closes #5394

dont allow socket.emits during maintenance mode

src/middleware/maintenance.js

@@ -12,33 +12,7 @@ module.exports = function (middleware) {
 		}
 		var url = req.url.replace(nconf.get('relative_path'), '');
 
-		var allowedRoutes = [
-			'^/ping',
-			'^/sping',
-			'^/login',
-			'^/stylesheet.css',
-			'^/favicon',
-			'^/nodebb.min.js',
-			'^/vendor/fontawesome/fonts/fontawesome-webfont.woff',
-			'^/src/(modules|client)/[\\w/]+.js',
-			'^/templates/[\\w/]+.tpl',
-			'^/api/login',
-			'^/api/widgets/render',
-			'^/public/language',
-			'^/uploads/system/site-logo.png'
-		];
-
-		var isAllowed = function (url) {
-			for(var x = 0,numAllowed = allowedRoutes.length,route; x < numAllowed; x++) {
-				route = new RegExp(allowedRoutes[x]);
-				if (route.test(url)) {
-					return true;
-				}
-			}
-			return false;
-		};
-
-		if (isAllowed(url)) {
+		if (url.startsWith('/login') || url.startsWith('/api/login')) {
 			return next();
 		}
 

src/middleware/ratelimit.js

@@ -3,7 +3,7 @@
 'use strict';
 var winston = require('winston');
 
-var ratelimit = {};
+var ratelimit = module.exports;
 
 var allowedCalls = 100;
 var timeframe = 10000;
@@ -31,5 +31,3 @@ ratelimit.isFlooding = function (socket) {
 	socket.lastCallTime = now;
 	return false;
 };
-
-module.exports = ratelimit;

src/routes/api.js

@@ -29,12 +29,13 @@ module.exports =  function (app, middleware, controllers) {
 
 	var multipart = require('connect-multiparty');
 	var multipartMiddleware = multipart();
-	var middlewares = [multipartMiddleware, middleware.validateFiles, middleware.applyCSRF];
+	var middlewares = [middleware.maintenanceMode, multipartMiddleware, middleware.validateFiles, middleware.applyCSRF];
 	router.post('/post/upload', middlewares, uploadsController.uploadPost);
 	router.post('/topic/thumb/upload', middlewares, uploadsController.uploadThumb);
 	router.post('/user/:userslug/uploadpicture', middlewares.concat([middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions]), controllers.accounts.edit.uploadPicture);
 
 	router.post('/user/:userslug/uploadcover', middlewares.concat([middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions]), controllers.accounts.edit.uploadCoverPicture);
 	router.post('/groups/uploadpicture', middlewares.concat([middleware.authenticate]), controllers.groups.uploadCover);
+
 };
 

src/routes/feeds.js

@@ -365,12 +365,12 @@ function sendFeed(feed, res) {
 }
 
 module.exports = function (app, middleware, controllers) {
-	app.get('/topic/:topic_id.rss', generateForTopic);
-	app.get('/category/:category_id.rss', generateForCategory);
-	app.get('/recent.rss', generateForRecent);
-	app.get('/popular.rss', generateForPopular);
-	app.get('/popular/:term.rss', generateForPopular);
-	app.get('/recentposts.rss', generateForRecentPosts);
-	app.get('/category/:category_id/recentposts.rss', generateForCategoryRecentPosts);
-	app.get('/user/:userslug/topics.rss', generateForUserTopics);
+	app.get('/topic/:topic_id.rss', middleware.maintenanceMode, generateForTopic);
+	app.get('/category/:category_id.rss', middleware.maintenanceMode, generateForCategory);
+	app.get('/recent.rss', middleware.maintenanceMode, generateForRecent);
+	app.get('/popular.rss', middleware.maintenanceMode, generateForPopular);
+	app.get('/popular/:term.rss', middleware.maintenanceMode, generateForPopular);
+	app.get('/recentposts.rss', middleware.maintenanceMode, generateForRecentPosts);
+	app.get('/category/:category_id/recentposts.rss', middleware.maintenanceMode, generateForCategoryRecentPosts);
+	app.get('/user/:userslug/topics.rss', middleware.maintenanceMode, generateForUserTopics);
 };

src/routes/helpers.js

@@ -3,7 +3,7 @@
 var helpers = {};
 
 helpers.setupPageRoute = function (router, name, middleware, middlewares, controller) {
-	middlewares = middlewares.concat([middleware.registrationComplete, middleware.pageView, middleware.pluginHooks]);
+	middlewares = middlewares.concat([middleware.maintenanceMode, middleware.registrationComplete, middleware.pageView, middleware.pluginHooks]);
 
 	router.get(name, middleware.busyCheck, middleware.buildHeader, middlewares, controller);
 	router.get('/api' + name, middlewares, controller);

src/routes/index.js

@@ -117,8 +117,6 @@ module.exports = function (app, middleware, hotswapIds) {
 	app.all(relativePath + '(/api/admin|/api/admin/*?)', middleware.isAdmin);
 	app.all(relativePath + '(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin);
 
-	app.use(middleware.maintenanceMode);
-
 	adminRoutes(router, middleware, controllers);
 	metaRoutes(router, middleware, controllers);
 	apiRoutes(router, middleware, controllers);

src/socket.io/index.js

@@ -7,14 +7,17 @@ var url = require('url');
 var cookieParser = require('cookie-parser')(nconf.get('secret'));
 
 var db = require('../database');
+var user = require('../user');
 var logger = require('../logger');
 var ratelimit = require('../middleware/ratelimit');
 
-(function (Sockets) {
-	var Namespaces = {};
-	var io;
 
-	Sockets.init = function (server) {
+var Namespaces = {};
+var io;
+
+var Sockets = module.exports;
+
+Sockets.init = function (server) {
 	requireModules();
 
 	var SocketIO = require('socket.io');
@@ -35,9 +38,9 @@ var ratelimit = require('../middleware/ratelimit');
 	});
 
 	Sockets.server = io;
-	};
+};
 
-	function onConnection(socket) {
+function onConnection(socket) {
 	socket.ip = socket.request.headers['x-forwarded-for'] || socket.request.connection.remoteAddress;
 
 	logger.io_one(socket, socket.uid);
@@ -47,9 +50,9 @@ var ratelimit = require('../middleware/ratelimit');
 	socket.on('*', function (payload) {
 		onMessage(socket, payload);
 	});
-	}
+}
 
-	function onConnect(socket) {
+function onConnect(socket) {
 	if (socket.uid) {
 		socket.join('uid_' + socket.uid);
 		socket.join('online_users');
@@ -59,9 +62,9 @@ var ratelimit = require('../middleware/ratelimit');
 
 	socket.join('sess_' + socket.request.signedCookies[nconf.get('sessionKey')]);
 	io.sockets.sockets[socket.id].emit('checkSession', socket.uid);
-	}
+}
 
-	function onMessage(socket, payload) {
+function onMessage(socket, payload) {
 	if (!payload.data.length) {
 		return winston.warn('[socket.io] Empty payload');
 	}
@@ -104,6 +107,9 @@ var ratelimit = require('../middleware/ratelimit');
 	}
 
 	async.waterfall([
+		function (next) {
+			checkMaintenance(socket, next);
+		},
 		function (next) {
 			validateSession(socket, next);
 		},
@@ -120,9 +126,9 @@ var ratelimit = require('../middleware/ratelimit');
 	], function (err, result) {
 		callback(err ? {message: err.message} : null, result);
 	});
-	}
+}
 
-	function requireModules() {
+function requireModules() {
 	var modules = ['admin', 'categories', 'groups', 'meta', 'modules',
 		'notifications', 'plugins', 'posts', 'topics', 'user', 'blacklist'
 	];
@@ -130,9 +136,21 @@ var ratelimit = require('../middleware/ratelimit');
 	modules.forEach(function (module) {
 		Namespaces[module] = require('./' + module);
 	});
-	}
+}
 
-	function validateSession(socket, callback) {
+function checkMaintenance(socket, callback) {
+	var meta = require('../meta');
+	if (parseInt(meta.config.maintenanceMode, 10) !== 1) {
+		return setImmediate(callback);
+	}
+	user.isAdministrator(socket.uid, function (err, isAdmin) {
+		if (err || isAdmin) {
+			return callback(err);
+		}
+	});
+}
+
+function validateSession(socket, callback) {
 	var req = socket.request;
 	if (!req.signedCookies || !req.signedCookies[nconf.get('sessionKey')]) {
 		return callback(new Error('[[error:invalid-session]]'));
@@ -144,9 +162,9 @@ var ratelimit = require('../middleware/ratelimit');
 
 		callback();
 	});
-	}
+}
 
-	function authorize(socket, callback) {
+function authorize(socket, callback) {
 	var request = socket.request;
 
 	if (!request) {
@@ -172,9 +190,9 @@ var ratelimit = require('../middleware/ratelimit');
 			});
 		}
 	], callback);
-	}
+}
 
-	function addRedisAdapter(io) {
+function addRedisAdapter(io) {
 	if (nconf.get('redis')) {
 		var redisAdapter = require('socket.io-redis');
 		var redis = require('../database/redis');
@@ -184,23 +202,23 @@ var ratelimit = require('../middleware/ratelimit');
 	} else if (nconf.get('isCluster') === 'true') {
 		winston.warn('[socket.io] Clustering detected, you are advised to configure Redis as a websocket store.');
 	}
-	}
+}
 
-	Sockets.in = function (room) {
+Sockets.in = function (room) {
 	return io.in(room);
-	};
+};
 
-	Sockets.getUserSocketCount = function (uid) {
+Sockets.getUserSocketCount = function (uid) {
 	if (!io) {
 		return 0;
 	}
 
 	var room = io.sockets.adapter.rooms['uid_' + uid];
 	return room ? room.length : 0;
-	};
+};
 
 
-	Sockets.reqFromSocket = function (socket, payload, event) {
+Sockets.reqFromSocket = function (socket, payload, event) {
 	var headers = socket.request ? socket.request.headers : {};
 	var encrypted = socket.request ? !!socket.request.connection.encrypted : false;
 	var host = headers.host;
@@ -224,6 +242,6 @@ var ratelimit = require('../middleware/ratelimit');
 		path: referer.substr(referer.indexOf(host) + host.length),
 		headers: headers
 	};
-	};
+};
+
 
-}(exports));