diff --git a/package.json b/package.json index 258331e..ea670dc 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,8 @@ "main": "server.js", "directories": {}, "scripts": { - "test": "echo \"No tests needed!\" && exit 1" + "test": "echo \"No tests needed!\" && exit 1", + "server": "node server.js" }, "repository": { "type": "git", diff --git a/public/js/main.js b/public/js/main.js index c2965ad..fad2a96 100644 --- a/public/js/main.js +++ b/public/js/main.js @@ -1,7 +1,9 @@ var whiteboardId = getQueryVariable("whiteboardid"); whiteboardId = whiteboardId || "myNewWhiteboard"; var myUsername = getQueryVariable("username"); +var accessToken = getQueryVariable("accesstoken"); myUsername = myUsername || "unknown" + (Math.random() + "").substring(2, 6); +accessToken = accessToken || ""; var url = document.URL.substr(0, document.URL.lastIndexOf('/')); var signaling_socket = null; @@ -27,7 +29,11 @@ signaling_socket.on('connect', function () { whiteboard.refreshUserBadges(); }); - signaling_socket.emit('joinWhiteboard', whiteboardId); + signaling_socket.on('wrongAccessToken', function () { + alert("Access denied! Wrong accessToken!") + }); + + signaling_socket.emit('joinWhiteboard', { wid : whiteboardId, at : accessToken }); }); $(document).ready(function () { @@ -35,12 +41,13 @@ $(document).ready(function () { whiteboardId: whiteboardId, username: myUsername, sendFunction: function (content) { + content["at"] = accessToken; signaling_socket.emit('drawToWhiteboard', content); } }); // request whiteboard from server - $.get(subdir + "/loadwhiteboard", { wid: whiteboardId }).done(function (data) { + $.get(subdir + "/loadwhiteboard", { wid: whiteboardId, at : accessToken }).done(function (data) { whiteboard.loadData(data) }); @@ -221,7 +228,8 @@ function uploadImgAndAddToWhiteboard(base64data) { data: { 'imagedata': base64data, 'whiteboardId': whiteboardId, - 'date': date + 'date': date, + 'at' : accessToken }, success: function (msg) { var filename = whiteboardId + "_" + date + ".png"; diff --git a/server.js b/server.js index 24291be..c10b3a8 100644 --- a/server.js +++ b/server.js @@ -1,4 +1,5 @@ var PORT = 8080; //Set port for the app +var accessToken = ""; //Can be set here or as start parameter (node server.js --accesstoken=MYTOKEN) fs = require("fs-extra"); var express = require('express'); @@ -12,11 +13,25 @@ server.listen(PORT); var io = require('socket.io')(server); console.log("Webserver & socketserver running on port:"+PORT); +var startArgs = getArgs (); +if(startArgs["accesstoken"]) { + accessToken = startArgs["accesstoken"]; +} +if(accessToken!=="") { + console.log("AccessToken set to: "+accessToken); +} + app.get('/loadwhiteboard', function(req, res) { var wid = req["query"]["wid"]; - var ret = s_whiteboard.loadStoredData(wid); - res.send(ret); - res.end(); + var at = req["query"]["at"]; //accesstoken + if(accessToken==="" || accessToken==at) { + var ret = s_whiteboard.loadStoredData(wid); + res.send(ret); + res.end(); + } else { + res.status(401); //Unauthorized + res.end(); + } }); app.post('/upload', function(req, res) { //File upload @@ -39,8 +54,13 @@ app.post('/upload', function(req, res) { //File upload }); form.on('end', function() { - progressUploadFormData(formData); - res.send("done"); + if(accessToken==="" || accessToken==formData["fields"]["at"]) { + progressUploadFormData(formData); + res.send("done"); + } else { + res.status(401); //Unauthorized + res.end(); + } //End file upload }); form.parse(req); @@ -82,12 +102,21 @@ io.on('connection', function(socket){ socket.on('drawToWhiteboard', function(content) { content = escapeAllContentStrings(content); - socket.broadcast.to(content["wid"]).emit('drawToWhiteboard', content); //Send to all users in the room (not own socket) - s_whiteboard.handleEventsAndData(content); //save whiteboardchanges on the server + if(accessToken==="" || accessToken==content["at"]) { + socket.broadcast.to(content["wid"]).emit('drawToWhiteboard', content); //Send to all users in the room (not own socket) + s_whiteboard.handleEventsAndData(content); //save whiteboardchanges on the server + } else { + socket.emit('wrongAccessToken', true); + } }); - socket.on('joinWhiteboard', function(wid) { - socket.join(wid); //Joins room name=wid + socket.on('joinWhiteboard', function(content) { + content = escapeAllContentStrings(content); + if(accessToken==="" || accessToken==content["at"]) { + socket.join(content["wid"]); //Joins room name=wid + } else { + socket.emit('wrongAccessToken', true); + } }); }); @@ -107,4 +136,25 @@ function escapeAllContentStrings(content, cnt) { } } return content; -} \ No newline at end of file +} + +function getArgs () { + const args = {} + process.argv + .slice(2, process.argv.length) + .forEach( arg => { + // long arg + if (arg.slice(0,2) === '--') { + const longArg = arg.split('=') + args[longArg[0].slice(2,longArg[0].length)] = longArg[1] + } + // flags + else if (arg[0] === '-') { + const flags = arg.slice(1,arg.length).split('') + flags.forEach(flag => { + args[flag] = true + }) + } + }) + return args + } \ No newline at end of file