mirror of
https://github.com/penpot/penpot.git
synced 2025-01-24 15:39:50 -05:00
🐛 Reject anonymous user on websocket connections.
This commit is contained in:
Andrey Antukh
parent
2588260f6c
commit
8fb70e9f8d
2 changed files with 13 additions and 15 deletions
|
|
@ -2,26 +2,22 @@
|
|||
;; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;;
|
||||
;; This Source Code Form is "Incompatible With Secondary Licenses", as
|
||||
;; defined by the Mozilla Public License, v. 2.0.
|
||||
;;
|
||||
;; Copyright (c) 2020 UXBOX Labs SL
|
||||
|
||||
(ns uxbox.http.ws
|
||||
"Web Socket handlers"
|
||||
(:require
|
||||
[clojure.core.async :as a]
|
||||
[clojure.spec.alpha :as s]
|
||||
[clojure.tools.logging :as log]
|
||||
[ring.adapter.jetty9 :as jetty]
|
||||
[ring.middleware.cookies :refer [wrap-cookies]]
|
||||
[ring.middleware.keyword-params :refer [wrap-keyword-params]]
|
||||
[ring.middleware.params :refer [wrap-params]]
|
||||
[uxbox.http.session :refer [wrap-auth]]
|
||||
[clojure.tools.logging :as log]
|
||||
[clojure.spec.alpha :as s]
|
||||
[promesa.core :as p]
|
||||
[ring.adapter.jetty9 :as jetty]
|
||||
[uxbox.common.exceptions :as ex]
|
||||
[uxbox.common.uuid :as uuid]
|
||||
[uxbox.common.spec :as us]
|
||||
[uxbox.redis :as redis]
|
||||
[ring.util.codec :as codec]
|
||||
[uxbox.util.transit :as t]
|
||||
[uxbox.http.session :refer [wrap-auth]]
|
||||
[uxbox.services.notifications :as nf]))
|
||||
|
||||
(s/def ::file-id ::us/uuid)
|
||||
|
|
@ -30,10 +26,12 @@
|
|||
(s/keys :req-un [::file-id ::session-id]))
|
||||
|
||||
(defn websocket
|
||||
[req]
|
||||
[{:keys [profile-id] :as req}]
|
||||
(let [params (us/conform ::websocket-params (:params req))
|
||||
params (assoc params :profile-id (:profile-id req))]
|
||||
(nf/websocket params)))
|
||||
params (assoc params :profile-id profile-id)]
|
||||
(if profile-id
|
||||
(nf/websocket params)
|
||||
{:error {:code 403 :message "Authentication required"}})))
|
||||
|
||||
(def handler
|
||||
(-> websocket
|
||||
|
|
|
|||
|
|
@ -203,7 +203,7 @@
|
|||
:help "A total number of messages handled by the notifications service."}))
|
||||
|
||||
(defn websocket
|
||||
[{:keys [file-id] :as params}]
|
||||
[{:keys [file-id profile-id] :as params}]
|
||||
(let [in (a/chan 32)
|
||||
out (a/chan 32)]
|
||||
{:on-connect (fn [conn]
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue