From 2c9e7c14f8cea672ee7935aa4dee4c458413eef0 Mon Sep 17 00:00:00 2001 From: AlecM33 Date: Tue, 25 Jan 2022 18:05:35 -0500 Subject: [PATCH] send existing cookie on join call --- client/src/modules/GameCreationStepManager.js | 1 - client/src/scripts/join.js | 7 ++++++- server/api/GamesAPI.js | 17 ++++++++--------- server/modules/GameManager.js | 6 +++++- server/modules/ServerBootstrapper.js | 10 ++++++++-- 5 files changed, 27 insertions(+), 14 deletions(-) diff --git a/client/src/modules/GameCreationStepManager.js b/client/src/modules/GameCreationStepManager.js index 4101e72..eb6884f 100644 --- a/client/src/modules/GameCreationStepManager.js +++ b/client/src/modules/GameCreationStepManager.js @@ -295,7 +295,6 @@ function renderRoleSelectionStep (game, containerId, step, deckManager) { }; const clickHandler = () => { - console.log('fired'); const actions = document.getElementById('custom-role-actions'); if (actions.style.display !== 'none') { actions.style.display = 'none'; diff --git a/client/src/scripts/join.js b/client/src/scripts/join.js index f9b929f..876ec57 100644 --- a/client/src/scripts/join.js +++ b/client/src/scripts/join.js @@ -35,7 +35,12 @@ const joinHandler = (e) => { '/api/games/' + accessCode + '/players', 'PATCH', null, - JSON.stringify({ playerName: name, accessCode: accessCode }) + JSON.stringify({ + playerName: name, + accessCode: accessCode, + sessionCookie: UserUtility.validateAnonUserSignature(globals.ENVIRONMENT.LOCAL), + localCookie: UserUtility.validateAnonUserSignature(globals.ENVIRONMENT.PRODUCTION) + }) ) .then((res) => { const json = JSON.parse(res.content); diff --git a/server/api/GamesAPI.js b/server/api/GamesAPI.js index e81a348..061f424 100644 --- a/server/api/GamesAPI.js +++ b/server/api/GamesAPI.js @@ -27,7 +27,7 @@ const corsOptions = process.env.NODE_ENV.trim() === 'development' }; router.use(cors(corsOptions)); -// router.options('/:code/players', cors(corsOptions)); +router.options('/:code/players', cors(corsOptions)); if (process.env.NODE_ENV.trim() === 'production') { // in prod, limit clients to creating 5 games per 10 minutes. router.use('/create', apiLimiter); @@ -50,7 +50,6 @@ router.post('/create', function (req, res) { }); router.get('/:code/availability', function (req, res) { - console.log(req.params.code); const availabilityPromise = gameManager.checkAvailability(req.params.code); availabilityPromise.then((result) => { if (result === 404) { @@ -67,17 +66,19 @@ router.get('/:code/availability', function (req, res) { }); router.patch('/:code/players', function (req, res) { - console.log(req.body); if ( req.body === null || !validateAccessCode(req.body.accessCode) || !validateName(req.body.playerName) + || !validateCookie(req.body.localCookie) + || !validateCookie(req.body.sessionCookie) ) { res.status(400).send(); } else { const game = gameManager.activeGameRunner.activeGames[req.body.accessCode]; if (game) { - gameManager.joinGame(game, req.body.playerName).then((data) => { + let inUseCookie = gameManager.environment === globals.ENVIRONMENT.PRODUCTION ? req.body.localCookie : req.body.sessionCookie + gameManager.joinGame(game, req.body.playerName, inUseCookie).then((data) => { res.status(200).send({ cookie: data, environment: gameManager.environment }); }).catch((code) => { res.status(code).send(); @@ -96,11 +97,9 @@ function validateName (name) { return typeof name === 'string' && name.length > 0 && name.length <= 30; } -// function validateCookie (cookie) { -// return cookie === null -// || (typeof cookie !== 'string' && cookie !== false) -// || (cookie.length !== globals.USER_SIGNATURE_LENGTH && cookie !== false); -// } +function validateCookie (cookie) { + return cookie === null || cookie === false || (typeof cookie === 'string' && cookie.length === globals.USER_SIGNATURE_LENGTH) +} function validateAccessCode (accessCode) { return /^[a-zA-Z0-9]+$/.test(accessCode) && accessCode.length === globals.ACCESS_CODE_LENGTH; diff --git a/server/modules/GameManager.js b/server/modules/GameManager.js index fd04b0e..9b8e76d 100644 --- a/server/modules/GameManager.js +++ b/server/modules/GameManager.js @@ -254,7 +254,11 @@ class GameManager { } }; - joinGame = (game, name) => { + joinGame = (game, name, cookie) => { + const matchingPerson = findPersonByField(game, 'cookie', cookie); + if (matchingPerson) { + return Promise.resolve(matchingPerson.cookie); + } if (isNameTaken(game, name)) { return Promise.reject(400); } diff --git a/server/modules/ServerBootstrapper.js b/server/modules/ServerBootstrapper.js index a14ccb4..207830b 100644 --- a/server/modules/ServerBootstrapper.js +++ b/server/modules/ServerBootstrapper.js @@ -3,7 +3,6 @@ const http = require('http'); const https = require('https'); const path = require('path'); const fs = require('fs'); -const secure = require('express-force-https'); const ServerBootstrapper = { processCLIArgs: () => { @@ -56,8 +55,15 @@ const ServerBootstrapper = { } } else { logger.warn('starting main in PRODUCTION mode. This should not be used for local development.'); - app.use(secure); main = http.createServer(app); + app.use(function(req,res,next) { + const schema = (req.headers['x-forwarded-proto'] || '').toLowerCase(); + if (!req.path.includes('/_ah/start') && req.headers.host.indexOf('localhost')<0 && schema!=='https') { + res.redirect('https://' + req.headers.host + req.url); + } else { + next(); + } + }); } return main;