server: Restrict is_online to only query users you know about

author: Tom Smeding <tom@tomsmeding.com> 2021-02-27 17:39:46 +0100
committer: Tom Smeding <tom@tomsmeding.com> 2021-02-27 17:49:10 +0100
commit: 1e1cd7ce0aa362a0a2a20a764145035be911673d (patch)
tree: d4a4860c90a8bc408954871ff55c441dad543cd0 /command.c
parent: e7a188d9f8cd105485c5362f525cdd614c03dd3c (diff)
1 files changed, 10 insertions, 5 deletions
diff --git a/command.c b/command.c
index ac6ff09..d84c456 100644
--- a/command.c
+++ b/command.c
@@ -542,14 +542,19 @@ static struct cmd_retval cmd_ping(struct conn_data *data,const char *tag,const c
 }
 
 static struct cmd_retval cmd_is_online(struct conn_data *data,const char *tag,const char **args){
-	i64 userid=db_find_user(args[0]);
-	if(userid==-1){
-		net_send_error(data->fd,tag,"User not found");
+	if (data->userid == -1) {
+		net_send_error(data->fd, tag, "Not logged in");
+		return RET_OK;
+	}
+
+	i64 userid2 = db_find_user(args[0]);
+	if (userid2 == -1 || !db_user_knows_user(data->userid, userid2)) {
+		net_send_error(data->fd, tag, "User not found");
 		return RET_OK;
 	}
 	i64 nfds;
-	(void)userdata_online(userid,&nfds);
-	return RET_CLOSE(net_send_number(data->fd,tag,nfds));
+	(void)userdata_online(userid2, &nfds);
+	return RET_CLOSE(net_send_number(data->fd, tag, nfds));
 }
 
 static struct cmd_retval cmd_firebase_token(struct conn_data *data,const char *tag,const char **args){
author	Tom Smeding <tom@tomsmeding.com>	2021-02-27 17:39:46 +0100
committer	Tom Smeding <tom@tomsmeding.com>	2021-02-27 17:49:10 +0100
commit	1e1cd7ce0aa362a0a2a20a764145035be911673d (patch)
tree	d4a4860c90a8bc408954871ff55c441dad543cd0 /command.c
parent	e7a188d9f8cd105485c5362f525cdd614c03dd3c (diff)