From 14a0b45ae8c6d3446496b5dbb6f0601b47eb05c2 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Mon, 17 Mar 2014 10:48:30 -0400 Subject: [PATCH] securing settings.save socket listeners behind admin namespace --- public/src/modules/settings.js | 4 ++-- src/socket.io/admin.js | 42 +++++++++++++++++----------------- src/socket.io/modules.js | 10 -------- 3 files changed, 23 insertions(+), 33 deletions(-) diff --git a/public/src/modules/settings.js b/public/src/modules/settings.js index 6a599cfb31..cc4daafe77 100644 --- a/public/src/modules/settings.js +++ b/public/src/modules/settings.js @@ -17,7 +17,7 @@ define(function() { var Settings = {}; Settings.load = function(hash, formEl) { - socket.emit('modules.settings.get', { + socket.emit('admin.settings.get', { hash: hash }, function(err, values) { if (!err) { @@ -33,7 +33,7 @@ define(function() { if (formEl.length) { var values = formEl.serializeObject(); - socket.emit('modules.settings.set', { + socket.emit('admin.settings.set', { hash: hash, values: values }, function(err) { diff --git a/src/socket.io/admin.js b/src/socket.io/admin.js index 14093734ec..6173ab7a04 100644 --- a/src/socket.io/admin.js +++ b/src/socket.io/admin.js @@ -19,7 +19,17 @@ var groups = require('../groups'), winston = require('winston'), index = require('./index'), - SocketAdmin = {}; + SocketAdmin = { + topics: {}, + user: {}, + categories: {}, + themes: {}, + plugins: {}, + widgets: {}, + config: {}, + groups: {}, + settings: {} + }; SocketAdmin.before = function(socket, next) { // Verify administrative privileges @@ -61,9 +71,6 @@ SocketAdmin.getVisitorCount = function(socket, data, callback) { } /* Topics */ - -SocketAdmin.topics = {}; - SocketAdmin.topics.getMore = function(socket, data, callback) { if(!data) { return callback(new Error('invalid data')); @@ -76,9 +83,6 @@ SocketAdmin.topics.getMore = function(socket, data, callback) { }; /* User */ - -SocketAdmin.user = {}; - SocketAdmin.user.makeAdmin = function(socket, theirid) { admin.user.makeAdmin(socket.uid, theirid, socket); }; @@ -136,9 +140,6 @@ SocketAdmin.user.search = function(socket, username, callback) { }; /* Categories */ - -SocketAdmin.categories = {}; - SocketAdmin.categories.create = function(socket, data, callback) { if(!data) { return callback(new Error('invalid data')); @@ -290,11 +291,6 @@ SocketAdmin.categories.groupsList = function(socket, cid, callback) { }; /* Themes, Widgets, and Plugins */ - -SocketAdmin.themes = {}; -SocketAdmin.plugins = {}; -SocketAdmin.widgets = {}; - SocketAdmin.themes.getInstalled = function(socket, data, callback) { meta.themes.get(callback); }; @@ -325,9 +321,6 @@ SocketAdmin.widgets.set = function(socket, data, callback) { }; /* Configs */ - -SocketAdmin.config = {}; - SocketAdmin.config.get = function(socket, data, callback) { meta.configs.list(callback); }; @@ -358,9 +351,6 @@ SocketAdmin.config.remove = function(socket, key) { }; /* Groups */ - -SocketAdmin.groups = {}; - SocketAdmin.groups.create = function(socket, data, callback) { if(!data) { return callback(new Error('invalid data')); @@ -409,4 +399,14 @@ SocketAdmin.groups.update = function(socket, data, callback) { }); }; +/* Settings */ +SocketAdmin.settings.get = function(socket, data, callback) { + meta.settings.get(data.hash, callback); +}; + +SocketAdmin.settings.set = function(socket, data, callback) { + console.log('setting', data); + meta.settings.set(data.hash, data.values, callback); +}; + module.exports = SocketAdmin; diff --git a/src/socket.io/modules.js b/src/socket.io/modules.js index 09b5f7f3d3..db94f724d4 100644 --- a/src/socket.io/modules.js +++ b/src/socket.io/modules.js @@ -245,14 +245,4 @@ SocketModules.sounds.getMapping = function(socket, data, callback) { meta.sounds.getMapping(callback); }; -/* Settings */ -SocketModules.settings.get = function(socket, data, callback) { - meta.settings.get(data.hash, callback); -}; - -SocketModules.settings.set = function(socket, data, callback) { - console.log('setting', data); - meta.settings.set(data.hash, data.values, callback); -}; - module.exports = SocketModules; \ No newline at end of file