function(req, res, next) {
var urlinfo = urlutil.parse(req.url, true);
if(urlinfo.pathname.indexOf('/api') === 0) {
urlinfo.pathname = urlinfo.pathname.substring(4);
}
var data = urlinfo.query;
if(req.body) {
for(var k in req.body) {
data[k] = req.body[k];
}
}
delete data.source;
var authorization = req.headers.authorization;
if (!authorization) return connect.utils.unauthorized(res, '');
var parts = authorization.split(' ')
, scheme = parts[0]
, credentials = new Buffer(parts[1], 'base64').toString().split(':');
if ('Basic' != scheme) return connect.utils.badRequest(res);
var key = credentials[0] + credentials[1];
cache.get(key, function(err, oauth_user) {
var params = {
url: urlinfo.pathname,
play_load: 'string',
type: req.method,
user: oauth_user,
data: data
};
twitter._send_request(params, function(err, data) {
res.end(data);
});
});
}
socketServer.set('authorization', function(handshakeData, _cb) {
//require cookies
if (!handshakeData.headers.cookie) {
return _cb('Cookies are required.', false);
}
var cookies = Connect.utils.parseCookie(handshakeData.headers.cookie);
cookies = Connect.utils.parseSignedCookies(cookies, options.connect.cookieParser.secret);
handshakeData.sessionId = cookies[options.connect.session.key];
httpServer.sessionStore.get(handshakeData.sessionId, function(err, sess) {
if (err) {
logger.error('Error retrieving session: ' + err);
return _cb('Error retrieving session', false);
} else if (!sess) {
logger.error('No session found for session id: ' + handshakeData.sessionId);
return _cb('No session found', false);
}
//found session - stuff it into handshakeData for connection event to then move it up to client object
sess.id = handshakeData.sessionId; //for some reason the id isn't being returned anymore (not sure why), so we have to set it
handshakeData.session = sess;
_cb(null, true);
});
});
'test parseCookie()': function(){
assert.eql({ foo: 'bar' }, utils.parseCookie('foo=bar'));
assert.eql({ sid: '123' }, utils.parseCookie('SID=123'));
assert.eql({ sid: '123' }, utils.parseCookie('SID=123;SID=somethingElse'));
assert.eql({ foo: 'bar', baz: 'raz' }, utils.parseCookie('foo = bar; baz = raz'));
assert.eql({ fbs: 'uid=0987654321&name=Test User' }, utils.parseCookie('fbs="uid=0987654321&name=Test+User"'));
},
app.get(route, combo.combine({rootPath: roots[route]}), function (req, res) {
if (!connect.utils.modified(req, res)) {
return connect.utils.notModified(res);
}
res.send(res.body, 200);
});
app.get('/combo', combo.combine({rootPath: pubDir + '/js'}), function (req, res) {
if (connect.utils.conditionalGET(req)) {
if (!connect.utils.modified(req, res)) {
return connect.utils.notModified(res);
}
}
res.send(res.body, 200);
});
/**
* Get the session id from the Rain cookie passed on the session.
*
* @param {Socket} socket the socket to extract the session from
* @returns {String} sid the session id
*/
function getSid(socket) {
if (!socket.handshake.headers.cookie) {
return;
}
var cookies = connect.utils.parseCookie(socket.handshake.headers.cookie);
var sid = connect.utils.parseSignedCookies(cookies, 'let it rain ;)')['rain.sid'];
return sid;
}
return function(req, res) {
var locals = {
app: this.app,
render: this.createRenderFunction(req, res, actionName),
handleError: errorHandler,
};
locals = utils.merge(locals, this.actionLocals);
locals = utils.merge(locals, this.app.resource.path);
fn.call(locals, req, res, locals);
}.bind(this);
http.ServerResponse.prototype.partial = function(view, options, ext, locals){
// Inherit parent view extension when not present
if (ext && view.indexOf('.') < 0) {
view += ext;
}
// Allow collection to be passed as second param
if (options && options.hasOwnProperty('length')) {
options = { collection: options };
}
// Defaults
options = options || {};
// Inherit locals from parent
options.locals = options.locals || {};
utils.merge(options.locals, locals);
// Partials dont need layouts
options.partial = true;
options.layout = false;
// Deduce name from view path
var name = options.as || view.split('/').slice(-1)[0].split('.')[0];
// Collection support
var collection = options.collection;
if (collection) {
var len = collection.length
, buf = '';
delete options.collection;
options.locals.collectionLength = len;
for (var i = 0; i < len; ++i) {
var val = collection[i];
options.locals.firstInCollection = i === 0;
options.locals.indexInCollection = i;
options.locals.lastInCollection = i === len - 1;
options.object = val;
buf += this.partial(view, options);
}
return buf;
} else {
if (options.object) {
if ('string' == typeof name) {
options.locals[name] = options.object;
} else if (name === global) {
utils.merge(options.locals, options.object);
} else {
options.scope = options.object;
}
}
return this.render(view, options);
}
};
'test parseCookie()': function(){
utils.parseCookie('foo=bar').should.eql({ foo: 'bar' });
utils.parseCookie('SID=123').should.eql({ sid: '123' });
utils.parseCookie('foo = bar; baz = raz')
.should.eql({ foo: 'bar', baz: 'raz' });
utils.parseCookie('fbs="uid=0987654321&name=Test+User"')
.should.eql({ fbs: 'uid=0987654321&name=Test User' });
utils.parseCookie('email=tobi%2Bferret@foo.com')
.should.eql({ email: '*****@*****.**' });
},
io.set('authorization', function (handshakeData, accept) {
if (handshakeData.headers.cookie) {
handshakeData.cookie = cookie.parse(handshakeData.headers.cookie);
handshakeData.sessionID = connect.utils.parseSignedCookie(handshakeData.cookie['express.sid'], 'signalandnoise');
if (handshakeData.cookie['express.sid'] == handshakeData.sessionID) {
return accept('Cookie is invalid.', false);
}
} else {
return accept('No cookie transmitted.', false);
}
sessionStore.get(handshakeData.sessionID, function (err, session) {
if (err || !session) {
// if we cannot grab a session, turn down the connection
return accept('Error', false);
} else {
// save the session data
handshakeData.session = session;
}
});
accept(null, true);
});
manager.io.set('authorization', function(data, accept) {
if (tokenOpt === true) {
if (data && data.query && data.query.token) {
manager.client.get(data.query.token, function (err, apiKey){
if (err || apiKey === null) {
accept('Error token', false);
} else {
data.session = apiKey;
accept(null, true);
}
});
} else {
accept('No token', false);
}
} else {
if (data.headers.cookie) {
var sessionCookie = cookie.parse(data.headers.cookie);
var sessionID = connect.utils.parseSignedCookie(sessionCookie[cookieOpt.name], cookieOpt.secret);
manager.sessionStore.get(sessionID, function(err, session) {
if (err || !session) {
accept('Error cookie', false);
} else {
data.session = session;
data.sessionID = sessionID;
accept(null, true);
}
});
} else {
accept('No cookie', false);
}
}
});
io.set('authorization', function (handshakeData, callback) {
if (handshakeData.headers.cookie) {
// Read cookies from handshake headers
var cookies = cookie.parse(handshakeData.headers.cookie);
// We're now able to retrieve session ID
var sessionID;
if (cookies['connect.sid'])
sessionID = connect.utils.parseSignedCookie(cookies['connect.sid'], sessionSecret);
// No session? Refuse connection
if (!sessionID) {
callback('No session', false);
} else {
// On récupère la session utilisateur, et on en extrait son username
sessionStore.get(sessionID, function (err, session) {
if (!err && session && session.user) {
// OK, on accepte la connexion
callback(null, true);
} else {
// Session incomplète, ou non trouvée
callback(err || 'User not authenticated', false);
}
});
}
}
});
'test pause()': function(defer){
var calls = 0
, data = []
, req = new Stream;
req.write = function(data){
this.emit('data', data);
};
req.end = function(){
this.emit('end');
};
var pause = utils.pause(req);
req.write('one');
req.write('two');
req.end();
req.on('data', function(chunk){
++calls;
data.push(chunk);
});
req.on('end', function(){
++calls;
data.should.have.length(2);
});
pause.resume();
defer(function(){
calls.should.equal(3);
});
},
sio.set('authorization', function(data, accept) {
/* NOTE: To detect which session this socket is associated with,
* we need to parse the cookies. */
if (!data.headers.cookie) {
return accept('Session cookie required.', false);
}
/* XXX: Here be hacks! Both of these methods are part of Connect's
* private API, meaning there's no guarantee they won't change
* even on minor revision changes. Be careful (but still
* use this code!) */
/* NOTE: First parse the cookies into a half-formed object. */
data.cookie = cookie.parse(data.headers.cookie);
// NOTE: Next, verify the signature of the session cookie.
data.cookie = connect.utils.parseSignedCookies(data.cookie, sessionSecret);
/* NOTE: save ourselves a copy of the sessionID. */
data.sessionID = data.cookie['express.sid'];
/* NOTE: get the associated session for this ID. If it doesn't exist,
* then bail. */
sessionStore.get(data.sessionID, function(err, session) {
if (err) {
return accept('Error in session store.', false);
} else if (!session) {
return accept('Session not found.', false);
}
// success! we're authenticated with a known session.
data.session = session;
return accept(null, true);
});
});
exports.current_user = function(req,res,next){
var user_id = req.cookies? req.cookies.user_id : undefined;
if(!user_id){
res.cookie('user_id',utils.uid(32));
}
next();
};
db.emit('schema', 'user.find', {login: user, password: password}, function (err, obj) {
if (err || (obj === null))
result(jsonrpc.INVALID_CREDENTIALS);
else {
var apikey = utils.uid(24),
xUser = obj;
db.emit('schema', 'session.find', {username: xUser.login, pwd: xUser.password}, function (err, obj) {
if (err || (obj === null)) {
db.emit('schema', 'session.add', {user: xUser, session: apikey, username: xUser.login, pwd: xUser.password}, function (err, obj) {
if (err || (obj === null))
result(jsonrpc.DATABASE_ERROR);
else
result(null, apikey);
});
} else {
if (obj.needrelogin) {
db.emit('schema', 'session.delete', { session: obj.session }, function (err, obj) {
result(jsonrpc.NEED_RELOGIN, obj.session);
});
} else {
db.emit('schema', 'session.update', { session: obj.session, user: xUser, username: xUser.login, pwd: xUser.password }, function (err, obj) {
result(null, obj.session);
});
}
}
});
}
});
sio.set('authorization', function(data, accept) {
var cookies = connect.utils.parseCookie(data.headers.cookie)
, sessionId = cookies['connect.sid']
if (!sessionId) {
accept(null, false)
return
}
ng.db.getMongoStore().get(sessionId, function(err, session) {
if (err) {
accept(err, false)
return
}
if (!session) {
accept(null, false)
return
}
data.session = session
accept(null, true)
})
})
io.set('authorization', function(handshakeData, callback) {
var cookie = handshakeData.headers.cookie;
if (!cookie) {
return callback(new Error('Cannot find cookie'), false);
}
cookie = require('cookie').parse(decodeURIComponent(cookie));
cookie = connect.utils.parseSignedCookies(cookie, SESSION_SECRET);
var sessionID = cookie['connect.sid'];
if (!sessionID) {
return callback(new Error('Cannot obtain sessionID'));
}
sessionStore.get(sessionID, function(err, session) {
if (err) {
callback('Cannot get session: ' + err.message, false);
} else if (!session) {
console.log('session not found');
callback('session not found', false);
} else {
console.log('Session found! ' + JSON.stringify(session));
handshakeData.cookie = cookie;
handshakeData.sessionID = sessionID;
handshakeData.sessionStore = sessionStore;
handshakeData.session = new Session(handshakeData, session);
callback(null, true);
}
});
});
_io.of('/game').authorization( function (handshakeData, accept) {
//console.log(handshakeData);
if (handshakeData.headers.cookie) {
handshakeData.cookie = cookie.parse(handshakeData.headers.cookie);
handshakeData.sessionID = connect.utils.parseSignedCookie(handshakeData.cookie['express.sid'], 'secret');
if (handshakeData.cookie['express.sid'] == handshakeData.sessionID) {
// reject the handshake
return accept('Cookie is invalid.', false);
}
} else {
// if there isn't, turn down the connection with a message
// and leave the function.
return accept('No cookie transmitted.', false);
}
_sessionStore.get(handshakeData.sessionID, function(err, session){
if (err) {
return accept('Error in session store.', false);
} else if (!session) {
return accept('Session not found.', false);
}
// success! we're authenticated with a known session.
handshakeData.session = session;
if(session.username){
//the user is logged in
return accept(null, true);
}
return accept('The user is not logged in.', false);
});
});
function (callback) {
handshake.cookies = cookie.parse(handshake.headers.cookie || '');
var sidCookie = handshake.cookies[config.get('session:key')];
var sid = connect.utils.parseSignedCookie(sidCookie, config.get('session:secret')); //todo migrate
loadSession(sid, callback);
},
function(callback){
handshake.cookies = cookie.parse(handshake.headers.cookie||'');
var sidCookie = handshake.cookies[config.get('session:key')];
var sid = connect.utils.parseSignedCookie(sidCookie, "WhoIsWho");
loadSession(sid, callback);
},
return function connectCsrf (req, res, next) {
// Grab the token off the request object or create one
var token = req[options.tokenKey];
if (token === undefined) {
token = csrf();
req[options.tokenKey] = token;
}
// Create a helper function to print a csrf form input
req.csrfInput = res.locals.csrfInput = function () {
return csrf.html(token);
};
// CSRF validation
// https://github.com/senchalabs/connect/blob/2.12.0/lib/middleware/csrf.js#L76
if (!req.method.match(/^(GET|HEAD|OPTIONS)$/)) {
var data = req[options.dataKey] || {};
var valid = csrf.validate(data, token);
if (!valid) {
return next(connect.utils.error(403));
}
}
next();
};
var getNick = function(socket) {
var cookie_string = socket.handshake.headers.cookie;
var parsed_cookies = connect.utils.parseCookie(cookie_string);
var nick = users.validToken(parsed_cookies['mtoken']).key;
id ++;
return nick + ' ' + id;
}
server.use(function(req, res, next) {
req.parsedUrl = parseUrl(req.url);
if (!(req.session.uid || req.session.anonid))
return next(new error.Unauthorized());
// NOTE: This gets called multiple times!
var pause = utils.pause(req);
initUserAndProceed(req.session.uid || req.session.anonid, ide.options.workspaceId, function(err) {
if (err) {
next(err);
pause.resume();
return;
}
// Guard against `Can't set headers after they are sent. Error: Can't set headers after they are sent.`.
try {
next();
pause.resume();
} catch(err) {
console.error(err.stack);
}
});
});
io.set('authorization', function (handshakeData, accept) {
if (handshakeData.headers.cookie) {
handshakeData.cookie = cookie.parse(handshakeData.headers.cookie);
handshakeData.sessionID = connect.utils.parseSignedCookie(handshakeData.cookie['express.sid'], 'secret');
if (handshakeData.cookie['express.sid'] == handshakeData.sessionID) {
return accept('Cookie is invalid.', false);
}
handshakeData.sessionStore = sessionStore;
var isTestOrIos = handshakeData.cookie['express.sid'] == 's:test';
sessionStore.load(handshakeData.sessionID, function(err, session) {
//if handshakeData.sessionID == false then we are doing a test and passed cookie with a sid that ends up as false
if((err || !session) && !isTestOrIos) {
return accept('Error 1', false);
} else {
handshakeData.session = new Session(handshakeData, session);
return accept(null, true);
}
});
} else {
return accept('No cookie transmitted.', false);
}
// accept(null, true);
});
exports.current_user = function(req, res, next) {
if(!req.cookies.user_id) {
req.cookies('user_id', utils.uid(32));
}
next();
}
ArenaManager.prototype.createGame = function() {
var gameId = connect.utils.uid(50);
if(!this.games[gameId]) {
this.games[gameId] = new BugArena();
this.openGames.push(gameId);
}
else throw "Duplicate game id";
};
function (callback) {
// сделать handshakeData.cookies - объектом с cookie
handshake.cookies = cookie.parse(handshake.headers.cookie || '');
var sidCookie = handshake.cookies[config.get('session:name')];
var sid = connect.utils.parseSignedCookie(sidCookie, config.get('session:secret'));
loadSession(sid, callback);
},
exports.createCookie = function(cookie){
var result = connect.utils.parseSignedCookies(
require('cookie').parse(decodeURIComponent(cookie)),
exports.sessionSecret
);
console.log(result);
return result;
};
Todo.findById(req.params.id, function(err, todo){
if(todo.user_id != req.cookies.user_id){
return utils.forbidden(res);
}
todo.remove(function(err, todo){
res.redirect(rootFolder);
});
});