From 5ebb0c94e6737e1b83a9b4a2f0e024b1620bb3ab Mon Sep 17 00:00:00 2001 From: kharhamel Date: Wed, 14 Apr 2021 11:56:54 +0200 Subject: [PATCH] FIX: calling emitPlayGlobalMessage in pusher without the admin tag will throw an error --- back/src/Services/SocketManager.ts | 13 ------------- pusher/src/Services/SocketManager.ts | 4 ++++ 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/back/src/Services/SocketManager.ts b/back/src/Services/SocketManager.ts index 4a76f131..647afc95 100644 --- a/back/src/Services/SocketManager.ts +++ b/back/src/Services/SocketManager.ts @@ -510,19 +510,6 @@ export class SocketManager { return this.rooms; } - /** - * - * @param token - */ - /*searchClientByUuid(uuid: string): ExSocketInterface | null { - for(const socket of this.sockets.values()){ - if(socket.userUuid === uuid){ - return socket; - } - } - return null; - }*/ - public handleQueryJitsiJwtMessage(user: User, queryJitsiJwtMessage: QueryJitsiJwtMessage) { const room = queryJitsiJwtMessage.getJitsiroom(); diff --git a/pusher/src/Services/SocketManager.ts b/pusher/src/Services/SocketManager.ts index 6efd6f8d..726e11a1 100644 --- a/pusher/src/Services/SocketManager.ts +++ b/pusher/src/Services/SocketManager.ts @@ -364,6 +364,10 @@ export class SocketManager implements ZoneEventListener { } emitPlayGlobalMessage(client: ExSocketInterface, playglobalmessage: PlayGlobalMessage) { + if (!client.tags.includes('admin')) { + //In case of xss injection, we just kill the connection. + throw 'Client is not an admin!'; + } const pusherToBackMessage = new PusherToBackMessage(); pusherToBackMessage.setPlayglobalmessage(playglobalmessage);