Fix #2: Validate PM room join authorization

- Track pending PM invitations per socket session - pm_accept now rejects room joins unless user has a valid invite - Clean up pending invites on disconnect - Prevents eavesdropping on other users' PM conversations
2026-04-12 12:50:47 -05:00 · 2026-04-12 12:50:47 -05:00 · 8da91ebf70
parent 99859f009f
commit 8da91ebf70
1 changed files with 12 additions and 1 deletions
--- a/app.py
+++ b/app.py
@ -73,6 +73,7 @@ muted_users:        set  = set()
 banned_usernames:   set  = set()
 banned_ips:         set  = set()
 message_timestamps: dict = defaultdict(list)
+pending_pm_invites: dict = {}          # sid → set of room names they were invited to

 RATE_LIMIT  = 6
 RATE_WINDOW = 5
@ -360,6 +361,7 @@ def on_disconnect():
    sid  = request.sid
    user = connected_users.pop(sid, None)
    message_timestamps.pop(sid, None)
+    pending_pm_invites.pop(sid, None)
    if user and user.get("username"):
        lower = user["username"].lower()
        username_to_sid.pop(lower, None)
@ -526,6 +528,8 @@ def on_pm_open(data):

    room = _pm_room(user["username"], target)
    join_room(room)
+    if target_sid:
+        pending_pm_invites.setdefault(target_sid, set()).add(room)
    socketio.emit("pm_invite", {"from": user["username"], "room": room}, to=target_sid)
    emit("pm_ready", {"with": target, "room": room})

@ -533,7 +537,14 @@ def on_pm_open(data):

@socketio.on("pm_accept")
 def on_pm_accept(data):
-    join_room(data.get("room"))
+    sid  = request.sid
+    room = str(data.get("room", ""))
+    allowed = pending_pm_invites.get(sid, set())
+    if room not in allowed:
+        emit("error", {"msg": "Invalid or expired PM invitation."})
+        return
+    allowed.discard(room)
+    join_room(room)


@socketio.on("pm_message")