[Crash] Unchecked sessionData.user_id access in session validation

## Summary
Services server crashes when `sessionData` is valid but `user_id` field is missing.

## Affected Code
`server-services/start-services.js:231`

```javascript
if (sessionData && sessionData?.expires_at && (sessionData.expires_at > (Math.floor(Date.now() / 1000)))) {
  userData = await accs.getUserData(sessionData.user_id, true);
  // CRASH if sessionData.user_id is undefined (getUserData expects valid input)
```

## Vulnerability
If database returns corrupted session without `user_id`.

## Impact
- Services server crash on any authenticated command
- Denial of service

## Recommended Fix
```javascript
if (sessionData?.expires_at && sessionData.user_id && (sessionData.expires_at > (Math.floor(Date.now() / 1000)))) {
  userData = await accs.getUserData(sessionData.user_id, true);
```

## References
- PR: https://github.com/onlypuppy7/LegacyShell/pull/43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Crash] Unchecked sessionData.user_id access in session validation #69

Summary

Affected Code

Vulnerability

Impact

Recommended Fix

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[Crash] Unchecked sessionData.user_id access in session validation #69

Description

Summary

Affected Code

Vulnerability

Impact

Recommended Fix

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions