aljaz/ditto
1
0
Fork 0
mirror of https://github.com/aljazceru/ditto.git synced 2026-01-06 15:14:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add a UUID to auth tokens for private websocket event signing

Browse Source
This commit is contained in:
Alex Gleason
2023-05-20 14:34:13 -05:00
parent 9500ceee7c
commit f3e42cc6a7
6 changed files with 42 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/controllers/api/streaming.ts
View File

@@ -1,5 +1,6 @@
import { AppController } from '@/app.ts';
import { nip19 } from '@/deps.ts';
import { TOKEN_REGEX } from '@/middleware/auth.ts';
import { signStreams } from '@/sign.ts';
const streamingController: AppController = (c) => {
@@ -17,19 +18,26 @@ const streamingController: AppController = (c) => {
return c.json({ error: 'Missing access token' }, 401);
}
if (!nip19.BECH32_REGEX.test(token)) {
if (!(new RegExp(`^${TOKEN_REGEX.source}$`)).test(token)) {
return c.json({ error: 'Invalid access token' }, 401);
}
const { socket, response } = Deno.upgradeWebSocket(c.req.raw, { protocol: token });
socket.addEventListener('open', () => console.log('websocket: connection opened'));
socket.addEventListener('close', () => console.log('websocket: connection closed'));
socket.addEventListener('open', () => {
console.log('websocket: connection opened');
// Only send signing events if the user has a session ID.
if (stream === 'user' && nostr === 'true' && new RegExp(`^${nip19.BECH32_REGEX.source}_\\w+$`).test(token)) {
signStreams.set(token, socket);
}
});
socket.addEventListener('message', (e) => console.log('websocket message: ', e.data));
if (stream === 'user' && nostr === 'true') {
signStreams.set(token, socket);
}
socket.addEventListener('close', () => {
signStreams.delete(token);
console.log('websocket: connection closed');
});
return response;
};