mirror of
https://github.com/Palakis/obs-websocket.git
synced 2024-08-30 18:12:16 +00:00
Security fix : don't broadcast messages to unauthenticated clients
This commit is contained in:
parent
5abcd18ba0
commit
554ab54690
@ -104,6 +104,10 @@ void WSRequestHandler::sendTextMessage(QString textMessage) {
|
||||
_client->sendTextMessage(textMessage);
|
||||
}
|
||||
|
||||
bool WSRequestHandler::isAuthenticated() {
|
||||
return _authenticated;
|
||||
}
|
||||
|
||||
WSRequestHandler::~WSRequestHandler() {
|
||||
if (_requestData != NULL) {
|
||||
obs_data_release(_requestData);
|
||||
@ -140,7 +144,7 @@ void WSRequestHandler::HandleGetVersion(WSRequestHandler *owner) {
|
||||
obs_data_set_double(data, "version", 1.1);
|
||||
obs_data_set_string(data, "obs-websocket-version", OBS_WEBSOCKET_VERSION);
|
||||
//obs_data_set_string(data, "obs-studio-version", OBS_VERSION); // Wrong
|
||||
|
||||
|
||||
owner->SendOKResponse(data);
|
||||
|
||||
obs_data_release(data);
|
||||
|
@ -32,6 +32,7 @@ class WSRequestHandler : public QObject
|
||||
explicit WSRequestHandler(QWebSocket *client);
|
||||
~WSRequestHandler();
|
||||
void sendTextMessage(QString textMessage);
|
||||
bool isAuthenticated();
|
||||
|
||||
private Q_SLOTS:
|
||||
void processTextMessage(QString textMessage);
|
||||
|
@ -18,6 +18,7 @@ with this program. If not, see <https://www.gnu.org/licenses/>
|
||||
|
||||
#include "WSServer.h"
|
||||
#include "WSRequestHandler.h"
|
||||
#include "Config.h"
|
||||
#include <QtWebSockets/QWebSocketServer>
|
||||
#include <QtWebSockets/QWebSocket>
|
||||
#include <QtCore/QDebug>
|
||||
@ -54,6 +55,12 @@ WSServer::~WSServer()
|
||||
void WSServer::broadcast(QString message)
|
||||
{
|
||||
Q_FOREACH(WSRequestHandler *pClient, _clients) {
|
||||
if (Config::Current()->AuthRequired == true
|
||||
&& pClient->isAuthenticated() == false) {
|
||||
// Skip this client if unauthenticated
|
||||
continue;
|
||||
}
|
||||
|
||||
pClient->sendTextMessage(message);
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user