Permalink
Browse files

protect backend + migrate example.html into jade

  • Loading branch information...
1 parent 735db52 commit 498ba9d7832bb3289b2ffbd460715c8992d06aa5 @daraosn committed May 24, 2012
Showing with 129 additions and 130 deletions.
  1. +1 −1 config.js
  2. +1 −1 lib/mustekala.js
  3. +17 −8 lib/routes.js
  4. +0 −119 public/example.html
  5. +1 −1 views/admin.jade
  6. +109 −0 views/example.jade
View
2 config.js
@@ -1,6 +1,6 @@
module.exports={
development: {
- password: 'bGINGS/(ADNfg78GASIMDbkASbj'
+ password: 'my_super_secure_password'
,port: 3001
}
// add your own config for different environments (using NODE_ENV):
View
2 lib/mustekala.js
@@ -20,7 +20,7 @@ module.exports=function() {
,users: {}
}
- var environment=process.env.NODE_ENV;
+ var environment=process.env.NODE_ENV || 'development';
try {
m.config = require('../config.js')[environment];
} catch(e) {
View
25 lib/routes.js
@@ -4,7 +4,6 @@ app.post('/mustekala/trigger', function(req, res) {
var action=req.body.action;
var data=req.body.data;
var result=mustekala.trigger(password, channel, action, data);
- console.log('/mustekala/trigger', {'password': password, 'channel': channel, 'action': action, 'data': data})
res.send(JSON.stringify({'success':result, 'channel': channel, 'action': action, 'data': data}));
});
@@ -13,15 +12,12 @@ app.post('/mustekala/authenticate', function(req, res) {
var channel=req.body.channel;
var user=req.body.user;
if(typeof user == "string") user = JSON.parse(user);
-
- console.log('/mustekala/authenticate', req.body)
-
var authKey=mustekala.generateAuthKey(password,channel,user);
var response=JSON.stringify({'success': !!authKey, 'authKey':authKey}).toString();
res.end(response);
});
-app.get('/mustekala.js', function(req, res) {
+app.get('/mustekala.js', function(req, res) {
// we must "cheat" socket.io to get the socket.io.js with specific transports
var ioHead={};
var ioEnd={};
@@ -94,11 +90,25 @@ app.post('/example/auth', function(req, res) {
});
});
-// TODO: Disable or protect on production
+// TODO: Improve security through SSL or something
+function _auth(res, req) {
+ if(req.query.password!=mustekala.config.password) {
+ res.statusCode=403;
+ res.end('Unauthorized');
+ return false;
+ }
+ return true;
+}
+app.get('/example', function(req, res) {
+ if(!_auth(res, req)) return;
+ res.render('example.jade', { 'title': 'Mustekala Example', 'password': encodeURIComponent(req.query.password) });
+});
app.get('/admin', function(req, res) {
- res.render('admin.jade', { 'title': 'Mustekala Admin' });
+ if(!_auth(res, req)) return;
+ res.render('admin.jade', { 'title': 'Mustekala Admin', 'password': encodeURIComponent(req.query.password) });
});
app.post('/admin/data', function(req, res) {
+ if(!_auth(res, req)) return;
if(req.body.fullView=='true') {
var clients=mustekala.clients
, channels=mustekala.channels
@@ -108,7 +118,6 @@ app.post('/admin/data', function(req, res) {
, channels=Object.keys(mustekala.channels)
, users=Object.keys(mustekala.users);
}
-
res.end(
JSON.stringify({
'clients': clients
View
119 public/example.html
@@ -1,119 +0,0 @@
-<!DOCTYPE html>
-<html>
- <head>
- <script type="application/javascript" src="javascripts/jquery.js"></script>
- <script type="application/javascript" src="mustekala.js"></script>
- <script>
- $(function() {
- var mustekala=new Mustekala({
- debug: 1
- ,authUrl: '/example/auth'
- });
-
- _debug('connecting...');
- mustekala.connect('/mustekala', function() {
- _debug('connected.');
- // presence channel:
- var presenceChannel=mustekala.subscribe('presence@example-channel');
- presenceChannel.onSubscribe(function() {
- var members=presenceChannel.members;
- $.each(members, function(id, member) {
- $('#presence-members #user-'+id).css('color', '#0c0');
- });
- var user=presenceChannel.members.me;
- if(user) {
- $('#presence-members #user-name').html(' '+user.data.nickname+' ('+user.data.name+')');
- }
- });
- presenceChannel.onMemberJoin(function(user) {
- _debug('member joined. id:' + user.id);
- $('#presence-members #user-'+user.id).css('color', '#0c0');
- });
- presenceChannel.onMemberLeave(function(user) {
- _debug('member left. id:' + user.id);
- $('#presence-members #user-'+user.id).css('color', '#aaa');
- });
-
- });
- mustekala.onDisconnect(function() {
- _debug('disconnected from server.');
- });
- mustekala.onLog(function(data) {
- _debug('log: '+data);
- });
- mustekala.onSubscribe(function(channel) {
- _debug('subscribed to '+channel);
- });
- mustekala.onTrigger(function(channel,action,data) {
- _debug('channel "'+channel+'" triggered action: "'+action+'" with data: '+data);
- });
-
- $('#subscribe-button').click(function() {
- _debug('subscribing to '+$('#subscribe-channel').val()+'...');
- var channel=mustekala.subscribe($('#subscribe-channel').val());
- channel.on('show-alert', function(data) {
- alert('Hey! this is cool, isn\'t it?');
- if(data) {
- alert('Oh, and your data is: '+data);
- }
- });
- })
-
- $('#trigger-button').click(function() {
- if($('#trigger-post').is(':checked')) {
- $('#trigger-form').submit();
- } else {
- mustekala.trigger(
- $('#trigger-password').val(),
- $('#subscribe-channel').val(),
- $('#trigger-action').val(),
- $('#trigger-data').val()
- );
- }
- });
-
- function _debug(data) {
- $('.logger').val(function(i, val) {
- return data + "\n" + ( val ? val : '')
- });
- }
- });
-
- </script>
- <title>Mustekala :: Example</title>
- </head>
- <body>
- <form id="trigger-form" method="post" action="/mustekala/trigger">
- <div>
- <b>SUBSCRIBE</b>
- <br>
- channel: <input type="text" name="channel" id="subscribe-channel" value="example-channel">
- <input type="button" id="subscribe-button" value="subscribe">
- </div>
- <div>
- <b>TRIGGER</b>
- <br>
- action:<input type="text" name="action" id="trigger-action" value="show-alert">
- data: <input type="text" name="data" id="trigger-data" value="lorem ipsum">
- password:<input type="text" name="password" id="trigger-password" value="bGINGS/(ADNfg78GASIMDbkASbj">
- <input type="checkbox" id="trigger-post"> post?
- <input type="button" id="trigger-button" value="trigger">
- </div>
- </form>
- <div>
- <b>PRESENCE</b>
- <div id="presence-members">
- Hi<span id="user-name"></span>!<br>
- Channel users: [
- <span id="user-1000" style="color: #aaa;">joe</span>
- <span id="user-1001" style="color: #aaa;">deb</span>
- ]
- </div>
- </div>
- <div>
- <b>LOGGER</b>
- <br>
- <textarea class="logger" rows="20" cols="100"></textarea>
- </div>
- </body>
-</html>
View
2 views/admin.jade
@@ -7,7 +7,7 @@ div
var fullView=false;
var refresh=function(noRepeat) {
$.ajax({
- url: "/admin/data",
+ url: "/admin/data?password=#{password}",
type: "POST",
dataType: 'json',
data: {fullView: fullView},
View
109 views/example.jade
@@ -0,0 +1,109 @@
+div
+ script(type='text/javascript', src='/javascripts/jquery.js')
+ script(type='text/javascript', src='/mustekala.js')
+ script
+ $(function() {
+ var mustekala=new Mustekala({
+ debug: 1
+ ,authUrl: '/example/auth'
+ });
+
+ _debug('connecting...');
+ mustekala.connect('/mustekala', function() {
+ _debug('connected.');
+ // presence channel:
+ var presenceChannel=mustekala.subscribe('presence@example-channel');
+ presenceChannel.onSubscribe(function() {
+ var members=presenceChannel.members;
+ $.each(members, function(id, member) {
+ $('#presence-members #user-'+id).css('color', '#0c0');
+ });
+ var user=presenceChannel.members.me;
+ if(user) {
+ $('#presence-members #user-name').html(' '+user.data.nickname+' ('+user.data.name+')');
+ }
+ });
+ presenceChannel.onMemberJoin(function(user) {
+ _debug('member joined. id:' + user.id);
+ $('#presence-members #user-'+user.id).css('color', '#0c0');
+ });
+ presenceChannel.onMemberLeave(function(user) {
+ _debug('member left. id:' + user.id);
+ $('#presence-members #user-'+user.id).css('color', '#aaa');
+ });
+ });
+ mustekala.onDisconnect(function() {
+ _debug('disconnected from server.');
+ });
+ mustekala.onLog(function(data) {
+ _debug('log: '+data);
+ });
+ mustekala.onSubscribe(function(channel) {
+ _debug('subscribed to '+channel);
+ });
+ mustekala.onTrigger(function(channel,action,data) {
+ _debug('channel "'+channel+'" triggered action: "'+action+'" with data: '+data);
+ });
+ $('#subscribe-button').click(function() {
+ _debug('subscribing to '+$('#subscribe-channel').val()+'...');
+ var channel=mustekala.subscribe($('#subscribe-channel').val());
+ channel.on('show-alert', function(data) {
+ alert("Hey! this is cool, isn't it?");
+ if(data) {
+ alert("Oh, and your data is: "+data);
+ }
+ });
+ })
+ $('#trigger-button').click(function() {
+ if($('#trigger-post').is(':checked')) {
+ $('#trigger-form').submit();
+ } else {
+ mustekala.trigger(
+ $('#trigger-password').val(),
+ $('#subscribe-channel').val(),
+ $('#trigger-action').val(),
+ $('#trigger-data').val()
+ );
+ }
+ });
+ function _debug(data) {
+ $('.logger').val(function(i, val) {
+ return data + "\\n" + ( val ? val : '')
+ });
+ }
+ });
+ form#trigger-form(method="post", action="/mustekala/trigger")
+ div
+ b SUBSCRIBE
+ br
+ channel
+ input#subscribe-channel(type="text", name="channel", value="example-channel")
+ input#subscribe-button(type="button", value="subscribe")
+ div
+ b TRIGGER
+ br
+ span action\:
+ input#trigger-action(type="text", name="action", value="show-alert")
+ span data\:
+ input#trigger-data(type="text", name="data", value="lorem ipsum")
+ span password\:
+ input#trigger-password(type="text", name="password", value="#{password}")
+ input#trigger-post(type="checkbox")
+ span post?
+ input#trigger-button(type="button", value="trigger")
+ div
+ b PRESENCE
+ div#presence-members
+ span Hi
+ span#user-name
+ span !
+ br
+ Channel users: [
+ span#user-1000(style="color: #aaa;") joe
+ &nbsp;
+ span#user-1001(style="color: #aaa;") deb
+ ]
+ div
+ b LOGGER
+ br
+ textarea.logger(rows="20", cols="100")

0 comments on commit 498ba9d

Please sign in to comment.