fix(bot): harden ws.ts integration seam
- maybeAbandon Promise no longer floats from setTimeout - broadcastSinceLast loses dead extra parameter - bot-slot token is randomized so a third party can't hijack the bot's color by guessing a fixed placeholder
This commit is contained in:
claude (blind_chess)
@@ -93,10 +93,11 @@ function makeSlot(token: PlayerToken, now: number) {
|
||||
}
|
||||
|
||||
function makeBotSlot(now: number) {
|
||||
// Synthetic slot: occupies the player's color but never connects.
|
||||
// Token is a 24-char placeholder; never matches a real client.
|
||||
// Synthetic slot: occupies the player's color but never connects. The token
|
||||
// is randomized (same shape as a real client token) so a third party can't
|
||||
// hijack the bot's color by guessing a fixed placeholder.
|
||||
return {
|
||||
token: 'bot' + 'x'.repeat(21),
|
||||
token: newPlayerToken(),
|
||||
socket: null,
|
||||
joinedAt: now,
|
||||
rateBucket: { tokens: RATE_LIMIT.capacity, last: now },
|
||||
|
||||
Reference in New Issue
Block a user