diff options
| author | Wu Cheng-Han | 2015-12-30 00:31:39 -0500 |
|---|---|---|
| committer | Wu Cheng-Han | 2015-12-30 00:31:39 -0500 |
| commit | 5467e6da8debc35befd5891bbe393a22f269117d (patch) | |
| tree | f8e9776f9cd0c9b40d5338b9fc7f2d355f53a4d9 /lib/realtime.js | |
| parent | 411ce1343e5c55a6a8a930e2971c2e82ecd2d04b (diff) | |
Fixed socket session secure might not apply properly
Diffstat (limited to 'lib/realtime.js')
| -rw-r--r-- | lib/realtime.js | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/lib/realtime.js b/lib/realtime.js index a69904a9..a9c541cf 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -42,22 +42,25 @@ function onAuthorizeFail(data, message, error, accept) { accept(); //accept whether authorize or not to allow anonymous usage } +//secure the origin by the cookie function secure(socket, next) { try { var handshakeData = socket.request; if (handshakeData.headers.cookie) { handshakeData.cookie = cookie.parse(handshakeData.headers.cookie); handshakeData.sessionID = cookieParser.signedCookie(handshakeData.cookie[config.sessionname], config.sessionsecret); - if (handshakeData.cookie[config.sessionname] == handshakeData.sessionID) { + if (handshakeData.sessionID && + handshakeData.cookie[config.sessionname] && + handshakeData.cookie[config.sessionname] != handshakeData.sessionID) { + if (config.debug) + logger.info("AUTH success cookie: " + handshakeData.sessionID); + return next(); + } else { next(new Error('AUTH failed: Cookie is invalid.')); } } else { next(new Error('AUTH failed: No cookie transmitted.')); } - if (config.debug) - logger.info("AUTH success cookie: " + handshakeData.sessionID); - - next(); } catch (ex) { next(new Error("AUTH failed:" + JSON.stringify(ex))); } |