Further login process

* APIUtils addition: query validation * Coach and Server accounts are now properly created if they do not exist * Profiles now cannot be IDs 1 or 2 (reservedIds) * Fixed profile username exists bug * Added relationship manager * Started relationship management * DeviceClass and VRMovementMode enum defaults for reserved profiles * Presence update simplification * Progression fixes * Relationship query and object fixes * Base configuration is now rate limited * Progression route no longer requires authentication, instead is rate limited * Base relationships with reserved profiles (Coach and Server) * DeviceClass required for login * Get presence route * Socket route no longer logs * Socket target base finished
2025-03-30 19:29:57 -04:00
parent 026f9c8bd8
commit 639e809a20
19 changed files with 270 additions and 81 deletions
--- a/src/routes/auth/connect.ts
+++ b/src/routes/auth/connect.ts
@@ -98,6 +98,7 @@ route.router.post("/token",
            rq.body.platform === "0",
            rq.body.ver === '20191120',
            rq.body.device_class.length === 1,
+            !isNaN(Number(rq.body.device_class)),
            !(rq.body.device_id.length > 96),
            !(rq.body.client_secret.length > 96),
            !(rq.body.platform_id.length > 32),
@@ -110,9 +111,8 @@ route.router.post("/token",
            return;
        }

-        const accounts = await rs.locals.user.getAssociatedProfiles();
        let targetAccount: number;
-
+        
        if (rq.body.grant_type == 'cached_login') targetAccount = parseInt(rq.body.account_id);
        else {
            const refreshToken = rq.body.refresh_token;
@@ -128,15 +128,17 @@ route.router.post("/token",
                requestFailed();
                return;
            }
-
+            
            targetAccount = parseInt(decodedToken.sub ? decodedToken.sub : "NaN");
-
+            
        }
-
+        
        if (isNaN(targetAccount)) {
            requestFailed();
            return;
        }
+
+        const accounts = await rs.locals.user.getAssociatedProfiles();
        if (!accounts.has(targetAccount)) {
            requestFailed("access_denied");
            return;
@@ -160,6 +162,6 @@ route.router.post("/token",
            refresh_token: token,
        });

-        await profile.setKnownDeviceClass(rq.body.device_class);
+        await profile.setKnownDeviceClass(Number(rq.body.device_class));
    },
 );