This commit is contained in:
doomtube
parent
804d6aed2a
commit
ab1dd08225
7 changed files with 216 additions and 140 deletions
|
|
@ -38,6 +38,10 @@ void ChatWebSocketController::broadcastParticipantJoined(const std::string& real
|
|||
participant["isGuest"] = joinedUser.isGuest;
|
||||
participant["isModerator"] = joinedUser.isModerator;
|
||||
participant["isStreamer"] = joinedUser.isStreamer;
|
||||
// Include join timestamp for ordering (milliseconds since epoch)
|
||||
auto joinedAtMs = std::chrono::duration_cast<std::chrono::milliseconds>(
|
||||
joinedUser.connectionTime.time_since_epoch()).count();
|
||||
participant["joinedAt"] = static_cast<Json::Int64>(joinedAtMs);
|
||||
broadcast["participant"] = participant;
|
||||
|
||||
// Count participants in realm
|
||||
|
|
@ -867,6 +871,10 @@ void ChatWebSocketController::handleGetParticipants(const WebSocketConnectionPtr
|
|||
participant["isGuest"] = connInfo.isGuest;
|
||||
participant["isModerator"] = connInfo.isModerator;
|
||||
participant["isStreamer"] = connInfo.isStreamer;
|
||||
// Include join timestamp for ordering (milliseconds since epoch)
|
||||
auto joinedAtMs = std::chrono::duration_cast<std::chrono::milliseconds>(
|
||||
connInfo.connectionTime.time_since_epoch()).count();
|
||||
participant["joinedAt"] = static_cast<Json::Int64>(joinedAtMs);
|
||||
response["participants"].append(participant);
|
||||
}
|
||||
}
|
||||
|
|
@ -957,7 +965,10 @@ void ChatWebSocketController::handleRename(const WebSocketConnectionPtr& wsConnP
|
|||
auto it = connections_.find(wsConnPtr);
|
||||
if (it != connections_.end()) {
|
||||
it->second.username = newName;
|
||||
// Also update userId to match new username (for guests, userId = "guest:" + username)
|
||||
it->second.userId = "guest:" + newName;
|
||||
info.username = newName;
|
||||
info.userId = it->second.userId;
|
||||
|
||||
// Update username lookup map: remove old, add new
|
||||
usernameToConnection_.erase(oldLowerName);
|
||||
|
|
@ -983,6 +994,15 @@ void ChatWebSocketController::handleRename(const WebSocketConnectionPtr& wsConnP
|
|||
wsConnPtr->send(Json::writeString(Json::StreamWriterBuilder(), response));
|
||||
|
||||
LOG_INFO << "Guest renamed from " << oldName << " to " << newName;
|
||||
|
||||
// Broadcast updated participant info to all clients in the realm
|
||||
if (!info.realmId.empty()) {
|
||||
std::lock_guard<std::mutex> lock(connectionsMutex_);
|
||||
auto it = connections_.find(wsConnPtr);
|
||||
if (it != connections_.end()) {
|
||||
broadcastParticipantJoined(info.realmId, it->second);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// SECURITY FIX #9: Handle auth token/apiKey sent as WebSocket message (not in URL)
|
||||
|
|
@ -1027,14 +1047,18 @@ void ChatWebSocketController::handleAuthMessage(const WebSocketConnectionPtr& ws
|
|||
|
||||
bool connectionFound = false;
|
||||
std::string oldUsername;
|
||||
std::string oldUserId;
|
||||
std::string realmId;
|
||||
|
||||
// Update connection info with authenticated user details
|
||||
{
|
||||
std::lock_guard<std::mutex> lock(connectionsMutex_);
|
||||
auto it = connections_.find(wsConnPtr);
|
||||
if (it != connections_.end()) {
|
||||
// Save old username to update usernameToConnection_ map
|
||||
// Save old identity info to update participants and usernameToConnection_ map
|
||||
oldUsername = it->second.username;
|
||||
oldUserId = it->second.userId;
|
||||
realmId = it->second.realmId;
|
||||
|
||||
// Upgrade from guest to authenticated user
|
||||
it->second.userId = claims->userId;
|
||||
|
|
@ -1070,6 +1094,20 @@ void ChatWebSocketController::handleAuthMessage(const WebSocketConnectionPtr& ws
|
|||
if (connectionFound) {
|
||||
LOG_INFO << "User authenticated via message: " << claims->username;
|
||||
wsConnPtr->send(Json::writeString(Json::StreamWriterBuilder(), welcome));
|
||||
|
||||
// Broadcast participant update to other clients in the realm
|
||||
// First remove old guest identity, then add new authenticated identity
|
||||
if (!realmId.empty()) {
|
||||
// Broadcast participant_left for old guest identity
|
||||
broadcastParticipantLeft(realmId, oldUserId, oldUsername);
|
||||
|
||||
// Broadcast participant_joined with new authenticated identity
|
||||
std::lock_guard<std::mutex> lock(connectionsMutex_);
|
||||
auto it = connections_.find(wsConnPtr);
|
||||
if (it != connections_.end()) {
|
||||
broadcastParticipantJoined(realmId, it->second);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue