nav/Fabric.Backend.Guild
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(guild): validate bearer tokens via center introspection

Browse Source
This commit is contained in:
root
2026-05-13 07:59:57 +00:00
parent d9c5175233
commit b27cb0c2e1
6 changed files with 61 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/realtime/realtime.gateway.ts
View File

@@ -9,6 +9,7 @@ import {
} from '@nestjs/websockets';
import { Logger } from '@nestjs/common';
import { Server, Socket } from 'socket.io';
import { introspectGuildToken } from '../common/center-auth';
@WebSocketGateway({
namespace: '/realtime',
@@ -30,18 +31,24 @@ export class RealtimeGateway implements OnGatewayConnection, OnGatewayDisconnect
return userId && typeof userId === 'string' && userId.trim() !== '' ? userId : `anon:${client.id}`;
}
handleConnection(client: Socket): void {
const expected = process.env.FABRIC_API_KEY;
if (!expected) {
async handleConnection(client: Socket): Promise<void> {
const authToken = client.handshake.auth?.token;
const headerAuth = client.handshake.headers['authorization'];
const bearer =
typeof authToken === 'string'
? authToken
: typeof headerAuth === 'string' && headerAuth.startsWith('Bearer ')
? headerAuth.slice(7)
: '';
if (!bearer) {
this.logger.warn(`socket rejected (missing token): ${client.id}`);
client.disconnect(true);
return;
}
const authKey = client.handshake.auth?.apiKey;
const headerKey = client.handshake.headers['x-api-key'];
const apiKey = typeof authKey === 'string' ? authKey : Array.isArray(headerKey) ? headerKey[0] : headerKey;
if (apiKey !== expected) {
const result = await introspectGuildToken(bearer);
if (!result.active || !result.user?.id) {
this.logger.warn(`socket rejected: ${client.id}`);
client.disconnect(true);
return;
@@ -49,7 +56,7 @@ export class RealtimeGateway implements OnGatewayConnection, OnGatewayDisconnect
this.logger.log(`socket connected: ${client.id}`);
const userId = this.userIdFromClient(client);
const userId = result.user.id || this.userIdFromClient(client);
client.data.userId = userId;
this.onlineUsers.add(userId);
this.server.emit('presence.online', {