mirror of https://github.com/embarklabs/embark.git
Change back how auth works for websockets.
As it turns out, a websocket request doesn't contain some of the hashable properties in order to be validated. Because of that, we'll still use tokens here until we find a better way to do it.
This commit is contained in:
parent
1c85d898b7
commit
53bc4d945a
|
@ -73,12 +73,17 @@ class Authenticator {
|
|||
(`http://${host}:${port}/embark?token=${this.authToken}`.underline)));
|
||||
});
|
||||
|
||||
this.events.setCommandHandler('authenticator:authorize', (req, cb) => {
|
||||
let hash = self.generateRequestHash(req);
|
||||
if(hash !== req.headers['x-embark-request-hash']) {
|
||||
return cb(ERROR_OBJ);
|
||||
this.events.setCommandHandler('authenticator:authorize', (req, res, cb) => {
|
||||
let authenticated = false;
|
||||
if(!res.send) {
|
||||
authenticated = (this.authToken === req.protocol);
|
||||
} else {
|
||||
let hash = self.generateRequestHash(req);
|
||||
authenticated = (hash === req.headers['x-embark-request-hash']);
|
||||
}
|
||||
cb();
|
||||
|
||||
if(authenticated) return cb();
|
||||
cb(ERROR_OBJ);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
@ -161,9 +161,8 @@ class Server {
|
|||
('http://' + canonicalHost(this.hostname) + ':' + this.port).bold.underline.green;
|
||||
}
|
||||
|
||||
applyAPIFunction (cb, req, res) {
|
||||
const authToken = (!res.send) ? req.protocol : req.headers.authorization;
|
||||
this.events.request('authenticator:authorize', authToken, (err) => {
|
||||
applyAPIFunction(cb, req, res) {
|
||||
this.events.request('authenticator:authorize', req, res, (err) => {
|
||||
if (err) {
|
||||
const send = res.send ? res.send.bind(res) : req.send.bind(req); // WS only has the first params
|
||||
return send(err);
|
||||
|
|
Loading…
Reference in New Issue