|
|
|
@ -8,227 +8,211 @@ var cookieParser = require('cookie-parser')(nconf.get('secret'));
|
|
|
|
var winston = require('winston');
|
|
|
|
var winston = require('winston');
|
|
|
|
|
|
|
|
|
|
|
|
var db = require('../database');
|
|
|
|
var db = require('../database');
|
|
|
|
var user = require('../user');
|
|
|
|
|
|
|
|
var logger = require('../logger');
|
|
|
|
var logger = require('../logger');
|
|
|
|
var ratelimit = require('../middleware/ratelimit');
|
|
|
|
var ratelimit = require('../middleware/ratelimit');
|
|
|
|
var cls = require('../middleware/cls');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
var io;
|
|
|
|
var Sockets = {};
|
|
|
|
|
|
|
|
var Namespaces = {};
|
|
|
|
|
|
|
|
|
|
|
|
(function(Sockets) {
|
|
|
|
var io;
|
|
|
|
var Namespaces = {};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sockets.init = function(server) {
|
|
|
|
Sockets.init = function(server) {
|
|
|
|
requireModules();
|
|
|
|
requireModules();
|
|
|
|
|
|
|
|
|
|
|
|
io = new SocketIO({
|
|
|
|
io = new SocketIO({
|
|
|
|
path: nconf.get('relative_path') + '/socket.io'
|
|
|
|
path: nconf.get('relative_path') + '/socket.io'
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
addRedisAdapter(io);
|
|
|
|
addRedisAdapter(io);
|
|
|
|
|
|
|
|
|
|
|
|
io.use(socketioWildcard);
|
|
|
|
io.use(socketioWildcard);
|
|
|
|
io.use(authorize);
|
|
|
|
io.use(authorize);
|
|
|
|
|
|
|
|
|
|
|
|
io.on('connection', onConnection);
|
|
|
|
io.on('connection', onConnection);
|
|
|
|
|
|
|
|
|
|
|
|
io.on('disconnect', function(data) {
|
|
|
|
io.listen(server, {
|
|
|
|
onDisconnect(io, data);
|
|
|
|
transports: nconf.get('socket.io:transports')
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
io.listen(server, {
|
|
|
|
Sockets.server = io;
|
|
|
|
transports: nconf.get('socket.io:transports')
|
|
|
|
};
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sockets.server = io;
|
|
|
|
function onConnection(socket) {
|
|
|
|
};
|
|
|
|
socket.ip = socket.request.headers['x-forwarded-for'] || socket.request.connection.remoteAddress;
|
|
|
|
|
|
|
|
|
|
|
|
function onConnection(socket) {
|
|
|
|
logger.io_one(socket, socket.uid);
|
|
|
|
socket.ip = socket.request.headers['x-forwarded-for'] || socket.request.connection.remoteAddress;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
logger.io_one(socket, socket.uid);
|
|
|
|
onConnect(socket);
|
|
|
|
|
|
|
|
|
|
|
|
cls.socket(socket, null, 'connection', function () {
|
|
|
|
socket.on('*', function(payload) {
|
|
|
|
onConnect(socket);
|
|
|
|
onMessage(socket, payload);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
socket.on('*', function(payload) {
|
|
|
|
function onConnect(socket) {
|
|
|
|
cls.socket(socket, payload, null, function() {
|
|
|
|
if (socket.uid) {
|
|
|
|
onMessage(socket, payload);
|
|
|
|
socket.join('uid_' + socket.uid);
|
|
|
|
});
|
|
|
|
socket.join('online_users');
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
|
|
|
|
socket.join('online_guests');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function onConnect(socket) {
|
|
|
|
|
|
|
|
if (socket.uid) {
|
|
|
|
function onMessage(socket, payload) {
|
|
|
|
socket.join('uid_' + socket.uid);
|
|
|
|
if (!payload.data.length) {
|
|
|
|
socket.join('online_users');
|
|
|
|
return winston.warn('[socket.io] Empty payload');
|
|
|
|
} else {
|
|
|
|
|
|
|
|
socket.join('online_guests');
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function onDisconnect(socket) {
|
|
|
|
var eventName = payload.data[0];
|
|
|
|
cls.socket(socket, null, 'disconnect', function() {});
|
|
|
|
var params = payload.data[1];
|
|
|
|
|
|
|
|
var callback = typeof payload.data[payload.data.length - 1] === 'function' ? payload.data[payload.data.length - 1] : function() {};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!eventName) {
|
|
|
|
|
|
|
|
return winston.warn('[socket.io] Empty method name');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
var parts = eventName.toString().split('.');
|
|
|
|
|
|
|
|
var namespace = parts[0];
|
|
|
|
|
|
|
|
var methodToCall = parts.reduce(function(prev, cur) {
|
|
|
|
|
|
|
|
if (prev !== null && prev[cur]) {
|
|
|
|
|
|
|
|
return prev[cur];
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}, Namespaces);
|
|
|
|
|
|
|
|
|
|
|
|
function onMessage(socket, payload) {
|
|
|
|
if(!methodToCall) {
|
|
|
|
if (!payload.data.length) {
|
|
|
|
if (process.env.NODE_ENV === 'development') {
|
|
|
|
return winston.warn('[socket.io] Empty payload');
|
|
|
|
winston.warn('[socket.io] Unrecognized message: ' + eventName);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var eventName = payload.data[0];
|
|
|
|
socket.previousEvents = socket.previousEvents || [];
|
|
|
|
var params = payload.data[1];
|
|
|
|
socket.previousEvents.push(eventName);
|
|
|
|
var callback = typeof payload.data[payload.data.length - 1] === 'function' ? payload.data[payload.data.length - 1] : function() {};
|
|
|
|
if (socket.previousEvents.length > 20) {
|
|
|
|
|
|
|
|
socket.previousEvents.shift();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (!eventName) {
|
|
|
|
if (!eventName.startsWith('admin.') && ratelimit.isFlooding(socket)) {
|
|
|
|
return winston.warn('[socket.io] Empty method name');
|
|
|
|
winston.warn('[socket.io] Too many emits! Disconnecting uid : ' + socket.uid + '. Events : ' + socket.previousEvents);
|
|
|
|
}
|
|
|
|
return socket.disconnect();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var parts = eventName.toString().split('.');
|
|
|
|
async.waterfall([
|
|
|
|
var namespace = parts[0];
|
|
|
|
function (next) {
|
|
|
|
var methodToCall = parts.reduce(function(prev, cur) {
|
|
|
|
validateSession(socket, next);
|
|
|
|
if (prev !== null && prev[cur]) {
|
|
|
|
},
|
|
|
|
return prev[cur];
|
|
|
|
function (next) {
|
|
|
|
|
|
|
|
if (Namespaces[namespace].before) {
|
|
|
|
|
|
|
|
Namespaces[namespace].before(socket, eventName, params, next);
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
return null;
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
|
|
|
|
}, Namespaces);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if(!methodToCall) {
|
|
|
|
|
|
|
|
if (process.env.NODE_ENV === 'development') {
|
|
|
|
|
|
|
|
winston.warn('[socket.io] Unrecognized message: ' + eventName);
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
},
|
|
|
|
}
|
|
|
|
function (next) {
|
|
|
|
|
|
|
|
methodToCall(socket, params, next);
|
|
|
|
socket.previousEvents = socket.previousEvents || [];
|
|
|
|
|
|
|
|
socket.previousEvents.push(eventName);
|
|
|
|
|
|
|
|
if (socket.previousEvents.length > 20) {
|
|
|
|
|
|
|
|
socket.previousEvents.shift();
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
], function(err, result) {
|
|
|
|
if (!eventName.startsWith('admin.') && ratelimit.isFlooding(socket)) {
|
|
|
|
callback(err ? {message: err.message} : null, result);
|
|
|
|
winston.warn('[socket.io] Too many emits! Disconnecting uid : ' + socket.uid + '. Events : ' + socket.previousEvents);
|
|
|
|
});
|
|
|
|
return socket.disconnect();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function requireModules() {
|
|
|
|
|
|
|
|
var modules = ['admin', 'categories', 'groups', 'meta', 'modules',
|
|
|
|
|
|
|
|
'notifications', 'plugins', 'posts', 'topics', 'user', 'blacklist'
|
|
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
modules.forEach(function(module) {
|
|
|
|
|
|
|
|
Namespaces[module] = require('./' + module);
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function validateSession(socket, callback) {
|
|
|
|
|
|
|
|
var req = socket.request;
|
|
|
|
|
|
|
|
if (!req.signedCookies || !req.signedCookies['express.sid']) {
|
|
|
|
|
|
|
|
return callback(new Error('[[error:invalid-session]]'));
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
db.sessionStore.get(req.signedCookies['express.sid'], function(err, sessionData) {
|
|
|
|
|
|
|
|
if (err || !sessionData) {
|
|
|
|
|
|
|
|
return callback(err || new Error('[[error:invalid-session]]'));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
async.waterfall([
|
|
|
|
callback();
|
|
|
|
function (next) {
|
|
|
|
});
|
|
|
|
validateSession(socket, next);
|
|
|
|
}
|
|
|
|
},
|
|
|
|
|
|
|
|
function (next) {
|
|
|
|
|
|
|
|
if (Namespaces[namespace].before) {
|
|
|
|
|
|
|
|
Namespaces[namespace].before(socket, eventName, params, next);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
next();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
function (next) {
|
|
|
|
|
|
|
|
methodToCall(socket, params, next);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
], function(err, result) {
|
|
|
|
|
|
|
|
callback(err ? {message: err.message} : null, result);
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function requireModules() {
|
|
|
|
function authorize(socket, callback) {
|
|
|
|
var modules = ['admin', 'categories', 'groups', 'meta', 'modules',
|
|
|
|
var request = socket.request;
|
|
|
|
'notifications', 'plugins', 'posts', 'topics', 'user', 'blacklist'
|
|
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
modules.forEach(function(module) {
|
|
|
|
if (!request) {
|
|
|
|
Namespaces[module] = require('./' + module);
|
|
|
|
return callback(new Error('[[error:not-authorized]]'));
|
|
|
|
});
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function validateSession(socket, callback) {
|
|
|
|
async.waterfall([
|
|
|
|
var req = socket.request;
|
|
|
|
function(next) {
|
|
|
|
if (!req.signedCookies || !req.signedCookies['express.sid']) {
|
|
|
|
cookieParser(request, {}, next);
|
|
|
|
return callback(new Error('[[error:invalid-session]]'));
|
|
|
|
},
|
|
|
|
|
|
|
|
function(next) {
|
|
|
|
|
|
|
|
db.sessionStore.get(request.signedCookies['express.sid'], function(err, sessionData) {
|
|
|
|
|
|
|
|
if (err) {
|
|
|
|
|
|
|
|
return next(err);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sessionData && sessionData.passport && sessionData.passport.user) {
|
|
|
|
|
|
|
|
request.session = sessionData;
|
|
|
|
|
|
|
|
socket.uid = parseInt(sessionData.passport.user, 10);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
socket.uid = 0;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
next();
|
|
|
|
|
|
|
|
});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
db.sessionStore.get(req.signedCookies['express.sid'], function(err, sessionData) {
|
|
|
|
], callback);
|
|
|
|
if (err || !sessionData) {
|
|
|
|
}
|
|
|
|
return callback(err || new Error('[[error:invalid-session]]'));
|
|
|
|
|
|
|
|
}
|
|
|
|
function addRedisAdapter(io) {
|
|
|
|
|
|
|
|
if (nconf.get('redis')) {
|
|
|
|
callback();
|
|
|
|
var redisAdapter = require('socket.io-redis');
|
|
|
|
});
|
|
|
|
var redis = require('../database/redis');
|
|
|
|
|
|
|
|
var pub = redis.connect({return_buffers: true});
|
|
|
|
|
|
|
|
var sub = redis.connect({return_buffers: true});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
io.adapter(redisAdapter({pubClient: pub, subClient: sub}));
|
|
|
|
|
|
|
|
} else if (nconf.get('isCluster') === 'true') {
|
|
|
|
|
|
|
|
winston.warn('[socket.io] Clustering detected, you are advised to configure Redis as a websocket store.');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function authorize(socket, callback) {
|
|
|
|
Sockets.in = function(room) {
|
|
|
|
var request = socket.request;
|
|
|
|
return io.in(room);
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
if (!request) {
|
|
|
|
Sockets.getUserSocketCount = function(uid) {
|
|
|
|
return callback(new Error('[[error:not-authorized]]'));
|
|
|
|
if (!io) {
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
|
|
async.waterfall([
|
|
|
|
|
|
|
|
function(next) {
|
|
|
|
|
|
|
|
cookieParser(request, {}, next);
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
function(next) {
|
|
|
|
|
|
|
|
db.sessionStore.get(request.signedCookies['express.sid'], function(err, sessionData) {
|
|
|
|
|
|
|
|
if (err) {
|
|
|
|
|
|
|
|
return next(err);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sessionData && sessionData.passport && sessionData.passport.user) {
|
|
|
|
|
|
|
|
request.session = sessionData;
|
|
|
|
|
|
|
|
socket.uid = parseInt(sessionData.passport.user, 10);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
socket.uid = 0;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
next();
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
], callback);
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function addRedisAdapter(io) {
|
|
|
|
var room = io.sockets.adapter.rooms['uid_' + uid];
|
|
|
|
if (nconf.get('redis')) {
|
|
|
|
return room ? room.length : 0;
|
|
|
|
var redisAdapter = require('socket.io-redis');
|
|
|
|
};
|
|
|
|
var redis = require('../database/redis');
|
|
|
|
|
|
|
|
var pub = redis.connect({return_buffers: true});
|
|
|
|
|
|
|
|
var sub = redis.connect({return_buffers: true});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
io.adapter(redisAdapter({pubClient: pub, subClient: sub}));
|
|
|
|
|
|
|
|
} else if (nconf.get('isCluster') === 'true') {
|
|
|
|
|
|
|
|
winston.warn('[socket.io] Clustering detected, you are advised to configure Redis as a websocket store.');
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sockets.in = function(room) {
|
|
|
|
|
|
|
|
return io.in(room);
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sockets.getUserSocketCount = function(uid) {
|
|
|
|
Sockets.reqFromSocket = function(socket) {
|
|
|
|
if (!io) {
|
|
|
|
var headers = socket.request.headers;
|
|
|
|
return 0;
|
|
|
|
var host = headers.host;
|
|
|
|
}
|
|
|
|
var referer = headers.referer || '';
|
|
|
|
|
|
|
|
|
|
|
|
var room = io.sockets.adapter.rooms['uid_' + uid];
|
|
|
|
return {
|
|
|
|
return room ? room.length : 0;
|
|
|
|
ip: headers['x-forwarded-for'] || socket.ip,
|
|
|
|
|
|
|
|
host: host,
|
|
|
|
|
|
|
|
protocol: socket.request.connection.encrypted ? 'https' : 'http',
|
|
|
|
|
|
|
|
secure: !!socket.request.connection.encrypted,
|
|
|
|
|
|
|
|
url: referer,
|
|
|
|
|
|
|
|
path: referer.substr(referer.indexOf(host) + host.length),
|
|
|
|
|
|
|
|
headers: headers
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sockets.reqFromSocket = function(socket, payload, event) {
|
|
|
|
module.exports = Sockets;
|
|
|
|
var headers = socket.request.headers;
|
|
|
|
|
|
|
|
var host = headers.host;
|
|
|
|
|
|
|
|
var referer = headers.referer || '';
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
|
|
|
ip: headers['x-forwarded-for'] || socket.ip,
|
|
|
|
|
|
|
|
host: host,
|
|
|
|
|
|
|
|
uid: socket.uid,
|
|
|
|
|
|
|
|
protocol: socket.request.connection.encrypted ? 'https' : 'http',
|
|
|
|
|
|
|
|
secure: !!socket.request.connection.encrypted,
|
|
|
|
|
|
|
|
url: referer,
|
|
|
|
|
|
|
|
body: {event: event || ((payload || {}).data || [])[0], payload: payload},
|
|
|
|
|
|
|
|
path: referer.substr(referer.indexOf(host) + host.length),
|
|
|
|
|
|
|
|
headers: headers,
|
|
|
|
|
|
|
|
_socket: socket
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
})(exports);
|
|
|
|
|
Aziz Khoury
9 years ago