fix session token/cookie handling for arbitrary server IPs; fix realtime update distribution via websockets
This commit is contained in:
Lukas F. Hartmann
@@ -23,15 +23,11 @@ router.post('/', function(req, res) {
|
||||
db.User.findOne({where: {email: email}})
|
||||
.error(err => {
|
||||
res.sendStatus(404);
|
||||
//res.status(400).json({"error":"session.users"});
|
||||
})
|
||||
.then(user => {
|
||||
console.log("!!! user: ",user.password_hash);
|
||||
|
||||
if (bcrypt.compareSync(password, user.password_hash)) {
|
||||
crypto.randomBytes(48, function(ex, buf) {
|
||||
var token = buf.toString('hex');
|
||||
console.log("!!! token: ",token);
|
||||
|
||||
var session = {
|
||||
user_id: user._id,
|
||||
@@ -47,7 +43,7 @@ router.post('/', function(req, res) {
|
||||
res.sendStatus(500);
|
||||
})
|
||||
.then(() => {
|
||||
var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : "localhost";
|
||||
var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname;
|
||||
res.cookie('sdsession', token, { domain: domain, httpOnly: true });
|
||||
res.status(201).json(session);
|
||||
});
|
||||
@@ -60,16 +56,14 @@ router.post('/', function(req, res) {
|
||||
|
||||
router.delete('/current', function(req, res, next) {
|
||||
if (req.user) {
|
||||
/*var user = req.user;
|
||||
var newSessions = user.sessions.filter( function(session){
|
||||
return session.token != req.token;
|
||||
});*/
|
||||
//user.sessions = newSessions;
|
||||
//user.save(function(err, result) {
|
||||
var domain = new URL(config.get('endpoint')).hostname;
|
||||
res.clearCookie('sdsession', { domain: domain });
|
||||
res.sendStatus(204);
|
||||
//});
|
||||
var token = req.cookies['sdsession'];
|
||||
db.Session.findOne({where: {token: token}})
|
||||
.then(session => {
|
||||
session.destroy();
|
||||
});
|
||||
var domain = (process.env.NODE_ENV == "production") ? new URL(config.get('endpoint')).hostname : req.headers.hostname;
|
||||
res.clearCookie('sdsession', { domain: domain });
|
||||
res.sendStatus(204);
|
||||
} else {
|
||||
res.sendStatus(404);
|
||||
}
|
||||
|
||||
@@ -133,7 +133,7 @@ router.post('/:artifact_id/payload', function(req, res, next) {
|
||||
var progress_callback = function(progress_msg) {
|
||||
a.description = progress_msg;
|
||||
a.save();
|
||||
redis.sendMessage("update", a, a.toJSON(), req.channelId);
|
||||
redis.sendMessage("update", a, JSON.stringify(a), req.channelId);
|
||||
};
|
||||
|
||||
stream.on('finish', function() {
|
||||
@@ -171,6 +171,7 @@ router.put('/:artifact_id', function(req, res, next) {
|
||||
}}).then(rows => {
|
||||
db.unpackArtifact(newAttr);
|
||||
db.Space.update({ updated_at: new Date() }, {where: {_id: req.space._id} });
|
||||
newAttr._id = a._id;
|
||||
res.distributeUpdate("Artifact", newAttr);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -240,7 +240,6 @@ router.get('/zip', function(req, res, next) {
|
||||
});
|
||||
|
||||
router.get('/html', function(req, res) {
|
||||
console.log("!!!!! hello ");
|
||||
db.Artifact.findAll({where: {
|
||||
space_id: req.space._id
|
||||
}}).then(function(artifacts) {
|
||||
|
||||
@@ -25,8 +25,15 @@ var glob = require('glob');
|
||||
|
||||
router.get('/current', function(req, res, next) {
|
||||
if (req.user) {
|
||||
console.log(req.user.team);
|
||||
res.status(200).json(req.user);
|
||||
var u = _.clone(req.user.dataValues);
|
||||
delete u.password_hash;
|
||||
delete u.password_reset_token;
|
||||
delete u.confirmation_token;
|
||||
u.token = req.cookies['sdsession'];
|
||||
|
||||
console.log(u);
|
||||
|
||||
res.status(200).json(u);
|
||||
} else {
|
||||
res.status(401).json({"error":"user_not_found"});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user