socketio: Use Error objects for socket.io connection errors
socket.io expects Error objects, otherwise it won't propagate the message to the client. Also do some cleanup.pull/4269/head
Richard Hansen
John McLear
parent
0a836ced29
commit
259b8d891d
|
|
@ -49,24 +49,24 @@ exports.expressCreateServer = function (hook_name, args, cb) {
|
||||||
// modify, or create any pad (unless the pad is password protected or an HTTP API session is
|
// modify, or create any pad (unless the pad is password protected or an HTTP API session is
|
||||||
// required).
|
// required).
|
||||||
var cookieParserFn = cookieParser(webaccess.secret, {});
|
var cookieParserFn = cookieParser(webaccess.secret, {});
|
||||||
io.use(function(socket, accept) {
|
io.use((socket, next) => {
|
||||||
var data = socket.request;
|
var data = socket.request;
|
||||||
if (!data.headers.cookie && settings.loadTest) return accept(null, true);
|
if (!data.headers.cookie && settings.loadTest) {
|
||||||
cookieParserFn(data, {}, function(err) {
|
console.warn('bypassing socket.io authentication check due to settings.loadTest');
|
||||||
if (err) {
|
return next(null, true);
|
||||||
console.error(err);
|
|
||||||
accept("Couldn't parse request cookies.", false);
|
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
data.sessionID = data.signedCookies.express_sid;
|
const fail = (msg) => { return next(new Error(msg), false); };
|
||||||
if (!data.sessionID) return accept('Signed express_sid cookie is required', false);
|
cookieParserFn(data, {}, function(err) {
|
||||||
args.app.sessionStore.get(data.sessionID, function(err, session) {
|
if (err) return fail('access denied: unable to parse express_sid cookie');
|
||||||
if (err || !session) return accept('Bad session / session has expired', false);
|
const expressSid = data.signedCookies.express_sid;
|
||||||
|
if (!expressSid) return fail ('access denied: signed express_sid cookie is required');
|
||||||
|
args.app.sessionStore.get(expressSid, (err, session) => {
|
||||||
|
if (err || !session) return fail('access denied: bad session or session has expired');
|
||||||
data.session = new sessionModule.Session(data, session);
|
data.session = new sessionModule.Session(data, session);
|
||||||
if (settings.requireAuthentication && data.session.user == null) {
|
if (settings.requireAuthentication && data.session.user == null) {
|
||||||
return accept('Authentication required', false);
|
return fail('access denied: authentication required');
|
||||||
}
|
}
|
||||||
accept(null, true);
|
next(null, true);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue