security hardening

2026-04-18 11:10:41 +00:00
parent a409203025
commit 21618efbad
36 changed files with 1455 additions and 283 deletions
--- a/services/channelQueue.js
+++ b/services/channelQueue.js
@@ -95,4 +95,20 @@ function enqueueMove(channel, categoryId) {
  return channel.setParent(categoryId, { lockPermissions: true });
 }

-module.exports = { enqueueRename, enqueueMove };
+// Per-channel promise chain for send ordering and to prevent interleaving.
+const sendChains = new Map();
+
+function enqueueSend(channel, ...args) {
+  if (!channel || typeof channel.send !== 'function') {
+    return Promise.reject(new Error('enqueueSend: invalid channel'));
+  }
+  const prev = sendChains.get(channel.id) || Promise.resolve();
+  const next = prev.catch(() => {}).then(() => channel.send(...args));
+  sendChains.set(channel.id, next);
+  next.catch(() => {}).finally(() => {
+    if (sendChains.get(channel.id) === next) sendChains.delete(channel.id);
+  });
+  return next;
+}
+
+module.exports = { enqueueRename, enqueueMove, enqueueSend };