SocketIO: Auth: added auth by share key

2023-05-12 14:57:00 +03:00 · 2023-05-12 14:57:00 +03:00 · 3232c28744
commit 3232c28744
parent 68fb080be8
2 changed files with 71 additions and 35 deletions
--- a/common/ASC.Socket.IO/app/middleware/auth.js
+++ b/common/ASC.Socket.IO/app/middleware/auth.js
@ -9,9 +9,10 @@ module.exports = (socket, next) => {

  const cookie = req?.cookies?.authorization || req?.cookies?.asc_auth_key;
  const token = req?.headers?.authorization;
+  const share = socket.handshake.query?.share;

-  if (!cookie && !token) {
-    const err = new Error("Authentication error (not token or cookie)");
+  if (!cookie && !token && !share) {
+    const err = new Error("Authentication error (not token or cookie or share key)");
    logger.error(err);
    socket.disconnect("unauthorized");
    next(err);
@ -31,45 +32,79 @@ module.exports = (socket, next) => {
    return;
  }

-  let headers;
-  if (cookie)
-    headers = {
-      Authorization: cookie,
+  const basePath = portalManager(req)?.replace(/\/$/g, "");
+  let headers = {};
+
+  if (cookie) {
+    headers.Authorization = cookie;
+
+    logger.info(`API basePath='${basePath}' Authorization='${cookie}'`);
+
+    const getUser = () => {
+      return request({
+        method: "get",
+        url: "/people/@self.json?fields=id,userName,displayName",
+        headers,
+        basePath,
+      });
    };

-  const basePath = portalManager(req)?.replace(/\/$/g, "");
+    const getPortal = () => {
+      return request({
+        method: "get",
+        url: "/portal.json?fields=tenantId,tenantDomain",
+        headers,
+        basePath,
+      });
+    };

-  logger.info(`API basePath='${basePath}' Authorization='${cookie}'`);
+    return Promise.all([getUser(), getPortal()])
+      .then(([user, portal]) => {
+        logger.info("Get account info", { user, portal });
+        session.user = user;
+        session.portal = portal;
+        session.save();
+        next();
+      })
+      .catch((err) => {
+        logger.error("Error of getting account info", err);
+        socket.disconnect("Unauthorized");
+        next(err);
+      });
+  }

-  const getUser = () => {
+  if (share) {
+    if (req?.cookies) {
+      const pairs = Object.entries(req.cookies).map(([key, value]) => `${key}=${value}`);
+
+      if (pairs.length > 0) {
+        let cookie = pairs.join(';');
+        cookie += ';';
+        headers.Cookie = cookie;
+      }
+    }
+    
    return request({
      method: "get",
-      url: "/people/@self.json?fields=id,userName,displayName",
+      url: `/files/share/${share}`,
      headers,
      basePath,
-    });
-  };
-
-  const getPortal = () => {
-    return request({
-      method: "get",
-      url: "/portal.json?fields=tenantId,tenantDomain",
-      headers,
-      basePath,
-    });
-  };
-
-  return Promise.all([getUser(), getPortal()])
-    .then(([user, portal]) => {
-      logger.info("Get account info", { user, portal });
-      session.user = user;
-      session.portal = portal;
-      session.save();
-      next();
-    })
-    .catch((err) => {
-      logger.error("Error of getting account info", err);
+    }).then(validation => {
+      if (validation.status !== 0) {
+        const err = new Error("Invalid share key");
+        logger.error("Share key validation failure:", err);
+        next(err);
+      } else {
+        logger.info(`Share key validation successful: key=${share}`)
+        session.anonymous = true;
+        session.portal = { tenantId: validation.tenantId }
+        session.save();
+        next();
+      }
+    }).catch(err => {
+      logger.error(err);
      socket.disconnect("Unauthorized");
      next(err);
-    });
-};
+    })
+  }
+};
--- a/common/ASC.Socket.IO/server.js
+++ b/common/ASC.Socket.IO/server.js
@ -66,7 +66,8 @@ const options = {
    const token =
      req?.headers?.authorization ||
      req?.cookies?.authorization ||
-      req?.cookies?.asc_auth_key;
+      req?.cookies?.asc_auth_key ||
+      req?._query?.share;

    if (!token) {
      winston.info(`not allowed request: empty token`);