function(req, res, next) { var urlinfo = urlutil.parse(req.url, true); if(urlinfo.pathname.indexOf('/api') === 0) { urlinfo.pathname = urlinfo.pathname.substring(4); } var data = urlinfo.query; if(req.body) { for(var k in req.body) { data[k] = req.body[k]; } } delete data.source; var authorization = req.headers.authorization; if (!authorization) return connect.utils.unauthorized(res, ''); var parts = authorization.split(' ') , scheme = parts[0] , credentials = new Buffer(parts[1], 'base64').toString().split(':'); if ('Basic' != scheme) return connect.utils.badRequest(res); var key = credentials[0] + credentials[1]; cache.get(key, function(err, oauth_user) { var params = { url: urlinfo.pathname, play_load: 'string', type: req.method, user: oauth_user, data: data }; twitter._send_request(params, function(err, data) { res.end(data); }); }); }
socketServer.set('authorization', function(handshakeData, _cb) { //require cookies if (!handshakeData.headers.cookie) { return _cb('Cookies are required.', false); } var cookies = Connect.utils.parseCookie(handshakeData.headers.cookie); cookies = Connect.utils.parseSignedCookies(cookies, options.connect.cookieParser.secret); handshakeData.sessionId = cookies[options.connect.session.key]; httpServer.sessionStore.get(handshakeData.sessionId, function(err, sess) { if (err) { logger.error('Error retrieving session: ' + err); return _cb('Error retrieving session', false); } else if (!sess) { logger.error('No session found for session id: ' + handshakeData.sessionId); return _cb('No session found', false); } //found session - stuff it into handshakeData for connection event to then move it up to client object sess.id = handshakeData.sessionId; //for some reason the id isn't being returned anymore (not sure why), so we have to set it handshakeData.session = sess; _cb(null, true); }); });
'test parseCookie()': function(){ assert.eql({ foo: 'bar' }, utils.parseCookie('foo=bar')); assert.eql({ sid: '123' }, utils.parseCookie('SID=123')); assert.eql({ sid: '123' }, utils.parseCookie('SID=123;SID=somethingElse')); assert.eql({ foo: 'bar', baz: 'raz' }, utils.parseCookie('foo = bar; baz = raz')); assert.eql({ fbs: 'uid=0987654321&name=Test User' }, utils.parseCookie('fbs="uid=0987654321&name=Test+User"')); },
app.get(route, combo.combine({rootPath: roots[route]}), function (req, res) { if (!connect.utils.modified(req, res)) { return connect.utils.notModified(res); } res.send(res.body, 200); });
app.get('/combo', combo.combine({rootPath: pubDir + '/js'}), function (req, res) { if (connect.utils.conditionalGET(req)) { if (!connect.utils.modified(req, res)) { return connect.utils.notModified(res); } } res.send(res.body, 200); });
/** * Get the session id from the Rain cookie passed on the session. * * @param {Socket} socket the socket to extract the session from * @returns {String} sid the session id */ function getSid(socket) { if (!socket.handshake.headers.cookie) { return; } var cookies = connect.utils.parseCookie(socket.handshake.headers.cookie); var sid = connect.utils.parseSignedCookies(cookies, 'let it rain ;)')['rain.sid']; return sid; }
return function(req, res) { var locals = { app: this.app, render: this.createRenderFunction(req, res, actionName), handleError: errorHandler, }; locals = utils.merge(locals, this.actionLocals); locals = utils.merge(locals, this.app.resource.path); fn.call(locals, req, res, locals); }.bind(this);
http.ServerResponse.prototype.partial = function(view, options, ext, locals){ // Inherit parent view extension when not present if (ext && view.indexOf('.') < 0) { view += ext; } // Allow collection to be passed as second param if (options && options.hasOwnProperty('length')) { options = { collection: options }; } // Defaults options = options || {}; // Inherit locals from parent options.locals = options.locals || {}; utils.merge(options.locals, locals); // Partials dont need layouts options.partial = true; options.layout = false; // Deduce name from view path var name = options.as || view.split('/').slice(-1)[0].split('.')[0]; // Collection support var collection = options.collection; if (collection) { var len = collection.length , buf = ''; delete options.collection; options.locals.collectionLength = len; for (var i = 0; i < len; ++i) { var val = collection[i]; options.locals.firstInCollection = i === 0; options.locals.indexInCollection = i; options.locals.lastInCollection = i === len - 1; options.object = val; buf += this.partial(view, options); } return buf; } else { if (options.object) { if ('string' == typeof name) { options.locals[name] = options.object; } else if (name === global) { utils.merge(options.locals, options.object); } else { options.scope = options.object; } } return this.render(view, options); } };
'test parseCookie()': function(){ utils.parseCookie('foo=bar').should.eql({ foo: 'bar' }); utils.parseCookie('SID=123').should.eql({ sid: '123' }); utils.parseCookie('foo = bar; baz = raz') .should.eql({ foo: 'bar', baz: 'raz' }); utils.parseCookie('fbs="uid=0987654321&name=Test+User"') .should.eql({ fbs: 'uid=0987654321&name=Test User' }); utils.parseCookie('email=tobi%2Bferret@foo.com') .should.eql({ email: '*****@*****.**' }); },
io.set('authorization', function (handshakeData, accept) { if (handshakeData.headers.cookie) { handshakeData.cookie = cookie.parse(handshakeData.headers.cookie); handshakeData.sessionID = connect.utils.parseSignedCookie(handshakeData.cookie['express.sid'], 'signalandnoise'); if (handshakeData.cookie['express.sid'] == handshakeData.sessionID) { return accept('Cookie is invalid.', false); } } else { return accept('No cookie transmitted.', false); } sessionStore.get(handshakeData.sessionID, function (err, session) { if (err || !session) { // if we cannot grab a session, turn down the connection return accept('Error', false); } else { // save the session data handshakeData.session = session; } }); accept(null, true); });
manager.io.set('authorization', function(data, accept) { if (tokenOpt === true) { if (data && data.query && data.query.token) { manager.client.get(data.query.token, function (err, apiKey){ if (err || apiKey === null) { accept('Error token', false); } else { data.session = apiKey; accept(null, true); } }); } else { accept('No token', false); } } else { if (data.headers.cookie) { var sessionCookie = cookie.parse(data.headers.cookie); var sessionID = connect.utils.parseSignedCookie(sessionCookie[cookieOpt.name], cookieOpt.secret); manager.sessionStore.get(sessionID, function(err, session) { if (err || !session) { accept('Error cookie', false); } else { data.session = session; data.sessionID = sessionID; accept(null, true); } }); } else { accept('No cookie', false); } } });
io.set('authorization', function (handshakeData, callback) { if (handshakeData.headers.cookie) { // Read cookies from handshake headers var cookies = cookie.parse(handshakeData.headers.cookie); // We're now able to retrieve session ID var sessionID; if (cookies['connect.sid']) sessionID = connect.utils.parseSignedCookie(cookies['connect.sid'], sessionSecret); // No session? Refuse connection if (!sessionID) { callback('No session', false); } else { // On récupère la session utilisateur, et on en extrait son username sessionStore.get(sessionID, function (err, session) { if (!err && session && session.user) { // OK, on accepte la connexion callback(null, true); } else { // Session incomplète, ou non trouvée callback(err || 'User not authenticated', false); } }); } } });
'test pause()': function(defer){ var calls = 0 , data = [] , req = new Stream; req.write = function(data){ this.emit('data', data); }; req.end = function(){ this.emit('end'); }; var pause = utils.pause(req); req.write('one'); req.write('two'); req.end(); req.on('data', function(chunk){ ++calls; data.push(chunk); }); req.on('end', function(){ ++calls; data.should.have.length(2); }); pause.resume(); defer(function(){ calls.should.equal(3); }); },
sio.set('authorization', function(data, accept) { /* NOTE: To detect which session this socket is associated with, * we need to parse the cookies. */ if (!data.headers.cookie) { return accept('Session cookie required.', false); } /* XXX: Here be hacks! Both of these methods are part of Connect's * private API, meaning there's no guarantee they won't change * even on minor revision changes. Be careful (but still * use this code!) */ /* NOTE: First parse the cookies into a half-formed object. */ data.cookie = cookie.parse(data.headers.cookie); // NOTE: Next, verify the signature of the session cookie. data.cookie = connect.utils.parseSignedCookies(data.cookie, sessionSecret); /* NOTE: save ourselves a copy of the sessionID. */ data.sessionID = data.cookie['express.sid']; /* NOTE: get the associated session for this ID. If it doesn't exist, * then bail. */ sessionStore.get(data.sessionID, function(err, session) { if (err) { return accept('Error in session store.', false); } else if (!session) { return accept('Session not found.', false); } // success! we're authenticated with a known session. data.session = session; return accept(null, true); }); });
exports.current_user = function(req,res,next){ var user_id = req.cookies? req.cookies.user_id : undefined; if(!user_id){ res.cookie('user_id',utils.uid(32)); } next(); };
db.emit('schema', 'user.find', {login: user, password: password}, function (err, obj) { if (err || (obj === null)) result(jsonrpc.INVALID_CREDENTIALS); else { var apikey = utils.uid(24), xUser = obj; db.emit('schema', 'session.find', {username: xUser.login, pwd: xUser.password}, function (err, obj) { if (err || (obj === null)) { db.emit('schema', 'session.add', {user: xUser, session: apikey, username: xUser.login, pwd: xUser.password}, function (err, obj) { if (err || (obj === null)) result(jsonrpc.DATABASE_ERROR); else result(null, apikey); }); } else { if (obj.needrelogin) { db.emit('schema', 'session.delete', { session: obj.session }, function (err, obj) { result(jsonrpc.NEED_RELOGIN, obj.session); }); } else { db.emit('schema', 'session.update', { session: obj.session, user: xUser, username: xUser.login, pwd: xUser.password }, function (err, obj) { result(null, obj.session); }); } } }); } });
sio.set('authorization', function(data, accept) { var cookies = connect.utils.parseCookie(data.headers.cookie) , sessionId = cookies['connect.sid'] if (!sessionId) { accept(null, false) return } ng.db.getMongoStore().get(sessionId, function(err, session) { if (err) { accept(err, false) return } if (!session) { accept(null, false) return } data.session = session accept(null, true) }) })
io.set('authorization', function(handshakeData, callback) { var cookie = handshakeData.headers.cookie; if (!cookie) { return callback(new Error('Cannot find cookie'), false); } cookie = require('cookie').parse(decodeURIComponent(cookie)); cookie = connect.utils.parseSignedCookies(cookie, SESSION_SECRET); var sessionID = cookie['connect.sid']; if (!sessionID) { return callback(new Error('Cannot obtain sessionID')); } sessionStore.get(sessionID, function(err, session) { if (err) { callback('Cannot get session: ' + err.message, false); } else if (!session) { console.log('session not found'); callback('session not found', false); } else { console.log('Session found! ' + JSON.stringify(session)); handshakeData.cookie = cookie; handshakeData.sessionID = sessionID; handshakeData.sessionStore = sessionStore; handshakeData.session = new Session(handshakeData, session); callback(null, true); } }); });
_io.of('/game').authorization( function (handshakeData, accept) { //console.log(handshakeData); if (handshakeData.headers.cookie) { handshakeData.cookie = cookie.parse(handshakeData.headers.cookie); handshakeData.sessionID = connect.utils.parseSignedCookie(handshakeData.cookie['express.sid'], 'secret'); if (handshakeData.cookie['express.sid'] == handshakeData.sessionID) { // reject the handshake return accept('Cookie is invalid.', false); } } else { // if there isn't, turn down the connection with a message // and leave the function. return accept('No cookie transmitted.', false); } _sessionStore.get(handshakeData.sessionID, function(err, session){ if (err) { return accept('Error in session store.', false); } else if (!session) { return accept('Session not found.', false); } // success! we're authenticated with a known session. handshakeData.session = session; if(session.username){ //the user is logged in return accept(null, true); } return accept('The user is not logged in.', false); }); });
function (callback) { handshake.cookies = cookie.parse(handshake.headers.cookie || ''); var sidCookie = handshake.cookies[config.get('session:key')]; var sid = connect.utils.parseSignedCookie(sidCookie, config.get('session:secret')); //todo migrate loadSession(sid, callback); },
function(callback){ handshake.cookies = cookie.parse(handshake.headers.cookie||''); var sidCookie = handshake.cookies[config.get('session:key')]; var sid = connect.utils.parseSignedCookie(sidCookie, "WhoIsWho"); loadSession(sid, callback); },
return function connectCsrf (req, res, next) { // Grab the token off the request object or create one var token = req[options.tokenKey]; if (token === undefined) { token = csrf(); req[options.tokenKey] = token; } // Create a helper function to print a csrf form input req.csrfInput = res.locals.csrfInput = function () { return csrf.html(token); }; // CSRF validation // https://github.com/senchalabs/connect/blob/2.12.0/lib/middleware/csrf.js#L76 if (!req.method.match(/^(GET|HEAD|OPTIONS)$/)) { var data = req[options.dataKey] || {}; var valid = csrf.validate(data, token); if (!valid) { return next(connect.utils.error(403)); } } next(); };
var getNick = function(socket) { var cookie_string = socket.handshake.headers.cookie; var parsed_cookies = connect.utils.parseCookie(cookie_string); var nick = users.validToken(parsed_cookies['mtoken']).key; id ++; return nick + ' ' + id; }
server.use(function(req, res, next) { req.parsedUrl = parseUrl(req.url); if (!(req.session.uid || req.session.anonid)) return next(new error.Unauthorized()); // NOTE: This gets called multiple times! var pause = utils.pause(req); initUserAndProceed(req.session.uid || req.session.anonid, ide.options.workspaceId, function(err) { if (err) { next(err); pause.resume(); return; } // Guard against `Can't set headers after they are sent. Error: Can't set headers after they are sent.`. try { next(); pause.resume(); } catch(err) { console.error(err.stack); } }); });
io.set('authorization', function (handshakeData, accept) { if (handshakeData.headers.cookie) { handshakeData.cookie = cookie.parse(handshakeData.headers.cookie); handshakeData.sessionID = connect.utils.parseSignedCookie(handshakeData.cookie['express.sid'], 'secret'); if (handshakeData.cookie['express.sid'] == handshakeData.sessionID) { return accept('Cookie is invalid.', false); } handshakeData.sessionStore = sessionStore; var isTestOrIos = handshakeData.cookie['express.sid'] == 's:test'; sessionStore.load(handshakeData.sessionID, function(err, session) { //if handshakeData.sessionID == false then we are doing a test and passed cookie with a sid that ends up as false if((err || !session) && !isTestOrIos) { return accept('Error 1', false); } else { handshakeData.session = new Session(handshakeData, session); return accept(null, true); } }); } else { return accept('No cookie transmitted.', false); } // accept(null, true); });
exports.current_user = function(req, res, next) { if(!req.cookies.user_id) { req.cookies('user_id', utils.uid(32)); } next(); }
ArenaManager.prototype.createGame = function() { var gameId = connect.utils.uid(50); if(!this.games[gameId]) { this.games[gameId] = new BugArena(); this.openGames.push(gameId); } else throw "Duplicate game id"; };
function (callback) { // сделать handshakeData.cookies - объектом с cookie handshake.cookies = cookie.parse(handshake.headers.cookie || ''); var sidCookie = handshake.cookies[config.get('session:name')]; var sid = connect.utils.parseSignedCookie(sidCookie, config.get('session:secret')); loadSession(sid, callback); },
exports.createCookie = function(cookie){ var result = connect.utils.parseSignedCookies( require('cookie').parse(decodeURIComponent(cookie)), exports.sessionSecret ); console.log(result); return result; };
Todo.findById(req.params.id, function(err, todo){ if(todo.user_id != req.cookies.user_id){ return utils.forbidden(res); } todo.remove(function(err, todo){ res.redirect(rootFolder); }); });