hippoz/waffle
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

backend: disallow gateway clients from authenticating if they're already authenticated

Browse source
This commit is contained in:
hippoz 2022-04-14 21:10:05 +03:00
parent 9c9f764e6d
commit fec30b7ec9
No known key found for this signature in database
GPG key ID: 7C52899193467641
2 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/errors.ts
View file

@ -13,4 +13,5 @@ export const gatewayErrors = {
AUTHENTICATION_TIMEOUT: { code: 4003, message: "Authentication timeout" }, AUTHENTICATION_TIMEOUT: { code: 4003, message: "Authentication timeout" },
NO_PING: { code: 4004, message: "No ping" }, NO_PING: { code: 4004, message: "No ping" },
FLOODING: { code: 4005, message: "Flooding (exceeded maximum messages per batch)" }, FLOODING: { code: 4005, message: "Flooding (exceeded maximum messages per batch)" },
ALREADY_AUTHENTICATED: { code: 4006, message: "Already authenticated" },
}; };

4
src/gateway/index.ts
View file

@ -178,6 +178,10 @@ export default function(server: Server) {
switch (payload.t) { switch (payload.t) {
case GatewayPayloadType.Authenticate: { case GatewayPayloadType.Authenticate: {
if (ws.state.ready) {
return closeWithError(ws, gatewayErrors.ALREADY_AUTHENTICATED);
}
const token = payload.d; const token = payload.d;
if (typeof token !== "string") { if (typeof token !== "string") {
return closeWithBadPayload(ws, "d: expected string"); return closeWithBadPayload(ws, "d: expected string");