From 7f8b0b00ceb9bba04f32d493c03302c9dbca3e5e Mon Sep 17 00:00:00 2001
From: Joe Banks <joe@jb3.dev>
Date: Wed, 3 Jul 2024 22:25:49 +0100
Subject: Explicitly tag PyDis messages for integrity

---
 src/api/auth.ts            | 5 +++++
 src/pages/CallbackPage.tsx | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/api/auth.ts b/src/api/auth.ts
index cd38286..c9e3634 100644
--- a/src/api/auth.ts
+++ b/src/api/auth.ts
@@ -125,6 +125,11 @@ export async function getDiscordCode(scopes: OAuthScopes[], disableFunction?: (d
                 return;
             }
 
+            if (message.data.pydis_source !== "oauth2_callback") {
+                // Ignore messages not from the callback
+                return;
+            }
+
             if (message.isTrusted) {
                 windowRef?.close();
 
diff --git a/src/pages/CallbackPage.tsx b/src/pages/CallbackPage.tsx
index 00feb76..bd7870c 100644
--- a/src/pages/CallbackPage.tsx
+++ b/src/pages/CallbackPage.tsx
@@ -11,7 +11,7 @@ export default function CallbackPage(): JSX.Element {
 
     if (!hasSent) {
         setHasSent(true);
-        window.opener.postMessage({code: code, state: state});
+        window.opener.postMessage({code: code, state: state, pydis_source: "oauth2_callback"});
     }
 
     return <div/>;
-- 
cgit v1.2.3