From 53bc4d945a134e20d3957ba71cf2495525f85b03 Mon Sep 17 00:00:00 2001 From: Andre Medeiros Date: Wed, 17 Oct 2018 12:26:53 -0400 Subject: [PATCH] Change back how auth works for websockets. As it turns out, a websocket request doesn't contain some of the hashable properties in order to be validated. Because of that, we'll still use tokens here until we find a better way to do it. --- lib/modules/authenticator/index.js | 15 ++++++++++----- lib/modules/webserver/server.js | 5 ++--- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/lib/modules/authenticator/index.js b/lib/modules/authenticator/index.js index 0786174d..44046625 100644 --- a/lib/modules/authenticator/index.js +++ b/lib/modules/authenticator/index.js @@ -73,12 +73,17 @@ class Authenticator { (`http://${host}:${port}/embark?token=${this.authToken}`.underline))); }); - this.events.setCommandHandler('authenticator:authorize', (req, cb) => { - let hash = self.generateRequestHash(req); - if(hash !== req.headers['x-embark-request-hash']) { - return cb(ERROR_OBJ); + this.events.setCommandHandler('authenticator:authorize', (req, res, cb) => { + let authenticated = false; + if(!res.send) { + authenticated = (this.authToken === req.protocol); + } else { + let hash = self.generateRequestHash(req); + authenticated = (hash === req.headers['x-embark-request-hash']); } - cb(); + + if(authenticated) return cb(); + cb(ERROR_OBJ); }); } } diff --git a/lib/modules/webserver/server.js b/lib/modules/webserver/server.js index 2ec69af0..9d1d72cf 100644 --- a/lib/modules/webserver/server.js +++ b/lib/modules/webserver/server.js @@ -161,9 +161,8 @@ class Server { ('http://' + canonicalHost(this.hostname) + ':' + this.port).bold.underline.green; } - applyAPIFunction (cb, req, res) { - const authToken = (!res.send) ? req.protocol : req.headers.authorization; - this.events.request('authenticator:authorize', authToken, (err) => { + applyAPIFunction(cb, req, res) { + this.events.request('authenticator:authorize', req, res, (err) => { if (err) { const send = res.send ? res.send.bind(res) : req.send.bind(req); // WS only has the first params return send(err);