(name: string)
| 426 | const cookiePrefix = settings.cookie?.prefix || ''; |
| 427 | const cookieHeader: string = socket.request?.headers?.cookie || ''; |
| 428 | const readCookie = (name: string): string | null => { |
| 429 | const match = cookieHeader.split(/;\s*/).find( |
| 430 | (c) => c.split('=')[0] === name); |
| 431 | if (!match) return null; |
| 432 | const raw = match.split('=').slice(1).join('='); |
| 433 | // A malformed value (e.g. `name=%ZZ`) makes decodeURIComponent throw |
| 434 | // URIError. Without this guard a single bad cookie aborts CLIENT_READY, |
| 435 | // letting an unauthenticated peer spam server error logs and block |
| 436 | // itself from joining (flagged by Qodo on #7755). Treat undecodable |
| 437 | // values as absent. |
| 438 | try { |
| 439 | return decodeURIComponent(raw); |
| 440 | } catch (err) { |
| 441 | if (err instanceof URIError) return null; |
| 442 | throw err; |
| 443 | } |
| 444 | }; |
| 445 | const cookieToken = readCookie(`${cookiePrefix}token`); |
| 446 | const legacyToken = typeof message.token === 'string' ? message.token : null; |
| 447 | const resolvedToken = cookieToken || legacyToken; |
no test coverage detected