From 81a08101e9bc1c33bad8795f73d7d94bd74bd74f Mon Sep 17 00:00:00 2001 From: hippoz Date: Wed, 8 Sep 2021 01:02:08 +0300 Subject: [PATCH] fix secret.js and disallow YOO packet after user is already authenticated --- brainlet/api/v2/gateway/index.js | 1 + brainlet/secret.js | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/brainlet/api/v2/gateway/index.js b/brainlet/api/v2/gateway/index.js index 106fef6..465a33a 100644 --- a/brainlet/api/v2/gateway/index.js +++ b/brainlet/api/v2/gateway/index.js @@ -106,6 +106,7 @@ class GatewayServer extends EventEmitter { const message = parseMessage(data.toString()); switch (message.opcodeType) { case "YOO": { + if (ws.session.authenticated) return closeConnectionWithCode(ws, wsCloseCodes.PAYLOAD_ERROR); // The client has responded to our HELLO with a YOO packet try { const user = await checkToken(message.data.token); diff --git a/brainlet/secret.js b/brainlet/secret.js index 89ea062..26e1147 100755 --- a/brainlet/secret.js +++ b/brainlet/secret.js @@ -1,10 +1,10 @@ module.exports = { - jwtPrivateKey: "KjEY", + jwtPrivateKey: "KEY", }; // Set default values // You shouldn't need to touch this for configuring this if (module.exports.jwtPrivateKey === "KEY") { - console.error("[*] [config] jwtPrivateKey was not specified in secret.js. A randomly generated private key will be used instead."); + console.error("config: secret: jwtPrivateKey was not specified in secret.js. A randomly generated private key will be used instead."); module.exports.jwtPrivateKey = require("crypto").randomBytes(129).toString("base64"); }