Using cookie instead of http session so we can strip Domain attribute.

2024-02-11 17:33:19 +01:00 · 2024-02-11 17:33:19 +01:00 · b6cc3d716b
parent 6a36df3593
commit b6cc3d716b
1 changed files with 11 additions and 9 deletions
--- a/src/schat.js
+++ b/src/schat.js
@ -17,10 +17,9 @@ const instance = process.env.NODE_APP_INSTANCE || 'main';
 logger.setLevel(argv.level || 'info');

 async function auth() {
-	const httpSession = bhttp.session();
 	const username = config.uniqueUsername ? `${config.user.username}-${new Date().getTime().toString().slice(-5)}` : config.user.username;

-	const res = await httpSession.post(`${config.api}/session`, {
+	const res = await bhttp.post(`${config.api}/session`, {
 		...config.user,
 		username,
 	}, {
@ -35,13 +34,17 @@ async function auth() {

 	return {
 		user: res.body,
-		httpSession,
-		sessionCookie: res.headers['set-cookie'][0],
+		// auth may return an explicit auth cookie domain, but we connect through the VPN domain that would break the cookie, so don't use a bhttp session and strip the domain
+		sessionCookie: res.headers['set-cookie'][0].replace(/Domain=.*;/, ''),
 	};
 }

-async function getWsId(httpSession) {
-	const res = await httpSession.get(`${config.api}/socket`);
+async function getWsId(sessionCookie) {
+	const res = await bhttp.get(`${config.api}/socket`, {
+		headers: {
+			cookie: sessionCookie,
+		},
+	});

 	if (res.statusCode !== 200) {
 		throw new Error(`Failed to retrieve WebSocket ID: ${res.body.toString()}`);
@ -135,11 +138,10 @@ async function connect(bot, games) {

 	socket.connect = async () => {
 		try {
-			const { user, httpSession, sessionCookie } = await auth();
-			const wsCreds = await getWsId(httpSession);
+			const { user, sessionCookie } = await auth();
+			const wsCreds = await getWsId(sessionCookie);

 			bot.user = user;
-			bot.httpSession = httpSession;

 			logger.info(`Attempting to connect to ${config.socket}`);