diff --git a/client/multiplayer/room.html b/client/multiplayer/room.html
index 00939c1e..8741a3ef 100644
--- a/client/multiplayer/room.html
+++ b/client/multiplayer/room.html
@@ -172,7 +172,7 @@
-
+
diff --git a/server/multiplayer/handle-wss-connection.js b/server/multiplayer/handle-wss-connection.js
index f49d5def..e9c19d3e 100644
--- a/server/multiplayer/handle-wss-connection.js
+++ b/server/multiplayer/handle-wss-connection.js
@@ -1,3 +1,4 @@
+import { checkToken } from '../authentication.js';
import hasValidCharacters from '../moderation/has-valid-characters.js';
import isAppropriateString from '../moderation/is-appropriate-string.js';
import { createAndReturnRoom } from './TossupRoom.js';
@@ -46,6 +47,24 @@ export default function handleWssConnection (ws, req) {
return false;
}
+ if (room.settings.loginRequired === true) {
+ const cookieString = (req?.headers?.cookie ?? 'session=;').split(';').find(token => token.trim().startsWith('session='));
+ const cookieBuffer = Buffer.from(cookieString.split('=')[1], 'base64');
+ let valid = true;
+ try {
+ const cookies = JSON.parse(cookieBuffer.toString('utf-8'));
+ valid = checkToken(cookies.username, cookies.token, true);
+ } catch (e) { valid = false; }
+
+ if (!valid) {
+ ws.send(JSON.stringify({
+ type: 'error',
+ message: 'You must be logged in with a verified email to join this room.'
+ }));
+ return false;
+ }
+ }
+
if (!isAppropriateString(username)) {
username = getRandomName();
ws.send(JSON.stringify({