core: redirect requests with incorrect domainId

packages/hydrooj/src/service/layers/domain.ts

@@ -2,8 +2,9 @@ import BlackListModel from '../../model/blacklist';
 import DomainModel from '../../model/domain';
 import * as system from '../../model/system';
 import token from '../../model/token';
+import { KoaContext } from '../server';
 
-export default async (ctx, next) => {
+export default async (ctx: KoaContext, next) => {
     const forceDomain = /^\/d\/([^/]+)\//.exec(ctx.request.path);
     ctx.originalPath = ctx.request.path;
     ctx.path = ctx.request.path = ctx.request.path.replace(/^\/d\/[^/]+\//, '/');
@@ -20,7 +21,7 @@ export default async (ctx, next) => {
         DomainModel.get(domainId),
         forceDomain ? Promise.resolve() : DomainModel.getByHost(host),
         BlackListModel.get(`ip::${ip}`),
-        token.get(sid, token.TYPE_SESSION),
+        token.get(sid instanceof Array ? sid[0] : sid, token.TYPE_SESSION),
     ]);
     if (bdoc) {
         ctx.body = 'blacklisted'; // Just return 404 if blacklisted
@@ -29,6 +30,11 @@ export default async (ctx, next) => {
     if (inferDomain) domainId = inferDomain._id;
     ctx.domainId = domainId;
     ctx.domainInfo = inferDomain || absoluteDomain;
-    ctx.session = session || { uid: 0 };
-    await next();
+    if (domainId !== ctx.domainInfo._id) {
+        // Case sensitive
+        ctx.redirect(ctx.originalPath.replace(/^\/d\/[^/]+\//, `/d/${ctx.domainInfo._id}/`));
+    } else {
+        ctx.session = session || { uid: 0 };
+        await next();
+    }
 };