Fix signalmaster crash if vroomsession isn't found

master
Daniel Berteaud 10 years ago
parent 22ab05ee98
commit ccc26fb7fb
  1. 40
      signalmaster/server.js

@ -66,27 +66,31 @@ io.configure(function(){
console.log('Cookie vroomsession not found, access unauthorized'); console.log('Cookie vroomsession not found, access unauthorized');
accept('vroomsession cookie not found', false); accept('vroomsession cookie not found', false);
} }
// vroomsession is base64(user:room:token) so let's decode this ! else{
session = new Buffer(session, encoding='base64'); // vroomsession is base64(user:room:token) so let's decode this !
var tab = session.toString().split(':'); session = new Buffer(session, encoding='base64');
var user = tab[0], var tab = session.toString().split(':');
room = tab[1], var user = tab[0],
token = tab[2]; room = tab[1],
// sanitize user input, we don't want to pass random junk to MySQL do we ? token = tab[2];
if (!user.match(/^[\w\@\.\-]{1,40}$/i) || !room.match(/^[\w\-]{1,50}$/) || !token.match(/^[a-zA-Z0-9]{50}$/)){ // sanitize user input, we don't want to pass random junk to MySQL do we ?
console.log('Forbidden chars found in either participant session, room name or token, sorry, cannot allow this'); if (!user.match(/^[\w\@\.\-]{1,40}$/i) || !room.match(/^[\w\-]{1,50}$/) || !token.match(/^[a-zA-Z0-9]{50}$/)){
accept('Forbidden characters found', false); console.log('Forbidden chars found in either participant session, room name or token, sorry, cannot allow this');
} accept('Forbidden characters found', false);
// Ok, now check if this user has joined the room (with the correct token) through vroom frontend
checkRoom(room,token,user, function(res){
if (res){
accept(null, true);
} }
else{ else{
console.log('User' + user + ' is not allowed to join room ' + room + ' with token ' + tohen); // Ok, now check if this user has joined the room (with the correct token) through vroom frontend
accept('not allowed', false); checkRoom(room,token,user, function(res){
if (res){
accept(null, true);
}
else{
console.log('User' + user + ' is not allowed to join room ' + room + ' with token ' + tohen);
accept('not allowed', false);
}
});
} }
}); }
} }
else{ else{
accept('No cookie found', false); accept('No cookie found', false);

Loading…
Cancel
Save