backend: disallow gateway clients from authenticating if they're already authenticated
This commit is contained in:
parent
9c9f764e6d
commit
fec30b7ec9
2 changed files with 5 additions and 0 deletions
|
@ -13,4 +13,5 @@ export const gatewayErrors = {
|
|||
AUTHENTICATION_TIMEOUT: { code: 4003, message: "Authentication timeout" },
|
||||
NO_PING: { code: 4004, message: "No ping" },
|
||||
FLOODING: { code: 4005, message: "Flooding (exceeded maximum messages per batch)" },
|
||||
ALREADY_AUTHENTICATED: { code: 4006, message: "Already authenticated" },
|
||||
};
|
||||
|
|
|
@ -178,6 +178,10 @@ export default function(server: Server) {
|
|||
|
||||
switch (payload.t) {
|
||||
case GatewayPayloadType.Authenticate: {
|
||||
if (ws.state.ready) {
|
||||
return closeWithError(ws, gatewayErrors.ALREADY_AUTHENTICATED);
|
||||
}
|
||||
|
||||
const token = payload.d;
|
||||
if (typeof token !== "string") {
|
||||
return closeWithBadPayload(ws, "d: expected string");
|
||||
|
|
Loading…
Reference in a new issue