function createClient(channelName, lastEditSeen) { var dispatcher = new Flux.Dispatcher() var chan = new EditorChannel(dispatcher) var wsHost = window.location.hostname var wsPort = window.location.port || 80 chan.connect(wsHost, wsPort, { headers: { 'Cookie': 'vs070='+session.util.encode({ cookieName: 'vs070', secret: secrets.sessionSecret, duration: 4100421, activeDuration: 190248 }, { userId: new mongoose.Types.ObjectId('test1234' + (''+Date.now()).substring(8,12)) }) } }) .on('ready', function() { chan.lastEditSeen = lastEditSeen if (channelName) chan.join(channelName, channelName) }) chan.dispatcher = dispatcher return chan }
exports.validate = function (options, data, next) { if (!data.token) { var error = new Error('Flow-auth.token.validate: No token found.'); error._ = data; return next(error); } // validate token var token = sessions.util.decode(this._token, data.token); if (!token) { var error = new Error('Flow-auth.token.validate: Invalid.'); error._ = data; return next(error); } // validate duration if ((token.createdAt + token.duration) <= new Date().getTime()) { var error = new Error('Flow-auth.token.validate: Expired.'); error._ = data; return next(error); } data.content = token.content; next(null, data); };
exports.create = function (options, data, next) { if (!data.content) { var error = new Error('Flow-auth.token.create: No token content.'); error._ = data; return next(error); } data.token = sessions.util.encode(this._token, data.content, this._token.duration); next(null, data); };
server.io.of('/private').use(function(socket, next) { var handshakeData = socket.request; // Check that the cookie header is present if (!handshakeData.headers.cookie) { return next(new Error('No cookie transmitted.')); } // Get all the cookie objects var cookie = parseCookie(handshakeData.headers.cookie); if (!cookie['session']) { var err = new Error('No session provided.'); log.error(err); return next(err); } // Pull out the user from the cookie by using the decode function handshakeData.sessionID = sessions.util.decode({ cookieName: 'session', secret: server.cookieSecret }, cookie['session']); if (handshakeData.sessionID.content.passport !== undefined) { var user = handshakeData.sessionID.content.passport.user; authentication.getUserById(user, function(err, data) { if (err) { var err = new Error(err); log.error(err); // delete socket.request.headers.cookie; return next(err); } else { authentication.setCurrentUser(data); next(); } }); // authentication.configure(); if (!handshakeData.sessionID) { var err = new Error('Wrong session.'); return next(err); } } else { next(); } });
function parseCookie() { var header = req.headers.cookie if (!header) return var headerMatch = header.match(/(vs070=[^;\s]*)/) if (!headerMatch) return var sessionCookie = headerMatch[1].substring('vs070='.length) return sessions.util.decode({ cookieName: 'vs070', cookie: { domain: process.env.FQDN, }, secret: secrets.sessionSecret, duration: week, activeDuration: day }, sessionCookie) }
socket.on('code', function(data) { var handshakeData = socket.request; var cookie = parseCookie(handshakeData.headers.cookie); handshakeData.sessionID = sessions.util.decode({ cookieName: 'session', secret: server.cookieSecret }, cookie['session']); var user = handshakeData.sessionID; if(!authentication.getCurrentUser() || authentication.getCurrentUser().username != userId){ log.error(userId); log.error(authentication.getCurrentUser()); socket.emit('authentication_failed','not authenticated'); return socket.disconnect(); } // make sure that if the user logout, he can't talk through the socket anymore. if('rt' in data) { try { machine.executeRuntimeCode(data.rt, data.data) } catch(e) { log.error(e); } } });
let getUserInfo = function(cookie) { let matchCookie = /(?:\s|^)session=([^\s]+)/.exec(cookie); if (!matchCookie || matchCookie.length < 2) return null; // Session cookie not set return clientSessions.util.decode(UserSecurity.getSessionOptions(), matchCookie[1]).content; };
module.exports = function cookie(contents) { if (!contents._csrf) { contents._csrf = 'test'; } return clientSessions.util.encode(options, contents); };