diff --git a/realtime/index.js b/realtime/index.js index a0990f7094..bebf3cba1c 100644 --- a/realtime/index.js +++ b/realtime/index.js @@ -1,4 +1,3 @@ -const cookie = require("cookie"); const request = require("superagent"); const { Server } = require("socket.io"); @@ -7,6 +6,8 @@ const conf = get_conf(); const log = console.log; // eslint-disable-line const subscriber = get_redis_subscriber(); +const { get_hostname, get_url } = require("./utils"); + const io = new Server(conf.socketio_port, { cors: { // Should be fine since we are ensuring whether hostname and origin are same before adding setting listeners for s socket @@ -15,43 +16,11 @@ const io = new Server(conf.socketio_port, { }, }); -io.use((socket, next) => { - if (get_hostname(socket.request.headers.host) != get_hostname(socket.request.headers.origin)) { - next(new Error("Invalid origin")); - return; - } +// load and register middlewares +const authenticate = require("./middlewares/authenticate"); +io.use(authenticate); - if (!socket.request.headers.cookie) { - next(new Error("No cookie transmitted.")); - return; - } - - let cookies = cookie.parse(socket.request.headers.cookie); - - if (!cookies.sid) { - next(new Error("No sid transmitted.")); - return; - } - - request - .get(get_url(socket, "/api/method/frappe.realtime.get_user_info")) - .type("form") - .query({ - sid: cookies.sid, - }) - .then((res) => { - socket.user = res.body.message.user; - socket.user_type = res.body.message.user_type; - socket.sid = cookies.sid; - socket.subscribed_documents = []; - next(); - }) - .catch((e) => { - next(new Error(`Unauthorized: ${e}`)); - }); -}); - -// on socket connection +// load and register handler io.on("connection", function (socket) { socket.join(get_user_room(socket, socket.user)); socket.join(get_website_room(socket)); @@ -206,21 +175,6 @@ function get_site_name(socket) { return socket.site_name; } -function get_hostname(url) { - if (!url) return undefined; - if (url.indexOf("://") > -1) { - url = url.split("/")[2]; - } - return url.match(/:/g) ? url.slice(0, url.indexOf(":")) : url; -} - -function get_url(socket, path) { - if (!path) { - path = ""; - } - return socket.request.headers.origin + path; -} - function can_subscribe_doc(args) { if (!args) return; if (!args.doctype || !args.docname) return; diff --git a/realtime/middlewares/authenticate.js b/realtime/middlewares/authenticate.js new file mode 100644 index 0000000000..b18af4fecf --- /dev/null +++ b/realtime/middlewares/authenticate.js @@ -0,0 +1,41 @@ +const cookie = require("cookie"); +const request = require("superagent"); +const { get_hostname, get_url } = require("../utils"); + +function authenticate_with_frappe(socket, next) { + if (get_hostname(socket.request.headers.host) != get_hostname(socket.request.headers.origin)) { + next(new Error("Invalid origin")); + return; + } + + if (!socket.request.headers.cookie) { + next(new Error("No cookie transmitted.")); + return; + } + + let cookies = cookie.parse(socket.request.headers.cookie); + + if (!cookies.sid) { + next(new Error("No sid transmitted.")); + return; + } + + request + .get(get_url(socket, "/api/method/frappe.realtime.get_user_info")) + .type("form") + .query({ + sid: cookies.sid, + }) + .then((res) => { + socket.user = res.body.message.user; + socket.user_type = res.body.message.user_type; + socket.sid = cookies.sid; + socket.subscribed_documents = []; + next(); + }) + .catch((e) => { + next(new Error(`Unauthorized: ${e}`)); + }); +} + +module.exports = authenticate_with_frappe; diff --git a/realtime/utils.js b/realtime/utils.js new file mode 100644 index 0000000000..74620f3bd1 --- /dev/null +++ b/realtime/utils.js @@ -0,0 +1,19 @@ +function get_hostname(url) { + if (!url) return undefined; + if (url.indexOf("://") > -1) { + url = url.split("/")[2]; + } + return url.match(/:/g) ? url.slice(0, url.indexOf(":")) : url; +} + +function get_url(socket, path) { + if (!path) { + path = ""; + } + return socket.request.headers.origin + path; +} + +module.exports = { + get_url, + get_hostname, +};