diff --git a/package.json b/package.json index 9927699e79..7e60c3a9c5 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,6 @@ "redis": "0.8.3", "express": "3.2.0", "express-namespace": "0.1.1", - "connect": "2.7.6", "emailjs": "0.3.4", "cookie": "0.0.6", "connect-redis": "1.4.5", diff --git a/src/websockets.js b/src/websockets.js index 0bb2ff4c0e..b9d07a79d7 100644 --- a/src/websockets.js +++ b/src/websockets.js @@ -1,7 +1,7 @@ var SocketIO = require('socket.io').listen(global.server, { log:false }), cookie = require('cookie'), - connect = require('connect'), + express = require('express'), user = require('./user.js'), posts = require('./posts.js'), favourites = require('./favourites.js'), @@ -14,6 +14,14 @@ var SocketIO = require('socket.io').listen(global.server, { log:false }), postTools = require('./postTools.js'), meta = require('./meta.js'), async = require('async'), + RedisStoreLib = require('connect-redis')(express), + redis = require('redis'), + redisServer = redis.createClient(global.nconf.get('redis:port'), global.nconf.get('redis:host')), + RedisStore = new RedisStoreLib({ + client: redisServer, + ttl: 60*60*24*14 + }), + socketCookieParser = express.cookieParser(global.nconf.get('secret')), admin = { 'categories': require('./admin/categories.js'), 'user': require('./admin/user.js') @@ -26,45 +34,24 @@ var SocketIO = require('socket.io').listen(global.server, { log:false }), global.io = io; - // Adapted from http://howtonode.org/socket-io-auth - io.set('authorization', function(handshakeData, accept) { - if (handshakeData.headers.cookie) { - handshakeData.cookie = cookie.parse(handshakeData.headers.cookie); - handshakeData.sessionID = connect.utils.parseSignedCookie(handshakeData.cookie['express.sid'], global.nconf.get('secret')); + io.sockets.on('connection', function(socket) { + var hs = socket.handshake, + sessionID, uid; - if (handshakeData.cookie['express.sid'] == handshakeData.sessionID) { - return accept('Cookie is invalid.', false); - } - } else { - // No cookie sent - return accept('No cookie transmitted', false); - } + // Validate the session, if present + socketCookieParser(hs, {}, function(err) { + sessionID = socket.handshake.signedCookies["express.sid"]; + RedisStore.get(sessionID, function(err, sessionData) { + if (!err && sessionData) uid = users[sessionID] = sessionData.passport.user; + else uid = users[sessionID] = 0; - // Otherwise, continue unimpeded. - var sessionID = handshakeData.sessionID; - - user.get_uid_by_session(sessionID, function(userId) { - if (userId) - users[sessionID] = userId; - else - users[sessionID] = 0; + userSockets[uid] = userSockets[uid] || []; + userSockets[uid].push(socket); - accept(null, true); + socket.join('uid_' + uid); + }); }); - }); - io.sockets.on('connection', function(socket) { - - var hs = socket.handshake; - - var uid = users[hs.sessionID]; - - userSockets[uid] = userSockets[uid] || []; - userSockets[uid].push(socket); - - - socket.join('uid_' + uid); - socket.emit('event:connect', {status: 1}); socket.on('disconnect', function() { @@ -75,7 +62,7 @@ var SocketIO = require('socket.io').listen(global.server, { log:false }), } if(userSockets[uid].length === 0) - delete users[hs.sessionID]; + delete users[sessionID]; for(var roomName in rooms) { @@ -111,7 +98,7 @@ var SocketIO = require('socket.io').listen(global.server, { log:false }), for(var i=0; i