Don't trust the client username for websockets, use auth instead
This commit is contained in:
parent
5f5da3207f
commit
2b3ee604b5
|
@ -13,6 +13,6 @@ object Main extends LilaController {
|
|||
implicit val ctx = reqToCtx(req)
|
||||
env.site.socket.join(
|
||||
uidOption = get("uid"),
|
||||
username = get("username"))
|
||||
username = ctx.me map (_.username))
|
||||
}
|
||||
}
|
||||
|
|
|
@ -25,14 +25,14 @@ object Round extends LilaController {
|
|||
def websocketWatcher(gameId: String, color: String) = WebSocket.async[JsValue] { req ⇒
|
||||
implicit val ctx = reqToCtx(req)
|
||||
socket.joinWatcher(
|
||||
gameId, color, getInt("version"), get("uid"), get("username")
|
||||
gameId, color, getInt("version"), get("uid"), ctx.me map (_.username)
|
||||
).unsafePerformIO
|
||||
}
|
||||
|
||||
def websocketPlayer(fullId: String) = WebSocket.async[JsValue] { req ⇒
|
||||
implicit val ctx = reqToCtx(req)
|
||||
socket.joinPlayer(
|
||||
fullId, getInt("version"), get("uid"), get("username")
|
||||
fullId, getInt("version"), get("uid"), ctx.me map (_.username)
|
||||
).unsafePerformIO
|
||||
}
|
||||
|
||||
|
|
|
@ -8,9 +8,6 @@ var lichess_translations = [];
|
|||
var lichess = {
|
||||
socket: null,
|
||||
socketDefaults: {
|
||||
params: {
|
||||
username: $('#username_tag').text()
|
||||
},
|
||||
events: {
|
||||
n: function(e) {
|
||||
var $tag = $('#nb_connected_players');
|
||||
|
|
|
@ -18,7 +18,6 @@ $(function() {
|
|||
var $userTag = $('#user_tag');
|
||||
var isRegistered = $userTag.length > 0
|
||||
var myElo = isRegistered ? parseInt($userTag.data('elo')) : null;
|
||||
var username = isRegistered ? $('#username_tag').text() : "Anonymous";
|
||||
var hookOwnerId = $hooks.data('my-hook');
|
||||
|
||||
if (chatExists) {
|
||||
|
@ -38,7 +37,7 @@ $(function() {
|
|||
return false;
|
||||
}
|
||||
$input.val('');
|
||||
lichess.socket.send('talk', { u: username, txt: text });
|
||||
lichess.socket.send('talk', { txt: text });
|
||||
return false;
|
||||
});
|
||||
$chat.find('a.send').click(function() { $input.trigger('click'); $form.submit(); });
|
||||
|
|
Loading…
Reference in a new issue