fix: exploit allowing joining a game at any point

HasangerGames · Oct 17, 2024 · e427351 · e427351
1 parent 9f8b12d
commit e427351
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/server/src/game.ts b/server/src/game.ts
@@ -267,8 +267,8 @@ export class Game implements GameData {
                     const { simultaneousConnections, joinAttempts } = This;
 
                     if (
-                        (simultaneousConnections[ip] >= (maxSimultaneousConnections ?? Infinity))
-                        || (joinAttempts[ip] >= (maxJoinAttempts?.count ?? Infinity))
+                        simultaneousConnections[ip] >= (maxSimultaneousConnections ?? Infinity)
+                        || joinAttempts[ip] >= (maxJoinAttempts?.count ?? Infinity)
                     ) {
                         Logger.log(`Game ${This.id} | Rate limited: ${ip}`);
                         forbidden(res);
@@ -285,16 +285,16 @@ export class Game implements GameData {
                     }
                 }
 
-                const searchParams = new URLSearchParams(req.getQuery());
-
                 //
                 // Ensure IP is allowed
                 //
-                if ((This.allowedIPs.get(ip) ?? Infinity) < This.now) {
+                if ((This.allowedIPs.get(ip) ?? 0) < This.now) {
                     forbidden(res);
                     return;
                 }
 
+                const searchParams = new URLSearchParams(req.getQuery());
+
                 //
                 // Validate and parse role and name color
                 //