Floby · March 9, 2011 21:59
diff --git a/gistfile1.txt b/gistfile1.txt
 then in client code, a JS var is exposed with the passed in token
 and the first thing it does upon connection si sending the token
diff --git a/routes.js b/routes.js
 // the part where I send my token is deeply nested in my code
 // so it's useless to paste it here
 // however it can be summed up to something like this


 app.get('/withSocket', function(req, res, next) {
  var tok = tokens.createToken();
  tokens.addToken(tok, req.sessionId, 30);
  res.render({locals: {token: tok}});
 });
diff --git a/socket.js b/socket.js
 // this is not the whole file, so it won't work as is =)

 var tokens = require('tokens');

 /**
 * Checks authentication from a websocket host
 * TODO: apparently it is possible to get the cookies from
 * a websocket or long-polling connection. Better use this and sessionID
 * @param data : message from a "websocket"
 */
 function wsauth(data) {
  console.log('wsauth with token '+data.token);
  console.log(sys.inspect(tokens));
  if (data.type == 'auth') {
    if(tokens[data.token]) {
 	var t = tokens[data.token];
 	console.log('authentication success for '+data.token);
 	console.log('welcome dear '+t.data.nick);
 	this.send({type:'auth', msg:'success', nick:t.data.nick});
 	this.removeListener('message', wsauth);
 	this.on('message', choosecontroller);
 	this.user = t.data;

 	delete tokens[data.token];
    }
    else {
 	this.send({type:'error', msg:'expected authentication'});
 	console.log('authentication failed '+this.sessionId);
    }
  }
 }


 // this is meant to be the 'connection' listener for socket.io
 module.exports = function socketController (client) {
    if(client.request) {
 	cookieDecoder(client.request, null, function(){});
 	client.cookies = client.request.cookies;
    }
    client.on('message', wsauth);
 }
diff --git a/tokens.js b/tokens.js
 /**
 * in progress singleton to manage tokens with timeouts
 */
 var crypto = require('crypto');

 var tokens = {};

 tokens.__proto__ = {
    /**
     * add a token to the list of tokens to live for
     * a certain amount of time.
     * @param token the token to store, ideally this should be created
     *		    with createToken
     * @param data some data to attach to the token, can be anything
     * @param timeout time to live in milliseconds
     */
    addToken: function addToken(token, data, timeout) {
 	if(this[token]) throw (new Error("omfg, hash collision!"));

 	var to = setTimeout(function() {
 	    if (tokens[token]) console.log('token '+ token + ' timed out');
 	    delete tokens[token];
 	}, timeout);
 	this[token] = {
 	    time_set: Date.now(),
 	    timeout_ref: to,
 	    data: data
 	};
    },
    /**
     * create a hopefully unique token (SHA1). don't look at my salt =)
     * @param salt custom salt, optional but recommended
     */
    createToken: function createToken(salt) {
 	var 안 = crypto.createHash('sha1');
 	var 녕 = 안.update('here-be-salt-lol-wut')
 		    .update('and phone ☎')
 		    .update(salt ? salt : "")
 		    .update(Date.now())
 		    .update('나는 임윤아를 사랑해요') // she's the best
 		    .update('LOL KOREAN OMG') // maybe insert sessionID
 		    .digest('base64');
 	
 	return 녕;
    }
 }
 module.exports = tokens;
	then in client code, a JS var is exposed with the passed in token
	and the first thing it does upon connection si sending the token
	// the part where I send my token is deeply nested in my code
	// so it's useless to paste it here
	// however it can be summed up to something like this


	app.get('/withSocket', function(req, res, next) {
	var tok = tokens.createToken();
	tokens.addToken(tok, req.sessionId, 30);
	res.render({locals: {token: tok}});
	});
	// this is not the whole file, so it won't work as is =)

	var tokens = require('tokens');

	/**
	* Checks authentication from a websocket host
	* TODO: apparently it is possible to get the cookies from
	* a websocket or long-polling connection. Better use this and sessionID
	* @param data : message from a "websocket"
	*/
	function wsauth(data) {
	console.log('wsauth with token '+data.token);
	console.log(sys.inspect(tokens));
	if (data.type == 'auth') {
	if(tokens[data.token]) {
	var t = tokens[data.token];
	console.log('authentication success for '+data.token);
	console.log('welcome dear '+t.data.nick);
	this.send({type:'auth', msg:'success', nick:t.data.nick});
	this.removeListener('message', wsauth);
	this.on('message', choosecontroller);
	this.user = t.data;

	delete tokens[data.token];
	}
	else {
	this.send({type:'error', msg:'expected authentication'});
	console.log('authentication failed '+this.sessionId);
	}
	}
	}


	// this is meant to be the 'connection' listener for socket.io
	module.exports = function socketController (client) {
	if(client.request) {
	cookieDecoder(client.request, null, function(){});
	client.cookies = client.request.cookies;
	}
	client.on('message', wsauth);
	}
	/**
	* in progress singleton to manage tokens with timeouts
	*/
	var crypto = require('crypto');

	var tokens = {};

	tokens.__proto__ = {
	/**
	* add a token to the list of tokens to live for
	* a certain amount of time.
	* @param token the token to store, ideally this should be created
	* with createToken
	* @param data some data to attach to the token, can be anything
	* @param timeout time to live in milliseconds
	*/
	addToken: function addToken(token, data, timeout) {
	if(this[token]) throw (new Error("omfg, hash collision!"));

	var to = setTimeout(function() {
	if (tokens[token]) console.log('token '+ token + ' timed out');
	delete tokens[token];
	}, timeout);
	this[token] = {
	time_set: Date.now(),
	timeout_ref: to,
	data: data
	};
	},
	/**
	* create a hopefully unique token (SHA1). don't look at my salt =)
	* @param salt custom salt, optional but recommended
	*/
	createToken: function createToken(salt) {
	var 안 = crypto.createHash('sha1');
	var 녕 = 안.update('here-be-salt-lol-wut')
	.update('and phone ☎')
	.update(salt ? salt : "")
	.update(Date.now())
	.update('나는 임윤아를 사랑해요') // she's the best
	.update('LOL KOREAN OMG') // maybe insert sessionID
	.digest('base64');

	return 녕;
	}
	}
	module.exports = tokens;