alois/OpenFrontIO
1
0
Fork 0
mirror of https://github.com/openfrontio/OpenFrontIO.git synced 2026-06-26 18:24:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

validate persistent id on client reconnect, validate client message ClientID and intent ClientID match to prevent spoofing

Browse Source
This commit is contained in:
evan
2025-05-06 19:44:18 -07:00
parent 991153c6b3
commit f278c46afb
1 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/server/GameServer.ts
+18 -6
View File
@@ -126,11 +126,17 @@ export class GameServer {
(c) => c.clientID == client.clientID,
);
if (existing != null) {
if (client.persistentID != existing.persistentID) {
console.warn(
`client ${client.clientID} cannot rejoin game, persistent id mismatch: exist pid: ${existing.persistentID}, new pid: ${client.persistentID}`,
);
return;
}
existing.ws.removeAllListeners("message");
this.activeClients = this.activeClients.filter(
(c) => c.clientID != client.clientID,
);
}
this.activeClients = this.activeClients.filter(
(c) => c.clientID != client.clientID,
);
this.activeClients.push(client);
client.lastPing = Date.now();
@@ -164,14 +170,20 @@ export class GameServer {
clientMsg.persistentID = null;
if (clientMsg.type == "intent") {
if (clientMsg.gameID == this.id) {
this.addIntent(clientMsg.intent);
} else {
if (clientMsg.gameID != this.id) {
this.log.warn("client sent to wrong game", {
clientID: clientMsg.clientID,
persistentID: clientMsg.persistentID,
});
return;
}
if (clientMsg.intent.clientID != clientMsg.clientID) {
this.log.warn(
`client id mismatch, client message: ${clientMsg.clientID}, intent client id ${clientMsg.intent.clientID}`,
);
return;
}
this.addIntent(clientMsg.intent);
}
if (clientMsg.type == "ping") {
this.lastPingUpdate = Date.now();