[Android] Remote access: purge websockets tickets when expired
Nicolas Pomepuy
git at videolan.org
Thu Nov 14 17:26:16 UTC 2024
vlc-android | branch: master | Nicolas Pomepuy <nicolas at videolabs.io> | Thu Nov 14 10:31:23 2024 +0100| [6cabd9645625f13e99d0e7e7468c9a650cbe50b6] | committer: Nicolas Pomepuy
Remote access: purge websockets tickets when expired
> https://code.videolan.org/videolan/vlc-android/commit/6cabd9645625f13e99d0e7e7468c9a650cbe50b6
---
.../org/videolan/vlc/webserver/websockets/RemoteAccessWebSockets.kt | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/application/webserver/src/main/java/org/videolan/vlc/webserver/websockets/RemoteAccessWebSockets.kt b/application/webserver/src/main/java/org/videolan/vlc/webserver/websockets/RemoteAccessWebSockets.kt
index 72d53670e5..a576a2931c 100644
--- a/application/webserver/src/main/java/org/videolan/vlc/webserver/websockets/RemoteAccessWebSockets.kt
+++ b/application/webserver/src/main/java/org/videolan/vlc/webserver/websockets/RemoteAccessWebSockets.kt
@@ -316,7 +316,8 @@ object RemoteAccessWebSockets {
* @return true if the websocket message is allowed
*/
private fun verifyWebsocketAuth(incomingMessage: WSIncomingMessage?): Boolean {
- return incomingMessage?.authTicket != null && tickets.firstOrNull { incomingMessage.authTicket == it.id && System.currentTimeMillis() < it.expiration } != null
+ tickets.removeIf { it.expiration < System.currentTimeMillis() }
+ return incomingMessage?.authTicket != null && tickets.firstOrNull { incomingMessage.authTicket == it.id } != null
}
private fun playbackControlAllowedOrSend(settings: SharedPreferences): Boolean {
More information about the Android
mailing list