SocketIO: Auth: added auth by share key
This commit is contained in:
parent
68fb080be8
commit
3232c28744
@ -9,9 +9,10 @@ module.exports = (socket, next) => {
|
||||
|
||||
const cookie = req?.cookies?.authorization || req?.cookies?.asc_auth_key;
|
||||
const token = req?.headers?.authorization;
|
||||
const share = socket.handshake.query?.share;
|
||||
|
||||
if (!cookie && !token) {
|
||||
const err = new Error("Authentication error (not token or cookie)");
|
||||
if (!cookie && !token && !share) {
|
||||
const err = new Error("Authentication error (not token or cookie or share key)");
|
||||
logger.error(err);
|
||||
socket.disconnect("unauthorized");
|
||||
next(err);
|
||||
@ -31,45 +32,79 @@ module.exports = (socket, next) => {
|
||||
return;
|
||||
}
|
||||
|
||||
let headers;
|
||||
if (cookie)
|
||||
headers = {
|
||||
Authorization: cookie,
|
||||
const basePath = portalManager(req)?.replace(/\/$/g, "");
|
||||
let headers = {};
|
||||
|
||||
if (cookie) {
|
||||
headers.Authorization = cookie;
|
||||
|
||||
logger.info(`API basePath='${basePath}' Authorization='${cookie}'`);
|
||||
|
||||
const getUser = () => {
|
||||
return request({
|
||||
method: "get",
|
||||
url: "/people/@self.json?fields=id,userName,displayName",
|
||||
headers,
|
||||
basePath,
|
||||
});
|
||||
};
|
||||
|
||||
const basePath = portalManager(req)?.replace(/\/$/g, "");
|
||||
const getPortal = () => {
|
||||
return request({
|
||||
method: "get",
|
||||
url: "/portal.json?fields=tenantId,tenantDomain",
|
||||
headers,
|
||||
basePath,
|
||||
});
|
||||
};
|
||||
|
||||
logger.info(`API basePath='${basePath}' Authorization='${cookie}'`);
|
||||
return Promise.all([getUser(), getPortal()])
|
||||
.then(([user, portal]) => {
|
||||
logger.info("Get account info", { user, portal });
|
||||
session.user = user;
|
||||
session.portal = portal;
|
||||
session.save();
|
||||
next();
|
||||
})
|
||||
.catch((err) => {
|
||||
logger.error("Error of getting account info", err);
|
||||
socket.disconnect("Unauthorized");
|
||||
next(err);
|
||||
});
|
||||
}
|
||||
|
||||
const getUser = () => {
|
||||
if (share) {
|
||||
if (req?.cookies) {
|
||||
const pairs = Object.entries(req.cookies).map(([key, value]) => `${key}=${value}`);
|
||||
|
||||
if (pairs.length > 0) {
|
||||
let cookie = pairs.join(';');
|
||||
cookie += ';';
|
||||
headers.Cookie = cookie;
|
||||
}
|
||||
}
|
||||
|
||||
return request({
|
||||
method: "get",
|
||||
url: "/people/@self.json?fields=id,userName,displayName",
|
||||
url: `/files/share/${share}`,
|
||||
headers,
|
||||
basePath,
|
||||
});
|
||||
};
|
||||
|
||||
const getPortal = () => {
|
||||
return request({
|
||||
method: "get",
|
||||
url: "/portal.json?fields=tenantId,tenantDomain",
|
||||
headers,
|
||||
basePath,
|
||||
});
|
||||
};
|
||||
|
||||
return Promise.all([getUser(), getPortal()])
|
||||
.then(([user, portal]) => {
|
||||
logger.info("Get account info", { user, portal });
|
||||
session.user = user;
|
||||
session.portal = portal;
|
||||
session.save();
|
||||
next();
|
||||
})
|
||||
.catch((err) => {
|
||||
logger.error("Error of getting account info", err);
|
||||
}).then(validation => {
|
||||
if (validation.status !== 0) {
|
||||
const err = new Error("Invalid share key");
|
||||
logger.error("Share key validation failure:", err);
|
||||
next(err);
|
||||
} else {
|
||||
logger.info(`Share key validation successful: key=${share}`)
|
||||
session.anonymous = true;
|
||||
session.portal = { tenantId: validation.tenantId }
|
||||
session.save();
|
||||
next();
|
||||
}
|
||||
}).catch(err => {
|
||||
logger.error(err);
|
||||
socket.disconnect("Unauthorized");
|
||||
next(err);
|
||||
});
|
||||
};
|
||||
})
|
||||
}
|
||||
};
|
@ -66,7 +66,8 @@ const options = {
|
||||
const token =
|
||||
req?.headers?.authorization ||
|
||||
req?.cookies?.authorization ||
|
||||
req?.cookies?.asc_auth_key;
|
||||
req?.cookies?.asc_auth_key ||
|
||||
req?._query?.share;
|
||||
|
||||
if (!token) {
|
||||
winston.info(`not allowed request: empty token`);
|
||||
|
Loading…
Reference in New Issue
Block a user