shockrah/freechat
shockrah/freechat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Fixed authentication parameter parsing for both users and servers

Browse Source 
* Jwt is now given over the query string as many websocket libraries make
it hard to pass header parameters
Parsing these values should also work fine but we'll see in time
This commit is contained in:
shockrah 2021-04-09 18:59:10 -07:00
parent 7eb81f38f2
commit 5df5329b6c
2 changed files with 19 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
rtc-server/auth.js
View File

@ -1,5 +1,8 @@
const jsonwebtoken = require('jsonwebtoken') const jsonwebtoken = require('jsonwebtoken')
const fs = require('fs') const fs = require('fs')
const IncomingMessage = require('http').IncomingMessage
const url = require('url')
const query = require('querystring')
const SERVER_HMAC = fs.readFileSync('wss-hmac.secret') const SERVER_HMAC = fs.readFileSync('wss-hmac.secret')
const USER_HMAC = fs.readFileSync('hmac.secret') const USER_HMAC = fs.readFileSync('hmac.secret')
@ -12,7 +15,6 @@ exports.verify = function(token) {
* @returns 'server' on server connection * @returns 'server' on server connection
* @retusn false on failure * @retusn false on failure
*/ */
console.log('given token: ', token)
const vconfig = { const vconfig = {
clockTolerance: 3, clockTolerance: 3,
} }
@ -30,6 +32,9 @@ exports.verify = function(token) {
} }
/**
* @param {IncomingMessage} req
*/
exports.prepare_auth = function(req) { exports.prepare_auth = function(req) {
// NOTE: Why? because setting headers from the server is completely undocumented and I've ran // NOTE: Why? because setting headers from the server is completely undocumented and I've ran
// through basically every library under the sun I literally con't be fucked to // through basically every library under the sun I literally con't be fucked to
@ -37,16 +42,13 @@ exports.prepare_auth = function(req) {
// Typical User connections are setup with authentication in the headers // Typical User connections are setup with authentication in the headers
// Requested channel is the path // Requested channel is the path
let header_auth = req.headers['authentication'] || req.headers['jwt'] const full = url.parse(req.url)
if(!header_auth) { const path = full.pathname
let path = req.url const jwt = query.parse(full.query)['jwt']
let uri = '/jwt/'
if(req.url.startsWith(uri)) { if(!path || !jwt) {
let jwt = req.url.slice(uri.length) return [null, null]
return [jwt,null] } else {
} return [jwt, path]
}
else {
return [header_auth, req.url]
} }
} }

16
rtc-server/main.js
View File

@ -7,8 +7,8 @@ const server = new ws.Server({
}) })
server.on('connection', function(socket, req) { server.on('connection', function(socket, req) {
let [jwt, path] = auth.prepare_auth(req) const [jwt, path] = auth.prepare_auth(req)
let conn = auth.verify(jwt) const conn = auth.verify(jwt)
if(conn == 'server') { if(conn == 'server') {
console.log('[WSS] New server connection') console.log('[WSS] New server connection')
@ -26,16 +26,10 @@ server.on('connection', function(socket, req) {
}) })
} else if(conn == 'user') { } else if(conn == 'user') {
socket.on('message', function(message) { console.log('[WSS] New user connection')
// some kind of parsing here socket.on('close', function() {
// no actual emitting to all users console.log('[WSS] User connection closed')
server.clients.forEach(client => {
if (client !== socket && client.readyState === ws.OPEN) {
client.send(message)
}
})
}) })
} else { } else {
console.log('[WSS] No valid auth', conn) console.log('[WSS] No valid auth', conn)
socket.close() socket.close()