This commit is contained in:
doomtube
parent
3676dc46ed
commit
1a3930dd87
5 changed files with 430 additions and 11 deletions
|
|
@ -952,7 +952,9 @@ void ChatWebSocketController::handleRename(const WebSocketConnectionPtr& wsConnP
|
|||
lastRenameTime_[wsConnPtr] = std::chrono::steady_clock::now();
|
||||
|
||||
// SECURITY FIX #31: Store guest name server-side for persistence
|
||||
if (!info.fingerprint.empty()) {
|
||||
// Only store for actual guests (isGuest check prevents authenticated users
|
||||
// who haven't cleared fingerprint from storing their username)
|
||||
if (info.isGuest && !info.fingerprint.empty()) {
|
||||
services::RedisMessageStore::getInstance().setGuestName(info.fingerprint, newName);
|
||||
}
|
||||
}
|
||||
|
|
@ -1030,6 +1032,11 @@ void ChatWebSocketController::handleAuthMessage(const WebSocketConnectionPtr& ws
|
|||
it->second.isSiteModerator = claims->isModerator; // isModerator in claims is site-wide
|
||||
it->second.avatarUrl = claims->avatarUrl;
|
||||
|
||||
// SECURITY FIX: Clear fingerprint when upgrading to authenticated user
|
||||
// This prevents the registered username from being stored against the fingerprint
|
||||
// which would cause it to appear on guest sessions with the same fingerprint
|
||||
it->second.fingerprint.clear();
|
||||
|
||||
// Update usernameToConnection_ map: remove old guest name, add new authenticated name
|
||||
if (!oldUsername.empty()) {
|
||||
std::string lowerOld = oldUsername;
|
||||
|
|
|
|||
|
|
@ -208,16 +208,28 @@ void WatchSyncController::broadcastRoomSync(const std::string& realmId) {
|
|||
|
||||
// Check if video has ended and should auto-advance
|
||||
if (it->second.playbackState == "playing" &&
|
||||
it->second.durationSeconds > 0 &&
|
||||
!it->second.currentVideoId.empty()) {
|
||||
double expectedTime = getExpectedTime(it->second);
|
||||
|
||||
// Debug logging to diagnose end detection
|
||||
static int debugCounter = 0;
|
||||
if (++debugCounter % 10 == 0) { // Log every 10 sync cycles
|
||||
LOG_DEBUG << "Room " << realmId << " sync check: expectedTime=" << expectedTime
|
||||
<< ", durationSeconds=" << it->second.durationSeconds
|
||||
<< ", videoId=" << it->second.currentVideoId
|
||||
<< ", locked=" << it->second.currentVideoLocked;
|
||||
}
|
||||
|
||||
// Add 1 second buffer to account for timing variations
|
||||
if (expectedTime >= static_cast<double>(it->second.durationSeconds) + 1.0) {
|
||||
if (it->second.durationSeconds > 0 &&
|
||||
expectedTime >= static_cast<double>(it->second.durationSeconds) + 1.0) {
|
||||
shouldAutoAdvance = true;
|
||||
// Mark as ended to prevent multiple auto-advance calls
|
||||
it->second.playbackState = "ended";
|
||||
it->second.stateVersion++;
|
||||
LOG_INFO << "Video ended in room " << realmId << ", auto-advancing";
|
||||
LOG_INFO << "Video ended in room " << realmId << ", auto-advancing"
|
||||
<< " (expectedTime=" << expectedTime
|
||||
<< ", duration=" << it->second.durationSeconds << ")";
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -863,6 +875,12 @@ void WatchSyncController::handleJoinRoom(const WebSocketConnectionPtr& wsConnPtr
|
|||
state.currentPlaylistItemId = video["id"].asInt64();
|
||||
state.currentVideoTitle = video["title"].asString();
|
||||
state.durationSeconds = video["durationSeconds"].asInt();
|
||||
state.currentVideoLocked = video.isMember("isLocked") && video["isLocked"].asBool();
|
||||
|
||||
LOG_INFO << "Room " << newRealmId << " initialized: videoId=" << state.currentVideoId
|
||||
<< ", duration=" << state.durationSeconds
|
||||
<< ", locked=" << state.currentVideoLocked
|
||||
<< ", playbackState=" << state.playbackState;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1486,6 +1504,20 @@ void WatchSyncController::handleUpdateDuration(const WebSocketConnectionPtr& wsC
|
|||
LOG_INFO << "Duration reported for playlist item " << playlistItemId
|
||||
<< " in room " << info.realmId << ": " << durationSeconds << "s";
|
||||
|
||||
// Update in-memory state immediately (don't wait for backend confirmation)
|
||||
{
|
||||
std::lock_guard<std::mutex> lock(roomStatesMutex_);
|
||||
auto it = roomStates_.find(info.realmId);
|
||||
if (it != roomStates_.end() &&
|
||||
it->second.currentPlaylistItemId == playlistItemId) {
|
||||
if (it->second.durationSeconds == 0 || it->second.durationSeconds != durationSeconds) {
|
||||
LOG_INFO << "Updating in-memory duration from " << it->second.durationSeconds
|
||||
<< " to " << durationSeconds << " for room " << info.realmId;
|
||||
it->second.durationSeconds = durationSeconds;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Forward to backend API
|
||||
auto client = HttpClient::newHttpClient("http://drogon-backend:8080");
|
||||
Json::Value reqBody;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue