mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-20 15:36:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
etherpad-lite/src/node/handler/SocketIORouter.js
John McLear 66df0a572f
Security: FEATURE REMOVAL: Remove all plain text password logic and ui (#4178) 
This will be a breaking change for some people.  

We removed all internal password control logic.  If this affects you, you have two options:

1. Use a plugin for authentication and use session based pad access (recommended).
1. Use a plugin for password setting.

The reasoning for removing this feature is to reduce the overall security footprint of Etherpad.  It is unnecessary and cumbersome to keep this feature and with the thousands of available authentication methods available in the world our focus should be on supporting those and allowing more granual access based on their implementations (instead of half assed baking our own).
2020-10-07 13:43:54 +01:00

90 lines
2.7 KiB
JavaScript
Raw Blame History

/**
* This is the Socket.IO Router. It routes the Messages between the
* components of the Server. The components are at the moment: pad and timeslider
*/
/*
* 2011 Peter 'Pita' Martischka (Primary Technology Ltd)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS-IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
var log4js = require('log4js');
var messageLogger = log4js.getLogger("message");
var securityManager = require("../db/SecurityManager");
var readOnlyManager = require("../db/ReadOnlyManager");
var settings = require('../utils/Settings');
/**
* Saves all components
* key is the component name
* value is the component module
*/
var components = {};
var socket;
/**
* adds a component
*/
exports.addComponent = function(moduleName, module)
{
// save the component
components[moduleName] = module;
// give the module the socket
module.setSocketIO(socket);
}
/**
* sets the socket.io and adds event functions for routing
*/
exports.setSocketIO = function(_socket) {
// save this socket internaly
socket = _socket;
socket.sockets.on('connection', function(client)
{
// wrap the original send function to log the messages
client._send = client.send;
client.send = function(message) {
messageLogger.debug(`to ${client.id}: ${JSON.stringify(message)}`);
client._send(message);
}
// tell all components about this connect
for (let i in components) {
components[i].handleConnect(client);
}
client.on('message', async function(message) {
if (message.protocolVersion && message.protocolVersion != 2) {
messageLogger.warn(`Protocolversion header is not correct: ${JSON.stringify(message)}`);
return;
}
if (!message.component || !components[message.component]) {
messageLogger.error(`Can't route the message: ${JSON.stringify(message)}`);
return;
}
messageLogger.debug(`from ${client.id}: ${JSON.stringify(message)}`);
await components[message.component].handleMessage(client, message);
});
client.on('disconnect', function() {
// tell all components about this disconnect
for (let i in components) {
components[i].handleDisconnect(client);
}
});
});
}
Reference in a new issue View git blame Copy permalink