• Mahmoud Aglan's avatar
    security: add auth checks to all game.php mutation handlers · 6f0df09e
    Mahmoud Aglan authored
    - handleGameMove: verify caller is a player in the match before allowing moves
    - handleResign: verify participant before allowing resignation
    - handleDraw: verify participant + use merge_game_state RPC (preserves heartbeat data)
    - handleComplete: verify participant + validate winners are actual match players (prevents coin exploit)
    - handleFindActiveMatch: restrict to own user only (prevents info disclosure)
    - Validate result enum values in handleComplete
    
    Fixes WTF #1-4, #46
    Co-Authored-By: 's avatarClaude Opus 4.6 <noreply@anthropic.com>
    6f0df09e
Name
Last commit
Last update
.claude Loading commit data...
ChessPieces Loading commit data...
Connections and docs Loading commit data...
Logo El3ab Loading commit data...
admin Loading commit data...
api Loading commit data...
app icons Loading commit data...
config Loading commit data...
docs Loading commit data...
includes Loading commit data...
ludo-playtest Loading commit data...
promo Loading commit data...
public Loading commit data...
screenshots Loading commit data...
test-screenshots Loading commit data...
.gitignore Loading commit data...
.htaccess Loading commit data...
ARCHITECTURE.md Loading commit data...
ASSET_REGISTRY.json Loading commit data...
ASSET_REGISTRY.md Loading commit data...
BUILD_ORDER.md Loading commit data...
DATABASE_REFERENCE.md Loading commit data...
DESIGN.md Loading commit data...
Dockerfile Loading commit data...
MULTIPLAYER_RULES.md Loading commit data...
PLAN.md Loading commit data...
ROADMAP.md Loading commit data...
Stockfishbotsapi.txt Loading commit data...
WTF.md Loading commit data...
backgammon-test.mjs Loading commit data...
bell.png Loading commit data...
captain-definition Loading commit data...
chess-sync-test.mjs Loading commit data...
index.php Loading commit data...
logof.png Loading commit data...
manifest.json Loading commit data...
package-lock.json Loading commit data...
package.json Loading commit data...
privacy-policy.php Loading commit data...
qr-code.png Loading commit data...
terms.php Loading commit data...
test-tournament-swiss.mjs Loading commit data...
test-tournament-ui.mjs Loading commit data...