From f44335db49c1422008dc0b56a5f5bd2eff5e15d2 Mon Sep 17 00:00:00 2001
From: ibratabian17 <ibratabian@gmail.com>
Date: Tue, 24 Sep 2024 22:44:28 +0800
Subject: [PATCH] Fix vulnerability that exposes user ticket

---
 core/route/account.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/core/route/account.js b/core/route/account.js
index ca5715a..750f0a6 100644
--- a/core/route/account.js
+++ b/core/route/account.js
@@ -163,7 +163,7 @@ exports.initroute = (app) => {
       // If the profile is found in the local data
       if (userProfile && userProfile.name) {
         console.log(`[ACC] Account Found For: `, profileId);
-        return { ...userProfile, ip: req.clientIp, ticket: ticket };
+        return { ...userProfile, ip: req.clientIp, ticket: '' };
       } else {
         // If the profile is not found locally, fetch from external source
         console.log(`[ACC] Asking Official Server For: `, profileId);
@@ -185,6 +185,8 @@ exports.initroute = (app) => {
             // Add the fetched profile to local storage
             addUser(profileId, defaultProfile);
 
+            defaultProfile.ticket = ''
+
             return defaultProfile;
           }
         } catch (error) {