public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix socket.io auth: Use connect to parse signed cookies (migrate to express v3)

pull/1020/head
Marcel Klehr 2012-09-22 16:03:40 +02:00
parent 0f436d5916
commit 0c9c1f514f
3 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/node/hooks/express/socketio.js
View File

@ -3,6 +3,7 @@ var socketio = require('socket.io');
var settings = require('../../utils/Settings'); var settings = require('../../utils/Settings');
var socketIORouter = require("../../handler/SocketIORouter"); var socketIORouter = require("../../handler/SocketIORouter");
var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks"); var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks");
var webaccess = require("ep_etherpad-lite/node/hooks/express/webaccess");
var padMessageHandler = require("../../handler/PadMessageHandler"); var padMessageHandler = require("../../handler/PadMessageHandler");
@ -17,12 +18,21 @@ exports.expressCreateServer = function (hook_name, args, cb) {
* info */ * info */
io.set('authorization', function (data, accept) { io.set('authorization', function (data, accept) {
if (!data.headers.cookie) return accept('No session cookie transmitted.', false); if (!data.headers.cookie) return accept('No session cookie transmitted.', false);
data.cookie = connect.utils.parseCookie(data.headers.cookie);
data.sessionID = data.cookie.express_sid; // Use connect's cookie parser, because it knows how to parse signed cookies
args.app.sessionStore.get(data.sessionID, function (err, session) { connect.cookieParser(webaccess.secret)(data, {}, function(err){
if (err || !session) return accept('Bad session / session has expired', false); if(err) {
data.session = new connect.middleware.session.Session(data, session); console.error(err);
accept(null, true); accept("Couldn't parse request cookies. ", false);
return;
}
data.sessionID = data.signedCookies.express_sid;
args.app.sessionStore.get(data.sessionID, function (err, session) {
if (err || !session) return accept('Bad session / session has expired', false);
data.session = new connect.middleware.session.Session(data, session);
accept(null, true);
});
}); });
}); });

6
src/node/hooks/express/webaccess.js
View File

@ -88,7 +88,7 @@ exports.basicAuth = function (req, res, next) {
}); });
} }
var secret = null; exports.secret = null;
exports.expressConfigure = function (hook_name, args, cb) { exports.expressConfigure = function (hook_name, args, cb) {
// If the log level specified in the config file is WARN or ERROR the application server never starts listening to requests as reported in issue #158. // If the log level specified in the config file is WARN or ERROR the application server never starts listening to requests as reported in issue #158.
@ -103,10 +103,10 @@ exports.expressConfigure = function (hook_name, args, cb) {
if (!exports.sessionStore) { if (!exports.sessionStore) {
exports.sessionStore = new express.session.MemoryStore(); exports.sessionStore = new express.session.MemoryStore();
secret = randomString(32); exports.secret = randomString(32);
} }
args.app.use(express.cookieParser(secret)); args.app.use(express.cookieParser(exports.secret));
args.app.sessionStore = exports.sessionStore; args.app.sessionStore = exports.sessionStore;
args.app.use(express.session({store: args.app.sessionStore, args.app.use(express.session({store: args.app.sessionStore,

2
src/package.json
View File

@ -18,7 +18,7 @@
"ueberDB" : "0.1.7", "ueberDB" : "0.1.7",
"async" : "0.1.x", "async" : "0.1.x",
"express" : "3.x", "express" : "3.x",
"connect" : "1.x", "connect" : "2.4.x",
"clean-css" : "0.3.2", "clean-css" : "0.3.2",
"uglify-js" : "1.2.5", "uglify-js" : "1.2.5",
"formidable" : "1.0.9", "formidable" : "1.0.9",