overleaf/services/real-time/app/coffee/Router.coffee

metrics = require "metrics-sharelatex"
logger = require "logger-sharelatex"
settings = require "settings-sharelatex"
WebsocketController = require "./WebsocketController"
HttpController = require "./HttpController"
HttpApiController = require "./HttpApiController"
Utils = require "./Utils"
bodyParser = require "body-parser"

basicAuth = require('basic-auth-connect')
httpAuth = basicAuth (user, pass)->
	isValid = user == settings.internal.realTime.user and pass == settings.internal.realTime.pass
	if !isValid
		logger.err user:user, pass:pass, "invalid login details"
	return isValid

module.exports = Router =
	_handleError: (callback = ((error) ->), error, client, method, extraAttrs = {}) ->
		Utils.getClientAttributes client, ["project_id", "doc_id", "user_id"], (_, attrs) ->
			for key, value of extraAttrs
				attrs[key] = value
			attrs.client_id = client.id
			attrs.err = error
			if error.message in ["not authorized", "doc updater could not load requested ops"]
				logger.warn attrs, error.message
				return callback {message: error.message}
			else
				logger.error attrs, "server side error in #{method}"
				# Don't return raw error to prevent leaking server side info
				return callback {message: "Something went wrong in real-time service"}

	configure: (app, io, session) ->
		app.set("io", io)
		app.get "/clients", HttpController.getConnectedClients
		app.get "/clients/:client_id", HttpController.getConnectedClient

		app.post "/project/:project_id/message/:message", httpAuth, bodyParser.json(limit: "5mb"), HttpApiController.sendMessage
		
		app.post "/drain", httpAuth, HttpApiController.startDrain

		session.on 'connection', (error, client, session) ->
			if client? and error?.message?.match(/could not look up session by key/)
				logger.err err: error, client: client?, session: session?, "invalid session"
				# tell the client to reauthenticate if it has an invalid session key
				client.emit("connectionRejected", {message: "invalid session"})
				client.disconnect()
				return

			if error?
				logger.err err: error, client: client?, session: session?, "error when client connected"
				client?.emit("connectionRejected", {message: "error"})
				client?.disconnect()
				return

			# send positive confirmation that the client has a valid connection
			client.emit("connectionAccepted")

			metrics.inc('socket-io.connection')

			logger.log session: session, client_id: client.id, "client connected"

			if session?.passport?.user?
				user = session.passport.user
			else if session?.user?
				user = session.user
			else
				user = {_id: "anonymous-user"}

			client.on "joinProject", (data = {}, callback) ->
				if data.anonToken
					user.anonToken = data.anonToken
				WebsocketController.joinProject client, user, data.project_id, (err, args...) ->
					if err?
						Router._handleError callback, err, client, "joinProject", {project_id: data.project_id, user_id: user?.id}
					else
						callback(null, args...)

			client.on "disconnect", () ->
				metrics.inc('socket-io.disconnect')
				WebsocketController.leaveProject io, client, (err) ->
					if err?
						Router._handleError null, err, client, "leaveProject"


			client.on "joinDoc", (doc_id, fromVersion, callback) ->
				# fromVersion is optional
				if typeof fromVersion == "function"
					callback = fromVersion
					fromVersion = -1

				WebsocketController.joinDoc client, doc_id, fromVersion, (err, args...) ->
					if err?
						Router._handleError callback, err, client, "joinDoc", {doc_id, fromVersion}
					else
						callback(null, args...)

			client.on "leaveDoc", (doc_id, callback) ->
				WebsocketController.leaveDoc client, doc_id, (err, args...) ->
					if err?
						Router._handleError callback, err, client, "leaveDoc"
					else
						callback(null, args...)

			client.on "clientTracking.getConnectedUsers", (callback = (error, users) ->) ->
				WebsocketController.getConnectedUsers client, (err, users) ->
					if err?
						Router._handleError callback, err, client, "clientTracking.getConnectedUsers"
					else
						callback(null, users)

			client.on "clientTracking.updatePosition", (cursorData, callback = (error) ->) ->
				WebsocketController.updateClientPosition client, cursorData, (err) ->
					if err?
						Router._handleError callback, err, client, "clientTracking.updatePosition"
					else
						callback()

			client.on "applyOtUpdate", (doc_id, update, callback = (error) ->) ->
				WebsocketController.applyOtUpdate client, doc_id, update, (err) ->
					if err?
						Router._handleError callback, err, client, "applyOtUpdate", {doc_id, update}
					else
						callback()
Add metrics into all end points 2014-11-17 08:12:49 -05:00			`metrics = require "metrics-sharelatex"`
Create framework for real-time API with session authentication 2014-11-07 12:38:12 -05:00			`logger = require "logger-sharelatex"`
Relay messages received via HTTP into the project 2015-03-03 12:15:19 -05:00			`settings = require "settings-sharelatex"`
Create joinProject socket.io endpoint 2014-11-10 06:27:08 -05:00			`WebsocketController = require "./WebsocketController"`
Add in /clients and /client/:client_id status end points 2014-11-13 06:48:49 -05:00			`HttpController = require "./HttpController"`
Relay messages received via HTTP into the project 2015-03-03 12:15:19 -05:00			`HttpApiController = require "./HttpApiController"`
Refactor client attribute fetching and logging 2014-11-13 07:03:43 -05:00			`Utils = require "./Utils"`
Relay messages received via HTTP into the project 2015-03-03 12:15:19 -05:00			`bodyParser = require "body-parser"`

			`basicAuth = require('basic-auth-connect')`
			`httpAuth = basicAuth (user, pass)->`
			`isValid = user == settings.internal.realTime.user and pass == settings.internal.realTime.pass`
			`if !isValid`
			`logger.err user:user, pass:pass, "invalid login details"`
			`return isValid`
Create framework for real-time API with session authentication 2014-11-07 12:38:12 -05:00
			`module.exports = Router =`
Add acceptence tests for leaving(disconnecting) from a project 2014-11-17 07:23:30 -05:00			`_handleError: (callback = ((error) ->), error, client, method, extraAttrs = {}) ->`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`Utils.getClientAttributes client, ["project_id", "doc_id", "user_id"], (_, attrs) ->`
			`for key, value of extraAttrs`
			`attrs[key] = value`
			`attrs.client_id = client.id`
			`attrs.err = error`
Return semantic error if doc ops range is not loaded 2016-05-31 09:21:23 -04:00			`if error.message in ["not authorized", "doc updater could not load requested ops"]`
			`logger.warn attrs, error.message`
Return a 'not authorized' error if the user is not logged in/authorized 2016-05-31 06:49:51 -04:00			`return callback {message: error.message}`
			`else`
			`logger.error attrs, "server side error in #{method}"`
			`# Don't return raw error to prevent leaking server side info`
			`return callback {message: "Something went wrong in real-time service"}`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00
Create framework for real-time API with session authentication 2014-11-07 12:38:12 -05:00			`configure: (app, io, session) ->`
Refactor client attribute fetching and logging 2014-11-13 07:03:43 -05:00			`app.set("io", io)`
			`app.get "/clients", HttpController.getConnectedClients`
			`app.get "/clients/:client_id", HttpController.getConnectedClient`
Relay messages received via HTTP into the project 2015-03-03 12:15:19 -05:00
			`app.post "/project/:project_id/message/:message", httpAuth, bodyParser.json(limit: "5mb"), HttpApiController.sendMessage`
Add end point to start draining clients 2016-10-24 11:36:09 -04:00
			`app.post "/drain", httpAuth, HttpApiController.startDrain`
Update session code 2016-09-07 03:58:35 -04:00
Create framework for real-time API with session authentication 2014-11-07 12:38:12 -05:00			`session.on 'connection', (error, client, session) ->`
send connectionAccepted/Rejected events on connect let the client know whether it has successfully authenticated 2016-10-28 10:40:03 -04:00			`if client? and error?.message?.match(/could not look up session by key/)`
			`logger.err err: error, client: client?, session: session?, "invalid session"`
			`# tell the client to reauthenticate if it has an invalid session key`
			`client.emit("connectionRejected", {message: "invalid session"})`
			`client.disconnect()`
			`return`

Create framework for real-time API with session authentication 2014-11-07 12:38:12 -05:00			`if error?`
send connectionAccepted/Rejected events on connect let the client know whether it has successfully authenticated 2016-10-28 10:40:03 -04:00			`logger.err err: error, client: client?, session: session?, "error when client connected"`
			`client?.emit("connectionRejected", {message: "error"})`
Create framework for real-time API with session authentication 2014-11-07 12:38:12 -05:00			`client?.disconnect()`
			`return`
Update session code 2016-09-07 03:58:35 -04:00
send connectionAccepted/Rejected events on connect let the client know whether it has successfully authenticated 2016-10-28 10:40:03 -04:00			`# send positive confirmation that the client has a valid connection`
			`client.emit("connectionAccepted")`

Add metrics into all end points 2014-11-17 08:12:49 -05:00			`metrics.inc('socket-io.connection')`
Update session code 2016-09-07 03:58:35 -04:00
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`logger.log session: session, client_id: client.id, "client connected"`
Update session code 2016-09-07 03:58:35 -04:00
			`if session?.passport?.user?`
			`user = session.passport.user`
			`else if session?.user?`
Support anonymous access 2014-11-21 06:48:59 -05:00			`user = session.user`
Update session code 2016-09-07 03:58:35 -04:00			`else`
			`user = {_id: "anonymous-user"}`

Create joinProject socket.io endpoint 2014-11-10 06:27:08 -05:00			`client.on "joinProject", (data = {}, callback) ->`
Get anonToken from joinProject payload 2017-09-29 11:32:46 -04:00			`if data.anonToken`
			`user.anonToken = data.anonToken`
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`WebsocketController.joinProject client, user, data.project_id, (err, args...) ->`
			`if err?`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`Router._handleError callback, err, client, "joinProject", {project_id: data.project_id, user_id: user?.id}`
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`else`
			`callback(null, args...)`
Update session code 2016-09-07 03:58:35 -04:00
Add acceptence tests for leaving(disconnecting) from a project 2014-11-17 07:23:30 -05:00			`client.on "disconnect", () ->`
Add metrics into all end points 2014-11-17 08:12:49 -05:00			`metrics.inc('socket-io.disconnect')`
Add acceptence tests for leaving(disconnecting) from a project 2014-11-17 07:23:30 -05:00			`WebsocketController.leaveProject io, client, (err) ->`
			`if err?`
			`Router._handleError null, err, client, "leaveProject"`
Update session code 2016-09-07 03:58:35 -04:00

Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`client.on "joinDoc", (doc_id, fromVersion, callback) ->`
			`# fromVersion is optional`
			`if typeof fromVersion == "function"`
			`callback = fromVersion`
			`fromVersion = -1`
Update session code 2016-09-07 03:58:35 -04:00
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`WebsocketController.joinDoc client, doc_id, fromVersion, (err, args...) ->`
			`if err?`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`Router._handleError callback, err, client, "joinDoc", {doc_id, fromVersion}`
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`else`
			`callback(null, args...)`
Update session code 2016-09-07 03:58:35 -04:00
Add in leaveDoc end point 2014-11-12 11:51:48 -05:00			`client.on "leaveDoc", (doc_id, callback) ->`
			`WebsocketController.leaveDoc client, doc_id, (err, args...) ->`
			`if err?`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`Router._handleError callback, err, client, "leaveDoc"`
Add in leaveDoc end point 2014-11-12 11:51:48 -05:00			`else`
Add in /clients and /client/:client_id status end points 2014-11-13 06:48:49 -05:00			`callback(null, args...)`
Update session code 2016-09-07 03:58:35 -04:00
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`client.on "clientTracking.getConnectedUsers", (callback = (error, users) ->) ->`
Mark user as connected for cursor updates when joining project 2014-11-13 08:05:49 -05:00			`WebsocketController.getConnectedUsers client, (err, users) ->`
			`if err?`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`Router._handleError callback, err, client, "clientTracking.getConnectedUsers"`
Mark user as connected for cursor updates when joining project 2014-11-13 08:05:49 -05:00			`else`
			`callback(null, users)`
Update session code 2016-09-07 03:58:35 -04:00
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`client.on "clientTracking.updatePosition", (cursorData, callback = (error) ->) ->`
			`WebsocketController.updateClientPosition client, cursorData, (err) ->`
			`if err?`
			`Router._handleError callback, err, client, "clientTracking.updatePosition"`
Add acceptance tests for applyOtUpdate 2014-11-14 05:12:35 -05:00			`else`
			`callback()`
Update session code 2016-09-07 03:58:35 -04:00
Add acceptance tests for applyOtUpdate 2014-11-14 05:12:35 -05:00			`client.on "applyOtUpdate", (doc_id, update, callback = (error) ->) ->`
			`WebsocketController.applyOtUpdate client, doc_id, update, (err) ->`
			`if err?`
			`Router._handleError callback, err, client, "applyOtUpdate", {doc_id, update}`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`else`
Return a 'not authorized' error if the user is not logged in/authorized 2016-05-31 06:49:51 -04:00			`callback()`