deepcrayon/lila
deepcrayon/lila
1
0
Fork 0
Code Releases Activity

Don't trust the client username for websockets, use auth instead

Browse source
This commit is contained in:
Thibault Duplessis 2012-05-20 22:50:00 +02:00
parent 5f5da3207f
commit 2b3ee604b5
4 changed files with 4 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/Main.scala
View file

@ -13,6 +13,6 @@ object Main extends LilaController {
implicit val ctx = reqToCtx(req)
env.site.socket.join(
uidOption = get("uid"),
username = get("username"))
username = ctx.me map (_.username))
}
}

4
app/controllers/Round.scala
View file

@ -25,14 +25,14 @@ object Round extends LilaController {
def websocketWatcher(gameId: String, color: String) = WebSocket.async[JsValue] { req
implicit val ctx = reqToCtx(req)
socket.joinWatcher(
gameId, color, getInt("version"), get("uid"), get("username")
gameId, color, getInt("version"), get("uid"), ctx.me map (_.username)
).unsafePerformIO
}
def websocketPlayer(fullId: String) = WebSocket.async[JsValue] { req
implicit val ctx = reqToCtx(req)
socket.joinPlayer(
fullId, getInt("version"), get("uid"), get("username")
fullId, getInt("version"), get("uid"), ctx.me map (_.username)
).unsafePerformIO
}

3
public/javascripts/ctrl.js
View file

@ -8,9 +8,6 @@ var lichess_translations = [];
var lichess = {
socket: null,
socketDefaults: {
params: {
username: $('#username_tag').text()
},
events: {
n: function(e) {
var $tag = $('#nb_connected_players');

3
public/javascripts/hook.js
View file

@ -18,7 +18,6 @@ $(function() {
var $userTag = $('#user_tag');
var isRegistered = $userTag.length > 0
var myElo = isRegistered ? parseInt($userTag.data('elo')) : null;
var username = isRegistered ? $('#username_tag').text() : "Anonymous";
var hookOwnerId = $hooks.data('my-hook');
if (chatExists) {
@ -38,7 +37,7 @@ $(function() {
return false;
}
$input.val('');
lichess.socket.send('talk', { u: username, txt: text });
lichess.socket.send('talk', { txt: text });
return false;
});
$chat.find('a.send').click(function() { $input.trigger('click'); $form.submit(); });