Fix bug, Support thirdparty streaming access

4 files changed, 31 insertions, 18 deletions

diff --git a/src/api/streaming.ts b/src/api/streaming.ts
index 38068d1e3d..93d5f217b9 100644
--- a/src/api/streaming.ts
+++ b/src/api/streaming.ts
@@ -2,6 +2,7 @@ import * as http from 'http';
 import * as websocket from 'websocket';
 import * as redis from 'redis';
 import User from './models/user';
+import Userkey from './models/userkey';
 
 import homeStream from './stream/home';
 import messagingStream from './stream/messaging';
@@ -17,7 +18,13 @@ module.exports = (server: http.Server) => {
 	ws.on('request', async (request) => {
 		const connection = request.accept();
 
-		const user = await authenticate(connection);
+		const user = await authenticate(connection, request.resourceURL.query.i);
+
+		if (user == null) {
+			connection.send('authentication-failed');
+			connection.close();
+			return;
+		}
 
 		// Connect to Redis
 		const subscriber = redis.createClient(
@@ -41,29 +48,36 @@ module.exports = (server: http.Server) => {
 	});
 };
 
-function authenticate(connection: websocket.connection): Promise<any> {
-	return new Promise((resolve, reject) => {
-		// Listen first message
-		connection.once('message', async (data) => {
-			const msg = JSON.parse(data.utf8Data);
-
+function authenticate(connection: websocket.connection, token: string): Promise<any> {
+	return new Promise(async (resolve, reject) => {
+		if (token[0] == '!') {
 			// Fetch user
 			// SELECT _id
 			const user = await User
 				.findOne({
-					token: msg.i
+					token: token
 				}, {
 					_id: true
 				});
 
-			if (user === null) {
-				connection.close();
-				return;
+			resolve(user);
+		} else {
+			const userkey = await Userkey.findOne({
+				key: token
+			});
+
+			if (userkey == null) {
+				return reject('invalid userkey');
 			}
 
-			connection.send('authenticated');
+			// Fetch user
+			// SELECT _id
+			const user = await User
+				.findOne({ _id: userkey.user_id }, {
+					_id: true
+				});
 
 			resolve(user);
-		});
+		}
 	});
 }
diff --git a/src/web/app/boot.js b/src/web/app/boot.js
index 5067600c6c..e8e504c2bb 100644
--- a/src/web/app/boot.js
+++ b/src/web/app/boot.js
@@ -39,7 +39,7 @@ try {
 checkForUpdate();
 
 // Get token from cookie
-const i = (document.cookie.match(/i=(\w+)/) || [null, null])[1];
+const i = (document.cookie.match(/i=(!\w+)/) || [null, null])[1];
 
 // ユーザーをフェッチしてコールバックする
 module.exports = callback => {
diff --git a/src/web/app/common/scripts/messaging-stream.ls b/src/web/app/common/scripts/messaging-stream.ls
index 298285dc93..ac3e74f1f5 100644
--- a/src/web/app/common/scripts/messaging-stream.ls
+++ b/src/web/app/common/scripts/messaging-stream.ls
@@ -9,7 +9,7 @@ class Connection
 		@event = riot.observable!
 		@me = me
 		host = CONFIG.api.url.replace \http \ws
-		@socket = new ReconnectingWebSocket "#{host}/messaging?otherparty=#{otherparty}"
+		@socket = new ReconnectingWebSocket "#{host}/messaging?i=#{me.token}&otherparty=#{otherparty}"
 
 		@socket.add-event-listener \open @on-open
 		@socket.add-event-listener \message @on-message
diff --git a/src/web/app/common/scripts/stream.ls b/src/web/app/common/scripts/stream.ls
index 534048248f..64ae03817a 100644
--- a/src/web/app/common/scripts/stream.ls
+++ b/src/web/app/common/scripts/stream.ls
@@ -9,13 +9,12 @@ module.exports = (me) ~>
 	state-ev = riot.observable!
 	event = riot.observable!
 
-	socket = new ReconnectingWebSocket CONFIG.api.url.replace \http \ws
+	host = CONFIG.api.url.replace \http \ws
+	socket = new ReconnectingWebSocket "#{host}?i=#{me.token}"
 
 	socket.onopen = ~>
 		state := \connected
 		state-ev.trigger \connected
-		socket.send JSON.stringify do
-			i: me.token
 
 	socket.onclose = ~>
 		state := \reconnecting