mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-20 23:46:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix socket.io auth: Use connect to parse signed cookies (migrate to express v3)

Browse source
This commit is contained in:
Marcel Klehr 2012-09-22 16:03:40 +02:00
parent 0f436d5916
commit 0c9c1f514f
3 changed files with 20 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/node/hooks/express/socketio.js
View file

@ -3,6 +3,7 @@ var socketio = require('socket.io');
var settings = require('../../utils/Settings');
var socketIORouter = require("../../handler/SocketIORouter");
var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks");
var webaccess = require("ep_etherpad-lite/node/hooks/express/webaccess");
var padMessageHandler = require("../../handler/PadMessageHandler");
@ -17,12 +18,21 @@ exports.expressCreateServer = function (hook_name, args, cb) {
* info */
io.set('authorization', function (data, accept) {
if (!data.headers.cookie) return accept('No session cookie transmitted.', false);
data.cookie = connect.utils.parseCookie(data.headers.cookie);
data.sessionID = data.cookie.express_sid;
args.app.sessionStore.get(data.sessionID, function (err, session) {
if (err || !session) return accept('Bad session / session has expired', false);
data.session = new connect.middleware.session.Session(data, session);
accept(null, true);
// Use connect's cookie parser, because it knows how to parse signed cookies
connect.cookieParser(webaccess.secret)(data, {}, function(err){
if(err) {
console.error(err);
accept("Couldn't parse request cookies. ", false);
return;
}
data.sessionID = data.signedCookies.express_sid;
args.app.sessionStore.get(data.sessionID, function (err, session) {
if (err || !session) return accept('Bad session / session has expired', false);
data.session = new connect.middleware.session.Session(data, session);
accept(null, true);
});
});
});