Skip to content

Commit

Permalink
Don't trust the client username for websockets, use auth instead
Browse files Browse the repository at this point in the history
  • Loading branch information
ornicar committed May 20, 2012
1 parent 5f5da32 commit 2b3ee60
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 8 deletions.
2 changes: 1 addition & 1 deletion app/controllers/Main.scala
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,6 @@ object Main extends LilaController {
implicit val ctx = reqToCtx(req)
env.site.socket.join(
uidOption = get("uid"),
username = get("username"))
username = ctx.me map (_.username))
}
}
4 changes: 2 additions & 2 deletions app/controllers/Round.scala
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,14 @@ object Round extends LilaController {
def websocketWatcher(gameId: String, color: String) = WebSocket.async[JsValue] { req
implicit val ctx = reqToCtx(req)
socket.joinWatcher(
gameId, color, getInt("version"), get("uid"), get("username")
gameId, color, getInt("version"), get("uid"), ctx.me map (_.username)
).unsafePerformIO
}

def websocketPlayer(fullId: String) = WebSocket.async[JsValue] { req
implicit val ctx = reqToCtx(req)
socket.joinPlayer(
fullId, getInt("version"), get("uid"), get("username")
fullId, getInt("version"), get("uid"), ctx.me map (_.username)
).unsafePerformIO
}

Expand Down
3 changes: 0 additions & 3 deletions public/javascripts/ctrl.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,6 @@ var lichess_translations = [];
var lichess = {
socket: null,
socketDefaults: {
params: {
username: $('#username_tag').text()
},
events: {
n: function(e) {
var $tag = $('#nb_connected_players');
Expand Down
3 changes: 1 addition & 2 deletions public/javascripts/hook.js
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ $(function() {
var $userTag = $('#user_tag');
var isRegistered = $userTag.length > 0
var myElo = isRegistered ? parseInt($userTag.data('elo')) : null;
var username = isRegistered ? $('#username_tag').text() : "Anonymous";
var hookOwnerId = $hooks.data('my-hook');

if (chatExists) {
Expand All @@ -38,7 +37,7 @@ $(function() {
return false;
}
$input.val('');
lichess.socket.send('talk', { u: username, txt: text });
lichess.socket.send('talk', { txt: text });
return false;
});
$chat.find('a.send').click(function() { $input.trigger('click'); $form.submit(); });
Expand Down

0 comments on commit 2b3ee60

Please sign in to comment.