Merge branch 'multitheftauto:master' into feature/remove-all-domains

Author: omar-o22

Client/ceflauncher_DLL/CCefApp.h

@@ -9,14 +9,14 @@
  *****************************************************************************/
 #include <cef3/cef/include/cef_app.h>
 #include <string>
-#include <sstream>
 #include "V8Helpers.h"
+#include "CCefAppAuth.h"            // IPC message append helpers
 using V8Helpers::CV8Handler;
 
 class CCefApp : public CefApp, public CefRenderProcessHandler
 {
 public:
-    CCefApp() {}
+    CCefApp() = default;
     virtual CefRefPtr<CefRenderProcessHandler> GetRenderProcessHandler() override { return this; };
 
     // https://magpcss.org/ceforum/apidocs3/projects/(default)/CefRenderProcessHandler.html#OnFocusedNodeChanged(CefRefPtr%3CCefBrowser%3E,CefRefPtr%3CCefFrame%3E,CefRefPtr%3CCefDOMNode%3E)
@@ -73,13 +73,24 @@ class CCefApp : public CefApp, public CefRenderProcessHandler
 
     static void Javascript_triggerEvent(CefRefPtr<CefFrame> frame, const CefV8ValueList& arguments)
     {
-        if (arguments.size() == 0)
+        if (arguments.empty()) [[unlikely]]
             return;
 
         CefRefPtr<CefProcessMessage> message = V8Helpers::SerialiseV8Arguments("TriggerLuaEvent", arguments);
+        if (!CefAppAuth::AppendAuthCodeToMessage(message)) [[unlikely]]            // AUTH: race condition check
+            return;
         frame->GetBrowser()->GetMainFrame()->SendProcessMessage(PID_BROWSER, message);
     }
 
+    void OnBeforeCommandLineProcessing(const CefString& process_type, CefRefPtr<CefCommandLine> command_line) override
+    {
+        const auto authCode = command_line->GetSwitchValue("kgfiv8n");
+        if (!authCode.empty())
+        {
+            CefAppAuth::AuthCodeStorage() = authCode;
+        }
+    }
+
 public:
     IMPLEMENT_REFCOUNTING(CCefApp);
 

Client/ceflauncher_DLL/CCefAppAuth.h

@@ -0,0 +1,43 @@
+/*****************************************************************************
+ *
+ *  PROJECT:     Multi Theft Auto v1.0
+ *  LICENSE:     See LICENSE in the top level directory
+ *  FILE:        ceflauncher_DLL/CCefAppAuth.h
+ *  PURPOSE:     IPC authentication helpers for render process
+ *
+ *****************************************************************************/
+#pragma once
+
+#include <cef3/cef/include/cef_process_message.h>
+#include <cef3/cef/include/cef_values.h>
+#include <string>
+
+namespace CefAppAuth
+{
+    // Thread-local storage for auth code in render process
+    inline std::string& AuthCodeStorage()
+    {
+        static std::string value;
+        return value;
+    }
+
+    // Appends auth code to TriggerLuaEvent IPC message
+    // Returns true if code was appended, false if message should be blocked
+    [[nodiscard]] inline bool AppendAuthCodeToMessage(CefRefPtr<CefProcessMessage> message)
+    {
+        if (!message) [[unlikely]]
+            return false;
+
+        auto& authCode = AuthCodeStorage();
+        
+        // Block messages until initialized (prevents race condition)
+        if (authCode.empty()) [[unlikely]]
+            return false;
+        
+        CefRefPtr<CefListValue> args = message->GetArgumentList();
+        const auto size = args->GetSize();
+        args->SetSize(size + 1);
+        args->SetString(size, authCode.c_str());
+        return true;
+    }
+}

Client/ceflauncher_DLL/Main.cpp

@@ -23,7 +23,11 @@
 #include <delayimp.h>
 
 #include "CCefApp.h"
-#include "SharedUtil.h"
+#include <string>
+#include <string_view>
+#include <algorithm>
+#include <iterator>
+#include <SharedUtil.h>
 
 #ifdef CEF_ENABLE_SANDBOX
 #include <cef3/cef/include/cef_sandbox_win.h>
@@ -122,6 +126,23 @@ BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, [[maybe_unused]] LPVOID l
 
 extern "C" [[nodiscard]] __declspec(dllexport) auto InitCEF() noexcept -> int
 {
+    // Parse command line for auth code in render processes (BEFORE CefExecuteProcess)
+    const std::wstring_view cmdLine{GetCommandLineW()};
+    if (const auto pos = cmdLine.find(L"--kgfiv8n="); pos != std::wstring_view::npos)
+    {
+        const auto valueStart = pos + 11;  // Skip "--kgfiv8n="
+        const auto valueEnd = cmdLine.find_first_of(L" \t\"", valueStart);
+        const auto authCodeW = cmdLine.substr(valueStart, 
+            valueEnd == std::wstring_view::npos ? 30 : std::min<size_t>(30, valueEnd - valueStart));
+        
+        std::string authCode;
+        authCode.reserve(30);
+        std::transform(authCodeW.begin(), authCodeW.end(), std::back_inserter(authCode),
+            [](const wchar_t wc) { return static_cast<char>(wc); });
+        
+        CefAppAuth::AuthCodeStorage() = std::move(authCode);
+    }
+
     const auto baseDir = SharedUtil::GetMTAProcessBaseDir();
     if (baseDir.empty())
         return CEF_INIT_ERROR_NO_BASE_DIR;

Client/ceflauncher_DLL/V8Helpers.h

@@ -8,6 +8,8 @@
  *
  *****************************************************************************/
 #include <string>
+#include <sstream>
+#include <map>
 #include <cef3/cef/include/cef_app.h>
 typedef void (*JavascriptCallback)(CefRefPtr<CefFrame> frame, const CefV8ValueList& arguments);
 

Client/cefweb/CAjaxResourceHandler.cpp

@@ -36,6 +36,12 @@ void CAjaxResourceHandler::SetResponse(std::string data)
     m_strResponse = std::move(data);
     m_bHasData = true;
 
+    // Clear request data to free memory as it's no longer needed
+    m_vecGetData.clear();
+    m_vecGetData.shrink_to_fit();
+    m_vecPostData.clear();
+    m_vecPostData.shrink_to_fit();
+
     if (!m_callback)
         return;
 

Client/cefweb/CWebApp.cpp

@@ -16,6 +16,7 @@
 #include <cef3/cef/include/cef_stream.h>
 #include <cef3/cef/include/wrapper/cef_stream_resource_handler.h>
 #include "CAjaxResourceHandler.h"
+#include "CWebAppAuth.h"            // IPC code generation
 #include <cstdlib>
 
 namespace
@@ -130,6 +131,11 @@ void CWebApp::OnBeforeChildProcessLaunch(CefRefPtr<CefCommandLine> command_line)
 
     const CefString processType = command_line->GetSwitchValue("type");
     ConfigureCommandLineSwitches(command_line, processType);
+    
+    // Attach IPC validation code for render processes
+    // This runs in browser process context where g_pCore and webCore are valid
+    // The auth code is generated in CWebCore constructor and passed to subprocesses
+    WebAppAuth::AttachAuthCodeToCommandLine(command_line);
 }
 
 CefRefPtr<CefBrowserProcessHandler> CWebApp::GetBrowserProcessHandler()

Client/cefweb/CWebAppAuth.h

@@ -0,0 +1,96 @@
+/*****************************************************************************
+ *
+ *  PROJECT:     Multi Theft Auto v1.0
+ *  LICENSE:     See LICENSE in the top level directory
+ *  FILE:        cefweb/CWebAppAuth.h
+ *  PURPOSE:     IPC authentication code generation for browser process
+ *
+ *****************************************************************************/
+#pragma once
+
+#include <cef3/cef/include/cef_command_line.h>
+#include <array>
+#include <chrono>
+#include <mutex>
+#include <random>
+#include <string>
+
+// Forward declarations
+class CWebCore;
+class CCoreInterface;
+extern CCoreInterface* g_pCore;
+
+// Note: IsReadablePointer is available via StdInc.h which includes SharedUtil.h
+
+namespace WebAppAuth
+{
+    // Shared auth code storage (used by both generation and validation)
+    inline std::string& GetSharedAuthCode()
+    {
+        static std::string sharedAuthCode;
+        return sharedAuthCode;
+    }
+
+    inline std::mutex& GetSharedAuthMutex()
+    {
+        static std::mutex sharedMutex;
+        return sharedMutex;
+    }
+
+    inline bool& GetSyncedToWebCoreFlag()
+    {
+        static bool syncedToWebCore = false;
+        return syncedToWebCore;
+    }
+
+    // Thread-safe auth code generation
+    inline std::mutex& GetAuthCodeMutex()
+    {
+        static std::mutex mutex;
+        return mutex;
+    }
+
+    // Auth code configuration
+    inline constexpr std::size_t AUTH_CODE_LENGTH = 30;
+    inline constexpr char AUTH_CODE_MIN_CHAR = 'A';
+    inline constexpr char AUTH_CODE_MAX_CHAR = 'Z';
+
+    // Generates random 30-character auth code (A-Z)
+    [[nodiscard]] inline std::string GenerateAuthCode()
+    {
+        std::array<char, AUTH_CODE_LENGTH> buffer{};
+        
+        // Use mt19937 with time-based seed (fast, cryptographic strength not needed for DoS prevention)
+        static std::mt19937 rng(static_cast<unsigned int>(std::chrono::high_resolution_clock::now().time_since_epoch().count()));
+        std::uniform_int_distribution<int> dist(0, AUTH_CODE_MAX_CHAR - AUTH_CODE_MIN_CHAR);
+        
+        for (auto& ch : buffer)
+            ch = static_cast<char>(AUTH_CODE_MIN_CHAR + dist(rng));
+
+        return std::string(buffer.data(), buffer.size());
+    }
+
+    // Generates and attaches auth code to child process command line
+    inline void AttachAuthCodeToCommandLine(CefRefPtr<CefCommandLine> commandLine)
+    {
+        if (!commandLine) [[unlikely]]
+            return;
+
+        const std::lock_guard<std::mutex> lock{GetSharedAuthMutex()};
+        
+        // Always use webCore->m_AuthCode (already populated in CWebCore constructor)
+        // No need for fallback - webCore is guaranteed to exist before this is called
+        if (!::g_pCore || !IsReadablePointer(::g_pCore, sizeof(void*))) [[unlikely]]
+            return;
+
+        auto* const webCore = static_cast<CWebCore*>(::g_pCore->GetWebCore());
+        if (!webCore || !IsReadablePointer(webCore, sizeof(void*))) [[unlikely]]
+            return;
+
+        // webCore->m_AuthCode already populated in CWebCore::CWebCore()
+        if (webCore->m_AuthCode.empty()) [[unlikely]]
+            return;
+
+        commandLine->AppendSwitchWithValue("kgfiv8n", webCore->m_AuthCode);
+    }
+}