Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-02-03 12:59:12 -05:00
Code Issues Activity

🐛 Reject anonymous user on websocket connections.

Browse source
This commit is contained in:
Andrey Antukh 2020-05-27 12:43:44 +02:00
parent 2588260f6c
commit 8fb70e9f8d
2 changed files with 13 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
backend/src/uxbox/http/ws.clj
View file

@ -2,26 +2,22 @@
;; License, v. 2.0. If a copy of the MPL was not distributed with this ;; License, v. 2.0. If a copy of the MPL was not distributed with this
;; file, You can obtain one at http://mozilla.org/MPL/2.0/. ;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;; ;;
;; This Source Code Form is "Incompatible With Secondary Licenses", as
;; defined by the Mozilla Public License, v. 2.0.
;;
;; Copyright (c) 2020 UXBOX Labs SL ;; Copyright (c) 2020 UXBOX Labs SL
(ns uxbox.http.ws (ns uxbox.http.ws
"Web Socket handlers" "Web Socket handlers"
(:require (:require
[clojure.core.async :as a] [clojure.spec.alpha :as s]
[clojure.tools.logging :as log]
[ring.adapter.jetty9 :as jetty]
[ring.middleware.cookies :refer [wrap-cookies]] [ring.middleware.cookies :refer [wrap-cookies]]
[ring.middleware.keyword-params :refer [wrap-keyword-params]] [ring.middleware.keyword-params :refer [wrap-keyword-params]]
[ring.middleware.params :refer [wrap-params]] [ring.middleware.params :refer [wrap-params]]
[uxbox.http.session :refer [wrap-auth]]
[clojure.tools.logging :as log]
[clojure.spec.alpha :as s]
[promesa.core :as p]
[ring.adapter.jetty9 :as jetty]
[uxbox.common.exceptions :as ex]
[uxbox.common.uuid :as uuid]
[uxbox.common.spec :as us] [uxbox.common.spec :as us]
[uxbox.redis :as redis] [uxbox.http.session :refer [wrap-auth]]
[ring.util.codec :as codec]
[uxbox.util.transit :as t]
[uxbox.services.notifications :as nf])) [uxbox.services.notifications :as nf]))
(s/def ::file-id ::us/uuid) (s/def ::file-id ::us/uuid)
@ -30,10 +26,12 @@
(s/keys :req-un [::file-id ::session-id])) (s/keys :req-un [::file-id ::session-id]))
(defn websocket (defn websocket
[req] [{:keys [profile-id] :as req}]
(let [params (us/conform ::websocket-params (:params req)) (let [params (us/conform ::websocket-params (:params req))
params (assoc params :profile-id (:profile-id req))] params (assoc params :profile-id profile-id)]
(nf/websocket params))) (if profile-id
(nf/websocket params)
{:error {:code 403 :message "Authentication required"}})))
(def handler (def handler
(-> websocket (-> websocket

2
backend/src/uxbox/services/notifications.clj
View file

@ -203,7 +203,7 @@
:help "A total number of messages handled by the notifications service."})) :help "A total number of messages handled by the notifications service."}))
(defn websocket (defn websocket
[{:keys [file-id] :as params}] [{:keys [file-id profile-id] :as params}]
(let [in (a/chan 32) (let [in (a/chan 32)
out (a/chan 32)] out (a/chan 32)]
{:on-connect (fn [conn] {:on-connect (fn [conn]