Fixed server security issues.
Håvar Aambø Fosstveit
parent
6596deda2a
commit
1be82b45d8
|
|
@ -9,12 +9,15 @@
|
|||
"dependencies": {
|
||||
"awaitqueue": "^1.0.0",
|
||||
"base-64": "^0.1.0",
|
||||
"body-parser": "^1.19.0",
|
||||
"colors": "^1.4.0",
|
||||
"compression": "^1.7.4",
|
||||
"cookie-parser": "^1.4.4",
|
||||
"debug": "^4.1.1",
|
||||
"express": "^4.17.1",
|
||||
"express-session": "^1.17.0",
|
||||
"express-socket.io-session": "^1.3.5",
|
||||
"helmet": "^3.21.2",
|
||||
"mediasoup": "^3.0.12",
|
||||
"openid-client": "^3.7.3",
|
||||
"passport": "^0.4.0",
|
||||
|
|
|
|||
|
|
@ -7,12 +7,15 @@ const fs = require('fs');
|
|||
const http = require('http');
|
||||
const spdy = require('spdy');
|
||||
const express = require('express');
|
||||
const bodyParser = require('body-parser');
|
||||
const cookieParser = require('cookie-parser');
|
||||
const compression = require('compression');
|
||||
const mediasoup = require('mediasoup');
|
||||
const AwaitQueue = require('awaitqueue');
|
||||
const Logger = require('./lib/Logger');
|
||||
const Room = require('./lib/Room');
|
||||
const base64 = require('base-64');
|
||||
const helmet = require('helmet');
|
||||
// auth
|
||||
const passport = require('passport');
|
||||
const { Issuer, Strategy } = require('openid-client');
|
||||
|
|
@ -49,20 +52,24 @@ const tls =
|
|||
|
||||
const app = express();
|
||||
|
||||
app.use(helmet.hsts());
|
||||
|
||||
app.use(cookieParser());
|
||||
app.use(bodyParser.json());
|
||||
app.use(bodyParser.urlencoded({ extended: true }));
|
||||
|
||||
const session = expressSession({
|
||||
secret : config.cookieSecret,
|
||||
resave : true,
|
||||
saveUninitialized : true,
|
||||
cookie : { secure: true }
|
||||
cookie : {
|
||||
secure : true,
|
||||
httpOnly : true
|
||||
}
|
||||
});
|
||||
|
||||
app.use(session);
|
||||
|
||||
let httpsServer;
|
||||
let io;
|
||||
let oidcClient;
|
||||
let oidcStrategy;
|
||||
|
||||
passport.serializeUser((user, done) =>
|
||||
{
|
||||
done(null, user);
|
||||
|
|
@ -73,6 +80,11 @@ passport.deserializeUser((user, done) =>
|
|||
done(null, user);
|
||||
});
|
||||
|
||||
let httpsServer;
|
||||
let io;
|
||||
let oidcClient;
|
||||
let oidcStrategy;
|
||||
|
||||
const auth = config.auth;
|
||||
|
||||
async function run()
|
||||
|
|
@ -261,7 +273,11 @@ async function setupAuth(oidcIssuer)
|
|||
|
||||
room.peerAuthenticated(state.peerId);
|
||||
|
||||
io.sockets.socket(state.id).emit('notification',
|
||||
const socket = io.sockets.socket(state.id);
|
||||
|
||||
if (socket)
|
||||
{
|
||||
socket.emit('notification',
|
||||
{
|
||||
method : 'auth',
|
||||
data :
|
||||
|
|
@ -270,6 +286,7 @@ async function setupAuth(oidcIssuer)
|
|||
picture : photo
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
res.send('');
|
||||
}
|
||||
|
|
@ -335,6 +352,8 @@ async function runWebSocketServer()
|
|||
{
|
||||
const { roomId, peerId } = socket.handshake.query;
|
||||
|
||||
logger.info('socket.io "connection" | [session:"%o"]', socket.handshake.session);
|
||||
|
||||
if (!roomId || !peerId)
|
||||
{
|
||||
logger.warn('connection request without roomId and/or peerId');
|
||||
|
|
|
|||
Loading…
Reference in New Issue