECKS TO ENSURE THAT CONNECTIONS ARE COMING
    // FROM THE OFFICIAL AGAR.IO CLIENT. IF YOU REMOVE OR MODIFY THE BELOW
    // SECTION OF CODE TO ALLOW CONNECTIONS FROM A CLIENT ON A DIFFERENT DOMAIN,
    // YOU MAY BE COMMITTING COPYRIGHT INFRINGEMENT AND LEGAL ACTION MAY BE TAKEN
    // AGAINST YOU. THIS SECTION OF CODE WAS ADDED ON JULY 9, 2015 AT THE REQUEST
    // OF THE AGAR.IO DEVELOPERS.
    var origin = ws.upgradeReq.headers.origin;
    if (origin != 'http://es.agareoz.com' &&
        origin != 'https://es.agareoz.com' &&
        origin != 'http://localhost' &&
        origin != 'https://localhost' &&
        origin != 'http://THE-IP-OF-VPS?' &&
        origin != 'https://THE-IP-OF-VPS?') {

        ws.close();
        return;
    }
    // -----/Client authenticity check code -----

Or as? xD

makandz commented 8 years ago

origin != 'http://THE-IP-OF-VPS?' isn't needed. Yeah that looks just about right :)

ghost commented 8 years ago 
// ----- Client authenticity check code -----
// !!!!! WARNING !!!!!
// THE BELOW SECTION OF CODE CHECKS TO ENSURE THAT CONNECTIONS ARE COMING
// FROM THE OFFICIAL AGAR.IO CLIENT. IF YOU REMOVE OR MODIFY THE BELOW
// SECTION OF CODE TO ALLOW CONNECTIONS FROM A CLIENT ON A DIFFERENT DOMAIN,
// YOU MAY BE COMMITTING COPYRIGHT INFRINGEMENT AND LEGAL ACTION MAY BE TAKEN
// AGAINST YOU. THIS SECTION OF CODE WAS ADDED ON JULY 9, 2015 AT THE REQUEST
// OF THE AGAR.IO DEVELOPERS.
var origin = ws.upgradeReq.headers.origin;
if (origin != 'http://es.agareoz.com' &&
    origin != 'https://es.agareoz.com') {

    ws.close();
    return;
}
// -----/Client authenticity check code -----

Now this is good?

makandz commented 8 years ago

Looks alright.

JaraLowell commented 8 years ago

Remember though, origin header is created and send by the web browser, and there a ton of ways to go around that. It is a poor way to protect your server. If you truly seek to make it unique, change the package numbers and or even include some secure layer protocol protection. Using browser headers, is never wise to use as identification for a game service. Flash, Java or other.