Fix vulnerability that exposes user ticket

2026-01-15 14:22:54 -03:00 · 2024-09-24 22:44:28 +08:00
parent 62e7c2da35
commit f44335db49
1 changed files with 3 additions and 1 deletions
--- a/core/route/account.js
+++ b/core/route/account.js
@@ -163,7 +163,7 @@ exports.initroute = (app) => {
      // If the profile is found in the local data
      if (userProfile && userProfile.name) {
        console.log(`[ACC] Account Found For: `, profileId);
-        return { ...userProfile, ip: req.clientIp, ticket: ticket };
+        return { ...userProfile, ip: req.clientIp, ticket: '' };
      } else {
        // If the profile is not found locally, fetch from external source
        console.log(`[ACC] Asking Official Server For: `, profileId);
@@ -185,6 +185,8 @@ exports.initroute = (app) => {
            // Add the fetched profile to local storage
            addUser(profileId, defaultProfile);

+            defaultProfile.ticket = ''
+
            return defaultProfile;
          }
        } catch (error) {