mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-21 17:26:29 -05:00
Fixed socket session secure might not apply properly
This commit is contained in:
parent
411ce1343e
commit
5467e6da8d
1 changed files with 8 additions and 5 deletions
|
@ -42,22 +42,25 @@ function onAuthorizeFail(data, message, error, accept) {
|
|||
accept(); //accept whether authorize or not to allow anonymous usage
|
||||
}
|
||||
|
||||
//secure the origin by the cookie
|
||||
function secure(socket, next) {
|
||||
try {
|
||||
var handshakeData = socket.request;
|
||||
if (handshakeData.headers.cookie) {
|
||||
handshakeData.cookie = cookie.parse(handshakeData.headers.cookie);
|
||||
handshakeData.sessionID = cookieParser.signedCookie(handshakeData.cookie[config.sessionname], config.sessionsecret);
|
||||
if (handshakeData.cookie[config.sessionname] == handshakeData.sessionID) {
|
||||
if (handshakeData.sessionID &&
|
||||
handshakeData.cookie[config.sessionname] &&
|
||||
handshakeData.cookie[config.sessionname] != handshakeData.sessionID) {
|
||||
if (config.debug)
|
||||
logger.info("AUTH success cookie: " + handshakeData.sessionID);
|
||||
return next();
|
||||
} else {
|
||||
next(new Error('AUTH failed: Cookie is invalid.'));
|
||||
}
|
||||
} else {
|
||||
next(new Error('AUTH failed: No cookie transmitted.'));
|
||||
}
|
||||
if (config.debug)
|
||||
logger.info("AUTH success cookie: " + handshakeData.sessionID);
|
||||
|
||||
next();
|
||||
} catch (ex) {
|
||||
next(new Error("AUTH failed:" + JSON.stringify(ex)));
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue