hiimgoodpack/brainlet
1
0
Fork 0
forked from hippoz/brainlet
Code Issues Pull requests Projects Releases Wiki Activity

fix secret.js and disallow YOO packet after user is already authenticated

Browse source
This commit is contained in:
hippoz 2021-09-08 01:02:08 +03:00
parent f1b6da19a2
commit 81a08101e9
Signed by untrusted user who does not match committer: hippoz
GPG key ID: 7C52899193467641
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
brainlet/api/v2/gateway/index.js
View file

@ -106,6 +106,7 @@ class GatewayServer extends EventEmitter {
const message = parseMessage(data.toString());
switch (message.opcodeType) {
case "YOO": {
if (ws.session.authenticated) return closeConnectionWithCode(ws, wsCloseCodes.PAYLOAD_ERROR);
// The client has responded to our HELLO with a YOO packet
try {
const user = await checkToken(message.data.token);

4
brainlet/secret.js
View file

@ -1,10 +1,10 @@
module.exports = {
jwtPrivateKey: "KjEY",
jwtPrivateKey: "KEY",
};
// Set default values
// You shouldn't need to touch this for configuring this
if (module.exports.jwtPrivateKey === "KEY") {
console.error("[*] [config] jwtPrivateKey was not specified in secret.js. A randomly generated private key will be used instead.");
console.error("config: secret: jwtPrivateKey was not specified in secret.js. A randomly generated private key will be used instead.");
module.exports.jwtPrivateKey = require("crypto").randomBytes(129).toString("base64");
}