add accessToken function to client and server

2019-02-11 12:43:23 +01:00 · 2019-02-11 12:43:23 +01:00 · b29ed0a066
parent 01aa08b2b1
commit b29ed0a066
3 changed files with 73 additions and 14 deletions
--- a/package.json
+++ b/package.json
@ -5,7 +5,8 @@
  "main": "server.js",
  "directories": {},
  "scripts": {
-    "test": "echo \"No tests needed!\" && exit 1"
+    "test": "echo \"No tests needed!\" && exit 1",
    "server": "node server.js"
  },
  "repository": {
    "type": "git",
--- a/public/js/main.js
+++ b/public/js/main.js
@ -1,7 +1,9 @@
 var whiteboardId = getQueryVariable("whiteboardid");
 whiteboardId = whiteboardId || "myNewWhiteboard";
 var myUsername = getQueryVariable("username");
 var accessToken = getQueryVariable("accesstoken");
 myUsername = myUsername || "unknown" + (Math.random() + "").substring(2, 6);
 accessToken = accessToken || "";
 var url = document.URL.substr(0, document.URL.lastIndexOf('/'));
 var signaling_socket = null;
@ -27,7 +29,11 @@ signaling_socket.on('connect', function () {
        whiteboard.refreshUserBadges();
    });
-    signaling_socket.emit('joinWhiteboard', whiteboardId);
+    signaling_socket.on('wrongAccessToken', function () {
        alert("Access denied! Wrong accessToken!")
    });
    signaling_socket.emit('joinWhiteboard', { wid : whiteboardId, at : accessToken });
 });
 $(document).ready(function () {
@ -35,12 +41,13 @@ $(document).ready(function () {
        whiteboardId: whiteboardId,
        username: myUsername,
        sendFunction: function (content) {
            content["at"] = accessToken;
            signaling_socket.emit('drawToWhiteboard', content);
        }
    });
    // request whiteboard from server
-    $.get(subdir + "/loadwhiteboard", { wid: whiteboardId }).done(function (data) {
+    $.get(subdir + "/loadwhiteboard", { wid: whiteboardId, at : accessToken }).done(function (data) {
        whiteboard.loadData(data)
    });
@ -221,7 +228,8 @@ function uploadImgAndAddToWhiteboard(base64data) {
        data: {
            'imagedata': base64data,
            'whiteboardId': whiteboardId,
-            'date': date
+            'date': date,
            'at' : accessToken
        },
        success: function (msg) {
            var filename = whiteboardId + "_" + date + ".png";
--- a/server.js
+++ b/server.js
@ -1,4 +1,5 @@
 var PORT = 8080; //Set port for the app
 var accessToken = ""; //Can be set here or as start parameter (node server.js --accesstoken=MYTOKEN)
 fs = require("fs-extra");
 var express = require('express');
@ -12,11 +13,25 @@ server.listen(PORT);
 var io = require('socket.io')(server);
 console.log("Webserver & socketserver running on port:"+PORT);
 var startArgs = getArgs ();
 if(startArgs["accesstoken"]) {
    accessToken = startArgs["accesstoken"];
 }
 if(accessToken!=="") {
    console.log("AccessToken set to: "+accessToken);
 }
 app.get('/loadwhiteboard', function(req, res) {
    var wid = req["query"]["wid"];
-    var ret = s_whiteboard.loadStoredData(wid);
+    var at = req["query"]["at"]; //accesstoken
-    res.send(ret);
+    if(accessToken==="" || accessToken==at) {
-    res.end();
+        var ret = s_whiteboard.loadStoredData(wid);
        res.send(ret);
        res.end();
    } else {
        res.status(401);  //Unauthorized
        res.end();
    }
 });
 app.post('/upload', function(req, res) { //File upload
@ -39,8 +54,13 @@ app.post('/upload', function(req, res) { //File upload
    });
    form.on('end', function() {
-        progressUploadFormData(formData);
+        if(accessToken==="" || accessToken==formData["fields"]["at"]) {
-        res.send("done");
+            progressUploadFormData(formData);
            res.send("done");
        } else {
            res.status(401);  //Unauthorized
            res.end();
        }
        //End file upload
    });
    form.parse(req);
@ -82,12 +102,21 @@ io.on('connection', function(socket){
    socket.on('drawToWhiteboard', function(content) {
        content = escapeAllContentStrings(content);
-        socket.broadcast.to(content["wid"]).emit('drawToWhiteboard', content); //Send to all users in the room (not own socket)
+        if(accessToken==="" || accessToken==content["at"]) {
-        s_whiteboard.handleEventsAndData(content); //save whiteboardchanges on the server
+            socket.broadcast.to(content["wid"]).emit('drawToWhiteboard', content); //Send to all users in the room (not own socket)
            s_whiteboard.handleEventsAndData(content); //save whiteboardchanges on the server
        } else {
            socket.emit('wrongAccessToken', true);
        }     
    });
-    socket.on('joinWhiteboard', function(wid) {
+    socket.on('joinWhiteboard', function(content) {
-        socket.join(wid); //Joins room name=wid
+        content = escapeAllContentStrings(content);
        if(accessToken==="" || accessToken==content["at"]) {
            socket.join(content["wid"]); //Joins room name=wid
        } else {
            socket.emit('wrongAccessToken', true);
        }
    });
 });
@ -107,4 +136,25 @@ function escapeAllContentStrings(content, cnt) {
        }
    }
    return content;
-}
+}
 function getArgs () {
    const args = {}
    process.argv
      .slice(2, process.argv.length)
      .forEach( arg => {
        // long arg
        if (arg.slice(0,2) === '--') {
          const longArg = arg.split('=')
          args[longArg[0].slice(2,longArg[0].length)] = longArg[1]
        }
       // flags
        else if (arg[0] === '-') {
          const flags = arg.slice(1,arg.length).split('')
          flags.forEach(flag => {
            args[flag] = true
          })
        }
      })
    return args
  }