pad.pub0.org/node/handler/SocketIORouter.js

/**
 * This is the Socket.IO Router. It routes the Messages between the 
 * components of the Server. The components are at the moment: pad and timeslider
 */

/*
 * 2011 Peter 'Pita' Martischka (Primary Technology Ltd)
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS-IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

var log4js = require('log4js');
var messageLogger = log4js.getLogger("message");
var securityManager = require("../db/SecurityManager");

/**
 * Saves all components
 * key is the component name
 * value is the component module
 */ 
var components = {};

var socket;
 
/**
 * adds a component
 */
exports.addComponent = function(moduleName, module)
{
  //save the component
  components[moduleName] = module;
  
  //give the module the socket
  module.setSocketIO(socket);
}

/**
 * sets the socket.io and adds event functions for routing
 */
exports.setSocketIO = function(_socket)
{
  //save this socket internaly
  socket = _socket;
  
  socket.sockets.on('connection', function(client)
  {
    var clientAuthorized = false;
    
    //wrap the original send function to log the messages
    client._send = client.send;
    client.send = function(message)
    {
      messageLogger.info("to " + client.id + ": " + stringifyWithoutPassword(message));
      client._send(message);
    }
  
    //tell all components about this connect
    for(var i in components)
    {
      components[i].handleConnect(client);
    }
      
    //try to handle the message of this client
    function handleMessage(message)
    {
      if(message.component && components[message.component])
      {
        //check if component is registered in the components array        
        if(components[message.component])
        {
          messageLogger.info("from " + client.id + ": " + stringifyWithoutPassword(message));
          components[message.component].handleMessage(client, message);
        }
      }
      else
      {
        messageLogger.error("Can't route the message:" + stringifyWithoutPassword(message));
      }
    }  
      
    client.on('message', function(message)
    {
      if(message.protocolVersion && message.protocolVersion != 2)
      {
        messageLogger.warn("Protocolversion header is not correct:" + stringifyWithoutPassword(message));
        return;
      }

      //client is authorized, everything ok
      if(clientAuthorized)
      {
        handleMessage(message);
      }
      //try to authorize the client
      else
      {
        //this message has everything to try an authorization
        if(message.padId !== undefined && message.sessionID !== undefined && message.token !== undefined && message.password !== undefined)
        {
          securityManager.checkAccess (message.padId, message.sessionID, message.token, message.password, function(err, statusObject)
          {
            if(err) throw err;
            
            //access was granted, mark the client as authorized and handle the message
            if(statusObject.accessStatus == "grant")
            {
              clientAuthorized = true;
              handleMessage(message);
            }
            //no access, send the client a message that tell him why
            else
            {
              messageLogger.warn("Authentication try failed:" + stringifyWithoutPassword(message));
              client.json.send({accessStatus: statusObject.accessStatus});
            }
          });
        }
        //drop message
        else
        {
          messageLogger.warn("Dropped message cause of bad permissions:" + stringifyWithoutPassword(message));
        }
      }
    });

    client.on('disconnect', function()
    {
      //tell all components about this disconnect
      for(var i in components)
      {
        components[i].handleDisconnect(client);
      }
    });
  });
}

//returns a stringified representation of a message, removes the password
//this ensures there are no passwords in the log
function stringifyWithoutPassword(message)
{
  var newMessage = {};
  
  for(var i in message)
  {
    if(i == "password" && message[i] != null)
      newMessage["password"] = "xxx";
    else
      newMessage[i]=message[i];
  }
  
  return JSON.stringify(newMessage);
}
A lot small changes that results in a timeslider that shows the latest text 2011-06-20 10:44:04 +00:00			`/**`
			`* This is the Socket.IO Router. It routes the Messages between the`
			`* components of the Server. The components are at the moment: pad and timeslider`
			`*/`

			`/*`
changed copyright from Peter 'Pita' Martischka to Peter 'Pita' Martischka (Primary Technology Ltd) 2011-08-11 14:26:41 +00:00			`* 2011 Peter 'Pita' Martischka (Primary Technology Ltd)`
A lot small changes that results in a timeslider that shows the latest text 2011-06-20 10:44:04 +00:00			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS-IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

Installed log4js as logging framework 2011-07-31 17:25:51 +00:00			`var log4js = require('log4js');`
			`var messageLogger = log4js.getLogger("message");`
added a security control at socketiorouter, pad security is now fully enforced 2011-08-16 14:53:09 +00:00			`var securityManager = require("../db/SecurityManager");`
Installed log4js as logging framework 2011-07-31 17:25:51 +00:00
A lot small changes that results in a timeslider that shows the latest text 2011-06-20 10:44:04 +00:00			`/**`
			`* Saves all components`
			`* key is the component name`
			`* value is the component module`
			`*/`
			`var components = {};`

			`var socket;`

			`/**`
			`* adds a component`
			`*/`
			`exports.addComponent = function(moduleName, module)`
			`{`
			`//save the component`
			`components[moduleName] = module;`

			`//give the module the socket`
			`module.setSocketIO(socket);`
			`}`

			`/**`
			`* sets the socket.io and adds event functions for routing`
			`*/`
			`exports.setSocketIO = function(_socket)`
			`{`
			`//save this socket internaly`
			`socket = _socket;`

Change everything to the new Socket.IO API 2011-06-23 13:08:18 +00:00			`socket.sockets.on('connection', function(client)`
A lot small changes that results in a timeslider that shows the latest text 2011-06-20 10:44:04 +00:00			`{`
added a security control at socketiorouter, pad security is now fully enforced 2011-08-16 14:53:09 +00:00			`var clientAuthorized = false;`

Improve the logging of Socket.IO Messages 2011-07-11 13:56:45 +00:00			`//wrap the original send function to log the messages`
			`client._send = client.send;`
			`client.send = function(message)`
			`{`
added a security control at socketiorouter, pad security is now fully enforced 2011-08-16 14:53:09 +00:00			`messageLogger.info("to " + client.id + ": " + stringifyWithoutPassword(message));`
Improve the logging of Socket.IO Messages 2011-07-11 13:56:45 +00:00			`client._send(message);`
			`}`

A lot small changes that results in a timeslider that shows the latest text 2011-06-20 10:44:04 +00:00			`//tell all components about this connect`
			`for(var i in components)`
			`{`
			`components[i].handleConnect(client);`
			`}`

added a security control at socketiorouter, pad security is now fully enforced 2011-08-16 14:53:09 +00:00			`//try to handle the message of this client`
			`function handleMessage(message)`
A lot small changes that results in a timeslider that shows the latest text 2011-06-20 10:44:04 +00:00			`{`
			`if(message.component && components[message.component])`
			`{`
Fix indent 2011-06-23 10:17:28 +00:00			`//check if component is registered in the components array`
Made the router a little safer. 2011-06-21 19:19:48 +00:00			`if(components[message.component])`
			`{`
added a security control at socketiorouter, pad security is now fully enforced 2011-08-16 14:53:09 +00:00			`messageLogger.info("from " + client.id + ": " + stringifyWithoutPassword(message));`
Fix indent 2011-06-23 10:17:28 +00:00			`components[message.component].handleMessage(client, message);`
Made the router a little safer. 2011-06-21 19:19:48 +00:00			`}`
A lot small changes that results in a timeslider that shows the latest text 2011-06-20 10:44:04 +00:00			`}`
			`else`
			`{`
added a security control at socketiorouter, pad security is now fully enforced 2011-08-16 14:53:09 +00:00			`messageLogger.error("Can't route the message:" + stringifyWithoutPassword(message));`
			`}`
			`}`

			`client.on('message', function(message)`
			`{`
			`if(message.protocolVersion && message.protocolVersion != 2)`
			`{`
			`messageLogger.warn("Protocolversion header is not correct:" + stringifyWithoutPassword(message));`
			`return;`
			`}`

			`//client is authorized, everything ok`
			`if(clientAuthorized)`
			`{`
			`handleMessage(message);`
			`}`
			`//try to authorize the client`
			`else`
			`{`
			`//this message has everything to try an authorization`
			`if(message.padId !== undefined && message.sessionID !== undefined && message.token !== undefined && message.password !== undefined)`
			`{`
			`securityManager.checkAccess (message.padId, message.sessionID, message.token, message.password, function(err, statusObject)`
			`{`
			`if(err) throw err;`

			`//access was granted, mark the client as authorized and handle the message`
			`if(statusObject.accessStatus == "grant")`
			`{`
			`clientAuthorized = true;`
			`handleMessage(message);`
			`}`
			`//no access, send the client a message that tell him why`
			`else`
			`{`
			`messageLogger.warn("Authentication try failed:" + stringifyWithoutPassword(message));`
			`client.json.send({accessStatus: statusObject.accessStatus});`
			`}`
			`});`
			`}`
			`//drop message`
			`else`
			`{`
Fix message typos 2011-11-19 19:21:23 +00:00			`messageLogger.warn("Dropped message cause of bad permissions:" + stringifyWithoutPassword(message));`
added a security control at socketiorouter, pad security is now fully enforced 2011-08-16 14:53:09 +00:00			`}`
A lot small changes that results in a timeslider that shows the latest text 2011-06-20 10:44:04 +00:00			`}`
			`});`

			`client.on('disconnect', function()`
			`{`
added a security control at socketiorouter, pad security is now fully enforced 2011-08-16 14:53:09 +00:00			`//tell all components about this disconnect`
A lot small changes that results in a timeslider that shows the latest text 2011-06-20 10:44:04 +00:00			`for(var i in components)`
			`{`
			`components[i].handleDisconnect(client);`
			`}`
			`});`
			`});`
			`}`
added a security control at socketiorouter, pad security is now fully enforced 2011-08-16 14:53:09 +00:00
			`//returns a stringified representation of a message, removes the password`
			`//this ensures there are no passwords in the log`
			`function stringifyWithoutPassword(message)`
			`{`
			`var newMessage = {};`

			`for(var i in message)`
			`{`
			`if(i == "password" && message[i] != null)`
			`newMessage["password"] = "xxx";`
			`else`
			`newMessage[i]=message[i];`
			`}`

			`return JSON.stringify(newMessage);`
			`}`