zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix null user bug, but also make a page to intentionally trigger it

Browse Source
This commit is contained in:
zefie
2022-02-15 17:48:43 -05:00
parent f32c4b1926
commit 59ba999b5a
4 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
zefie_wtvp_minisrv/ServiceVault/wtv-tricks/nullify-me.js Normal file
View File

@@ -0,0 +1,14 @@
var minisrv_service_file = true;
if (ssid_sessions[socket.ssid]) {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login) {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store) {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id != null) {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id >= 0)
ssid_sessions[socket.ssid].switchUserID(null);
}
}
}
}
headers = "400 You are now nullified.";

2
zefie_wtvp_minisrv/WTVClientSessionData.js
View File

@@ -362,6 +362,8 @@ class WTVClientSessionData {
} catch (e) {
// Don't log error 'file not found', it just means the client isn't registered yet
if (e.code != "ENOENT") console.error(" # Error loading session data for", this.wtvshared.filterSSID(this.ssid), e);
// also wipe any existing session_store
this.session_store = {};
return false;
}
}

6
zefie_wtvp_minisrv/app.js
View File

@@ -1095,8 +1095,8 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq
if (headers["wtv-incarnation"]) ssid_sessions[socket.ssid].data_store.wtvsec_login.set_incarnation(headers["wtv-incarnation"]);
ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"];
ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64);
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id) {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id > 0)
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id != null) {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id >= 0)
ssid_sessions[socket.ssid].switchUserID(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id, true, false);
}
} else {
@@ -1106,7 +1106,7 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq
ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"];
ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64);
if (headers["wtv-incarnation"]) ssid_sessions[socket.ssid].data_store.wtvsec_login.set_incarnation(headers["wtv-incarnation"]);
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id > 0) {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id >= 0) {
if (ssid_sessions[socket.ssid].user_id != ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id)
switchUserID(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id, true, false);
}

3
zefie_wtvp_minisrv/zefie_wtvp_minisrv.njsproj
View File

@@ -316,6 +316,9 @@
<Content Include="ServiceVault\wtv-tricks\info.js">
<SubType>Code</SubType>
</Content>
<Content Include="ServiceVault\wtv-tricks\nullify-me.js">
<SubType>Code</SubType>
</Content>
<Content Include="ServiceVault\wtv-tricks\register.js">
<SubType>Code</SubType>
</Content>