mirror of
https://github.com/zadam/trilium.git
synced 2025-03-13 08:22:48 +08:00
websocket requires logged in session in upgrade request
This commit is contained in:
azivner
parent
5f3a11af47
commit
ff3f14c3e2
3 changed files with 28 additions and 9 deletions
13
app.js
13
app.js
|
|
@ -9,7 +9,6 @@ const session = require('express-session');
|
|||
const FileStore = require('session-file-store')(session);
|
||||
const os = require('os');
|
||||
const sessionSecret = require('./services/session_secret');
|
||||
const utils = require('./services/utils');
|
||||
|
||||
require('./services/ping_job');
|
||||
|
||||
|
|
@ -30,12 +29,12 @@ app.use(bodyParser.json({limit: '50mb'}));
|
|||
app.use(bodyParser.urlencoded({extended: false}));
|
||||
app.use(cookieParser());
|
||||
app.use(express.static(path.join(__dirname, 'public')));
|
||||
app.use(session({
|
||||
const sessionParser = session({
|
||||
secret: sessionSecret,
|
||||
resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.
|
||||
saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.
|
||||
cookie: {
|
||||
// path: "/",
|
||||
// path: "/",
|
||||
httpOnly: true,
|
||||
maxAge: 1800000
|
||||
},
|
||||
|
|
@ -43,7 +42,8 @@ app.use(session({
|
|||
ttl: 30 * 24 * 3600,
|
||||
path: os.tmpdir() + '/trilium-sessions'
|
||||
})
|
||||
}));
|
||||
});
|
||||
app.use(sessionParser);
|
||||
|
||||
app.use(favicon(__dirname + '/public/images/app-icons/win/icon.ico'));
|
||||
|
||||
|
|
@ -72,4 +72,7 @@ require('./services/sync');
|
|||
// triggers backup timer
|
||||
require('./services/backup');
|
||||
|
||||
module.exports = app;
|
||||
module.exports = {
|
||||
app,
|
||||
sessionParser
|
||||
};
|
||||
4
bin/www
4
bin/www
|
|
@ -8,7 +8,7 @@ process.on('unhandledRejection', error => {
|
|||
require('../services/log').info(error);
|
||||
});
|
||||
|
||||
const app = require('../app');
|
||||
const { app, sessionParser } = require('../app');
|
||||
const debug = require('debug')('node:server');
|
||||
const fs = require('fs');
|
||||
const http = require('http');
|
||||
|
|
@ -53,7 +53,7 @@ httpServer.listen(port);
|
|||
httpServer.on('error', onError);
|
||||
httpServer.on('listening', onListening);
|
||||
|
||||
messaging.init(httpServer);
|
||||
messaging.init(httpServer, sessionParser);
|
||||
|
||||
if (utils.isElectron()) {
|
||||
const electronRouting = require('../routes/electron');
|
||||
|
|
|
|||
|
|
@ -1,9 +1,25 @@
|
|||
const WebSocket = require('ws');
|
||||
const utils = require('./utils');
|
||||
const log = require('./log');
|
||||
|
||||
let webSocketServer;
|
||||
|
||||
function init(httpServer) {
|
||||
webSocketServer = new WebSocket.Server({server: httpServer});
|
||||
function init(httpServer, sessionParser) {
|
||||
webSocketServer = new WebSocket.Server({
|
||||
verifyClient: (info, done) => {
|
||||
sessionParser(info.req, {}, () => {
|
||||
const allowed = utils.isElectron() || info.req.session.loggedIn;
|
||||
|
||||
if (!allowed) {
|
||||
log.error("WebSocket connection not allowed because session is neither electron nor logged in.");
|
||||
}
|
||||
|
||||
done(allowed)
|
||||
});
|
||||
},
|
||||
server: httpServer
|
||||
});
|
||||
|
||||
webSocketServer.on('connection', function connection(ws, req) {
|
||||
console.log("websocket client connected");
|
||||
});
|
||||
|
|
|
|||
Loading…
Reference in a new issue