From e8157820b6042de60c5f8ab050ee7cd6e6f9b471 Mon Sep 17 00:00:00 2001
From: Shaun <skichenbrand@gmail.com>
Date: Tue, 15 Mar 2022 07:25:29 +0200
Subject: [PATCH] bug #1847

---
 src/server/security/connections.js  | 4 ++--
 src/server/security/router.js       | 8 ++++++--
 src/server/security/routerConfig.js | 7 +++++++
 src/server/server/onConnection.js   | 6 +++---
 4 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/server/security/connections.js b/src/server/security/connections.js
index 6bdf4597..65b53509 100644
--- a/src/server/security/connections.js
+++ b/src/server/security/connections.js
@@ -101,8 +101,8 @@ module.exports = {
 		});
 
 		//If we don't do this, the atlas will try to remove it from the thread
-		player.zoneName = null;
-		player.name = null;
+		delete player.zoneName;
+		delete player.name;
 
 		//A hack to allow us to actually call methods again (like retrieve the player list)
 		player.dead = false;
diff --git a/src/server/security/router.js b/src/server/security/router.js
index ff0e6573..9c0dc02c 100644
--- a/src/server/security/router.js
+++ b/src/server/security/router.js
@@ -127,7 +127,7 @@ module.exports = {
 		return keysCorrect;
 	},
 
-	isMsgValid: function (msg) {
+	isMsgValid: function (msg, source) {
 		let signature;
 
 		if (msg.module) {
@@ -152,8 +152,12 @@ module.exports = {
 
 		const result = this.signatureCorrect(msg, signature);
 
-		if (!result || msg.cpn !== 'player' || msg.method !== 'performAction')
+		if (!result || msg.cpn !== 'player' || msg.method !== 'performAction') {
+			if (result && signature.allowWhenIngame === false && source.name !== undefined)
+				return false;
+
 			return result;
+		}
 
 		const signatureThreadMsg = signatures.threadCpnMethods[msg.data.cpn]?.[msg.data.method];
 
diff --git a/src/server/security/routerConfig.js b/src/server/security/routerConfig.js
index 19ef9d7a..c7723bd2 100644
--- a/src/server/security/routerConfig.js
+++ b/src/server/security/routerConfig.js
@@ -49,6 +49,7 @@ const routerConfig = {
 			auth: {
 				login: {
 					callback: true,
+					allowWhenIngame: false,
 					data: [
 						{
 							key: 'username',
@@ -62,6 +63,7 @@ const routerConfig = {
 				},
 				register: {
 					callback: true,
+					allowWhenIngame: false,
 					data: [
 						{
 							key: 'username',
@@ -75,6 +77,7 @@ const routerConfig = {
 				},
 				deleteCharacter: {
 					callback: true,
+					allowWhenIngame: false,
 					data: [
 						{
 							key: 'name',
@@ -88,6 +91,7 @@ const routerConfig = {
 				},
 				createCharacter: {
 					callback: true,
+					allowWhenIngame: false,
 					data: [
 						{
 							key: 'name',
@@ -109,10 +113,12 @@ const routerConfig = {
 				},
 				getCharacterList: {
 					callback: true,
+					allowWhenIngame: false,
 					data: []
 				},
 				getCharacter: {
 					callback: true,
+					allowWhenIngame: false,
 					data: [
 						{
 							key: 'name',
@@ -122,6 +128,7 @@ const routerConfig = {
 				},
 				play: {
 					callback: true,
+					allowWhenIngame: false,
 					data: [
 						{
 							key: 'name',
diff --git a/src/server/server/onConnection.js b/src/server/server/onConnection.js
index 90a0142e..3e796d63 100644
--- a/src/server/server/onConnection.js
+++ b/src/server/server/onConnection.js
@@ -16,7 +16,9 @@ const onRequest = (socket, msg, callback) => {
 	if (!msg.data)
 		msg.data = {};
 
-	if (!router.isMsgValid(msg)) 
+	const source = cons.players.find(p => p.socket.id === socket.id);
+
+	if (!router.isMsgValid(msg, source))
 		return;
 
 	if (msg.cpn)
@@ -24,8 +26,6 @@ const onRequest = (socket, msg, callback) => {
 	else if (msg.threadModule)
 		cons.route(socket, msg);
 	else {
-		const source = cons.players.find(p => p.socket.id === socket.id);
-
 		msg.socket = socket;
 
 		if (source)