fix secret.js and disallow YOO packet after user is already authenticated

This commit is contained in:
hippoz 2021-09-08 01:02:08 +03:00
parent f1b6da19a2
commit 81a08101e9
No known key found for this signature in database
GPG key ID: 7C52899193467641
2 changed files with 3 additions and 2 deletions

View file

@ -106,6 +106,7 @@ class GatewayServer extends EventEmitter {
const message = parseMessage(data.toString());
switch (message.opcodeType) {
case "YOO": {
if (ws.session.authenticated) return closeConnectionWithCode(ws, wsCloseCodes.PAYLOAD_ERROR);
// The client has responded to our HELLO with a YOO packet
try {
const user = await checkToken(message.data.token);

View file

@ -1,10 +1,10 @@
module.exports = {
jwtPrivateKey: "KjEY",
jwtPrivateKey: "KEY",
};
// Set default values
// You shouldn't need to touch this for configuring this
if (module.exports.jwtPrivateKey === "KEY") {
console.error("[*] [config] jwtPrivateKey was not specified in secret.js. A randomly generated private key will be used instead.");
console.error("config: secret: jwtPrivateKey was not specified in secret.js. A randomly generated private key will be used instead.");
module.exports.jwtPrivateKey = require("crypto").randomBytes(129).toString("base64");
}