- Maked classes final

src/main/java/org/openautonomousconnection/protocol/side/client/events/ConnectedToProtocolDNSServerEvent.java

@@ -8,5 +8,5 @@ import org.openautonomousconnection.protocol.versions.ProtocolVersion;
  * Event triggered when a client successfully connects to a DNS protocol server.
  */
 @ProtocolInfo(protocolSide = ProtocolVersion.ProtocolSide.DNS)
-public class ConnectedToProtocolDNSServerEvent extends Event {
+public final class ConnectedToProtocolDNSServerEvent extends Event {
 }

src/main/java/org/openautonomousconnection/protocol/side/web/ProtocolWebServer.java

@@ -4,6 +4,7 @@ import dev.unlegitdqrk.unlegitlibrary.file.ConfigurationManager;
 import dev.unlegitdqrk.unlegitlibrary.file.FileUtils;
 import dev.unlegitdqrk.unlegitlibrary.network.system.server.NetworkServer;
 import dev.unlegitdqrk.unlegitlibrary.network.utils.NetworkUtils;
+import dev.unlegitdqrk.unlegitlibrary.string.RandomString;
 import lombok.Getter;
 import org.openautonomousconnection.protocol.ProtocolBridge;
 import org.openautonomousconnection.protocol.annotations.ProtocolInfo;
@@ -19,12 +20,13 @@ import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Random;
 
 /**
  * Represents the web server for the protocol.
  */
 @ProtocolInfo(protocolSide = ProtocolVersion.ProtocolSide.WEB)
-public class ProtocolWebServer {
+public final class ProtocolWebServer {
     /**
      * Folder for web content.
      */
@@ -76,6 +78,17 @@ public class ProtocolWebServer {
     @Getter
     private List<ConnectedWebClient> clients;
 
+    /**
+     * The configuration file for the web server.
+     */
+    private final File configFile;
+
+    /**
+     * A unique secret for session management.
+     */
+    @Getter
+    private String uniqueSessionString;
+
     /**
      * Initializes the web server with the given configuration, authentication, and rules files.
      * @param configFile The configuration file.
@@ -87,6 +100,9 @@ public class ProtocolWebServer {
         // Initialize the list of connected clients
         this.clients = new ArrayList<>();
 
+        // Store the configuration file
+        this.configFile = configFile;
+
         // Set up folder structure for certificates
         folderStructure = new ServerCertificateFolderStructure();
 
@@ -140,6 +156,8 @@ public class ProtocolWebServer {
         }
 
         // Load authentication and rules
+        uniqueSessionString = AuthManager.sha256(new RandomString(new Random(System.currentTimeMillis()).nextInt(10, 20)).nextString());
+
         AuthManager.loadAuthFile(authFile);
         RuleManager.loadRules(rulesFile);
 
@@ -261,6 +279,15 @@ public class ProtocolWebServer {
         if (!found) throw new CertificateException("Missing " + prefix + NetworkUtils.getPublicIPAddress() + extension);
     }
 
+    /**
+     * Retrieves the configuration manager for the web server.
+     * @return The configuration manager.
+     * @throws IOException If an I/O error occurs while loading or saving the configuration.
+     */
+    public final ConfigurationManager getConfigurationManager() throws IOException {
+        return getConfigurationManager(configFile);
+    }
+
     /**
      * Loads and initializes the configuration manager with default settings if necessary.
      * @param configFile The configuration file to load.

src/main/java/org/openautonomousconnection/protocol/side/web/managers/AuthManager.java

@@ -16,7 +16,7 @@ import java.util.Map;
  * Loads user credentials from a file and verifies login attempts.
  */
 @ProtocolInfo(protocolSide = ProtocolVersion.ProtocolSide.WEB)
-public class AuthManager {
+public final class AuthManager {
 
     /**
      * Map of usernames to their SHA-256 hashed passwords
@@ -67,7 +67,7 @@ public class AuthManager {
      * @param input The input string to hash.
      * @return The hexadecimal representation of the SHA-256 hash.
      */
-    private static String sha256(String input) {
+    public static String sha256(String input) {
         try {
             MessageDigest md = MessageDigest.getInstance("SHA-256");
             byte[] digest = md.digest(input.getBytes(StandardCharsets.UTF_8));

src/main/java/org/openautonomousconnection/protocol/side/web/managers/RuleManager.java

@@ -15,7 +15,7 @@ import java.util.Map;
  * Loads allow, deny, and auth rules from a JSON file and provides methods to check access.
  */
 @ProtocolInfo(protocolSide = ProtocolVersion.ProtocolSide.WEB)
-public class RuleManager {
+public final class RuleManager {
     /**
      * Lists of path patterns for allow, deny, and auth rules
      */

src/main/java/org/openautonomousconnection/protocol/side/web/managers/SessionManager.java

@@ -1,6 +1,7 @@
 package org.openautonomousconnection.protocol.side.web.managers;
 
 import lombok.Getter;
+import org.openautonomousconnection.protocol.ProtocolBridge;
 import org.openautonomousconnection.protocol.annotations.ProtocolInfo;
 import org.openautonomousconnection.protocol.versions.ProtocolVersion;
 
@@ -15,7 +16,7 @@ import java.util.concurrent.ConcurrentHashMap;
  * Provides methods to create, validate, and invalidate sessions.
  */
 @ProtocolInfo(protocolSide = ProtocolVersion.ProtocolSide.WEB)
-public class SessionManager {
+public final class SessionManager {
 
     /**
      * Map of session IDs to Session objects.
@@ -41,7 +42,7 @@ public class SessionManager {
         secureRandom.nextBytes(bytes);
 
         // Encode the bytes to a URL-safe Base64 string
-        String sessionId = Base64.getUrlEncoder().withoutPadding().encodeToString(bytes);
+        String sessionId = Base64.getUrlEncoder().withoutPadding().encodeToString(bytes) + ProtocolBridge.getInstance().getProtocolWebServer().getUniqueSessionString();
 
         // Create and store the new session
         sessions.put(sessionId, new Session(login, ip, userAgent));
@@ -121,7 +122,7 @@ public class SessionManager {
             this.login = login;
             this.ip = ip;
             this.userAgent = userAgent;
-            this.expiresAt = System.currentTimeMillis() + Main.getConfigurationManager().getInt("sessionexpireminutes") * 60 * 1000;
+            this.expiresAt = System.currentTimeMillis() + (long) ProtocolBridge.getInstance().getProtocolWebServer().getConfigurationManager().getInt("sessionexpireminutes") * 60 * 1000;
         }
 
         /**
@@ -147,7 +148,7 @@ public class SessionManager {
          * @throws IOException If an I/O error occurs.
          */
         void refresh() throws IOException {
-            this.expiresAt = System.currentTimeMillis() + Main.getConfigurationManager().getInt("sessionexpireminutes") * 60 * 1000;
+            this.expiresAt = System.currentTimeMillis() + (long) ProtocolBridge.getInstance().getProtocolWebServer().getConfigurationManager().getInt("sessionexpireminutes") * 60 * 1000;
         }
     }
 }