Fixed socket session secure might not apply properly
This commit is contained in:
parent
411ce1343e
commit
5467e6da8d
1 changed files with 8 additions and 5 deletions
|
@ -42,22 +42,25 @@ function onAuthorizeFail(data, message, error, accept) {
|
||||||
accept(); //accept whether authorize or not to allow anonymous usage
|
accept(); //accept whether authorize or not to allow anonymous usage
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//secure the origin by the cookie
|
||||||
function secure(socket, next) {
|
function secure(socket, next) {
|
||||||
try {
|
try {
|
||||||
var handshakeData = socket.request;
|
var handshakeData = socket.request;
|
||||||
if (handshakeData.headers.cookie) {
|
if (handshakeData.headers.cookie) {
|
||||||
handshakeData.cookie = cookie.parse(handshakeData.headers.cookie);
|
handshakeData.cookie = cookie.parse(handshakeData.headers.cookie);
|
||||||
handshakeData.sessionID = cookieParser.signedCookie(handshakeData.cookie[config.sessionname], config.sessionsecret);
|
handshakeData.sessionID = cookieParser.signedCookie(handshakeData.cookie[config.sessionname], config.sessionsecret);
|
||||||
if (handshakeData.cookie[config.sessionname] == handshakeData.sessionID) {
|
if (handshakeData.sessionID &&
|
||||||
|
handshakeData.cookie[config.sessionname] &&
|
||||||
|
handshakeData.cookie[config.sessionname] != handshakeData.sessionID) {
|
||||||
|
if (config.debug)
|
||||||
|
logger.info("AUTH success cookie: " + handshakeData.sessionID);
|
||||||
|
return next();
|
||||||
|
} else {
|
||||||
next(new Error('AUTH failed: Cookie is invalid.'));
|
next(new Error('AUTH failed: Cookie is invalid.'));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
next(new Error('AUTH failed: No cookie transmitted.'));
|
next(new Error('AUTH failed: No cookie transmitted.'));
|
||||||
}
|
}
|
||||||
if (config.debug)
|
|
||||||
logger.info("AUTH success cookie: " + handshakeData.sessionID);
|
|
||||||
|
|
||||||
next();
|
|
||||||
} catch (ex) {
|
} catch (ex) {
|
||||||
next(new Error("AUTH failed:" + JSON.stringify(ex)));
|
next(new Error("AUTH failed:" + JSON.stringify(ex)));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue