OpenWF/SpaceNinjaServer
12
6
Fork 15
Code Issues 45 Pull Requests 6 Actions Packages Projects Releases Activity

chore: improve authentication and Dropped logic
All checks were successful
Build / build (22) (push) Successful in 48s
Details
Build / build (18) (push) Successful in 1m13s
Details
Build / build (20) (push) Successful in 1m21s
Details
Build / build (22) (pull_request) Successful in 1m26s
Details
Build / build (18) (pull_request) Successful in 45s
Details
Build / build (20) (pull_request) Successful in 1m10s
Details

Browse Source 
- Dropped is now also unset by getAccountForRequest
- Improved how nonce is validated to avoid possible parser mismatch issues to smuggle a 0
- Updated ircDroppedController to perform only a single MongoDB operation
This commit is contained in:
Sainan 2025-03-23 12:43:52 +01:00
parent b8e3be5018
commit 403807ef87
2 changed files with 28 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/controllers/custom/ircDroppedController.ts
View File

@ -1,9 +1,24 @@
import { getAccountForRequest } from "@/src/services/loginService";
import { Account } from "@/src/models/loginModel";
import { RequestHandler } from "express";
export const ircDroppedController: RequestHandler = async (req, res) => {
const account = await getAccountForRequest(req);
account.Dropped = true;
await account.save();
if (!req.query.accountId) {
throw new Error("Request is missing accountId parameter");
}
const nonce: number = parseInt(req.query.nonce as string);
if (!nonce) {
throw new Error("Request is missing nonce parameter");
}
await Account.updateOne(
{
_id: req.query.accountId,
Nonce: nonce
},
{
Dropped: true
}
);
res.end();
};

17
src/services/loginService.ts
View File

@ -69,26 +69,27 @@ export const getAccountForRequest = async (req: Request): Promise<TAccountDocume
if (!req.query.accountId) {
throw new Error("Request is missing accountId parameter");
}
if (!req.query.nonce || parseInt(req.query.nonce as string) === 0) {
const nonce: number = parseInt(req.query.nonce as string);
if (!nonce) {
throw new Error("Request is missing nonce parameter");
}
const account = await Account.findOne({
_id: req.query.accountId,
Nonce: req.query.nonce
Nonce: nonce
});
if (!account) {
throw new Error("Invalid accountId-nonce pair");
}
if (account.Dropped && req.query.ct) {
account.Dropped = undefined;
await account.save();
}
return account;
};
export const getAccountIdForRequest = async (req: Request): Promise<string> => {
const account = await getAccountForRequest(req);
if (account.Dropped && req.query.ct) {
account.Dropped = undefined;
await account.save();
}
return account._id.toString();
return (await getAccountForRequest(req))._id.toString();
};
export const isAdministrator = (account: TAccountDocument): boolean => {