src/controllers/api/loginController.ts

@@ -59,19 +59,10 @@ export const loginController: RequestHandler = async (request, response) => {
         return;
     }
 
-    if (loginRequest.ClientType == "webui") {
-        if (!account.Nonce) {
-            account.ClientType = "webui";
+    if (account.Nonce == 0 || loginRequest.ClientType != "webui") {
         account.Nonce = nonce;
     }
-    } else {
-        if (account.Nonce && account.ClientType != "webui" && !account.Dropped && !loginRequest.kick) {
-            response.status(400).json({ error: "nonce still set" });
-            return;
-        }
-
-        account.ClientType = loginRequest.ClientType;
-        account.Nonce = nonce;
+    if (loginRequest.ClientType != "webui") {
         account.CountryCode = loginRequest.lang.toUpperCase();
     }
     await account.save();

src/controllers/custom/ircDroppedController.ts

@@ -1,9 +0,0 @@
-import { getAccountForRequest } from "@/src/services/loginService";
-import { RequestHandler } from "express";
-
-export const ircDroppedController: RequestHandler = async (req, res) => {
-    const account = await getAccountForRequest(req);
-    account.Dropped = true;
-    await account.save();
-    res.end();
-};

src/models/loginModel.ts

@@ -20,7 +20,6 @@ const databaseAccountSchema = new Schema<IDatabaseAccountJson>(
         ConsentNeeded: { type: Boolean, required: true },
         TrackedSettings: { type: [String], default: [] },
         Nonce: { type: Number, default: 0 },
-        Dropped: Boolean,
         LastLoginDay: { type: Number },
         LatestEventMessageDate: { type: Date, default: 0 }
     },

src/routes/custom.ts

@@ -7,7 +7,6 @@ import { popArchonCrystalUpgradeController } from "@/src/controllers/custom/popA
 import { deleteAccountController } from "@/src/controllers/custom/deleteAccountController";
 import { getNameController } from "@/src/controllers/custom/getNameController";
 import { renameAccountController } from "@/src/controllers/custom/renameAccountController";
-import { ircDroppedController } from "@/src/controllers/custom/ircDroppedController";
 
 import { createAccountController } from "@/src/controllers/custom/createAccountController";
 import { createMessageController } from "@/src/controllers/custom/createMessageController";
@@ -29,7 +28,6 @@ customRouter.get("/popArchonCrystalUpgrade", popArchonCrystalUpgradeController);
 customRouter.get("/deleteAccount", deleteAccountController);
 customRouter.get("/getName", getNameController);
 customRouter.get("/renameAccount", renameAccountController);
-customRouter.get("/ircDropped", ircDroppedController);
 
 customRouter.post("/createAccount", createAccountController);
 customRouter.post("/createMessage", createMessageController);

src/services/loginService.ts

@@ -82,12 +82,21 @@ export const getAccountForRequest = async (req: Request): Promise<TAccountDocume
 };
 
 export const getAccountIdForRequest = async (req: Request): Promise<string> => {
-    const account = await getAccountForRequest(req);
-    if (account.Dropped && req.query.ct) {
-        account.Dropped = undefined;
-        await account.save();
+    if (!req.query.accountId) {
+        throw new Error("Request is missing accountId parameter");
     }
-    return account._id.toString();
+    if (!req.query.nonce || parseInt(req.query.nonce as string) === 0) {
+        throw new Error("Request is missing nonce parameter");
+    }
+    if (
+        !(await Account.exists({
+            _id: req.query.accountId,
+            Nonce: req.query.nonce
+        }))
+    ) {
+        throw new Error("Invalid accountId-nonce pair");
+    }
+    return req.query.accountId as string;
 };
 
 export const isAdministrator = (account: TAccountDocument): boolean => {

src/types/loginTypes.ts

@@ -14,7 +14,6 @@ export interface IAccountAndLoginResponseCommons {
 export interface IDatabaseAccount extends IAccountAndLoginResponseCommons {
     email: string;
     password: string;
-    Dropped?: boolean;
     LastLoginDay?: number;
     LatestEventMessageDate: Date;
 }
@@ -33,7 +32,6 @@ export interface ILoginRequest {
     date: number;
     ClientType: string;
     PS: string;
-    kick?: boolean;
 }
 
 export interface ILoginResponse extends IAccountAndLoginResponseCommons {