duhhhhhhhh

2025-09-11 13:47:30 -04:00
parent eef3667618
commit 317da3aaf7
53 changed files with 1395 additions and 212 deletions
--- a/src/util/api.ts
+++ b/src/util/api.ts
@@ -134,4 +134,42 @@ export class RateLimiter {
    #close() {
        clearInterval(this.#intervalId);
    }
+}
+
+const loginLockBodySchema = z.object({
+    LoginLock: z.uuidv4()
+});
+export const loginLockMiddleware = async (c: Context<HonoEnv>, nxt: Next) => {
+    function unauthorized() {
+        return statusResponse(c, HTTPStatus.Unauthorized);
+    }
+
+    if (c.req.header("Content-Type") !== "application/x-www-form-urlencoded") return unauthorized();
+    try {
+        const form = await c.req.formData();
+
+        const body = await loginLockBodySchema.safeParseAsync(Object.fromEntries(form.entries()));
+        if (body.success) {
+            if (typeof c.get('profile') == 'undefined') {
+                log.w(`Profile was not set, cannot validate LoginLock. Was the request authorized?`);
+                return statusResponse(c, HTTPStatus.InternalServerError);
+            }
+
+            const profile = c.get('profile');
+
+            const loginLock = await profile.Matchmaking.getLoginLock();
+            if (!loginLock) await profile.Matchmaking.setLoginLock(body.data.LoginLock);
+            else if (body.data.LoginLock !== loginLock) {
+                log.w(`LoginLock did not match. The token for this profile could be compromised or the client is an unknown state.`);
+                return unauthorized();
+            }
+            
+            return await nxt();
+        } else {
+            log.w(`LoginLock parse failed: ${JSON.stringify(body.error)}`);
+            return unauthorized();
+        }
+    } catch {
+        return unauthorized();
+    }
 }