Joey Yakimowich-Payne
c8d7480a26Before this commit ANY authenticated player in the room could send custom-modifier.register and have the server accept + broadcast the descriptor — including an opponent mid-match. Fill the 10-slot per-room cap with hostile descriptors, or register a descriptor the host then applies and finds unexpected. Fix: Room gains a hostToken field set at room.create (the creator's token). The register handler gates on room.hostToken === ws.data.token. Non-host registrations are rejected with BAD_TOKEN and a message explaining the gate. Host permissions are stable across reconnects — the host's token is preserved in sessionStorage on the client, so closing + reopening the host's tab retains the permission. A later 'transfer host' flow can mutate hostToken; no such mutation exists today (lobbies have a single creator who remains host for the room's lifetime). New server test 'rejects non-host (opponent) registrations with BAD_TOKEN (Q4.4)' seeds a white+black room, has black try to register (rejected), then white succeeds (proving the gate doesn't leak across players). 1399 → 1400 tests. |
||
|---|---|---|
| .. | ||
| src | ||
| package.json | ||
| PROTOCOL.md | ||
| README.md | ||
| tsconfig.json | ||
| vitest.config.ts | ||