sascha
/
Notes
mirror of https://github.com/TriliumNext/Notes
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

websocket requires logged in session in upgrade request

pull/255/head
azivner 2017-11-30 23:50:42 +07:00
parent 5f3a11af47
commit ff3f14c3e2
3 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app.js
Unescape Escape View File

@ -9,7 +9,6 @@ const session = require('express-session');
const FileStore = require('session-file-store')(session);
const os = require('os');
const sessionSecret = require('./services/session_secret');
const utils = require('./services/utils');
require('./services/ping_job');
@ -30,12 +29,12 @@ app.use(bodyParser.json({limit: '50mb'}));
app.use(bodyParser.urlencoded({extended: false}));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
app.use(session({
const sessionParser = session({
secret: sessionSecret,
resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.
saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.
cookie: {
// path: "/",
// path: "/",
httpOnly: true,
maxAge: 1800000
},
@ -43,7 +42,8 @@ app.use(session({
ttl: 30 * 24 * 3600,
path: os.tmpdir() + '/trilium-sessions'
})
}));
});
app.use(sessionParser);
app.use(favicon(__dirname + '/public/images/app-icons/win/icon.ico'));
@ -72,4 +72,7 @@ require('./services/sync');
// triggers backup timer
require('./services/backup');
module.exports = app;
module.exports = {
app,
sessionParser
};

4
bin/www
Unescape Escape View File

@ -8,7 +8,7 @@ process.on('unhandledRejection', error => {
require('../services/log').info(error);
});
const app = require('../app');
const { app, sessionParser } = require('../app');
const debug = require('debug')('node:server');
const fs = require('fs');
const http = require('http');
@ -53,7 +53,7 @@ httpServer.listen(port);
httpServer.on('error', onError);
httpServer.on('listening', onListening);
messaging.init(httpServer);
messaging.init(httpServer, sessionParser);
if (utils.isElectron()) {
const electronRouting = require('../routes/electron');

20
services/messaging.js
Unescape Escape View File

@ -1,9 +1,25 @@
const WebSocket = require('ws');
const utils = require('./utils');
const log = require('./log');
let webSocketServer;
function init(httpServer) {
webSocketServer = new WebSocket.Server({server: httpServer});
function init(httpServer, sessionParser) {
webSocketServer = new WebSocket.Server({
verifyClient: (info, done) => {
sessionParser(info.req, {}, () => {
const allowed = utils.isElectron() || info.req.session.loggedIn;
if (!allowed) {
log.error("WebSocket connection not allowed because session is neither electron nor logged in.");
}
done(allowed)
});
},
server: httpServer
});
webSocketServer.on('connection', function connection(ws, req) {
console.log("websocket client connected");
});