From dbe89d10aec971606b237d592fef7a1d7379bbba Mon Sep 17 00:00:00 2001
From: phosit <phosit@autistici.org>
Date: Mon, 2 Mar 2026 19:22:44 +0100
Subject: [PATCH] Pass the controllerSecret to the CNet* constructor

It wasn't clear when to call `SetControllerSecret` now it can't be done
wrong. Also the mutex has to be locked less often.
---
 source/network/NetClient.cpp                  | 10 +++------
 source/network/NetClient.h                    |  4 +---
 source/network/NetServer.cpp                  | 21 ++++++-------------
 source/network/NetServer.h                    | 10 ++++-----
 .../network/scripting/JSInterface_Network.cpp |  8 +++----
 5 files changed, 17 insertions(+), 36 deletions(-)

diff --git a/source/network/NetClient.cpp b/source/network/NetClient.cpp
index 8140054f8e..a388641930 100644
--- a/source/network/NetClient.cpp
+++ b/source/network/NetClient.cpp
@@ -67,13 +67,14 @@ constexpr u32 NETWORK_BAD_PING = DEFAULT_TURN_LENGTH * COMMAND_DELAY_MP / 2;
 CNetClient *g_NetClient = NULL;
 
 CNetClient::CNetClient(CGame* game, const CStrW& username, const CStr& hostJID,
-	std::string hashedPassword) :
+	std::string hashedPassword, std::string controllerSecret) :
 	m_UserName{username},
 	m_HostJID{hostJID},
 	m_Game{game},
 	// Hash on top with the user's name, to make sure not all
 	// hashing data is in control of the host.
-	m_Password{HashCryptographically(std::move(hashedPassword), m_UserName.ToUTF8())}
+	m_Password{HashCryptographically(std::move(hashedPassword), m_UserName.ToUTF8())},
+	m_ControllerSecret{std::move(controllerSecret)}
 {
 	m_Game->SetTurnManager(NULL); // delete the old local turn manager so we don't accidentally use it
 
@@ -146,11 +147,6 @@ CNetClient::~CNetClient()
 	DestroyConnection();
 }
 
-void CNetClient::SetControllerSecret(const std::string& secret)
-{
-	m_ControllerSecret = secret;
-}
-
 
 bool CNetClient::SetupConnection(ENetHost* enetClient)
 {
diff --git a/source/network/NetClient.h b/source/network/NetClient.h
index 001fb072de..1b9c742ddb 100644
--- a/source/network/NetClient.h
+++ b/source/network/NetClient.h
@@ -79,12 +79,10 @@ public:
 	 * The JID of the host is needed for the secure lobby authentication.
 	 */
 	CNetClient(CGame* game, const CStrW& username = L"anonymous", const CStr& hostJID = {},
-		std::string hashedPassword = {});
+		std::string hashedPassword = {}, std::string controllerSecret = {});
 
 	virtual ~CNetClient();
 
-	void SetControllerSecret(const std::string& secret);
-
 	bool IsController() const { return m_IsController; }
 
 	/**
diff --git a/source/network/NetServer.cpp b/source/network/NetServer.cpp
index fab22881f9..addc0ade0e 100644
--- a/source/network/NetServer.cpp
+++ b/source/network/NetServer.cpp
@@ -112,9 +112,10 @@ static CStr DebugName(CNetServerSession* session)
  */
 
 CNetServerWorker::CNetServerWorker(const bool continueSavedGame, const bool useLobbyAuth,
-	std::string password) :
+	std::string password, std::string controllerSecret) :
 	m_ContinuesSavedGame{continueSavedGame},
 	m_LobbyAuth{useLobbyAuth},
+	m_ControllerSecret{std::move(controllerSecret)},
 	m_Password{std::move(password)}
 {
 }
@@ -155,12 +156,6 @@ CNetServerWorker::~CNetServerWorker()
 }
 
 
-void CNetServerWorker::SetControllerSecret(const std::string& secret)
-{
-	m_ControllerSecret = secret;
-}
-
-
 bool CNetServerWorker::CheckPassword(const std::string& password, const std::string& salt) const
 {
 	return HashCryptographically(m_Password, salt) == password;
@@ -1689,8 +1684,10 @@ void CNetServerWorker::SendHolePunchingMessage(const CStr& ipStr, u16 port)
 
 
 
-CNetServer::CNetServer(const bool continueSavedGame, const bool useLobbyAuth, std::string password) :
-	m_Worker{new CNetServerWorker{continueSavedGame, useLobbyAuth, password}},
+CNetServer::CNetServer(const bool continueSavedGame, const bool useLobbyAuth, std::string password,
+	std::string controllerSecret) :
+	m_Worker{new CNetServerWorker{continueSavedGame, useLobbyAuth, password,
+		std::move(controllerSecret)}},
 	m_LobbyAuth{useLobbyAuth},
 	m_Password{std::move(password)}
 {
@@ -1759,12 +1756,6 @@ bool CNetServer::IsBanned(const std::string& username) const
 	return it != m_FailedAttempts.end() && it->second >= FAILED_PASSWORD_TRIES_BEFORE_BAN;
 }
 
-void CNetServer::SetControllerSecret(const std::string& secret)
-{
-	std::lock_guard<std::mutex> lock(m_Worker->m_WorkerMutex);
-	m_Worker->SetControllerSecret(secret);
-}
-
 void CNetServer::StartGame()
 {
 	std::lock_guard<std::mutex> lock(m_Worker->m_WorkerMutex);
diff --git a/source/network/NetServer.h b/source/network/NetServer.h
index 5740d9006b..1973daf322 100644
--- a/source/network/NetServer.h
+++ b/source/network/NetServer.h
@@ -112,7 +112,8 @@ class CNetServer
 {
 	NONCOPYABLE(CNetServer);
 public:
-	CNetServer(const bool isSavedGame, const bool useLobbyAuth = false, std::string password = {});
+	CNetServer(const bool isSavedGame, const bool useLobbyAuth = false, std::string password = {},
+		std::string controllerSecret = {});
 	~CNetServer();
 
 	/**
@@ -179,8 +180,6 @@ public:
 	 */
 	bool IsBanned(const std::string& username) const;
 
-	void SetControllerSecret(const std::string& secret);
-
 private:
 	CNetServerWorker* m_Worker;
 	const bool m_LobbyAuth;
@@ -228,13 +227,12 @@ public:
 private:
 	friend class CNetServer;
 
-	CNetServerWorker(const bool continuesSavedGame, const bool useLobbyAuth, std::string password);
+	CNetServerWorker(const bool continuesSavedGame, const bool useLobbyAuth, std::string password,
+		std::string controllerSecret);
 	~CNetServerWorker();
 
 	bool CheckPassword(const std::string& password, const std::string& salt) const;
 
-	void SetControllerSecret(const std::string& secret);
-
 	/**
 	 * Begin listening for network connections.
 	 * @return true on success, false on error (e.g. port already in use)
diff --git a/source/network/scripting/JSInterface_Network.cpp b/source/network/scripting/JSInterface_Network.cpp
index 0feb48ffbc..c19de2e6a9 100644
--- a/source/network/scripting/JSInterface_Network.cpp
+++ b/source/network/scripting/JSInterface_Network.cpp
@@ -105,7 +105,8 @@ void StartNetworkHost(const CStrW& playerName, const u16 serverPort, const CStr&
 	std::string hashedPassword = hasLobby ?
 		HashCryptographically(password, hostJID + password + PS_SERIALIZATION_VERSION) : "";
 
-	g_NetServer = new CNetServer(continueSavedGame, hasLobby, hashedPassword);
+	const std::string secret = ps_generate_guid();
+	g_NetServer = new CNetServer(continueSavedGame, hasLobby, hashedPassword, secret);
 
 	if (!g_NetServer->SetupConnection(serverPort))
 	{
@@ -122,13 +123,10 @@ void StartNetworkHost(const CStrW& playerName, const u16 serverPort, const CStr&
 	}
 
 	// Generate a secret to identify the host client.
-	std::string secret = ps_generate_guid();
-	g_NetServer->SetControllerSecret(secret);
 
 	g_Game = new CGame(storeReplay);
-	g_NetClient = new CNetClient(g_Game, playerName, hostJID, hashedPassword);
+	g_NetClient = new CNetClient(g_Game, playerName, hostJID, hashedPassword, secret);
 	g_NetClient->SetupServerData("127.0.0.1", serverPort);
-	g_NetClient->SetControllerSecret(secret);
 
 	if (!g_NetClient->SetupConnection(nullptr))
 	{