hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: #9507 session reroll causes socket.io to become confused (#9534)

Browse Source 
* fix: #9507 session reroll causes socket.io to become confused

* fix: added return

* fix: simpler logic for error handling

* fix: overly sensitive catch
v1.18.x
Julian Lam 4 years ago committed by GitHub
parent 6ef0c8e950
commit ec6d1e2321
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 40 additions and 12 deletions
Show Stats Download Patch File Download Diff File

7
public/language/en-GB/error.json
Unescape Escape View File

@ -206,8 +206,11 @@
"no-users-selected": "No user(s) selected", "no-users-selected": "No user(s) selected",
"invalid-home-page-route": "Invalid home page route", "invalid-home-page-route": "Invalid home page route",
"invalid-session": "Session Mismatch", "invalid-session": "Invalid Session",
"invalid-session-text": "It looks like your login session is no longer active, or no longer matches with the server. Please refresh this page.", "invalid-session-text": "It looks like your login session is no longer active. Please refresh this page.",
"session-mismatch": "Session Mismatch",
"session-mismatch-text": "It looks like your login session no longer matches with the server. Please refresh this page.",
"no-topics-selected": "No topics selected!", "no-topics-selected": "No topics selected!",
"cant-move-to-same-topic": "Can't move post to same topic!", "cant-move-to-same-topic": "Can't move post to same topic!",

23
public/src/app.js
Unescape Escape View File

@ -181,9 +181,9 @@ app.cacheBuster = null;
app.alertError = function (message, timeout) { app.alertError = function (message, timeout) {
message = (message && message.message) || message; message = (message && message.message) || message;
if (message === '[[error:invalid-session]]') { if (message === '[[error:revalidate-failure]]') {
app.handleInvalidSession(); socket.disconnect();
app.logout(false); app.reconnect();
return; return;
} }
@ -197,14 +197,27 @@ app.cacheBuster = null;
}; };
app.handleInvalidSession = function () { app.handleInvalidSession = function () {
socket.disconnect();
app.logout(false);
bootbox.alert({
title: '[[error:invalid-session]]',
message: '[[error:invalid-session-text]]',
closeButton: false,
callback: function () {
window.location.reload();
},
});
};
app.handleSessionMismatch = () => {
if (app.flags._login || app.flags._logout) { if (app.flags._login || app.flags._logout) {
return; return;
} }
socket.disconnect(); socket.disconnect();
bootbox.alert({ bootbox.alert({
title: '[[error:invalid-session]]', title: '[[error:session-mismatch]]',
message: '[[error:invalid-session-text]]', message: '[[error:session-mismatch-text]]',
closeButton: false, closeButton: false,
callback: function () { callback: function () {
window.location.reload(); window.location.reload();

5
public/src/sockets.js
Unescape Escape View File

@ -74,9 +74,12 @@ socket = window.socket;
socket.on('checkSession', function (uid) { socket.on('checkSession', function (uid) {
if (parseInt(uid, 10) !== parseInt(app.user.uid, 10)) { if (parseInt(uid, 10) !== parseInt(app.user.uid, 10)) {
app.handleInvalidSession(); app.handleSessionMismatch();
} }
}); });
socket.on('event:invalid_session', () => {
app.handleInvalidSession();
});
socket.on('setHostname', function (hostname) { socket.on('setHostname', function (hostname) {
app.upstreamHost = hostname; app.upstreamHost = hostname;

17
src/socket.io/index.js
Unescape Escape View File

@ -86,7 +86,16 @@ function onDisconnect(socket) {
plugins.hooks.fire('action:sockets.disconnect', { socket: socket }); plugins.hooks.fire('action:sockets.disconnect', { socket: socket });
} }
function onConnect(socket) { async function onConnect(socket) {
try {
await validateSession(socket, '[[error:invalid-session]]');
} catch (e) {
if (e.message === 'error:invalid-session') {
socket.emit('event:invalid_session');
return;
}
}
if (socket.uid) { if (socket.uid) {
socket.join(`uid_${socket.uid}`); socket.join(`uid_${socket.uid}`);
socket.join('online_users'); socket.join('online_users');
@ -143,7 +152,7 @@ async function onMessage(socket, payload) {
try { try {
await checkMaintenance(socket); await checkMaintenance(socket);
await validateSession(socket); await validateSession(socket, '[[error:revalidate-failure]]');
if (Namespaces[namespace].before) { if (Namespaces[namespace].before) {
await Namespaces[namespace].before(socket, eventName, params); await Namespaces[namespace].before(socket, eventName, params);
@ -191,14 +200,14 @@ const getSessionAsync = util.promisify(
(sid, callback) => db.sessionStore.get(sid, (err, sessionObj) => callback(err, sessionObj || null)) (sid, callback) => db.sessionStore.get(sid, (err, sessionObj) => callback(err, sessionObj || null))
); );
async function validateSession(socket) { async function validateSession(socket, errorMsg) {
const req = socket.request; const req = socket.request;
if (!req.signedCookies || !req.signedCookies[nconf.get('sessionKey')]) { if (!req.signedCookies || !req.signedCookies[nconf.get('sessionKey')]) {
return; return;
} }
const sessionData = await getSessionAsync(req.signedCookies[nconf.get('sessionKey')]); const sessionData = await getSessionAsync(req.signedCookies[nconf.get('sessionKey')]);
if (!sessionData) { if (!sessionData) {
throw new Error('[[error:invalid-session]]'); throw new Error(errorMsg);
} }
const result = await plugins.hooks.fire('static:sockets.validateSession', { const result = await plugins.hooks.fire('static:sockets.validateSession', {
req: req, req: req,

Write Preview
Loading…
Cancel
Save