embarklabs
/
embark
mirror of https://github.com/embarklabs/embark.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Change back how auth works for websockets. 

As it turns out, a websocket request doesn't contain some of the
hashable properties in order to be validated. Because of that, we'll
still use tokens here until we find a better way to do it.
This commit is contained in:
Andre Medeiros 2018-10-17 12:26:53 -04:00 committed by Pascal Precht
parent 1c85d898b7
commit 53bc4d945a
No known key found for this signature in database
GPG Key ID: 0EE28D8D6FD85D7D
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/modules/authenticator/index.js
View File

@ -73,12 +73,17 @@ class Authenticator {
(`http://${host}:${port}/embark?token=${this.authToken}`.underline)));
});
this.events.setCommandHandler('authenticator:authorize', (req, cb) => {
this.events.setCommandHandler('authenticator:authorize', (req, res, cb) => {
let authenticated = false;
if(!res.send) {
authenticated = (this.authToken === req.protocol);
} else {
let hash = self.generateRequestHash(req);
if(hash !== req.headers['x-embark-request-hash']) {
return cb(ERROR_OBJ);
authenticated = (hash === req.headers['x-embark-request-hash']);
}
cb();
if(authenticated) return cb();
cb(ERROR_OBJ);
});
}
}

3
lib/modules/webserver/server.js
View File

@ -162,8 +162,7 @@ class Server {
}
applyAPIFunction(cb, req, res) {
const authToken = (!res.send) ? req.protocol : req.headers.authorization;
this.events.request('authenticator:authorize', authToken, (err) => {
this.events.request('authenticator:authorize', req, res, (err) => {
if (err) {
const send = res.send ? res.send.bind(res) : req.send.bind(req); // WS only has the first params
return send(err);