From 1ea7a5f059f5d39c94c8b58e2d6b1d818dfa10f4 Mon Sep 17 00:00:00 2001
From: Sainan <63328889+Sainan@users.noreply.github.com>
Date: Mon, 5 May 2025 13:58:51 +0200
Subject: [PATCH] fix: login failure on U17

---
 src/app.ts                             | 3 ++-
 src/controllers/api/loginController.ts | 7 +++++--
 src/routes/api.ts                      | 2 ++
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/app.ts b/src/app.ts
index 36c1437e..48079166 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -23,7 +23,8 @@ app.use((req, _res, next) => {
     }
 
     // U18 uses application/x-www-form-urlencoded even tho the data is JSON which Express doesn't like.
-    if (req.headers["content-type"] == "application/x-www-form-urlencoded") {
+    // U17 sets no Content-Type at all, which Express also doesn't like.
+    if (!req.headers["content-type"] || req.headers["content-type"] == "application/x-www-form-urlencoded") {
         req.headers["content-type"] = "application/octet-stream";
     }
 
diff --git a/src/controllers/api/loginController.ts b/src/controllers/api/loginController.ts
index 4ba97134..de8b7951 100644
--- a/src/controllers/api/loginController.ts
+++ b/src/controllers/api/loginController.ts
@@ -82,8 +82,11 @@ export const loginController: RequestHandler = async (request, response) => {
         }
     } else {
         if (account.Nonce && account.ClientType != "webui" && !account.Dropped && !loginRequest.kick) {
-            response.status(400).json({ error: "nonce still set" });
-            return;
+            // U17 seems to handle "nonce still set" like a login failure.
+            if (version_compare(buildLabel, "2015.12.05.18.07") >= 0) {
+                response.status(400).send({ error: "nonce still set" });
+                return;
+            }
         }
 
         account.ClientType = loginRequest.ClientType;
diff --git a/src/routes/api.ts b/src/routes/api.ts
index aeecf060..56602f4a 100644
--- a/src/routes/api.ts
+++ b/src/routes/api.ts
@@ -186,6 +186,7 @@ apiRouter.get("/getVendorInfo.php", getVendorInfoController);
 apiRouter.get("/hub", hubController);
 apiRouter.get("/hubInstances", hubInstancesController);
 apiRouter.get("/inbox.php", inboxController);
+apiRouter.get("/getMessages.php", inboxController); // unsure if this is correct, but needed for U17
 apiRouter.get("/inventory.php", inventoryController);
 apiRouter.get("/loginRewards.php", loginRewardsController);
 apiRouter.get("/logout.php", logoutController);
@@ -278,6 +279,7 @@ apiRouter.post("/playerSkills.php", playerSkillsController);
 apiRouter.post("/postGuildAdvertisement.php", postGuildAdvertisementController);
 apiRouter.post("/projectionManager.php", projectionManagerController);
 apiRouter.post("/purchase.php", purchaseController);
+apiRouter.post("/questControl.php", questControlController); // U17
 apiRouter.post("/redeemPromoCode.php", redeemPromoCodeController);
 apiRouter.post("/releasePet.php", releasePetController);
 apiRouter.post("/removeFromGuild.php", removeFromGuildController);