From ccc9b41473539c08017ee98000972779396f55e4 Mon Sep 17 00:00:00 2001 From: gamer147 Date: Mon, 1 Jun 2026 01:17:42 -0400 Subject: [PATCH] fix(battle-node): header-based WS detection in auth; split unknown-bid vs mismatch logs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previous fix used Context.WebSockets.IsWebSocketRequest, but that requires UseWebSockets() to have already run — and UseBattleNode (which calls UseWebSockets) is registered AFTER UseAuthentication in Program.cs, so the WS feature isn't installed when auth runs. Switch to reading the raw Upgrade header, which works regardless of middleware order. Also split the WS handler's "Unknown battle/viewer pair" warning into two distinct cases so we can tell unknown-BattleId from viewer-id-mismatch (which lets us see whether the bridge stored the right viewer or the client is encrypting a different id). Co-Authored-By: Claude Opus 4.7 --- .../Hosting/BattleNodeWebSocketHandler.cs | 15 +++++++++++++-- .../SteamSessionAuthenticationHandler.cs | 8 ++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/SVSim.BattleNode/Hosting/BattleNodeWebSocketHandler.cs b/SVSim.BattleNode/Hosting/BattleNodeWebSocketHandler.cs index 1a2d27a..1aa29dc 100644 --- a/SVSim.BattleNode/Hosting/BattleNodeWebSocketHandler.cs +++ b/SVSim.BattleNode/Hosting/BattleNodeWebSocketHandler.cs @@ -54,9 +54,20 @@ public sealed class BattleNodeWebSocketHandler } var pending = _store.TryGetPending(battleId); - if (pending is null || pending.ViewerId != viewerId) + if (pending is null) { - _log.LogWarning("Unknown battle/viewer pair: {Bid}/{Vid}", battleId, viewerId); + _log.LogWarning( + "WS upgrade for unknown BattleId={Bid} (decrypted viewerId={Vid}). " + + "Bridge may not have minted this battle, or it was already consumed/expired.", + battleId, viewerId); + ctx.Response.StatusCode = StatusCodes.Status400BadRequest; + return; + } + if (pending.ViewerId != viewerId) + { + _log.LogWarning( + "WS upgrade viewer-id mismatch on BattleId={Bid}: bridge expected={Expected}, decrypted={Got}.", + battleId, pending.ViewerId, viewerId); ctx.Response.StatusCode = StatusCodes.Status400BadRequest; return; } diff --git a/SVSim.EmulatedEntrypoint/Security/SteamSessionAuthentication/SteamSessionAuthenticationHandler.cs b/SVSim.EmulatedEntrypoint/Security/SteamSessionAuthentication/SteamSessionAuthenticationHandler.cs index 485bf25..431f6c4 100644 --- a/SVSim.EmulatedEntrypoint/Security/SteamSessionAuthentication/SteamSessionAuthenticationHandler.cs +++ b/SVSim.EmulatedEntrypoint/Security/SteamSessionAuthentication/SteamSessionAuthenticationHandler.cs @@ -37,10 +37,14 @@ public class SteamSessionAuthenticationHandler : AuthenticationHandler