dont crash on no auth, ust a bandaid

This commit is contained in:
John McLear 2013-04-17 19:50:05 +01:00
parent f478f99995
commit 3b8621c6a0
1 changed files with 23 additions and 14 deletions

View File

@ -224,22 +224,31 @@ exports.handleMessage = function(client, message)
// FIXME: Call our "sessions" "connections".
// FIXME: Use a hook instead
// FIXME: Allow to override readwrite access with readonly
var auth = sessioninfos[client.id].auth;
securityManager.checkAccess(auth.padID, auth.sessionID, auth.token, auth.password, function(err, statusObject)
{
if(ERR(err, callback)) return;
//access was granted
if(statusObject.accessStatus == "grant")
// FIXME: A message might arrive but wont have an auth object, this is obviously bad so we should deny it
// Simulate using the load testing tool
if(!sessioninfos[client.id].auth){
console.error("Auth was never applied to a session", sessioninfos[client.id])
client.json.send({accessStatus: "deny"});
callback();
}else{
var auth = sessioninfos[client.id].auth;
securityManager.checkAccess(auth.padID, auth.sessionID, auth.token, auth.password, function(err, statusObject)
{
callback();
}
//no access, send the client a message that tell him why
else
{
client.json.send({accessStatus: statusObject.accessStatus})
}
});
if(ERR(err, callback)) return;
//access was granted
if(statusObject.accessStatus == "grant")
{
callback();
}
//no access, send the client a message that tell him why
else
{
client.json.send({accessStatus: statusObject.accessStatus})
}
});
}
},
finalHandler
]);