From 259b8d891d866bf1b6ddfcd6a174a31574ca3924 Mon Sep 17 00:00:00 2001
From: Richard Hansen <rhansen@rhansen.org>
Date: Mon, 14 Sep 2020 00:49:16 -0400
Subject: [PATCH] socketio: Use Error objects for socket.io connection errors

socket.io expects Error objects, otherwise it won't propagate the
message to the client.

Also do some cleanup.
---
 src/node/hooks/express/socketio.js | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/node/hooks/express/socketio.js b/src/node/hooks/express/socketio.js
index 3eef7a92b..b1a4d4f22 100644
--- a/src/node/hooks/express/socketio.js
+++ b/src/node/hooks/express/socketio.js
@@ -49,24 +49,24 @@ exports.expressCreateServer = function (hook_name, args, cb) {
   // modify, or create any pad (unless the pad is password protected or an HTTP API session is
   // required).
   var cookieParserFn = cookieParser(webaccess.secret, {});
-  io.use(function(socket, accept) {
+  io.use((socket, next) => {
     var data = socket.request;
-    if (!data.headers.cookie && settings.loadTest) return accept(null, true);
+    if (!data.headers.cookie && settings.loadTest) {
+      console.warn('bypassing socket.io authentication check due to settings.loadTest');
+      return next(null, true);
+    }
+    const fail = (msg) => { return next(new Error(msg), false); };
     cookieParserFn(data, {}, function(err) {
-      if (err) {
-        console.error(err);
-        accept("Couldn't parse request cookies.", false);
-        return;
-      }
-      data.sessionID = data.signedCookies.express_sid;
-      if (!data.sessionID) return accept('Signed express_sid cookie is required', false);
-      args.app.sessionStore.get(data.sessionID, function(err, session) {
-        if (err || !session) return accept('Bad session / session has expired', false);
+      if (err) return fail('access denied: unable to parse express_sid cookie');
+      const expressSid = data.signedCookies.express_sid;
+      if (!expressSid) return fail ('access denied: signed express_sid cookie is required');
+      args.app.sessionStore.get(expressSid, (err, session) => {
+        if (err || !session) return fail('access denied: bad session or session has expired');
         data.session = new sessionModule.Session(data, session);
         if (settings.requireAuthentication && data.session.user == null) {
-          return accept('Authentication required', false);
+          return fail('access denied: authentication required');
         }
-        accept(null, true);
+        next(null, true);
       });
     });
   });