npm - bulltrackers-module - Versions diffs - 1.0.1007 → 1.0.1008 - Mend

bulltrackers-module 1.0.1007 → 1.0.1008

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/functions/api-v3/websocket/verification.js +22 -14
package/package.json +1 -1

package/functions/api-v3/websocket/verification.js CHANGED Viewed

@@ -194,22 +194,27 @@ function attachVerificationWebSocketServer(server, dependencies, apiConfig = {})
             const payload = JSON.parse(raw);
             const firebaseUser = await resolveFirebaseUser(req);
-            if (!firebaseUser) {
-                ws.close(1008, 'Authentication required');
-                return;
-            }
             const services = await getServices();
-            let userCid = null;
-            if (firebaseUser.email) {
-                try {
-                    const lookup = await services.authService.lookupCidByEmail(firebaseUser.email, { isDevTenant: isDevTenantRequest(req) });
-                    if (lookup?.cid != null) userCid = String(lookup.cid);
-                } catch (_) { }
+            let targetUserId = payload.userId || null;
+            if (firebaseUser) {
+                let userCid = null;
+                if (firebaseUser.email) {
+                    try {
+                        const lookup = await services.authService.lookupCidByEmail(firebaseUser.email, { isDevTenant: isDevTenantRequest(req) });
+                        if (lookup?.cid != null) userCid = String(lookup.cid);
+                    } catch (_) { }
+                }
+                const resolvedUserId = resolveTargetUserId(firebaseUser, userCid, req);
+                if (!resolvedUserId || resolvedUserId !== payload.userId) {
+                    ws.close(1008, 'Ticket user mismatch');
+                    return;
+                }
+                targetUserId = resolvedUserId;
+            } else {
+                (dependencies.logger || console).warn?.('[VerificationWS] No auth header; using ticket-only auth');
             }
-            const targetUserId = resolveTargetUserId(firebaseUser, userCid, req);
-            if (!targetUserId || targetUserId !== payload.userId) {
-                ws.close(1008, 'Ticket user mismatch');
+            if (!targetUserId) {
+                ws.close(1008, 'Invalid ticket user');
                 return;
             }
@@ -325,6 +330,9 @@ function attachVerificationWebSocketServer(server, dependencies, apiConfig = {})
             ws.close(1000, 'Verification complete');
         } catch (err) {
+            try {
+                (dependencies.logger || console).error?.('[VerificationWS] Unexpected error', err);
+            } catch (_) { }
             try {
                 ws.send(JSON.stringify({
                     type: 'log',

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "bulltrackers-module",
-  "version": "1.0.1007",
+  "version": "1.0.1008",
   "description": "Helper Functions for Bulltrackers.",
   "main": "index.js",
   "files": [