Fixed socket session secure might not apply properly

This commit is contained in:
Wu Cheng-Han 2015-12-30 00:31:39 -05:00
parent 411ce1343e
commit 5467e6da8d

View file

@ -42,22 +42,25 @@ function onAuthorizeFail(data, message, error, accept) {
accept(); //accept whether authorize or not to allow anonymous usage accept(); //accept whether authorize or not to allow anonymous usage
} }
//secure the origin by the cookie
function secure(socket, next) { function secure(socket, next) {
try { try {
var handshakeData = socket.request; var handshakeData = socket.request;
if (handshakeData.headers.cookie) { if (handshakeData.headers.cookie) {
handshakeData.cookie = cookie.parse(handshakeData.headers.cookie); handshakeData.cookie = cookie.parse(handshakeData.headers.cookie);
handshakeData.sessionID = cookieParser.signedCookie(handshakeData.cookie[config.sessionname], config.sessionsecret); handshakeData.sessionID = cookieParser.signedCookie(handshakeData.cookie[config.sessionname], config.sessionsecret);
if (handshakeData.cookie[config.sessionname] == handshakeData.sessionID) { if (handshakeData.sessionID &&
handshakeData.cookie[config.sessionname] &&
handshakeData.cookie[config.sessionname] != handshakeData.sessionID) {
if (config.debug)
logger.info("AUTH success cookie: " + handshakeData.sessionID);
return next();
} else {
next(new Error('AUTH failed: Cookie is invalid.')); next(new Error('AUTH failed: Cookie is invalid.'));
} }
} else { } else {
next(new Error('AUTH failed: No cookie transmitted.')); next(new Error('AUTH failed: No cookie transmitted.'));
} }
if (config.debug)
logger.info("AUTH success cookie: " + handshakeData.sessionID);
next();
} catch (ex) { } catch (ex) {
next(new Error("AUTH failed:" + JSON.stringify(ex))); next(new Error("AUTH failed:" + JSON.stringify(ex)));
} }