send existing cookie on join call

2025-12-26 15:57:50 +01:00 · 2022-01-25 18:05:35 -05:00
parent 14e158c0b4
commit 2c9e7c14f8
5 changed files with 27 additions and 14 deletions
--- a/client/src/modules/GameCreationStepManager.js
+++ b/client/src/modules/GameCreationStepManager.js
@@ -295,7 +295,6 @@ function renderRoleSelectionStep (game, containerId, step, deckManager) {
    };

    const clickHandler = () => {
-        console.log('fired');
        const actions = document.getElementById('custom-role-actions');
        if (actions.style.display !== 'none') {
            actions.style.display = 'none';
--- a/client/src/scripts/join.js
+++ b/client/src/scripts/join.js
@@ -35,7 +35,12 @@ const joinHandler = (e) => {
            '/api/games/' + accessCode + '/players',
            'PATCH',
            null,
-            JSON.stringify({ playerName: name, accessCode: accessCode })
+            JSON.stringify({
+                playerName: name,
+                accessCode: accessCode,
+                sessionCookie: UserUtility.validateAnonUserSignature(globals.ENVIRONMENT.LOCAL),
+                localCookie: UserUtility.validateAnonUserSignature(globals.ENVIRONMENT.PRODUCTION)
+            })
        )
            .then((res) => {
                const json = JSON.parse(res.content);
--- a/server/api/GamesAPI.js
+++ b/server/api/GamesAPI.js
@@ -27,7 +27,7 @@ const corsOptions = process.env.NODE_ENV.trim() === 'development'
    };

 router.use(cors(corsOptions));
-// router.options('/:code/players', cors(corsOptions));
+router.options('/:code/players', cors(corsOptions));

 if (process.env.NODE_ENV.trim() === 'production') { // in prod, limit clients to creating 5 games per 10 minutes.
    router.use('/create', apiLimiter);
@@ -50,7 +50,6 @@ router.post('/create', function (req, res) {
 });

 router.get('/:code/availability', function (req, res) {
-    console.log(req.params.code);
    const availabilityPromise = gameManager.checkAvailability(req.params.code);
    availabilityPromise.then((result) => {
        if (result === 404) {
@@ -67,17 +66,19 @@ router.get('/:code/availability', function (req, res) {
 });

 router.patch('/:code/players', function (req, res) {
-    console.log(req.body);
    if (
        req.body === null
        || !validateAccessCode(req.body.accessCode)
        || !validateName(req.body.playerName)
+        || !validateCookie(req.body.localCookie)
+        || !validateCookie(req.body.sessionCookie)
    ) {
        res.status(400).send();
    } else {
        const game = gameManager.activeGameRunner.activeGames[req.body.accessCode];
        if (game) {
-            gameManager.joinGame(game, req.body.playerName).then((data) => {
+            let inUseCookie = gameManager.environment === globals.ENVIRONMENT.PRODUCTION ? req.body.localCookie : req.body.sessionCookie
+            gameManager.joinGame(game, req.body.playerName, inUseCookie).then((data) => {
                res.status(200).send({ cookie: data, environment: gameManager.environment });
            }).catch((code) => {
                res.status(code).send();
@@ -96,11 +97,9 @@ function validateName (name) {
    return typeof name === 'string' && name.length > 0 && name.length <= 30;
 }

-// function validateCookie (cookie) {
-//     return cookie === null
-//         || (typeof cookie !== 'string' && cookie !== false)
-//         || (cookie.length !== globals.USER_SIGNATURE_LENGTH && cookie !== false);
-// }
+function validateCookie (cookie) {
+    return cookie === null || cookie === false || (typeof cookie === 'string' && cookie.length === globals.USER_SIGNATURE_LENGTH)
+}

 function validateAccessCode (accessCode) {
    return /^[a-zA-Z0-9]+$/.test(accessCode) && accessCode.length === globals.ACCESS_CODE_LENGTH;
--- a/server/modules/GameManager.js
+++ b/server/modules/GameManager.js
@@ -254,7 +254,11 @@ class GameManager {
        }
    };

-    joinGame = (game, name) => {
+    joinGame = (game, name, cookie) => {
+        const matchingPerson = findPersonByField(game, 'cookie', cookie);
+        if (matchingPerson) {
+            return Promise.resolve(matchingPerson.cookie);
+        }
        if (isNameTaken(game, name)) {
            return Promise.reject(400);
        }
--- a/server/modules/ServerBootstrapper.js
+++ b/server/modules/ServerBootstrapper.js
@@ -3,7 +3,6 @@ const http = require('http');
 const https = require('https');
 const path = require('path');
 const fs = require('fs');
-const secure = require('express-force-https');

 const ServerBootstrapper = {
    processCLIArgs: () => {
@@ -56,8 +55,15 @@ const ServerBootstrapper = {
            }
        } else {
            logger.warn('starting main in PRODUCTION mode. This should not be used for local development.');
-            app.use(secure);
            main = http.createServer(app);
+            app.use(function(req,res,next) {
+                const schema = (req.headers['x-forwarded-proto'] || '').toLowerCase();
+                if (!req.path.includes('/_ah/start') && req.headers.host.indexOf('localhost')<0 && schema!=='https') {
+                    res.redirect('https://' + req.headers.host + req.url);
+                } else {
+                    next();
+                }
+            });
        }

        return main;