Add exception handling

jbasiglio · Sep 27, 2014 · 2f8bb5d · 2f8bb5d
1 parent a6358d3
commit 2f8bb5d
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 70 deletions.
diff --git a/fueldb/trunk/bin/auth.js b/fueldb/trunk/bin/auth.js
@@ -13,75 +13,60 @@ var crypto = require('crypto');
 var pattern = new RegExp("^\\w+(\\.\\w+)*$");
 var patternSub = new RegExp("^\\w+(\\.(\\w|\\*)+)*$");
 
-exports.verifyHTTP = function(url,method){
-	try{
-		var user = url.query.user;
-		if(!users[user]){
-			return true;
-		}
-		var signature = url.query.signature;
-		var check = url.href.split("&signature=")[0];
-		var hash = crypto.createHmac('sha256',users[user]).update(check).digest('hex');
-		return hash !== signature;
-	}catch(e){
-		console.log(e);
-		return true;
-	}
-	if(method !== "POST" && url.pathname === "/"){
-		return true;
-	}
-	return false;
+var verifyURL = function(url){
+    var user = url.query.user;
+    if(!users[user]){
+        return true;
+    }
+    var signature = url.query.signature;
+    var check = url.href.split("&signature=")[0];
+    var hash = crypto.createHmac('sha256',users[user]).update(check).digest('hex');
+    if(hash !== signature){
+        throw "You are not allowed to connect";
+    }
 };
 
-exports.verifyWSURL = function(url){
-	try{
-		var user = url.query.user;
-		if(!users[user]){
-			return true;
-		}
-		var signature = url.query.signature;
-		var check = url.href.split("&signature=")[0];
-		var hash = crypto.createHmac('sha256',users[user]).update(check).digest('hex');
-		return hash !== signature;
-	}catch(e){
-		console.log(e);
-		return true;
-	}
-	return false;
+exports.verifyHTTP = function(url,method){
+    verifyURL(url);
+    if(url.query.type !== "browse" && url.pathname === "/"){
+        throw "Empty point is not allowed"
+    }
 };
 
+exports.verifyWSURL = verifyURL;
+
 exports.verifyWS = function(obj,ws){
-	var test = !pattern.test(obj.point);
-	var spec = !(obj.type === "browse" && obj.point === "");
-	spec = spec && !(obj.type === "subscribe" && patternSub.test(obj.point));
-	if(test && spec){
-		obj.value = "Point " + obj.point + " is not allowed";
-		obj.point = ".ERROR";
-		return obj;
-	}
-	return false;
+    var test = !pattern.test(obj.point);
+    var spec = !(obj.type === "browse" && obj.point === "");
+    spec = spec && !(obj.type === "subscribe" && patternSub.test(obj.point));
+    if(test && spec){
+        obj.value = "Point " + obj.point + " is not allowed";
+        obj.point = ".ERROR";
+        return obj;
+    }
+    return false;
 };
 
 exports.computeBrokerURL = function(){
-	var user = config.broker.user;
-	var password = config.broker.password;
-	var id = config.id;
-	var toSign = "/?timestamp="+new Date().getTime()+"&user="+user+'&id='+id;
-	var key = crypto.createHmac('sha256',user).update(password).digest('hex');
-	var sign = crypto.createHmac('sha256',key).update(toSign).digest('hex');
-	return toSign+"&signature="+sign;
+    var user = config.broker.user;
+    var password = config.broker.password;
+    var id = config.id;
+    var toSign = "/?timestamp="+new Date().getTime()+"&user="+user+'&id='+id;
+    var key = crypto.createHmac('sha256',user).update(password).digest('hex');
+    var sign = crypto.createHmac('sha256',key).update(toSign).digest('hex');
+    return toSign+"&signature="+sign;
 };
 
 exports.computeBalancerURL = function(){
-	var user = config.balancer.user;
-	var password = config.balancer.password;
-	var id = config.id;
-	var hosts = [];
-	config.hosts.forEach(function(host){
-		hosts.push(host.ssl+':'+host.host+':'+host.port);
-	});
-	var toSign = "/?timestamp="+new Date().getTime()+"&user="+user+'&id='+id+'&hosts='+hosts.join(',');
-	var key = crypto.createHmac('sha256',user).update(password).digest('hex');
-	var sign = crypto.createHmac('sha256',key).update(toSign).digest('hex');
-	return toSign+"&signature="+sign;
+    var user = config.balancer.user;
+    var password = config.balancer.password;
+    var id = config.id;
+    var hosts = [];
+    config.hosts.forEach(function(host){
+        hosts.push(host.ssl+':'+host.host+':'+host.port);
+    });
+    var toSign = "/?timestamp="+new Date().getTime()+"&user="+user+'&id='+id+'&hosts='+hosts.join(',');
+    var key = crypto.createHmac('sha256',user).update(password).digest('hex');
+    var sign = crypto.createHmac('sha256',key).update(toSign).digest('hex');
+    return toSign+"&signature="+sign;
 };
diff --git a/fueldb/trunk/bin/server.js b/fueldb/trunk/bin/server.js
@@ -38,7 +38,7 @@ var HTTP_METHOD = {};
 HTTP_METHOD.GET = "read";
 HTTP_METHOD.PUT = "set";
 HTTP_METHOD.DELETE = "remove";
-HTTP_METHOD.POST = "browse";
+HTTP_METHOD.GET_BROWSE = "browse";
 
 var _requestHandle = function(request, response, ssl) {
 	var url = request.url.split("?")[0].split("/");
@@ -69,12 +69,17 @@ var _requestHandle = function(request, response, ssl) {
 		return;
 	}
 	url = urlParse.parse(request.url,true);
-	if(auth.verifyHTTP(url,request.method)){
-		response.writeHead(403, {"Content-Type": "application/json"});
-		response.write(JSON.stringify({"error": "You are not allowed"}));
+    try{
+        auth.verifyHTTP(url,request.method);
+    }catch(e){
+        response.writeHead(403, {"Content-Type": "application/json"});
+		response.write(JSON.stringify({"error": e}));
 		response.end();
 		return;
-	}
+    }
+    if(request.method === "GET" && url.query.type === "browse"){
+        request.method = "GET_BROWSE";
+    }
 	var path = url.pathname.split("/");
 	path = path.slice(1,path.length).join(".");
 	var obj ={point:path};
@@ -115,12 +120,14 @@ var _httpRequestHandle = function(request, response) {
 
 var _wsRequestHandle = function(ws) {
 	var url = urlParse.parse(ws.upgradeReq.url,true);
-	if(auth.verifyWSURL(url)){
-		setTimeout(function(){
-			ws.close(4403,"Authentication failed");
+    try{
+        auth.verifyWSURL(url)
+    }catch(e){
+        setTimeout(function(){
+			ws.close(4403,e+"");
 		},200);
-		return;
-	}
+		return;    
+    }
 	ws.id = uid.gen();
     ws.user = url.query.user;
 	console.log("Connection open: "+ws.id);