Merge branch 'develop' of github.com:thecodingmachine/workadventure into improve_logging

2021-11-24 15:36:35 +01:00
parent dd89f12c2e dc58f16418
commit a1107bd20e
71 changed files with 10373 additions and 520 deletions
@@ -26,10 +26,9 @@ import { jwtTokenManager, tokenInvalidException } from "../Services/JWTTokenMana
 import { adminApi, FetchMemberDataByUuidResponse } from "../Services/AdminApi";
 import { SocketManager, socketManager } from "../Services/SocketManager";
 import { emitInBatch } from "../Services/IoSocketHelpers";
-import { ADMIN_API_TOKEN, ADMIN_API_URL, SOCKET_IDLE_TIMER } from "../Enum/EnvironmentVariable";
+import { ADMIN_SOCKETS_TOKEN, ADMIN_API_URL, DISABLE_ANONYMOUS, SOCKET_IDLE_TIMER } from "../Enum/EnvironmentVariable";
 import { Zone } from "_Model/Zone";
 import { ExAdminSocketInterface } from "_Model/Websocket/ExAdminSocketInterface";
-import { v4 } from "uuid";
 import { CharacterTexture } from "../Services/AdminApi/CharacterTexture";
 import log from "../Services/Logger";

@@ -49,15 +48,19 @@ export class IoSocketController {
                const websocketProtocol = req.getHeader("sec-websocket-protocol");
                const websocketExtensions = req.getHeader("sec-websocket-extensions");
                const token = query.token;
-                if (token !== ADMIN_API_TOKEN) {
+                let authorizedRoomIds: string[];
+                try {
+                    const data = jwtTokenManager.verifyAdminSocketToken(token as string);
+                    authorizedRoomIds = data.authorizedRoomIds;
+                } catch (e) {
                    log.info("Admin access refused for token: " + token);
                    res.writeStatus("401 Unauthorized").end("Incorrect token");
                    return;
                }
                const roomId = query.roomId;
-                if (typeof roomId !== "string") {
-                    log.error("Received");
-                    res.writeStatus("400 Bad Request").end("Missing room id");
+                if (typeof roomId !== "string" || !authorizedRoomIds.includes(roomId)) {
+                    log.error("Invalid room id");
+                    res.writeStatus("403 Bad Request").end("Invalid room id");
                    return;
                }

@@ -71,8 +74,6 @@ export class IoSocketController {
            },
            message: (ws, arrayBuffer, isBinary): void => {
                try {
-                    const roomId = ws.roomId as string;
-
                    //TODO refactor message type and data
                    const message: { event: string; message: { type: string; message: unknown; userUuid: string } } =
                        JSON.parse(new TextDecoder("utf-8").decode(new Uint8Array(arrayBuffer)));
@@ -176,6 +177,11 @@ export class IoSocketController {

                        const tokenData =
                            token && typeof token === "string" ? jwtTokenManager.verifyJWTToken(token) : null;
+
+                        if (DISABLE_ANONYMOUS && !tokenData) {
+                            throw new Error("Expecting token");
+                        }
+
                        const userIdentifier = tokenData ? tokenData.identifier : "";

                        let memberTags: string[] = [];
@@ -184,6 +190,7 @@ export class IoSocketController {
                        let memberTextures: CharacterTexture[] = [];
                        const room = await socketManager.getOrCreateRoom(roomId);
                        let userData: FetchMemberDataByUuidResponse = {
+                            email: userIdentifier,
                            userUuid: userIdentifier,
                            tags: [],
                            visitCardUrl: null,