src/socket.io/index.js

'use strict';

var os = require('os');
var async = require('async');
var nconf = require('nconf');
var winston = require('winston');
var url = require('url');
var cookieParser = require('cookie-parser')(nconf.get('secret'));

var db = require('../database');
var user = require('../user');
var logger = require('../logger');
var plugins = require('../plugins');
var ratelimit = require('../middleware/ratelimit');


var Namespaces = {};
var io;

var Sockets = module.exports;

Sockets.init = function (server) {
	requireModules();

	var SocketIO = require('socket.io');
	var socketioWildcard = require('socketio-wildcard')();
	io = new SocketIO({
		path: nconf.get('relative_path') + '/socket.io',
	});

	if (nconf.get('singleHostCluster')) {
		io.adapter(require('./single-host-cluster'));
	} else if (nconf.get('redis')) {
		io.adapter(require('../database/redis').socketAdapter());
	} else {
		io.adapter(db.socketAdapter());
	}

	io.use(socketioWildcard);
	io.use(authorize);

	io.on('connection', onConnection);

	/*
	 * Restrict socket.io listener to cookie domain. If none is set, infer based on url.
	 * Production only so you don't get accidentally locked out.
	 * Can be overridden via config (socket.io:origins)
	 */
	if (process.env.NODE_ENV !== 'development') {
		const parsedUrl = url.parse(nconf.get('url'));

		// cookies don't provide isolation by port: http://stackoverflow.com/a/16328399/122353
		const domain = nconf.get('cookieDomain') || parsedUrl.hostname;

		const origins = nconf.get('socket.io:origins') || `${parsedUrl.protocol}//${domain}:*`;
		nconf.set('socket.io:origins', origins);

		io.origins(origins);
		winston.info('[socket.io] Restricting access to origin: ' + origins);
	}

	io.listen(server, {
		transports: nconf.get('socket.io:transports'),
	});

	Sockets.server = io;
};

function onConnection(socket) {
	socket.ip = (socket.request.headers['x-forwarded-for'] || socket.request.connection.remoteAddress || '').split(',')[0];

	logger.io_one(socket, socket.uid);

	onConnect(socket);

	socket.on('*', function (payload) {
		onMessage(socket, payload);
	});
}

function onConnect(socket) {
	if (socket.uid) {
		socket.join('uid_' + socket.uid);
		socket.join('online_users');
	} else {
		socket.join('online_guests');
	}

	socket.join('sess_' + socket.request.signedCookies[nconf.get('sessionKey')]);
	io.sockets.sockets[socket.id].emit('checkSession', socket.uid);
	io.sockets.sockets[socket.id].emit('setHostname', os.hostname());
}

function onMessage(socket, payload) {
	if (!payload.data.length) {
		return winston.warn('[socket.io] Empty payload');
	}

	var eventName = payload.data[0];
	var params = typeof payload.data[1] === 'function' ? {} : payload.data[1];
	var callback = typeof payload.data[payload.data.length - 1] === 'function' ? payload.data[payload.data.length - 1] : function () {};

	if (!eventName) {
		return winston.warn('[socket.io] Empty method name');
	}

	var parts = eventName.toString().split('.');
	var namespace = parts[0];
	var methodToCall = parts.reduce(function (prev, cur) {
		if (prev !== null && prev[cur]) {
			return prev[cur];
		}
		return null;
	}, Namespaces);

	if (!methodToCall || typeof methodToCall !== 'function') {
		if (process.env.NODE_ENV === 'development') {
			winston.warn('[socket.io] Unrecognized message: ' + eventName);
		}
		return callback({ message: '[[error:invalid-event]]' });
	}

	socket.previousEvents = socket.previousEvents || [];
	socket.previousEvents.push(eventName);
	if (socket.previousEvents.length > 20) {
		socket.previousEvents.shift();
	}

	if (!eventName.startsWith('admin.') && ratelimit.isFlooding(socket)) {
		winston.warn('[socket.io] Too many emits! Disconnecting uid : ' + socket.uid + '. Events : ' + socket.previousEvents);
		return socket.disconnect();
	}

	async.waterfall([
		function (next) {
			checkMaintenance(socket, next);
		},
		function (next) {
			validateSession(socket, next);
		},
		function (next) {
			if (Namespaces[namespace].before) {
				Namespaces[namespace].before(socket, eventName, params, next);
			} else {
				next();
			}
		},
		function (next) {
			async function tryAsyncFunc(done) {
				try {
					const result = await methodToCall(socket, params);
					done(null, result);
				} catch (err) {
					done(err);
				}
			}

			if (methodToCall.constructor && methodToCall.constructor.name === 'AsyncFunction') {
				tryAsyncFunc(next);
			} else {
				methodToCall(socket, params, next);
			}
		},
	], function (err, result) {
		callback(err ? { message: err.message } : null, result);
	});
}

function requireModules() {
	var modules = ['admin', 'categories', 'groups', 'meta', 'modules',
		'notifications', 'plugins', 'posts', 'topics', 'user', 'blacklist', 'flags',
	];

	modules.forEach(function (module) {
		Namespaces[module] = require('./' + module);
	});
}

function checkMaintenance(socket, callback) {
	var meta = require('../meta');
	if (!meta.config.maintenanceMode) {
		return setImmediate(callback);
	}
	user.isAdministrator(socket.uid, function (err, isAdmin) {
		if (err || isAdmin) {
			return callback(err);
		}
	});
}

function validateSession(socket, callback) {
	var req = socket.request;
	if (!req.signedCookies || !req.signedCookies[nconf.get('sessionKey')]) {
		return callback();
	}

	db.sessionStore.get(req.signedCookies[nconf.get('sessionKey')], function (err, sessionData) {
		if (err || !sessionData) {
			return callback(err || new Error('[[error:invalid-session]]'));
		}

		plugins.fireHook('static:sockets.validateSession', {
			req: req,
			socket: socket,
			session: sessionData,
		}, callback);
	});
}

function authorize(socket, callback) {
	var request = socket.request;

	if (!request) {
		return callback(new Error('[[error:not-authorized]]'));
	}

	async.waterfall([
		function (next) {
			cookieParser(request, {}, next);
		},
		function (next) {
			db.sessionStore.get(request.signedCookies[nconf.get('sessionKey')], function (err, sessionData) {
				if (err) {
					return next(err);
				}
				if (sessionData && sessionData.passport && sessionData.passport.user) {
					request.session = sessionData;
					socket.uid = parseInt(sessionData.passport.user, 10);
				} else {
					socket.uid = 0;
				}
				next();
			});
		},
	], callback);
}

Sockets.in = function (room) {
	return io.in(room);
};

Sockets.getUserSocketCount = function (uid) {
	if (!io) {
		return 0;
	}

	var room = io.sockets.adapter.rooms['uid_' + uid];
	return room ? room.length : 0;
};


Sockets.reqFromSocket = function (socket, payload, event) {
	var headers = socket.request ? socket.request.headers : {};
	var encrypted = socket.request ? !!socket.request.connection.encrypted : false;
	var host = headers.host;
	var referer = headers.referer || '';
	var data = ((payload || {}).data || []);

	if (!host) {
		host = url.parse(referer).host || '';
	}

	return {
		uid: socket.uid,
		params: data[1],
		method: event || data[0],
		body: payload,
		ip: socket.ip,
		host: host,
		protocol: encrypted ? 'https' : 'http',
		secure: encrypted,
		url: referer,
		path: referer.substr(referer.indexOf(host) + host.length),
		headers: headers,
	};
};
ESlint quotes 2017-02-18 01:56:23 -07:00			`'use strict';`
linting and adding missing require'd dep 2014-01-13 11:23:21 -05:00
only triggering forum updated messaging if hostname matches, fixes #6333 2018-02-20 15:32:44 -05:00			`var os = require('os');`
closes #4248 2016-02-24 12:07:02 +02:00			`var async = require('async');`
			`var nconf = require('nconf');`
			`var winston = require('winston');`
added missing dependency lib 2016-06-08 17:45:45 -04:00			`var url = require('url');`
more test fixes 2016-10-16 21:51:42 +03:00			`var cookieParser = require('cookie-parser')(nconf.get('secret'));`
interim commit - removed calls to websockets.js, beginning porting to namespaced files 2014-01-09 20:13:17 -05:00
closes #4248 2016-02-24 12:07:02 +02:00			`var db = require('../database');`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`var user = require('../user');`
closes #4248 2016-02-24 12:07:02 +02:00			`var logger = require('../logger');`
feat: added new hook `static:sockets.validateSession` (#7189) * feat: added new hook * fix: improper .bind() call, +req in static:sockets.validateSession * fix: restored original sessionStore logic, +hook original logic to retrieve the sessionStore was not faulty, but was changed for the sake of changing things, which ultimately led to issues with tests, etc. 2019-01-03 21:14:30 -05:00			`var plugins = require('../plugins');`
closes #4248 2016-02-24 12:07:02 +02:00			`var ratelimit = require('../middleware/ratelimit');`
interim commit - removed calls to websockets.js, beginning porting to namespaced files 2014-01-09 20:13:17 -05:00

closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`var Namespaces = {};`
			`var io;`
socket.io index refactor 2014-11-28 19:33:07 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`var Sockets = module.exports;`
emit works 2014-11-20 19:02:29 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`Sockets.init = function (server) {`
			`requireModules();`
socket.io index refactor 2014-11-28 19:33:07 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`var SocketIO = require('socket.io');`
			`var socketioWildcard = require('socketio-wildcard')();`
			`io = new SocketIO({`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`path: nconf.get('relative_path') + '/socket.io',`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`});`
deps, disabled all server side calls 2014-11-20 16:51:11 -05:00
Allow single-host clusters to not send pubsub and socket.io messages through the database. (#6659) * Allow single-host clusters to not send pubsub and socket.io messages through the database. * Fix lint errors. 2018-07-23 11:21:36 -05:00			`if (nconf.get('singleHostCluster')) {`
Fix single-host-cluster socket.io (#6802) It was silently dropping every message because every node thought it was the master node. 2018-09-28 16:02:03 -05:00			`io.adapter(require('./single-host-cluster'));`
Allow single-host clusters to not send pubsub and socket.io messages through the database. (#6659) * Allow single-host clusters to not send pubsub and socket.io messages through the database. * Fix lint errors. 2018-07-23 11:21:36 -05:00			`} else if (nconf.get('redis')) {`
			`io.adapter(require('../database/redis').socketAdapter());`
			`} else {`
			`io.adapter(db.socketAdapter());`
			`}`
interim commit - removed calls to websockets.js, beginning porting to namespaced files 2014-01-09 20:13:17 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`io.use(socketioWildcard);`
			`io.use(authorize);`
first set of changes 2014-01-16 14:57:03 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`io.on('connection', onConnection);`
crashing a lot less now, heh 2014-01-09 21:27:50 -05:00
closes #5472 2017-02-23 11:54:46 -05:00			`/*`
			`* Restrict socket.io listener to cookie domain. If none is set, infer based on url.`
			`* Production only so you don't get accidentally locked out.`
			`* Can be overridden via config (socket.io:origins)`
			`*/`
			`if (process.env.NODE_ENV !== 'development') {`
feat: close #7002, console message if mismatched origins 2018-11-28 20:23:42 -07:00			`const parsedUrl = url.parse(nconf.get('url'));`

			`// cookies don't provide isolation by port: http://stackoverflow.com/a/16328399/122353`
			`const domain = nconf.get('cookieDomain') \|\| parsedUrl.hostname;`

			const origins = nconf.get('socket.io:origins') \|\| `${parsedUrl.protocol}//${domain}:*`;
			`nconf.set('socket.io:origins', origins);`

			`io.origins(origins);`
			`winston.info('[socket.io] Restricting access to origin: ' + origins);`
closes #5472 2017-02-23 11:54:46 -05:00			`}`

Revert "adding origin to new local ioConfig var, as per @barisusakli, re: #5472" This reverts commit c1b1ff5c6ec5a35ed1e127edc5ccfc06dd04c5c2. 2017-02-23 13:13:59 -05:00			`io.listen(server, {`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`transports: nconf.get('socket.io:transports'),`
Revert "adding origin to new local ioConfig var, as per @barisusakli, re: #5472" This reverts commit c1b1ff5c6ec5a35ed1e127edc5ccfc06dd04c5c2. 2017-02-23 13:13:59 -05:00			`});`
don't attempt to require a directory 2014-04-15 02:33:48 -04:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`Sockets.server = io;`
			`};`
socket.io index refactor 2014-11-28 19:33:07 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`function onConnection(socket) {`
#6561 2018-06-08 13:53:55 -04:00			`socket.ip = (socket.request.headers['x-forwarded-for'] \|\| socket.request.connection.remoteAddress \|\| '').split(',')[0];`
crashing a lot less now, heh 2014-01-09 21:27:50 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`logger.io_one(socket, socket.uid);`
socket.io index refactor 2014-11-28 19:33:07 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`onConnect(socket);`
closes #4950 2016-08-16 13:48:53 -04:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`socket.on('*', function (payload) {`
			`onMessage(socket, payload);`
			`});`
			`}`
socket.io index refactor 2014-11-28 19:33:07 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`function onConnect(socket) {`
Revert "fixes #5894" This reverts commit e2b40ddf34277ebc0aa867fa9bfbc72b5b369384. 2017-08-23 21:38:58 -04:00			`if (socket.uid) {`
			`socket.join('uid_' + socket.uid);`
			`socket.join('online_users');`
			`} else {`
			`socket.join('online_guests');`
			`}`
emit works 2014-11-20 19:02:29 -05:00
Revert "fixes #5894" This reverts commit e2b40ddf34277ebc0aa867fa9bfbc72b5b369384. 2017-08-23 21:38:58 -04:00			`socket.join('sess_' + socket.request.signedCookies[nconf.get('sessionKey')]);`
			`io.sockets.sockets[socket.id].emit('checkSession', socket.uid);`
only triggering forum updated messaging if hostname matches, fixes #6333 2018-02-20 15:32:44 -05:00			`io.sockets.sockets[socket.id].emit('setHostname', os.hostname());`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`}`
fix crash if socket.handshake is null 2014-10-27 20:23:16 -04:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`function onMessage(socket, payload) {`
			`if (!payload.data.length) {`
			`return winston.warn('[socket.io] Empty payload');`
			`}`
keep track of the last 20 events 2015-01-20 17:04:05 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`var eventName = payload.data[0];`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`var params = typeof payload.data[1] === 'function' ? {} : payload.data[1];`
remove init socket.io 2017-06-02 17:18:58 -04:00			`var callback = typeof payload.data[payload.data.length - 1] === 'function' ? payload.data[payload.data.length - 1] : function () {};`
fix circular dependency -- involves indentations fix 2016-04-15 16:47:55 -04:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`if (!eventName) {`
			`return winston.warn('[socket.io] Empty method name');`
			`}`
fix circular dependency -- involves indentations fix 2016-04-15 16:47:55 -04:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`var parts = eventName.toString().split('.');`
			`var namespace = parts[0];`
			`var methodToCall = parts.reduce(function (prev, cur) {`
			`if (prev !== null && prev[cur]) {`
			`return prev[cur];`
closes #4248 2016-02-24 12:07:02 +02:00			`}`
ESlint no-useless-escape, no-else-return 2017-02-18 14:27:26 -07:00			`return null;`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`}, Namespaces);`
remove console.log 2015-03-05 17:32:40 -05:00
feat: rewrite getRawPost to async/await promisify SocketPosts 2019-08-07 17:38:23 -04:00			`if (!methodToCall \|\| typeof methodToCall !== 'function') {`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`if (process.env.NODE_ENV === 'development') {`
			`winston.warn('[socket.io] Unrecognized message: ' + eventName);`
fix circular dependency -- involves indentations fix 2016-04-15 16:47:55 -04:00			`}`
ESlint object-curly-spacing 2017-02-18 12:30:49 -07:00			`return callback({ message: '[[error:invalid-event]]' });`
fix circular dependency -- involves indentations fix 2016-04-15 16:47:55 -04:00			`}`

closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`socket.previousEvents = socket.previousEvents \|\| [];`
			`socket.previousEvents.push(eventName);`
			`if (socket.previousEvents.length > 20) {`
			`socket.previousEvents.shift();`
			`}`
interim commit - removed calls to websockets.js, beginning porting to namespaced files 2014-01-09 20:13:17 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`if (!eventName.startsWith('admin.') && ratelimit.isFlooding(socket)) {`
			`winston.warn('[socket.io] Too many emits! Disconnecting uid : ' + socket.uid + '. Events : ' + socket.previousEvents);`
			`return socket.disconnect();`
single proc stats 2015-11-04 17:43:43 -05:00			`}`
closes #4038 2016-01-13 16:15:49 +02:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`async.waterfall([`
			`function (next) {`
			`checkMaintenance(socket, next);`
			`},`
			`function (next) {`
			`validateSession(socket, next);`
			`},`
			`function (next) {`
			`if (Namespaces[namespace].before) {`
			`Namespaces[namespace].before(socket, eventName, params, next);`
			`} else {`
			`next();`
fix circular dependency -- involves indentations fix 2016-04-15 16:47:55 -04:00			`}`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`},`
			`function (next) {`
feat: rewrite getRawPost to async/await promisify SocketPosts 2019-08-07 17:38:23 -04:00			`async function tryAsyncFunc(done) {`
			`try {`
			`const result = await methodToCall(socket, params);`
			`done(null, result);`
			`} catch (err) {`
			`done(err);`
			`}`
fix: socket.io methods calling callbacks twice if method returns promise 2019-07-19 16:46:40 -04:00			`}`
feat: rewrite getRawPost to async/await promisify SocketPosts 2019-08-07 17:38:23 -04:00
			`if (methodToCall.constructor && methodToCall.constructor.name === 'AsyncFunction') {`
			`tryAsyncFunc(next);`
			`} else {`
			`methodToCall(socket, params, next);`
feat: awaitable websockets (#7645) * feat: awaitable websockets Adding in conditionals to check the method to call, and handling it as a promise vs. a regular function depending on whether the method itself is an asynchronous function. * fix: switch to .then-checking for awaitable check * fix: proper use of .then check 2019-06-10 12:06:26 -04:00			`}`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`},`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`], function (err, result) {`
ESlint object-curly-spacing 2017-02-18 12:30:49 -07:00			`callback(err ? { message: err.message } : null, result);`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`});`
			`}`

			`function requireModules() {`
			`var modules = ['admin', 'categories', 'groups', 'meta', 'modules',`
Merge branch 'master' into develop 2017-02-24 12:46:40 -05:00			`'notifications', 'plugins', 'posts', 'topics', 'user', 'blacklist', 'flags',`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`];`

			`modules.forEach(function (module) {`
			`Namespaces[module] = require('./' + module);`
			`});`
			`}`

			`function checkMaintenance(socket, callback) {`
			`var meta = require('../meta');`
Parse int (#6853) * Store config fields as JSON in the db Fewer parseInts * Remove unnecessary parseInts * remove some dupe code add tests * remove console.log * remove more parseInts * WIP: read meta.configs defaults from defaults.json remove more parseInts * more work * add log for failing test * update admin pwd * fix tests, dont require posts/cache before configs are initialized * handle saves * Test boolean conditions * remove more parseInts * Fix boolean values * remove lots more parseInts * removed json parsing * renamed var to number * categories dont have timestamp 2018-10-21 16:47:51 -04:00			`if (!meta.config.maintenanceMode) {`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`return setImmediate(callback);`
			`}`
			`user.isAdministrator(socket.uid, function (err, isAdmin) {`
			`if (err \|\| isAdmin) {`
			`return callback(err);`
			`}`
			`});`
			`}`
fix circular dependency -- involves indentations fix 2016-04-15 16:47:55 -04:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`function validateSession(socket, callback) {`
			`var req = socket.request;`
			`if (!req.signedCookies \|\| !req.signedCookies[nconf.get('sessionKey')]) {`
fixes #5528 2017-03-15 13:49:35 -04:00			`return callback();`
single proc stats 2015-11-04 17:43:43 -05:00			`}`
feat: added new hook `static:sockets.validateSession` (#7189) * feat: added new hook * fix: improper .bind() call, +req in static:sockets.validateSession * fix: restored original sessionStore logic, +hook original logic to retrieve the sessionStore was not faulty, but was changed for the sake of changing things, which ultimately led to issues with tests, etc. 2019-01-03 21:14:30 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`db.sessionStore.get(req.signedCookies[nconf.get('sessionKey')], function (err, sessionData) {`
			`if (err \|\| !sessionData) {`
			`return callback(err \|\| new Error('[[error:invalid-session]]'));`
			`}`
deps, disabled all server side calls 2014-11-20 16:51:11 -05:00
feat: added new hook `static:sockets.validateSession` (#7189) * feat: added new hook * fix: improper .bind() call, +req in static:sockets.validateSession * fix: restored original sessionStore logic, +hook original logic to retrieve the sessionStore was not faulty, but was changed for the sake of changing things, which ultimately led to issues with tests, etc. 2019-01-03 21:14:30 -05:00			`plugins.fireHook('static:sockets.validateSession', {`
			`req: req,`
			`socket: socket,`
			`session: sessionData,`
			`}, callback);`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`});`
			`}`
fix circular dependency -- involves indentations fix 2016-04-15 16:47:55 -04:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`function authorize(socket, callback) {`
			`var request = socket.request;`
interim commit - removed calls to websockets.js, beginning porting to namespaced files 2014-01-09 20:13:17 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`if (!request) {`
			`return callback(new Error('[[error:not-authorized]]'));`
single proc stats 2015-11-04 17:43:43 -05:00			`}`
possible fix to online guest count using socket io rooms instead of syncing between workers. 2014-09-09 18:05:21 -04:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`async.waterfall([`
			`function (next) {`
			`cookieParser(request, {}, next);`
			`},`
			`function (next) {`
			`db.sessionStore.get(request.signedCookies[nconf.get('sessionKey')], function (err, sessionData) {`
			`if (err) {`
			`return next(err);`
			`}`
			`if (sessionData && sessionData.passport && sessionData.passport.user) {`
			`request.session = sessionData;`
			`socket.uid = parseInt(sessionData.passport.user, 10);`
			`} else {`
			`socket.uid = 0;`
			`}`
			`next();`
			`});`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`},`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`], callback);`
			`}`

			`Sockets.in = function (room) {`
			`return io.in(room);`
			`};`
fix circular dependency -- involves indentations fix 2016-04-15 16:47:55 -04:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`Sockets.getUserSocketCount = function (uid) {`
			`if (!io) {`
			`return 0;`
			`}`
fix reqFromSocket for socket.io 1.x 2014-11-28 17:46:00 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`var room = io.sockets.adapter.rooms['uid_' + uid];`
			`return room ? room.length : 0;`
			`};`
added reqFromSocket to topic posting new filter topic.post 2014-04-27 00:47:08 -04:00
interim commit - removed calls to websockets.js, beginning porting to namespaced files 2014-01-09 20:13:17 -05:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`Sockets.reqFromSocket = function (socket, payload, event) {`
			`var headers = socket.request ? socket.request.headers : {};`
			`var encrypted = socket.request ? !!socket.request.connection.encrypted : false;`
			`var host = headers.host;`
			`var referer = headers.referer \|\| '';`
			`var data = ((payload \|\| {}).data \|\| []);`
fix circular dependency -- involves indentations fix 2016-04-15 16:47:55 -04:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`if (!host) {`
			`host = url.parse(referer).host \|\| '';`
			`}`
in cases where host is not provided in the websocket request, infer one from the referer 2016-06-02 15:20:58 -04:00
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`return {`
			`uid: socket.uid,`
			`params: data[1],`
			`method: event \|\| data[0],`
			`body: payload,`
#6561 2018-06-08 13:53:55 -04:00			`ip: socket.ip,`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`host: host,`
			`protocol: encrypted ? 'https' : 'http',`
			`secure: encrypted,`
			`url: referer,`
			`path: referer.substr(referer.indexOf(host) + host.length),`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`headers: headers,`
fix circular dependency -- involves indentations fix 2016-04-15 16:47:55 -04:00			`};`
closes #5394 dont allow socket.emits during maintenance mode 2017-02-03 19:02:38 +03:00			`};`