public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hrm I dont trust this security

pull/2319/head
John McLear 2014-11-18 14:56:40 +00:00
parent ff603d7b58
commit 3e8f3cd938
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/node/hooks/express/adminplugins.js
View File

@ -24,8 +24,9 @@ exports.expressCreateServer = function (hook_name, args, cb) {
exports.socketio = function (hook_name, args, cb) {
var io = args.io.of("/pluginfw/installer");
io.on('connection', function (socket) {
console.warn("THIS IS BROKEN", socket.handshake);
if (!socket.handshake.session || !socket.handshake.session.user || !socket.handshake.session.user.is_admin) return;
console.warn ("The middleware now handles auth but I'm not convinced SocketIO is being responsible enough here so this needs reviewing before hitting master");
// if (!socket.handshake.session || !socket.handshake.session.user || !socket.handshake.session.user.is_admin) return;
socket.on("getInstalled", function (query) {
// send currently installed plugins

4
src/node/hooks/express/adminsettings.js
View File

@ -22,9 +22,9 @@ exports.expressCreateServer = function (hook_name, args, cb) {
exports.socketio = function (hook_name, args, cb) {
var io = args.io.of("/settings");
io.on('connection', function (socket) {
console.warn ("THIS IS BROKEN");
if (!socket.handshake.session || !socket.handshake.session.user || !socket.handshake.session.user.is_admin) return;
console.warn ("The middleware now handles auth but I'm not convinced SocketIO is being responsible enough here so this needs reviewing before hitting master");
// if (!socket.handshake.session || !socket.handshake.session.user || !socket.handshake.session.user.is_admin) return;
socket.on("load", function (query) {
fs.readFile('settings.json', 'utf8', function (err,data) {