Add auth awareness to comms channel

2023-10-10 13:36:53 +02:00 · 2014-11-12 13:21:59 +00:00 · 2014-11-12 13:21:59 +00:00 · 74e1ef0823
commit 74e1ef0823
parent 982997c3df
2 changed files with 51 additions and 8 deletions
--- a/public/red/comms.js
+++ b/public/red/comms.js
@ -29,6 +29,10 @@ RED.comms = (function() {
                errornotification.close();
                errornotification = null;
            }
+            var auth_tokens = RED.settings.get("auth-tokens");
+            if (auth_tokens) {
+                ws.send(JSON.stringify({auth:auth_tokens.access_token}));
+            }
            for (var t in subscriptions) {
                if (subscriptions.hasOwnProperty(t)) {
                    ws.send(JSON.stringify({subscribe:t}));
--- a/red/comms.js
+++ b/red/comms.js
@ -14,6 +14,8 @@
 * limitations under the License.
 **/

+var tokens = require("./api/auth/tokens");
+
 var ws = require("ws");
 var log = require("./log");

@ -21,6 +23,7 @@ var server;
 var settings;

 var wsServer;
+var pendingConnections = [];
 var activeConnections = [];

 var retained = {};
@ -43,13 +46,17 @@ function start() {
        wsServer = new ws.Server({server:server,path:path});
        
        wsServer.on('connection',function(ws) {
-            activeConnections.push(ws);
+            var pendingAuth = (settings.httpAdminAuth != null);
+            if (!pendingAuth) {
+                activeConnections.push(ws);
+            } else {
+                pendingConnections.push(ws);
+            }
            ws.on('close',function() {
-                for (var i=0;i<activeConnections.length;i++) {
-                    if (activeConnections[i] === ws) {
-                        activeConnections.splice(i,1);
-                        break;
-                    }
+                if (!pendingAuth) {
+                    removeActiveConnection(ws);
+                } else {
+                    removePendingConnection(ws);
                }
            });
            ws.on('message', function(data,flags) {
@ -60,8 +67,24 @@ function start() {
                    log.warn("comms received malformed message : "+err.toString());
                    return;
                }
-                if (msg.subscribe) {
-                    handleRemoteSubscription(ws,msg.subscribe);
+                if (!pendingAuth) {
+                    if (msg.subscribe) {
+                        handleRemoteSubscription(ws,msg.subscribe);
+                    }
+                } else {
+                    if (msg.auth) {
+                        tokens.get(msg.auth).then(function(client) {
+                            if (!client) {
+                                ws.close();
+                            } else {
+                                pendingAuth = false;
+                                removePendingConnection(ws);
+                                activeConnections.push(ws);
+                            }
+                        });
+                    } else {
+                        ws.close();
+                    }
                }
            });
            ws.on('error', function(err) {
@ -123,6 +146,22 @@ function handleRemoteSubscription(ws,topic) {
    }
 }

+function removeActiveConnection(ws) {
+    for (var i=0;i<activeConnections.length;i++) {
+        if (activeConnections[i] === ws) {
+            activeConnections.splice(i,1);
+            break;
+        }
+    }
+}
+function removePendingConnection(ws) {
+    for (var i=0;i<pendingConnections.length;i++) {
+        if (pendingConnections[i] === ws) {
+            pendingConnections.splice(i,1);
+            break;
+        }
+    }
+}

 module.exports = {
    init:init,