2017-02-18 01:56:23 -07:00
|
|
|
'use strict';
|
2014-01-13 11:23:21 -05:00
|
|
|
|
2019-10-02 22:51:02 -04:00
|
|
|
const os = require('os');
|
|
|
|
|
const nconf = require('nconf');
|
|
|
|
|
const winston = require('winston');
|
|
|
|
|
const util = require('util');
|
|
|
|
|
const cookieParser = require('cookie-parser')(nconf.get('secret'));
|
2014-01-09 20:13:17 -05:00
|
|
|
|
2019-10-02 22:51:02 -04:00
|
|
|
const db = require('../database');
|
|
|
|
|
const user = require('../user');
|
|
|
|
|
const logger = require('../logger');
|
|
|
|
|
const plugins = require('../plugins');
|
|
|
|
|
const ratelimit = require('../middleware/ratelimit');
|
2014-01-09 20:13:17 -05:00
|
|
|
|
2019-10-02 22:51:02 -04:00
|
|
|
const Namespaces = {};
|
2014-11-28 19:33:07 -05:00
|
|
|
|
2019-10-02 22:51:02 -04:00
|
|
|
const Sockets = module.exports;
|
2014-11-20 19:02:29 -05:00
|
|
|
|
2021-01-31 12:37:28 -05:00
|
|
|
Sockets.init = async function (server) {
|
2017-02-03 19:02:38 +03:00
|
|
|
requireModules();
|
2014-11-28 19:33:07 -05:00
|
|
|
|
2020-12-06 13:03:33 -05:00
|
|
|
const SocketIO = require('socket.io').Server;
|
2019-10-02 22:51:02 -04:00
|
|
|
const io = new SocketIO({
|
2021-02-03 23:59:08 -07:00
|
|
|
path: `${nconf.get('relative_path')}/socket.io`,
|
2017-02-03 19:02:38 +03:00
|
|
|
});
|
2014-11-20 16:51:11 -05:00
|
|
|
|
2020-07-07 20:13:14 -04:00
|
|
|
if (nconf.get('isCluster')) {
|
2020-12-06 13:03:33 -05:00
|
|
|
// socket.io-adapter-cluster needs update
|
|
|
|
|
// if (nconf.get('singleHostCluster')) {
|
|
|
|
|
// io.adapter(require('./single-host-cluster'));
|
|
|
|
|
// } else if (nconf.get('redis')) {
|
|
|
|
|
if (nconf.get('redis')) {
|
2021-01-31 12:37:28 -05:00
|
|
|
const adapter = await require('../database/redis').socketAdapter();
|
|
|
|
|
io.adapter(adapter);
|
2020-07-07 20:13:14 -04:00
|
|
|
} else {
|
2020-12-06 13:03:33 -05:00
|
|
|
winston.warn('clustering detected, you should setup redis!');
|
2020-07-07 20:13:14 -04:00
|
|
|
}
|
2018-07-23 11:21:36 -05:00
|
|
|
}
|
2014-01-09 20:13:17 -05:00
|
|
|
|
2017-02-03 19:02:38 +03:00
|
|
|
io.use(authorize);
|
2014-01-16 14:57:03 -05:00
|
|
|
|
2017-02-03 19:02:38 +03:00
|
|
|
io.on('connection', onConnection);
|
2014-01-09 21:27:50 -05:00
|
|
|
|
2020-12-06 13:03:33 -05:00
|
|
|
const opts = {
|
|
|
|
|
transports: nconf.get('socket.io:transports') || ['polling', 'websocket'],
|
|
|
|
|
cookie: false,
|
|
|
|
|
};
|
2017-02-23 11:54:46 -05:00
|
|
|
/*
|
|
|
|
|
* Restrict socket.io listener to cookie domain. If none is set, infer based on url.
|
|
|
|
|
* Production only so you don't get accidentally locked out.
|
|
|
|
|
* Can be overridden via config (socket.io:origins)
|
|
|
|
|
*/
|
|
|
|
|
if (process.env.NODE_ENV !== 'development') {
|
2020-10-26 10:43:18 -04:00
|
|
|
const origins = nconf.get('socket.io:origins');
|
2020-12-06 13:03:33 -05:00
|
|
|
opts.cors = {
|
|
|
|
|
origin: origins,
|
|
|
|
|
methods: ['GET', 'POST'],
|
|
|
|
|
allowedHeaders: ['content-type'],
|
|
|
|
|
};
|
2021-02-03 23:59:08 -07:00
|
|
|
winston.info(`[socket.io] Restricting access to origin: ${origins}`);
|
2017-02-23 11:54:46 -05:00
|
|
|
}
|
|
|
|
|
|
2020-12-06 13:03:33 -05:00
|
|
|
io.listen(server, opts);
|
2017-02-03 19:02:38 +03:00
|
|
|
Sockets.server = io;
|
|
|
|
|
};
|
2014-11-28 19:33:07 -05:00
|
|
|
|
2017-02-03 19:02:38 +03:00
|
|
|
function onConnection(socket) {
|
2018-06-08 13:53:55 -04:00
|
|
|
socket.ip = (socket.request.headers['x-forwarded-for'] || socket.request.connection.remoteAddress || '').split(',')[0];
|
2020-10-16 21:05:00 -04:00
|
|
|
socket.request.ip = socket.ip;
|
2017-02-03 19:02:38 +03:00
|
|
|
logger.io_one(socket, socket.uid);
|
2014-11-28 19:33:07 -05:00
|
|
|
|
2017-02-03 19:02:38 +03:00
|
|
|
onConnect(socket);
|
2020-12-06 13:03:33 -05:00
|
|
|
socket.onAny((event, ...args) => {
|
|
|
|
|
const payload = { data: [event].concat(args) };
|
2017-02-03 19:02:38 +03:00
|
|
|
onMessage(socket, payload);
|
|
|
|
|
});
|
2020-12-02 18:38:01 -05:00
|
|
|
|
2021-02-04 00:01:39 -07:00
|
|
|
socket.on('disconnect', () => {
|
2020-12-02 18:38:01 -05:00
|
|
|
onDisconnect(socket);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function onDisconnect(socket) {
|
|
|
|
|
require('./uploads').clear(socket.id);
|
2020-12-03 10:44:12 -05:00
|
|
|
plugins.hooks.fire('action:sockets.disconnect', { socket: socket });
|
2017-02-03 19:02:38 +03:00
|
|
|
}
|
2014-11-28 19:33:07 -05:00
|
|
|
|
2017-02-03 19:02:38 +03:00
|
|
|
function onConnect(socket) {
|
2017-08-23 21:38:58 -04:00
|
|
|
if (socket.uid) {
|
2021-02-03 23:59:08 -07:00
|
|
|
socket.join(`uid_${socket.uid}`);
|
2017-08-23 21:38:58 -04:00
|
|
|
socket.join('online_users');
|
|
|
|
|
} else {
|
|
|
|
|
socket.join('online_guests');
|
|
|
|
|
}
|
2014-11-20 19:02:29 -05:00
|
|
|
|
2021-02-03 23:59:08 -07:00
|
|
|
socket.join(`sess_${socket.request.signedCookies[nconf.get('sessionKey')]}`);
|
2020-12-06 13:03:33 -05:00
|
|
|
socket.emit('checkSession', socket.uid);
|
|
|
|
|
socket.emit('setHostname', os.hostname());
|
2020-12-03 10:44:12 -05:00
|
|
|
plugins.hooks.fire('action:sockets.connect', { socket: socket });
|
2017-02-03 19:02:38 +03:00
|
|
|
}
|
2014-10-27 20:23:16 -04:00
|
|
|
|
2019-10-02 22:51:02 -04:00
|
|
|
async function onMessage(socket, payload) {
|
2017-02-03 19:02:38 +03:00
|
|
|
if (!payload.data.length) {
|
|
|
|
|
return winston.warn('[socket.io] Empty payload');
|
|
|
|
|
}
|
2015-01-20 17:04:05 -05:00
|
|
|
|
2019-10-02 22:51:02 -04:00
|
|
|
const eventName = payload.data[0];
|
|
|
|
|
const params = typeof payload.data[1] === 'function' ? {} : payload.data[1];
|
|
|
|
|
const callback = typeof payload.data[payload.data.length - 1] === 'function' ? payload.data[payload.data.length - 1] : function () {};
|
2016-04-15 16:47:55 -04:00
|
|
|
|
2017-02-03 19:02:38 +03:00
|
|
|
if (!eventName) {
|
|
|
|
|
return winston.warn('[socket.io] Empty method name');
|
|
|
|
|
}
|
2016-04-15 16:47:55 -04:00
|
|
|
|
2019-10-02 22:51:02 -04:00
|
|
|
const parts = eventName.toString().split('.');
|
|
|
|
|
const namespace = parts[0];
|
2021-02-04 00:01:39 -07:00
|
|
|
const methodToCall = parts.reduce((prev, cur) => {
|
2017-02-03 19:02:38 +03:00
|
|
|
if (prev !== null && prev[cur]) {
|
|
|
|
|
return prev[cur];
|
2016-02-24 12:07:02 +02:00
|
|
|
}
|
2017-02-18 14:27:26 -07:00
|
|
|
return null;
|
2017-02-03 19:02:38 +03:00
|
|
|
}, Namespaces);
|
2015-03-05 17:32:40 -05:00
|
|
|
|
2019-08-07 17:38:23 -04:00
|
|
|
if (!methodToCall || typeof methodToCall !== 'function') {
|
2017-02-03 19:02:38 +03:00
|
|
|
if (process.env.NODE_ENV === 'development') {
|
2021-02-03 23:59:08 -07:00
|
|
|
winston.warn(`[socket.io] Unrecognized message: ${eventName}`);
|
2016-04-15 16:47:55 -04:00
|
|
|
}
|
2017-02-18 12:30:49 -07:00
|
|
|
return callback({ message: '[[error:invalid-event]]' });
|
2016-04-15 16:47:55 -04:00
|
|
|
}
|
|
|
|
|
|
2017-02-03 19:02:38 +03:00
|
|
|
socket.previousEvents = socket.previousEvents || [];
|
|
|
|
|
socket.previousEvents.push(eventName);
|
|
|
|
|
if (socket.previousEvents.length > 20) {
|
|
|
|
|
socket.previousEvents.shift();
|
|
|
|
|
}
|
2014-01-09 20:13:17 -05:00
|
|
|
|
2017-02-03 19:02:38 +03:00
|
|
|
if (!eventName.startsWith('admin.') && ratelimit.isFlooding(socket)) {
|
2021-02-03 23:59:08 -07:00
|
|
|
winston.warn(`[socket.io] Too many emits! Disconnecting uid : ${socket.uid}. Events : ${socket.previousEvents}`);
|
2017-02-03 19:02:38 +03:00
|
|
|
return socket.disconnect();
|
2015-11-04 17:43:43 -05:00
|
|
|
}
|
2016-01-13 16:15:49 +02:00
|
|
|
|
2019-10-02 22:51:02 -04:00
|
|
|
try {
|
|
|
|
|
await checkMaintenance(socket);
|
|
|
|
|
await validateSession(socket);
|
|
|
|
|
|
|
|
|
|
if (Namespaces[namespace].before) {
|
|
|
|
|
await Namespaces[namespace].before(socket, eventName, params);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (methodToCall.constructor && methodToCall.constructor.name === 'AsyncFunction') {
|
|
|
|
|
const result = await methodToCall(socket, params);
|
|
|
|
|
callback(null, result);
|
|
|
|
|
} else {
|
2021-02-04 00:01:39 -07:00
|
|
|
methodToCall(socket, params, (err, result) => {
|
2019-10-02 22:51:02 -04:00
|
|
|
callback(err ? { message: err.message } : null, result);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
} catch (err) {
|
2021-02-03 23:59:08 -07:00
|
|
|
winston.error(`${eventName}\n${err.stack ? err.stack : err.message}`);
|
2019-10-02 22:51:02 -04:00
|
|
|
callback({ message: err.message });
|
|
|
|
|
}
|
2017-02-03 19:02:38 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function requireModules() {
|
2021-02-04 00:06:15 -07:00
|
|
|
const modules = ['admin', 'categories', 'groups', 'meta', 'modules',
|
2020-12-02 18:38:01 -05:00
|
|
|
'notifications', 'plugins', 'posts', 'topics', 'user', 'blacklist',
|
|
|
|
|
'flags', 'uploads',
|
2017-02-03 19:02:38 +03:00
|
|
|
];
|
|
|
|
|
|
2021-02-04 00:01:39 -07:00
|
|
|
modules.forEach((module) => {
|
2021-02-03 23:59:08 -07:00
|
|
|
Namespaces[module] = require(`./${module}`);
|
2017-02-03 19:02:38 +03:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-02 22:51:02 -04:00
|
|
|
async function checkMaintenance(socket) {
|
|
|
|
|
const meta = require('../meta');
|
2018-10-21 16:47:51 -04:00
|
|
|
if (!meta.config.maintenanceMode) {
|
2019-10-02 22:51:02 -04:00
|
|
|
return;
|
2017-02-03 19:02:38 +03:00
|
|
|
}
|
2019-10-02 22:51:02 -04:00
|
|
|
const isAdmin = await user.isAdministrator(socket.uid);
|
|
|
|
|
if (isAdmin) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2020-11-27 12:38:43 -05:00
|
|
|
const validator = require('validator');
|
2021-02-03 23:59:08 -07:00
|
|
|
throw new Error(`[[pages:maintenance.text, ${validator.escape(String(meta.config.title || 'NodeBB'))}]]`);
|
2017-02-03 19:02:38 +03:00
|
|
|
}
|
2016-04-15 16:47:55 -04:00
|
|
|
|
2019-10-02 22:51:02 -04:00
|
|
|
const getSessionAsync = util.promisify((sid, callback) => db.sessionStore.get(sid, (err, sessionObj) => callback(err, sessionObj || null)));
|
|
|
|
|
|
|
|
|
|
async function validateSession(socket) {
|
2021-02-04 00:06:15 -07:00
|
|
|
const req = socket.request;
|
2017-02-03 19:02:38 +03:00
|
|
|
if (!req.signedCookies || !req.signedCookies[nconf.get('sessionKey')]) {
|
2019-10-02 22:51:02 -04:00
|
|
|
return;
|
2015-11-04 17:43:43 -05:00
|
|
|
}
|
2019-10-02 22:51:02 -04:00
|
|
|
const sessionData = await getSessionAsync(req.signedCookies[nconf.get('sessionKey')]);
|
|
|
|
|
if (!sessionData) {
|
|
|
|
|
throw new Error('[[error:invalid-session]]');
|
|
|
|
|
}
|
2020-11-20 16:06:26 -05:00
|
|
|
const result = await plugins.hooks.fire('static:sockets.validateSession', {
|
2019-10-02 22:51:02 -04:00
|
|
|
req: req,
|
|
|
|
|
socket: socket,
|
|
|
|
|
session: sessionData,
|
2017-02-03 19:02:38 +03:00
|
|
|
});
|
2019-10-02 22:51:02 -04:00
|
|
|
return result;
|
2017-02-03 19:02:38 +03:00
|
|
|
}
|
2016-04-15 16:47:55 -04:00
|
|
|
|
2019-10-02 22:51:02 -04:00
|
|
|
const cookieParserAsync = util.promisify((req, callback) => cookieParser(req, {}, err => callback(err)));
|
|
|
|
|
|
|
|
|
|
async function authorize(socket, callback) {
|
2021-02-06 14:10:15 -07:00
|
|
|
const { request } = socket;
|
2014-01-09 20:13:17 -05:00
|
|
|
|
2017-02-03 19:02:38 +03:00
|
|
|
if (!request) {
|
|
|
|
|
return callback(new Error('[[error:not-authorized]]'));
|
2015-11-04 17:43:43 -05:00
|
|
|
}
|
2014-09-09 18:05:21 -04:00
|
|
|
|
2019-10-02 22:51:02 -04:00
|
|
|
await cookieParserAsync(request);
|
2020-11-30 11:51:52 -05:00
|
|
|
const sessionData = await getSessionAsync(request.signedCookies[nconf.get('sessionKey')]);
|
2019-10-02 22:51:02 -04:00
|
|
|
if (sessionData && sessionData.passport && sessionData.passport.user) {
|
|
|
|
|
request.session = sessionData;
|
|
|
|
|
socket.uid = parseInt(sessionData.passport.user, 10);
|
|
|
|
|
} else {
|
|
|
|
|
socket.uid = 0;
|
|
|
|
|
}
|
2020-10-16 21:05:00 -04:00
|
|
|
request.uid = socket.uid;
|
2019-10-02 22:51:02 -04:00
|
|
|
callback();
|
2017-02-03 19:02:38 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Sockets.in = function (room) {
|
2019-10-02 22:51:02 -04:00
|
|
|
return Sockets.server && Sockets.server.in(room);
|
2017-02-03 19:02:38 +03:00
|
|
|
};
|
2016-04-15 16:47:55 -04:00
|
|
|
|
2017-02-03 19:02:38 +03:00
|
|
|
Sockets.getUserSocketCount = function (uid) {
|
2021-02-03 23:59:08 -07:00
|
|
|
return Sockets.getCountInRoom(`uid_${uid}`);
|
2020-12-06 13:03:33 -05:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Sockets.getCountInRoom = function (room) {
|
2019-10-02 22:51:02 -04:00
|
|
|
if (!Sockets.server) {
|
2017-02-03 19:02:38 +03:00
|
|
|
return 0;
|
|
|
|
|
}
|
2020-12-06 13:03:33 -05:00
|
|
|
const roomMap = Sockets.server.sockets.adapter.rooms.get(room);
|
|
|
|
|
return roomMap ? roomMap.size : 0;
|
2017-02-03 19:02:38 +03:00
|
|
|
};
|
2014-04-27 00:47:08 -04:00
|
|
|
|
2020-03-27 22:52:46 -04:00
|
|
|
Sockets.warnDeprecated = (socket, replacement) => {
|
2020-10-08 14:16:53 -04:00
|
|
|
if (socket.previousEvents) {
|
|
|
|
|
socket.emit('event:deprecated_call', {
|
|
|
|
|
eventName: socket.previousEvents[socket.previousEvents.length - 1],
|
|
|
|
|
replacement: replacement,
|
|
|
|
|
});
|
|
|
|
|
}
|
2021-02-03 23:59:08 -07:00
|
|
|
winston.warn(`[deprecated]\n ${new Error('-').stack.split('\n').slice(2, 5).join('\n')}\n use ${replacement}`);
|
2020-03-27 22:52:46 -04:00
|
|
|
};
|
