hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

closes #5394

Browse Source 
dont allow socket.emits during maintenance mode
v1.18.x
barisusakli 8 years ago
parent 06bf631445
commit a15aaaf389
7 changed files with 203 additions and 214 deletions
Show Stats Download Patch File Download Diff File

28
src/middleware/maintenance.js
Unescape Escape View File

@ -12,33 +12,7 @@ module.exports = function (middleware) {
} }
var url = req.url.replace(nconf.get('relative_path'), ''); var url = req.url.replace(nconf.get('relative_path'), '');
var allowedRoutes = [ if (url.startsWith('/login') || url.startsWith('/api/login')) {
'^/ping',
'^/sping',
'^/login',
'^/stylesheet.css',
'^/favicon',
'^/nodebb.min.js',
'^/vendor/fontawesome/fonts/fontawesome-webfont.woff',
'^/src/(modules|client)/[\\w/]+.js',
'^/templates/[\\w/]+.tpl',
'^/api/login',
'^/api/widgets/render',
'^/public/language',
'^/uploads/system/site-logo.png'
];
var isAllowed = function (url) {
for(var x = 0,numAllowed = allowedRoutes.length,route; x < numAllowed; x++) {
route = new RegExp(allowedRoutes[x]);
if (route.test(url)) {
return true;
}
}
return false;
};
if (isAllowed(url)) {
return next(); return next();
} }

4
src/middleware/ratelimit.js
Unescape Escape View File

@ -3,7 +3,7 @@
'use strict'; 'use strict';
var winston = require('winston'); var winston = require('winston');
var ratelimit = {}; var ratelimit = module.exports;
var allowedCalls = 100; var allowedCalls = 100;
var timeframe = 10000; var timeframe = 10000;
@ -31,5 +31,3 @@ ratelimit.isFlooding = function (socket) {
socket.lastCallTime = now; socket.lastCallTime = now;
return false; return false;
}; };
module.exports = ratelimit;

3
src/routes/api.js
Unescape Escape View File

@ -29,12 +29,13 @@ module.exports = function (app, middleware, controllers) {
var multipart = require('connect-multiparty'); var multipart = require('connect-multiparty');
var multipartMiddleware = multipart(); var multipartMiddleware = multipart();
var middlewares = [multipartMiddleware, middleware.validateFiles, middleware.applyCSRF]; var middlewares = [middleware.maintenanceMode, multipartMiddleware, middleware.validateFiles, middleware.applyCSRF];
router.post('/post/upload', middlewares, uploadsController.uploadPost); router.post('/post/upload', middlewares, uploadsController.uploadPost);
router.post('/topic/thumb/upload', middlewares, uploadsController.uploadThumb); router.post('/topic/thumb/upload', middlewares, uploadsController.uploadThumb);
router.post('/user/:userslug/uploadpicture', middlewares.concat([middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions]), controllers.accounts.edit.uploadPicture); router.post('/user/:userslug/uploadpicture', middlewares.concat([middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions]), controllers.accounts.edit.uploadPicture);
router.post('/user/:userslug/uploadcover', middlewares.concat([middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions]), controllers.accounts.edit.uploadCoverPicture); router.post('/user/:userslug/uploadcover', middlewares.concat([middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions]), controllers.accounts.edit.uploadCoverPicture);
router.post('/groups/uploadpicture', middlewares.concat([middleware.authenticate]), controllers.groups.uploadCover); router.post('/groups/uploadpicture', middlewares.concat([middleware.authenticate]), controllers.groups.uploadCover);
}; };

16
src/routes/feeds.js
Unescape Escape View File

@ -365,12 +365,12 @@ function sendFeed(feed, res) {
} }
module.exports = function (app, middleware, controllers) { module.exports = function (app, middleware, controllers) {
app.get('/topic/:topic_id.rss', generateForTopic); app.get('/topic/:topic_id.rss', middleware.maintenanceMode, generateForTopic);
app.get('/category/:category_id.rss', generateForCategory); app.get('/category/:category_id.rss', middleware.maintenanceMode, generateForCategory);
app.get('/recent.rss', generateForRecent); app.get('/recent.rss', middleware.maintenanceMode, generateForRecent);
app.get('/popular.rss', generateForPopular); app.get('/popular.rss', middleware.maintenanceMode, generateForPopular);
app.get('/popular/:term.rss', generateForPopular); app.get('/popular/:term.rss', middleware.maintenanceMode, generateForPopular);
app.get('/recentposts.rss', generateForRecentPosts); app.get('/recentposts.rss', middleware.maintenanceMode, generateForRecentPosts);
app.get('/category/:category_id/recentposts.rss', generateForCategoryRecentPosts); app.get('/category/:category_id/recentposts.rss', middleware.maintenanceMode, generateForCategoryRecentPosts);
app.get('/user/:userslug/topics.rss', generateForUserTopics); app.get('/user/:userslug/topics.rss', middleware.maintenanceMode, generateForUserTopics);
}; };

2
src/routes/helpers.js
Unescape Escape View File

@ -3,7 +3,7 @@
var helpers = {}; var helpers = {};
helpers.setupPageRoute = function (router, name, middleware, middlewares, controller) { helpers.setupPageRoute = function (router, name, middleware, middlewares, controller) {
middlewares = middlewares.concat([middleware.registrationComplete, middleware.pageView, middleware.pluginHooks]); middlewares = middlewares.concat([middleware.maintenanceMode, middleware.registrationComplete, middleware.pageView, middleware.pluginHooks]);
router.get(name, middleware.busyCheck, middleware.buildHeader, middlewares, controller); router.get(name, middleware.busyCheck, middleware.buildHeader, middlewares, controller);
router.get('/api' + name, middlewares, controller); router.get('/api' + name, middlewares, controller);

2
src/routes/index.js
Unescape Escape View File

@ -117,8 +117,6 @@ module.exports = function (app, middleware, hotswapIds) {
app.all(relativePath + '(/api/admin|/api/admin/*?)', middleware.isAdmin); app.all(relativePath + '(/api/admin|/api/admin/*?)', middleware.isAdmin);
app.all(relativePath + '(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); app.all(relativePath + '(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin);
app.use(middleware.maintenanceMode);
adminRoutes(router, middleware, controllers); adminRoutes(router, middleware, controllers);
metaRoutes(router, middleware, controllers); metaRoutes(router, middleware, controllers);
apiRoutes(router, middleware, controllers); apiRoutes(router, middleware, controllers);

360
src/socket.io/index.js
Unescape Escape View File

@ -7,223 +7,241 @@ var url = require('url');
var cookieParser = require('cookie-parser')(nconf.get('secret')); var cookieParser = require('cookie-parser')(nconf.get('secret'));
var db = require('../database'); var db = require('../database');
var user = require('../user');
var logger = require('../logger'); var logger = require('../logger');
var ratelimit = require('../middleware/ratelimit'); var ratelimit = require('../middleware/ratelimit');
(function (Sockets) {
var Namespaces = {};
var io;
Sockets.init = function (server) { var Namespaces = {};
requireModules(); var io;
var SocketIO = require('socket.io'); var Sockets = module.exports;
var socketioWildcard = require('socketio-wildcard')();
io = new SocketIO({
path: nconf.get('relative_path') + '/socket.io'
});
addRedisAdapter(io); Sockets.init = function (server) {
requireModules();
io.use(socketioWildcard); var SocketIO = require('socket.io');
io.use(authorize); var socketioWildcard = require('socketio-wildcard')();
io = new SocketIO({
path: nconf.get('relative_path') + '/socket.io'
});
io.on('connection', onConnection); addRedisAdapter(io);
io.listen(server, { io.use(socketioWildcard);
transports: nconf.get('socket.io:transports') io.use(authorize);
});
Sockets.server = io; io.on('connection', onConnection);
};
function onConnection(socket) { io.listen(server, {
socket.ip = socket.request.headers['x-forwarded-for'] || socket.request.connection.remoteAddress; transports: nconf.get('socket.io:transports')
});
logger.io_one(socket, socket.uid); Sockets.server = io;
};
onConnect(socket); function onConnection(socket) {
socket.ip = socket.request.headers['x-forwarded-for'] || socket.request.connection.remoteAddress;
socket.on('*', function (payload) { logger.io_one(socket, socket.uid);
onMessage(socket, payload);
});
}
function onConnect(socket) { onConnect(socket);
if (socket.uid) {
socket.join('uid_' + socket.uid);
socket.join('online_users');
} else {
socket.join('online_guests');
}
socket.join('sess_' + socket.request.signedCookies[nconf.get('sessionKey')]); socket.on('*', function (payload) {
io.sockets.sockets[socket.id].emit('checkSession', socket.uid); onMessage(socket, payload);
} });
}
function onMessage(socket, payload) { function onConnect(socket) {
if (!payload.data.length) { if (socket.uid) {
return winston.warn('[socket.io] Empty payload'); socket.join('uid_' + socket.uid);
} socket.join('online_users');
} else {
socket.join('online_guests');
}
var eventName = payload.data[0]; socket.join('sess_' + socket.request.signedCookies[nconf.get('sessionKey')]);
var params = payload.data[1]; io.sockets.sockets[socket.id].emit('checkSession', socket.uid);
var callback = typeof payload.data[payload.data.length - 1] === 'function' ? payload.data[payload.data.length - 1] : function () { }
};
if (!eventName) { function onMessage(socket, payload) {
return winston.warn('[socket.io] Empty method name'); if (!payload.data.length) {
} return winston.warn('[socket.io] Empty payload');
}
var parts = eventName.toString().split('.'); var eventName = payload.data[0];
var namespace = parts[0]; var params = payload.data[1];
var methodToCall = parts.reduce(function (prev, cur) { var callback = typeof payload.data[payload.data.length - 1] === 'function' ? payload.data[payload.data.length - 1] : function () {
if (prev !== null && prev[cur]) { };
return prev[cur];
} else {
return null;
}
}, Namespaces);
if (!methodToCall) { if (!eventName) {
if (process.env.NODE_ENV === 'development') { return winston.warn('[socket.io] Empty method name');
winston.warn('[socket.io] Unrecognized message: ' + eventName); }
}
return callback({message: '[[error:invalid-event]]'});
}
socket.previousEvents = socket.previousEvents || []; var parts = eventName.toString().split('.');
socket.previousEvents.push(eventName); var namespace = parts[0];
if (socket.previousEvents.length > 20) { var methodToCall = parts.reduce(function (prev, cur) {
socket.previousEvents.shift(); if (prev !== null && prev[cur]) {
return prev[cur];
} else {
return null;
} }
}, Namespaces);
if (!eventName.startsWith('admin.') && ratelimit.isFlooding(socket)) { if (!methodToCall) {
winston.warn('[socket.io] Too many emits! Disconnecting uid : ' + socket.uid + '. Events : ' + socket.previousEvents); if (process.env.NODE_ENV === 'development') {
return socket.disconnect(); winston.warn('[socket.io] Unrecognized message: ' + eventName);
} }
return callback({message: '[[error:invalid-event]]'});
async.waterfall([
function (next) {
validateSession(socket, next);
},
function (next) {
if (Namespaces[namespace].before) {
Namespaces[namespace].before(socket, eventName, params, next);
} else {
next();
}
},
function (next) {
methodToCall(socket, params, next);
}
], function (err, result) {
callback(err ? {message: err.message} : null, result);
});
} }
function requireModules() { socket.previousEvents = socket.previousEvents || [];
var modules = ['admin', 'categories', 'groups', 'meta', 'modules', socket.previousEvents.push(eventName);
'notifications', 'plugins', 'posts', 'topics', 'user', 'blacklist' if (socket.previousEvents.length > 20) {
]; socket.previousEvents.shift();
}
modules.forEach(function (module) { if (!eventName.startsWith('admin.') && ratelimit.isFlooding(socket)) {
Namespaces[module] = require('./' + module); winston.warn('[socket.io] Too many emits! Disconnecting uid : ' + socket.uid + '. Events : ' + socket.previousEvents);
}); return socket.disconnect();
} }
function validateSession(socket, callback) { async.waterfall([
var req = socket.request; function (next) {
if (!req.signedCookies || !req.signedCookies[nconf.get('sessionKey')]) { checkMaintenance(socket, next);
return callback(new Error('[[error:invalid-session]]')); },
} function (next) {
db.sessionStore.get(req.signedCookies[nconf.get('sessionKey')], function (err, sessionData) { validateSession(socket, next);
if (err || !sessionData) { },
return callback(err || new Error('[[error:invalid-session]]')); function (next) {
if (Namespaces[namespace].before) {
Namespaces[namespace].before(socket, eventName, params, next);
} else {
next();
} }
},
function (next) {
methodToCall(socket, params, next);
}
], function (err, result) {
callback(err ? {message: err.message} : null, result);
});
}
function requireModules() {
var modules = ['admin', 'categories', 'groups', 'meta', 'modules',
'notifications', 'plugins', 'posts', 'topics', 'user', 'blacklist'
];
modules.forEach(function (module) {
Namespaces[module] = require('./' + module);
});
}
function checkMaintenance(socket, callback) {
var meta = require('../meta');
if (parseInt(meta.config.maintenanceMode, 10) !== 1) {
return setImmediate(callback);
}
user.isAdministrator(socket.uid, function (err, isAdmin) {
if (err || isAdmin) {
return callback(err);
}
});
}
callback(); function validateSession(socket, callback) {
}); var req = socket.request;
if (!req.signedCookies || !req.signedCookies[nconf.get('sessionKey')]) {
return callback(new Error('[[error:invalid-session]]'));
} }
db.sessionStore.get(req.signedCookies[nconf.get('sessionKey')], function (err, sessionData) {
if (err || !sessionData) {
return callback(err || new Error('[[error:invalid-session]]'));
}
function authorize(socket, callback) { callback();
var request = socket.request; });
}
if (!request) { function authorize(socket, callback) {
return callback(new Error('[[error:not-authorized]]')); var request = socket.request;
}
async.waterfall([ if (!request) {
function (next) { return callback(new Error('[[error:not-authorized]]'));
cookieParser(request, {}, next);
},
function (next) {
db.sessionStore.get(request.signedCookies[nconf.get('sessionKey')], function (err, sessionData) {
if (err) {
return next(err);
}
if (sessionData && sessionData.passport && sessionData.passport.user) {
request.session = sessionData;
socket.uid = parseInt(sessionData.passport.user, 10);
} else {
socket.uid = 0;
}
next();
});
}
], callback);
} }
function addRedisAdapter(io) { async.waterfall([
if (nconf.get('redis')) { function (next) {
var redisAdapter = require('socket.io-redis'); cookieParser(request, {}, next);
var redis = require('../database/redis'); },
var pub = redis.connect(); function (next) {
var sub = redis.connect({return_buffers: true}); db.sessionStore.get(request.signedCookies[nconf.get('sessionKey')], function (err, sessionData) {
io.adapter(redisAdapter({pubClient: pub, subClient: sub})); if (err) {
} else if (nconf.get('isCluster') === 'true') { return next(err);
winston.warn('[socket.io] Clustering detected, you are advised to configure Redis as a websocket store.'); }
if (sessionData && sessionData.passport && sessionData.passport.user) {
request.session = sessionData;
socket.uid = parseInt(sessionData.passport.user, 10);
} else {
socket.uid = 0;
}
next();
});
} }
], callback);
}
function addRedisAdapter(io) {
if (nconf.get('redis')) {
var redisAdapter = require('socket.io-redis');
var redis = require('../database/redis');
var pub = redis.connect();
var sub = redis.connect({return_buffers: true});
io.adapter(redisAdapter({pubClient: pub, subClient: sub}));
} else if (nconf.get('isCluster') === 'true') {
winston.warn('[socket.io] Clustering detected, you are advised to configure Redis as a websocket store.');
} }
}
Sockets.in = function (room) { Sockets.in = function (room) {
return io.in(room); return io.in(room);
}; };
Sockets.getUserSocketCount = function (uid) { Sockets.getUserSocketCount = function (uid) {
if (!io) { if (!io) {
return 0; return 0;
} }
var room = io.sockets.adapter.rooms['uid_' + uid]; var room = io.sockets.adapter.rooms['uid_' + uid];
return room ? room.length : 0; return room ? room.length : 0;
}; };
Sockets.reqFromSocket = function (socket, payload, event) { Sockets.reqFromSocket = function (socket, payload, event) {
var headers = socket.request ? socket.request.headers : {}; var headers = socket.request ? socket.request.headers : {};
var encrypted = socket.request ? !!socket.request.connection.encrypted : false; var encrypted = socket.request ? !!socket.request.connection.encrypted : false;
var host = headers.host; var host = headers.host;
var referer = headers.referer || ''; var referer = headers.referer || '';
var data = ((payload || {}).data || []); var data = ((payload || {}).data || []);
if (!host) { if (!host) {
host = url.parse(referer).host || ''; host = url.parse(referer).host || '';
} }
return { return {
uid: socket.uid, uid: socket.uid,
params: data[1], params: data[1],
method: event || data[0], method: event || data[0],
body: payload, body: payload,
ip: headers['x-forwarded-for'] || socket.ip, ip: headers['x-forwarded-for'] || socket.ip,
host: host, host: host,
protocol: encrypted ? 'https' : 'http', protocol: encrypted ? 'https' : 'http',
secure: encrypted, secure: encrypted,
url: referer, url: referer,
path: referer.substr(referer.indexOf(host) + host.length), path: referer.substr(referer.indexOf(host) + host.length),
headers: headers headers: headers
};
}; };
};
}(exports));

Write Preview
Loading…
Cancel
Save