From a0ec8bd2bc9e2e5f5cde184b2d65689d441cb8c5 Mon Sep 17 00:00:00 2001
From: Yonle <yonle@lecturify.net>
Date: Sat, 27 Jan 2024 22:57:41 +0700
Subject: [PATCH] bouncer: do not keep unauthorized session.

Signed-off-by: Yonle <yonle@lecturify.net>
---
 bouncer.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/bouncer.js b/bouncer.js
index 34ec809..fcaa9cc 100644
--- a/bouncer.js
+++ b/bouncer.js
@@ -136,6 +136,7 @@ module.exports = (ws, req, onClose) => {
   ws.on('error', console.error);
   ws.on('close', _ => {
     onClose();
+
     console.log(process.pid, "---", `${ip} (${ws.id}) disconnected (${howManyOrphanSess()+1} orphans)`);
     if (csess.has(ws.id)) {
       csess.set(ws.id, null); // set as orphan.
@@ -145,7 +146,8 @@ module.exports = (ws, req, onClose) => {
       clearTimeout(i[1]);
     }
 
-    if (!authorized) return;
+    // unauthorized session must be destroyed.
+    if (!authorized) terminate_sess(ws.id);
 
     for (const i of ws.reconnectTimeout) {
       clearTimeout(i);