Fix socket.io auth: Use connect to parse signed cookies (migrate to express v3)
parent
0f436d5916
commit
0c9c1f514f
|
@ -3,6 +3,7 @@ var socketio = require('socket.io');
|
||||||
var settings = require('../../utils/Settings');
|
var settings = require('../../utils/Settings');
|
||||||
var socketIORouter = require("../../handler/SocketIORouter");
|
var socketIORouter = require("../../handler/SocketIORouter");
|
||||||
var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks");
|
var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks");
|
||||||
|
var webaccess = require("ep_etherpad-lite/node/hooks/express/webaccess");
|
||||||
|
|
||||||
var padMessageHandler = require("../../handler/PadMessageHandler");
|
var padMessageHandler = require("../../handler/PadMessageHandler");
|
||||||
|
|
||||||
|
@ -17,14 +18,23 @@ exports.expressCreateServer = function (hook_name, args, cb) {
|
||||||
* info */
|
* info */
|
||||||
io.set('authorization', function (data, accept) {
|
io.set('authorization', function (data, accept) {
|
||||||
if (!data.headers.cookie) return accept('No session cookie transmitted.', false);
|
if (!data.headers.cookie) return accept('No session cookie transmitted.', false);
|
||||||
data.cookie = connect.utils.parseCookie(data.headers.cookie);
|
|
||||||
data.sessionID = data.cookie.express_sid;
|
// Use connect's cookie parser, because it knows how to parse signed cookies
|
||||||
|
connect.cookieParser(webaccess.secret)(data, {}, function(err){
|
||||||
|
if(err) {
|
||||||
|
console.error(err);
|
||||||
|
accept("Couldn't parse request cookies. ", false);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
data.sessionID = data.signedCookies.express_sid;
|
||||||
args.app.sessionStore.get(data.sessionID, function (err, session) {
|
args.app.sessionStore.get(data.sessionID, function (err, session) {
|
||||||
if (err || !session) return accept('Bad session / session has expired', false);
|
if (err || !session) return accept('Bad session / session has expired', false);
|
||||||
data.session = new connect.middleware.session.Session(data, session);
|
data.session = new connect.middleware.session.Session(data, session);
|
||||||
accept(null, true);
|
accept(null, true);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
});
|
||||||
|
|
||||||
// the following has been successfully tested with the following browsers
|
// the following has been successfully tested with the following browsers
|
||||||
// works also behind reverse proxy
|
// works also behind reverse proxy
|
||||||
|
|
|
@ -88,7 +88,7 @@ exports.basicAuth = function (req, res, next) {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
var secret = null;
|
exports.secret = null;
|
||||||
|
|
||||||
exports.expressConfigure = function (hook_name, args, cb) {
|
exports.expressConfigure = function (hook_name, args, cb) {
|
||||||
// If the log level specified in the config file is WARN or ERROR the application server never starts listening to requests as reported in issue #158.
|
// If the log level specified in the config file is WARN or ERROR the application server never starts listening to requests as reported in issue #158.
|
||||||
|
@ -103,10 +103,10 @@ exports.expressConfigure = function (hook_name, args, cb) {
|
||||||
|
|
||||||
if (!exports.sessionStore) {
|
if (!exports.sessionStore) {
|
||||||
exports.sessionStore = new express.session.MemoryStore();
|
exports.sessionStore = new express.session.MemoryStore();
|
||||||
secret = randomString(32);
|
exports.secret = randomString(32);
|
||||||
}
|
}
|
||||||
|
|
||||||
args.app.use(express.cookieParser(secret));
|
args.app.use(express.cookieParser(exports.secret));
|
||||||
|
|
||||||
args.app.sessionStore = exports.sessionStore;
|
args.app.sessionStore = exports.sessionStore;
|
||||||
args.app.use(express.session({store: args.app.sessionStore,
|
args.app.use(express.session({store: args.app.sessionStore,
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
"ueberDB" : "0.1.7",
|
"ueberDB" : "0.1.7",
|
||||||
"async" : "0.1.x",
|
"async" : "0.1.x",
|
||||||
"express" : "3.x",
|
"express" : "3.x",
|
||||||
"connect" : "1.x",
|
"connect" : "2.4.x",
|
||||||
"clean-css" : "0.3.2",
|
"clean-css" : "0.3.2",
|
||||||
"uglify-js" : "1.2.5",
|
"uglify-js" : "1.2.5",
|
||||||
"formidable" : "1.0.9",
|
"formidable" : "1.0.9",
|
||||||
|
|
Loading…
Reference in New Issue