summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorWu Cheng-Han2015-12-30 00:31:39 -0500
committerWu Cheng-Han2015-12-30 00:31:39 -0500
commit5467e6da8debc35befd5891bbe393a22f269117d (patch)
treef8e9776f9cd0c9b40d5338b9fc7f2d355f53a4d9 /lib
parent411ce1343e5c55a6a8a930e2971c2e82ecd2d04b (diff)
Fixed socket session secure might not apply properly
Diffstat (limited to '')
-rw-r--r--lib/realtime.js13
1 files changed, 8 insertions, 5 deletions
diff --git a/lib/realtime.js b/lib/realtime.js
index a69904a9..a9c541cf 100644
--- a/lib/realtime.js
+++ b/lib/realtime.js
@@ -42,22 +42,25 @@ function onAuthorizeFail(data, message, error, accept) {
accept(); //accept whether authorize or not to allow anonymous usage
}
+//secure the origin by the cookie
function secure(socket, next) {
try {
var handshakeData = socket.request;
if (handshakeData.headers.cookie) {
handshakeData.cookie = cookie.parse(handshakeData.headers.cookie);
handshakeData.sessionID = cookieParser.signedCookie(handshakeData.cookie[config.sessionname], config.sessionsecret);
- if (handshakeData.cookie[config.sessionname] == handshakeData.sessionID) {
+ if (handshakeData.sessionID &&
+ handshakeData.cookie[config.sessionname] &&
+ handshakeData.cookie[config.sessionname] != handshakeData.sessionID) {
+ if (config.debug)
+ logger.info("AUTH success cookie: " + handshakeData.sessionID);
+ return next();
+ } else {
next(new Error('AUTH failed: Cookie is invalid.'));
}
} else {
next(new Error('AUTH failed: No cookie transmitted.'));
}
- if (config.debug)
- logger.info("AUTH success cookie: " + handshakeData.sessionID);
-
- next();
} catch (ex) {
next(new Error("AUTH failed:" + JSON.stringify(ex)));
}