dani
/
vroom
mirror of https://github.com/dani/vroom.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix signalmaster crash if vroomsession isn't found

Browse Source
master
Daniel Berteaud 10 years ago
parent 22ab05ee98
commit ccc26fb7fb
1 changed files with 22 additions and 18 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 40
      signalmaster/server.js

40
signalmaster/server.js
Unescape View File

@ -66,27 +66,31 @@ io.configure(function(){
console.log('Cookie vroomsession not found, access unauthorized'); console.log('Cookie vroomsession not found, access unauthorized');
accept('vroomsession cookie not found', false); accept('vroomsession cookie not found', false);
} }
// vroomsession is base64(user:room:token) so let's decode this ! else{
session = new Buffer(session, encoding='base64'); // vroomsession is base64(user:room:token) so let's decode this !
var tab = session.toString().split(':'); session = new Buffer(session, encoding='base64');
var user = tab[0], var tab = session.toString().split(':');
room = tab[1], var user = tab[0],
token = tab[2]; room = tab[1],
// sanitize user input, we don't want to pass random junk to MySQL do we ? token = tab[2];
if (!user.match(/^[\w\@\.\-]{1,40}$/i) || !room.match(/^[\w\-]{1,50}$/) || !token.match(/^[a-zA-Z0-9]{50}$/)){ // sanitize user input, we don't want to pass random junk to MySQL do we ?
console.log('Forbidden chars found in either participant session, room name or token, sorry, cannot allow this'); if (!user.match(/^[\w\@\.\-]{1,40}$/i) || !room.match(/^[\w\-]{1,50}$/) || !token.match(/^[a-zA-Z0-9]{50}$/)){
accept('Forbidden characters found', false); console.log('Forbidden chars found in either participant session, room name or token, sorry, cannot allow this');
} accept('Forbidden characters found', false);
// Ok, now check if this user has joined the room (with the correct token) through vroom frontend
checkRoom(room,token,user, function(res){
if (res){
accept(null, true);
} }
else{ else{
console.log('User' + user + ' is not allowed to join room ' + room + ' with token ' + tohen); // Ok, now check if this user has joined the room (with the correct token) through vroom frontend
accept('not allowed', false); checkRoom(room,token,user, function(res){
if (res){
accept(null, true);
}
else{
console.log('User' + user + ' is not allowed to join room ' + room + ' with token ' + tohen);
accept('not allowed', false);
}
});
} }
}); }
} }
else{ else{
accept('No cookie found', false); accept('No cookie found', false);

Write Preview
Loading…
Cancel
Save