From 7095d6b98e620dfdba477ec518dd69741db5dafb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@majd.eu>
Date: Thu, 5 Nov 2020 10:44:40 +0100
Subject: [PATCH] Add session/url param state check in auth/callback

---
 server/server.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/server/server.js b/server/server.js
index da6509b5..5ee7d215 100755
--- a/server/server.js
+++ b/server/server.js
@@ -512,6 +512,13 @@ async function setupAuth()
 					if (req.method === 'POST')
 						state = JSON.parse(base64.decode(req.body.state));
 				}
+
+				if (!state || !state.peerId || !state.RoomId)
+				{
+					res.redirect('/auth/login');
+					logger.debug('Empty state or state.peerId or state.RoomId in auth/callback');
+				}
+
 				const { peerId, roomId } = state;
 
 				req.session.peerId = peerId;