Leahnaya/pokemon-showdown-loginserver
1
0
Fork 0
mirror of https://github.com/smogon/pokemon-showdown-loginserver.git synced 2026-04-26 01:31:42 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Always check server token for internal APIs

Browse Source
This commit is contained in:
Alex "Mathy 2025-06-28 09:16:22 -05:00 committed by GitHub
parent a50d5dd488
commit 28dedcc14f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/actions.ts
View File

@ -1127,6 +1127,7 @@ export const actions: { [k: string]: QueryHandler } = {
},
// sent by ps server
async 'smogon/validate'(params) {
await this.requireMainServer();
if (this.getIp() !== Config.restartip) {
throw new ActionError("Access denied.");
}
@ -1169,6 +1170,7 @@ export const actions: { [k: string]: QueryHandler } = {
},
async 'suspects/add'(params) {
await this.requireMainServer();
if (this.getIp() !== Config.restartip) {
throw new ActionError("Access denied.");
}
@ -1218,6 +1220,7 @@ export const actions: { [k: string]: QueryHandler } = {
return { success: true, url: (out as any).url };
},
async 'suspects/edit'(params) {
await this.requireMainServer();
if (this.getIp() !== Config.restartip) {
throw new ActionError("Access denied.");
}
@ -1253,6 +1256,7 @@ export const actions: { [k: string]: QueryHandler } = {
return { success: true };
},
async 'suspects/end'(params) {
await this.requireMainServer();
if (this.getIp() !== Config.restartip) {
throw new ActionError("Access denied.");
}
@ -1268,6 +1272,7 @@ export const actions: { [k: string]: QueryHandler } = {
return { success: true };
},
async 'suspects/verify'(params) {
await this.requireMainServer();
if (this.getIp() !== Config.restartip) {
throw new ActionError("Access denied.");
}