zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use UUID that can decode back to SSID

Browse Source
This commit is contained in:
zefie
2026-05-01 19:21:11 -04:00
parent 9400c1f917
commit 4f20c08ed0
2 changed files with 83 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
zefie_wtvp_minisrv/includes/ServiceVault/msntv2/sg1/connection/boxcheck.html.js
View File

@@ -4,11 +4,27 @@ let BoxId = request_headers.query.BoxId;
if (Array.isArray(BoxId)) BoxId = BoxId[0];
let clientIp = socket.remoteAddress;
let banned = false;
let sessionId = null;
if (!BoxId || BoxId.length != 20 || !/^\d+$/.test(BoxId))
{
console.warn("Invalid BoxId format "+BoxId+" from "+clientIp);
banned = true;
// Use the shared MSNTV2 helper injected by WTV-MSNTV2 VM context.
if (BoxId) {
if (!BoxId || BoxId.length != 20 || !/^\d+$/.test(BoxId))
{
console.warn("Invalid BoxId format "+BoxId+" from "+clientIp);
banned = true;
} else {
sessionId = encodeSessionID(BoxId);
}
} else if (request_headers.cookie.SessionID) {
BoxID = decodeSessionID(request_headers.cookie.SessionID);
sessionId = request_headers.cookie.SessionID;
} else {
console.warn("No BoxId provided by client "+clientIp);
banned = true;
}
if (!sessionId && !banned) {
banned = true;
}
// Current UTC time
@@ -42,8 +58,6 @@ const {
daylightOffset
} = timezoneMap["UTC"];
const sessionId = crypto.randomUUID();
ssid_sessions[socket.ssid] = new WTVClientSessionData(minisrv_config, socket.ssid);
ssid_sessions[socket.ssid].set('SessionID', sessionId);