Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-06 22:15:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes #4248

Browse Source
This commit is contained in:
barisusakli
2016-02-24 12:07:02 +02:00
parent f512cb543f
commit 92fba4f396
2 changed files with 60 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
src/socket.io/index.js
View File

@@ -1,19 +1,19 @@
"use strict"; "use strict";
var SocketIO = require('socket.io'), var SocketIO = require('socket.io');
socketioWildcard = require('socketio-wildcard')(), var socketioWildcard = require('socketio-wildcard')();
async = require('async'), var async = require('async');
nconf = require('nconf'), var nconf = require('nconf');
cookieParser = require('cookie-parser')(nconf.get('secret')), var cookieParser = require('cookie-parser')(nconf.get('secret'));
winston = require('winston'), var winston = require('winston');
db = require('../database'), var db = require('../database');
user = require('../user'), var user = require('../user');
logger = require('../logger'), var logger = require('../logger');
ratelimit = require('../middleware/ratelimit'), var ratelimit = require('../middleware/ratelimit');
Sockets = {}, var Sockets = {};
Namespaces = {}; var Namespaces = {};
var io; var io;
@@ -95,9 +95,9 @@ function onMessage(socket, payload) {
return winston.warn('[socket.io] Empty method name'); return winston.warn('[socket.io] Empty method name');
} }
var parts = eventName.toString().split('.'), var parts = eventName.toString().split('.');
namespace = parts[0], var namespace = parts[0];
methodToCall = parts.reduce(function(prev, cur) { var methodToCall = parts.reduce(function(prev, cur) {
if (prev !== null && prev[cur]) { if (prev !== null && prev[cur]) {
return prev[cur]; return prev[cur];
} else { } else {
@@ -123,16 +123,23 @@ function onMessage(socket, payload) {
return socket.disconnect(); return socket.disconnect();
} }
async.waterfall([
function (next) {
validateSession(socket, next);
},
function (next) {
if (Namespaces[namespace].before) { if (Namespaces[namespace].before) {
Namespaces[namespace].before(socket, eventName, params, function(err) { Namespaces[namespace].before(socket, eventName, params, next);
if (err) {
return callback({message: err.message});
}
callMethod(methodToCall, socket, params, callback);
});
} else { } else {
callMethod(methodToCall, socket, params, callback); next();
} }
},
function (next) {
methodToCall(socket, params, next);
}
], function(err, result) {
callback(err ? {message: err.message} : null, result);
});
} }
function requireModules() { function requireModules() {
@@ -145,19 +152,33 @@ function requireModules() {
}); });
} }
function authorize(socket, callback) { function validateSession(socket, callback) {
var handshake = socket.request; var req = socket.request;
if (!req.signedCookies || !req.signedCookies['express.sid']) {
return callback(new Error('[[error:invalid-session]]'));
}
db.sessionStore.get(req.signedCookies['express.sid'], function(err, sessionData) {
if (err || !sessionData) {
return callback(err || new Error('[[error:invalid-session]]'));
}
if (!handshake) { callback();
});
}
function authorize(socket, callback) {
var request = socket.request;
if (!request) {
return callback(new Error('[[error:not-authorized]]')); return callback(new Error('[[error:not-authorized]]'));
} }
async.waterfall([ async.waterfall([
function(next) { function(next) {
cookieParser(handshake, {}, next); cookieParser(request, {}, next);
}, },
function(next) { function(next) {
db.sessionStore.get(handshake.signedCookies['express.sid'], function(err, sessionData) { db.sessionStore.get(request.signedCookies['express.sid'], function(err, sessionData) {
if (err) { if (err) {
return next(err); return next(err);
} }
@@ -185,12 +206,6 @@ function addRedisAdapter(io) {
} }
} }
function callMethod(method, socket, params, callback) {
method(socket, params, function(err, result) {
callback(err ? {message: err.message} : null, result);
});
}
Sockets.in = function(room) { Sockets.in = function(room) {
return io.in(room); return io.in(room);
}; };
@@ -228,9 +243,9 @@ Sockets.getOnlineAnonCount = function () {
}; };
Sockets.reqFromSocket = function(socket) { Sockets.reqFromSocket = function(socket) {
var headers = socket.request.headers, var headers = socket.request.headers;
host = headers.host, var host = headers.host;
referer = headers.referer || ''; var referer = headers.referer || '';
return { return {
ip: headers['x-forwarded-for'] || socket.ip, ip: headers['x-forwarded-for'] || socket.ip,

2
src/user/auth.js
View File

@@ -70,7 +70,7 @@ module.exports = function(User) {
} }
async.waterfall([ async.waterfall([
async.apply(db.getSortedSetRange, 'uid:' + uid + ':sessions', 0, -1), async.apply(db.getSortedSetRevRange, 'uid:' + uid + ':sessions', 0, -1),
function (sids, next) { function (sids, next) {
_sids = sids; _sids = sids;
async.map(sids, db.sessionStore.get.bind(db.sessionStore), next); async.map(sids, db.sessionStore.get.bind(db.sessionStore), next);