io.set('authorization', function(handshakeData, accept){ if (!handshakeData.headers.cookie) { return accept('no cookie.', false); } handshakeData.cookies = utils.parseSignedCookies( cookie.parse(handshakeData.headers.cookie), config.cookie_secret); sessionStore.get(handshakeData.cookies['connect.sid'], function(err, session){ if (err || !session || !session.user) { return accept('no session.', false); } handshakeData.session = session; return accept(null, true); }); });
var parseCookie = function (cookie) { return parseSignedCookies(parse(cookie), 'your secret here') };
function socialHandler(data, accept, sessionStore, handlers, secret) { try { // Deriving express cookie here to define whether user has already // established session var signedCookies = cookie.parse(decodeURIComponent(data.headers.cookie)); // Creating structure for the Session module that looks like request data.cookie = connectUtils.parseSignedCookies(signedCookies, secret); data.sessionID = data.cookie['express.sid']; data.sessionStore = sessionStore; } catch (error) { console.warn("failed parsing cookies: " + error); accept('Malformed cookie transmitted', false); return; } // sessionStore.load(data.sessionID, function (error, session) { if (error) { console.warn("error in session storage: ", error); accept("Server error", false); return; } if (!session) { // Cookie exists but session is missing in storage. Probably it could // be due to server reset or cache flush. So need to create a new // session but notify the end user. // Client is actually not allowed to get session but in order to // allow auto refresh on client we grand new session but mark it with // `reload` flag to allow just one message to be send back with // notification that connection should be reestablish console.warn("could not find session for cookie: ", data.sessionID); data.reset = true; data.session = new Session(data, session); accept(null, true); // the following should be used to fully deny connection // accept("Error", false); return; } // Resolve user, could be a locally mocked or from social network var handler; for (var i = 0, len = handlers.length; i < len; ++i) { if (handlers[i].canHandle(data)) { handler = handlers[i]; break; } } if (!handler) { accept("unauthorized", false); return; } try { // pass request object to the handler in order to derive user // information handler.handle(data, function (error, profile) { if (error) { accept(error, false); return; } // TODO: validate profile // if (!profile.uid || !profile.first_name || !profile.last_name || !profile.avatar) data.user = profile; data.session = new Session(data, session); accept(null, true); }); } catch (e) { accept("failed handle request", false); console.warn("failed handle request, error:", e, " handler:", handler); } }); }
global.parseCookie = function(cookie){ return parseSC((parse(cookie)),"rlaeodnjs"); };