_Bastler/partey_workadventure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

FIX: calling emitPlayGlobalMessage in pusher without the admin tag will throw an error

Browse Source
This commit is contained in:
kharhamel 2021-04-14 11:56:54 +02:00
parent faade46400
commit 5ebb0c94e6
2 changed files with 4 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
back/src/Services/SocketManager.ts
View File

@ -510,19 +510,6 @@ export class SocketManager {
return this.rooms; return this.rooms;
} }
/**
*
* @param token
*/
/*searchClientByUuid(uuid: string): ExSocketInterface | null {
for(const socket of this.sockets.values()){
if(socket.userUuid === uuid){
return socket;
}
}
return null;
}*/
public handleQueryJitsiJwtMessage(user: User, queryJitsiJwtMessage: QueryJitsiJwtMessage) { public handleQueryJitsiJwtMessage(user: User, queryJitsiJwtMessage: QueryJitsiJwtMessage) {
const room = queryJitsiJwtMessage.getJitsiroom(); const room = queryJitsiJwtMessage.getJitsiroom();

4
pusher/src/Services/SocketManager.ts
View File

@ -364,6 +364,10 @@ export class SocketManager implements ZoneEventListener {
} }
emitPlayGlobalMessage(client: ExSocketInterface, playglobalmessage: PlayGlobalMessage) { emitPlayGlobalMessage(client: ExSocketInterface, playglobalmessage: PlayGlobalMessage) {
if (!client.tags.includes('admin')) {
//In case of xss injection, we just kill the connection.
throw 'Client is not an admin!';
}
const pusherToBackMessage = new PusherToBackMessage(); const pusherToBackMessage = new PusherToBackMessage();
pusherToBackMessage.setPlayglobalmessage(playglobalmessage); pusherToBackMessage.setPlayglobalmessage(playglobalmessage);