auth fix

2021-12-21 00:48:50 +00:00 · 2021-12-21 00:48:50 +00:00 · 0bdb2ebb00
parent 71cfb799a0
commit 0bdb2ebb00
2 changed files with 5 additions and 2 deletions
--- a/client/clientauth.js
+++ b/client/clientauth.js
@ -25,6 +25,9 @@ module.exports = ( fastify, opts, done ) => {
 		// only do this if we're in an environment that actually requires session tokens
 		if ( shouldRequireSessionToken )
 		{
+			if ( request.query.token.includes( "&" ) )
+				return { success: false }
+
 			let authResponse = await asyncHttp.request( {
 				method: "GET",
 				host: "https://r2-pc.stryder.respawn.com",
@ -41,7 +44,7 @@ module.exports = ( fastify, opts, done ) => {
 	
 			// check origin auth was fine
 			// unsure if we can check the exact value of storeUri? doing an includes check just in case
-			if ( !authResponse.length || !authJson.hasOnlineAccess || !authJson.storeUri.includes( "titanfall-2" ) )
+			if ( !authResponse.length || !authJson.hasOnlineAccess == "1" /* this is actually a string of either "1" or "0" */ || !authJson.storeUri.includes( "titanfall-2" ) )
 				return { success: false }
 		}
 		
--- a/dev.env
+++ b/dev.env
@ -7,4 +7,4 @@ REQUIRE_SESSION_TOKEN=

 # not used for dev
 SSL_KEY_PATH=
-SSL_CERT_PATH=
+SSL_CERT_PATH=