LailaTheElf/hedgedoc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed socket session secure might not apply properly

Browse Source
This commit is contained in:
Wu Cheng-Han 2015-12-30 00:31:39 -05:00
parent 411ce1343e
commit 5467e6da8d
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/realtime.js
View File

@ -42,22 +42,25 @@ function onAuthorizeFail(data, message, error, accept) {
accept(); //accept whether authorize or not to allow anonymous usage
}
//secure the origin by the cookie
function secure(socket, next) {
try {
var handshakeData = socket.request;
if (handshakeData.headers.cookie) {
handshakeData.cookie = cookie.parse(handshakeData.headers.cookie);
handshakeData.sessionID = cookieParser.signedCookie(handshakeData.cookie[config.sessionname], config.sessionsecret);
if (handshakeData.cookie[config.sessionname] == handshakeData.sessionID) {
if (handshakeData.sessionID &&
handshakeData.cookie[config.sessionname] &&
handshakeData.cookie[config.sessionname] != handshakeData.sessionID) {
if (config.debug)
logger.info("AUTH success cookie: " + handshakeData.sessionID);
return next();
} else {
next(new Error('AUTH failed: Cookie is invalid.'));
}
} else {
next(new Error('AUTH failed: No cookie transmitted.'));
}
if (config.debug)
logger.info("AUTH success cookie: " + handshakeData.sessionID);
next();
} catch (ex) {
next(new Error("AUTH failed:" + JSON.stringify(ex)));
}