@jcbuisson/express-x 3.1.3 → 3.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +3 -3
- package/src/server.mjs +11 -6
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@jcbuisson/express-x",
|
|
3
|
-
"version": "3.1.
|
|
3
|
+
"version": "3.1.5",
|
|
4
4
|
"description": "",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "src/server.mjs",
|
|
@@ -29,8 +29,8 @@
|
|
|
29
29
|
},
|
|
30
30
|
"devDependencies": {
|
|
31
31
|
"@electric-sql/pglite": "^0.4.5",
|
|
32
|
-
"@jcbuisson/express-x-client": "^3.1.
|
|
33
|
-
"@jcbuisson/express-x-drizzle": "^1.
|
|
32
|
+
"@jcbuisson/express-x-client": "^3.1.2",
|
|
33
|
+
"@jcbuisson/express-x-drizzle": "^3.1.5",
|
|
34
34
|
"@vueuse/core": "^14.3.0",
|
|
35
35
|
"dexie": "^4.4.2",
|
|
36
36
|
"drizzle-orm": "^0.45.2",
|
package/src/server.mjs
CHANGED
|
@@ -275,8 +275,8 @@ export function expressX(config) {
|
|
|
275
275
|
await hook(context)
|
|
276
276
|
}
|
|
277
277
|
|
|
278
|
-
// call method
|
|
279
|
-
const result = await method(...args)
|
|
278
|
+
// call method — use context.args so before-hooks can modify arguments
|
|
279
|
+
const result = await method(...context.args)
|
|
280
280
|
// put result into context
|
|
281
281
|
context.result = result
|
|
282
282
|
|
|
@@ -395,7 +395,7 @@ export class EXError extends Error {
|
|
|
395
395
|
* Add a timestamp property of name `field` with current time as value
|
|
396
396
|
*/
|
|
397
397
|
export const addTimestamp = (field) => async (context) => {
|
|
398
|
-
context.result[field] = (new Date()).toISOString()
|
|
398
|
+
if (context.result != null) context.result[field] = (new Date()).toISOString()
|
|
399
399
|
}
|
|
400
400
|
|
|
401
401
|
/*
|
|
@@ -442,10 +442,10 @@ export async function reloadPlugin(app) {
|
|
|
442
442
|
const alreadySavedData = dataCache[socket.id]
|
|
443
443
|
const alreadySavedRooms = roomCache[socket.id]
|
|
444
444
|
|
|
445
|
-
|
|
445
|
+
// Current socket.data takes precedence over stale cached data so that any
|
|
446
|
+
// updates made between disconnections are not overwritten.
|
|
447
|
+
dataCache[socket.id] = Object.assign({}, alreadySavedData, socket.data)
|
|
446
448
|
roomCache[socket.id] = new Set(socket.rooms)
|
|
447
|
-
|
|
448
|
-
if (alreadySavedData) dataCache[socket.id] = Object.assign(dataCache[socket.id], alreadySavedData)
|
|
449
449
|
if (alreadySavedRooms) for (const room of alreadySavedRooms) roomCache[socket.id].add(room)
|
|
450
450
|
})
|
|
451
451
|
|
|
@@ -455,6 +455,11 @@ export async function reloadPlugin(app) {
|
|
|
455
455
|
// when client ask for transfer from fromSocketId to toSocketId
|
|
456
456
|
socket.on('cnx-transfer', async (fromSocketId, toSocketId) => {
|
|
457
457
|
app.log('verbose', `cnx-transfer from ${fromSocketId} to ${toSocketId}`)
|
|
458
|
+
// A socket may only claim its own ID as the destination — prevent session hijacking
|
|
459
|
+
if (toSocketId !== socket.id) {
|
|
460
|
+
app.log('verbose', `cnx-transfer rejected: toSocketId ${toSocketId} !== socket.id ${socket.id}`)
|
|
461
|
+
return
|
|
462
|
+
}
|
|
458
463
|
console.log('dataCache', dataCache)
|
|
459
464
|
console.log('roomCache', roomCache)
|
|
460
465
|
// copy connection room & data from 'fromSocketId' to 'toSocketId'
|