From a543c359438b2368010cff352d07148e1136295e Mon Sep 17 00:00:00 2001 From: Sam Frances Date: Fri, 3 Nov 2017 17:23:42 +0000 Subject: [PATCH] Replace token auth examples --- other/js/auth_plugin_examples.js | 129 +++++++++++++------------------ other/js/websockify.js | 8 +- 2 files changed, 57 insertions(+), 80 deletions(-) diff --git a/other/js/auth_plugin_examples.js b/other/js/auth_plugin_examples.js index 64b3ad3..3c6a1c5 100644 --- a/other/js/auth_plugin_examples.js +++ b/other/js/auth_plugin_examples.js @@ -9,101 +9,78 @@ * */ -const querystring = require('querystring'); const fs = require('fs'); -function urlTokenMatch(url, token, verbose=false) { - /** - * Parse the url path, extract the `token` querystring value, and check if - * it matches the token argument. If verbose is set to true, log messages - * are enabled. - * - * Args: - * url (string): the path section of the URL - * token (string): the token which the token provided in the URL should - * match - * verbose (boolean): If True, extra console.log messages will be output - */ - let splitUrl = url.split("?") - if (splitUrl.length !== 2) { - if (verbose) { - console.log("Permission denied. No token provided."); - } - return false; - } - let qs = splitUrl[1]; - let qs_parsed = querystring.parse(qs); - let success = (qs_parsed.token === token); - if (verbose) { - if (!success) { - console.log("Permission denied for token: " + qs_parsed.token); - } else { - console.log("Permission granted for token: " + qs_parsed.token); - } - } - return success; -} - -exports.tokenAuth = function tokenAuth(source) { - /** - * Authorisation plugin which validates the token query parameter against - * a token provided as the argument to the `--auth-source` command line - * argument. - */ - return { - authenticate(info) { - const token = source; - return urlTokenMatch(info.req.url, token, true); - } - } -} - -exports.TokenAuthClass = class TokenAuthClass { - /** - * Class-based equivalent of tokenAuth - */ +class BaseAuth { constructor(source) { this.source = source; } authenticate(info) { - const token = this.source; - console.log(token) - return urlTokenMatch(info.req.url, token, true); + return false; } } -exports.tokenAuthEnv = function tokenAuthEnv(source) { - /** - * Authorisation plugin which validates the token query parameter against - * a token which is the value of an environment variable. The name of this - * environment variable is specified as the argument to the command line - * argument `--auth-source` - */ - return function(info) { - let token = process.env[source]; - return urlTokenMatch(info.req.url, token, true); +/** + * Authorisation plugin which validates origin of the request against a single + * permitted origin + */ +exports.AuthByOrigin = class AuthByOrigin extends BaseAuth { + + authenticate(info) { + const expected = this.source; + const actual = info.origin; + const allow = expected === actual; + if (!allow) { + console.log("Denied access from origin: " + actual) + } + return allow; } + } -exports.tokenAuthFile = function tokenEnvFile(source) { - /** - * Authorisation plugin which validates the token query parameter against a - * token which is contained in a text file, the path to which is specified - * as the value of the `--auth-source` command line argument - */ - return function(info, cb) { - fs.readFile(source, 'utf8', function(err, data) { +/** + * Function-based version of AuthByOrigin + */ +exports.AuthByOriginFunctional = function(source) { + return { + authenticate(info) { + const expected = source; + const actual = info.origin; + const success = expected === actual; + if (!success) { + console.log("Denied access from origin: " + actual) + } + return success; + } + }; +} + +/** + * Authorisation plugin which validates the origin of the request against + * an origin contained in a text file, the path to which is specified + * as the value of the `--auth-source` command line argument + */ +exports.AuthByOriginFile = class AuthByOriginFile extends BaseAuth { + + + authenticate(info, cb) { + fs.readFile(this.source, 'utf8', function(err, data) { if (err) { console.log(err); cb(false); } else { - let token = data.trim(); - let success = urlTokenMatch(info.req.url, token, true); + const expected = data.trim(); + const actual = info.origin; + const success = expected === actual; + if (!success) { + console.log("Denied access from origin: " + actual); + } cb(success); } - }); + }) } -} \ No newline at end of file + +} diff --git a/other/js/websockify.js b/other/js/websockify.js index 50098d4..caa59fb 100755 --- a/other/js/websockify.js +++ b/other/js/websockify.js @@ -29,7 +29,7 @@ var argv = require('optimist').argv, // Handle new WebSocket client -new_client = function(client, req) { +const new_client = function(client, req) { var clientAddr = client._socket.remoteAddress, log; console.log(req ? req.url : client.upgradeReq.url); log = function (msg) { @@ -76,7 +76,7 @@ new_client = function(client, req) { // Send an HTTP error response -http_error = function (response, code, msg) { +const http_error = function (response, code, msg) { response.writeHead(code, {"Content-Type": "text/plain"}); response.write(msg + "\n"); response.end(); @@ -84,7 +84,7 @@ http_error = function (response, code, msg) { } // Process an HTTP static file request -http_request = function (request, response) { +const http_request = function (request, response) { // console.log("pathname: " + url.parse(req.url).pathname); // res.writeHead(200, {'Content-Type': 'text/plain'}); // res.end('okay'); @@ -183,7 +183,7 @@ if (argv["auth-plugin"]) { const auth_source = argv["auth-source"] || undefined; - const auth_plugin = plugin_factory(auth_source); + auth_plugin = plugin_factory(auth_source); websocket_server_opts = { server: webServer,