Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
io.set('authorization', function (data, accept) {
// http://www.danielbaulig.de/socket-ioexpress/
if (!data.headers.cookie) {
return accept('No cookie transmitted.', false);
}
//data.cookie = cookie.parse(decodeURIComponent(data.headers.cookie));
data.cookie = cookie.parse(data.headers.cookie);
//data.cookie = cookie.parseSignedCookies(data.cookie, config.SESSION_SECRET);
console.log(data.cookie['connect.sid']);
data.sessionID = data.cookie['connect.sid'].substring(2,26);
console.log(data.sessionID);
// save the session store to the data object
// (as required by the Session constructor)
data.sessionStore = sessionStore;
console.log(sessionStore);
sessionStore.get(data.sessionID, function (err, session) {
if (err) {
accept(err, false);
} else if (!session) {
accept('No session', false);
} else {
// create a session object, passing data as request and our
// just acquired session data
var Session = connect.middleware.session.Session;
data.session = new Session(data, session);
var processSession = function(socket, secret) {
try {
var cookie_obj = qs.parse(socket.request.headers.cookie, ';');
// for reasons mysterious the connect.sid key sometimes comes with 1 leading whitespace
var cursor = cookie_obj['connect.sid'] ? cookie_obj['connect.sid'] : cookie_obj[' connect.sid'];
socket.sessionId = cookieParser.signedCookie(cursor, secret);
return true;
}
catch(e) {
log.warn('Warning: connect.sid session cookie not detected. User may have cookies disabled or session cookie has expired');
return false;
}
};
cookieParser(config.sessionSecret)(socket.request, {}, function(err) {
// Get the session id from the request cookies
var sessionId = socket.request.signedCookies['connect.sid'];
// Use the mongoStorage instance to get the Express session information
mongoStore.get(sessionId, function(err, session) {
// Set the Socket.io session information
socket.request.session = session;
// Use Passport to populate the user details
passport.initialize()(socket.request, {}, function() {
passport.session()(socket.request, {}, function() {
if (socket.request.user) {
next(null, true);
} else {
next(new Error('User is not authenticated'), false);
}
});
});
io.set('authorization', function (handshakeData, accept) {
// 通过客户端的cookie字符串来获取其session数据
let ccc = ''
if (handshakeData.headers && handshakeData.headers.cookie) {
ccc = handshakeData.headers.cookie
}
handshakeData.cookie = Cookie.parse(ccc)
let connectSid = parseSignedCookie(handshakeData.cookie['connect.sid'], 'wyq')
if (connectSid) {
storeMemory.get(connectSid, function (error, session) {
if (error) {
// if we cannot grab a session, turn down the connection
accept(error.message, false)
} else {
// save the session data and accept the connection
handshakeData.session = new Session(handshakeData, session)
handshakeData.connect_sid = connectSid
accept(null, true)
}
})
} else {
accept('nosession')
}
})
io.use(function(socket, next){
var handshakeData = socket.request;
if (!handshakeData.headers.cookie) {
return next(new Error('no cookie.'));
}
handshakeData.cookie = cookie.parse(handshakeData.headers.cookie);
var sid = handshakeData.cookie['connect.sid'];
if (!sid) {
return next(new Error('no sid.'));
}
sessionStore.get(sid.split(':')[1].split('.')[0], function(err, session){
if (err) {
return next(err);
}
if (!session) {
return next('no session.');
}
socket.session = session;
next();
});
});
router.post('/add-to-cart/', function (req, res, next) {
//Retrieving item id and qty for secure reasons
var item = req.body;
var cartID = req.cookies['user.id'] || req.cookies['connect.sid'];
//Search for item in store items by ID
Item.findById(item.id, function (err, result) {
if (err) {
return next(err)
}
return result;
}).then(function (result) {
checkForExistingCart(cartID, function (response) {
var cart;
if(response){
console.log("\nCart found. Start working with existing cart. \n");
//Using existing cart
io.set('authorization', function(handshakeData, accept) {
handshakeData.cookie = Cookie.parse(handshakeData.headers.cookie)
var connectSid = handshakeData.cookie['connect.sid']
connectSid = parseSignedCookie(connectSid, 'technode')
if (connectSid) {
sessionStore.get(connectSid, function(error, session) {
if (error) {
accept(error.message, false)
} else {
handshakeData.session = session
accept(null, true)
}
})
} else {
accept('No session')
}
})
signedCookieParser(handshakeData, {}, function(err) {
if (err) {
accept(err, false)
} else {
sessionStore.get(handshakeData.signedCookies['connect.sid'], function(err, session) {
if (err) {
accept(err.message, false)
} else {
handshakeData.session = session
if (session._userId) {
accept(null, true)
} else {
accept('No login')
}
}
})
}
})
})
function (next) {
var sessionId = request.signedCookies['connect.sid']
|| request.signedCookies[nconf.get('socket.io:sessionKey')]
|| '';
if (_.isEmpty(sessionId)) {
winston.error("session id is null");
return callback('[[error: session id is null]]');
}
sessionStore.get(sessionId, function (err, sessionData){
if (err) {
return next(err);
}
if (sessionData) {
request.session = sessionData; //set db session to request.session
//TODO need distinguish user or admin
//winston.info(request.headers);
//winston.info(request.cookie);
} else {