PadMessageHandler: Pass session info to handleMessageSecurity hook

2025-04-22 08:26:16 -04:00 · 2021-12-07 02:30:08 -05:00 · 2021-12-07 02:30:08 -05:00 · 31b025bd9d
commit 31b025bd9d
parent 1b52c9f0c4
4 changed files with 30 additions and 11 deletions
--- a/src/node/handler/PadMessageHandler.js
+++ b/src/node/handler/PadMessageHandler.js
@ -235,6 +235,11 @@ exports.handleMessage = async (socket, message) => {
      padID: message.padId,
      token: message.token,
    };
+    const padIds = await readOnlyManager.getIds(thisSession.auth.padID);
+    thisSession.padId = padIds.padId;
+    thisSession.readOnlyPadId = padIds.readOnlyPadId;
+    thisSession.readonly =
+        padIds.readonly || !webaccess.userCanModify(thisSession.auth.padID, socket.client.request);
  }

  const auth = thisSession.auth;
@ -273,6 +278,11 @@ exports.handleMessage = async (socket, message) => {
  // Allow plugins to bypass the readonly message blocker
  const context = {
    message,
+    sessionInfo: {
+      authorId: thisSession.author,
+      padId: thisSession.padId,
+      readOnly: thisSession.readonly,
+    },
    socket,
    get client() {
      padutils.warnDeprecated(
@ -793,12 +803,6 @@ const handleClientReady = async (socket, message) => {
  if (sessionInfo == null) return;
  assert(sessionInfo.author);

-  const padIds = await readOnlyManager.getIds(sessionInfo.auth.padID);
-  sessionInfo.padId = padIds.padId;
-  sessionInfo.readOnlyPadId = padIds.readOnlyPadId;
-  sessionInfo.readonly =
-      padIds.readonly || !webaccess.userCanModify(sessionInfo.auth.padID, socket.client.request);
-
  await hooks.aCallAll('clientReady', message); // Deprecated due to awkward context.

  let {colorId: authorColorId, name: authorName} = message.userInfo || {};