Loading CHANGELOG.md +3 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,9 @@ All notable changes to this project are documented below. The format is based on [keep a changelog](http://keepachangelog.com) and this project uses [semantic versioning](http://semver.org). ## [Unreleased] ### Added - Allow the socket acceptor to read session tokens from request headers. ### Changed - Stricter validation of limit in runtime storage list operations. - Allow subdomain variance in Facebook Limited Login token issuer field. Loading server/matchmaker.go +1 −1 Original line number Diff line number Diff line Loading @@ -550,7 +550,7 @@ func (m *LocalMatchmaker) Process() { // We've removed something, update the known size of the currently considered combo. l = len(foundCombo) + index.Count if (len(foundCombo)+index.Count)%index.CountMultiple != 0 { if l%index.CountMultiple != 0 { // Removal was insufficient, the combo is still not valid for the required multiple. continue } Loading server/socket_ws.go +14 −1 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ import ( "net" "net/http" "strconv" "strings" "github.com/gofrs/uuid" "github.com/gorilla/websocket" Loading Loading @@ -55,7 +56,19 @@ func NewSocketWsAcceptor(logger *zap.Logger, config Config, sessionRegistry Sess } // Check authentication. token := r.URL.Query().Get("token") var token string if auth := r.Header["Authorization"]; len(auth) >= 1 { // Attempt header based authentication. const prefix = "Bearer " if !strings.HasPrefix(auth[0], prefix) { http.Error(w, "Missing or invalid token", 401) return } token = auth[0][len(prefix):] } else { // Attempt query parameter based authentication. token = r.URL.Query().Get("token") } if token == "" { http.Error(w, "Missing or invalid token", 401) return Loading Loading
CHANGELOG.md +3 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,9 @@ All notable changes to this project are documented below. The format is based on [keep a changelog](http://keepachangelog.com) and this project uses [semantic versioning](http://semver.org). ## [Unreleased] ### Added - Allow the socket acceptor to read session tokens from request headers. ### Changed - Stricter validation of limit in runtime storage list operations. - Allow subdomain variance in Facebook Limited Login token issuer field. Loading
server/matchmaker.go +1 −1 Original line number Diff line number Diff line Loading @@ -550,7 +550,7 @@ func (m *LocalMatchmaker) Process() { // We've removed something, update the known size of the currently considered combo. l = len(foundCombo) + index.Count if (len(foundCombo)+index.Count)%index.CountMultiple != 0 { if l%index.CountMultiple != 0 { // Removal was insufficient, the combo is still not valid for the required multiple. continue } Loading
server/socket_ws.go +14 −1 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ import ( "net" "net/http" "strconv" "strings" "github.com/gofrs/uuid" "github.com/gorilla/websocket" Loading Loading @@ -55,7 +56,19 @@ func NewSocketWsAcceptor(logger *zap.Logger, config Config, sessionRegistry Sess } // Check authentication. token := r.URL.Query().Get("token") var token string if auth := r.Header["Authorization"]; len(auth) >= 1 { // Attempt header based authentication. const prefix = "Bearer " if !strings.HasPrefix(auth[0], prefix) { http.Error(w, "Missing or invalid token", 401) return } token = auth[0][len(prefix):] } else { // Attempt query parameter based authentication. token = r.URL.Query().Get("token") } if token == "" { http.Error(w, "Missing or invalid token", 401) return Loading
