fix: don't allow session.connected to be set unless authenticated

tradle · Nov 26, 2017 · bc98c52 · bc98c52
1 parent 41fba12
commit bc98c52
Show file tree

Hide file tree

Showing 13 changed files with 97 additions and 38 deletions.
diff --git a/lib/auth.js b/lib/auth.js
diff --git a/lib/delivery-mqtt.js b/lib/delivery-mqtt.js
diff --git a/lib/logger.js b/lib/logger.js
diff --git a/lib/routes/auth.js b/lib/routes/auth.js
diff --git a/lib/routes/preauth.js b/lib/routes/preauth.js
diff --git a/lib/user.js b/lib/user.js
diff --git a/src/auth.ts b/src/auth.ts
@@ -86,9 +86,21 @@ export default class Auth {
     connected: boolean
   }): Promise<any> => {
     const { clientId, connected } = opts
-    const params: any = getUpdateParams({ connected })
-    params.Key = getKeyFromClientId(clientId)
-    return this.tables.Presence.update(params)
+    // const params:any = getUpdateParams({ connected })
+    // params.Key = getKeyFromClientId(clientId)
+    return this.tables.Presence.update({
+      Key: getKeyFromClientId(clientId),
+      UpdateExpression: 'SET #connected = :connected',
+      ConditionExpression: '#authenticated = :authenticated',
+      ExpressionAttributeNames: {
+        '#connected': 'connected',
+        '#authenticated': 'authenticated'
+      },
+      ExpressionAttributeValues: {
+        ':connected': true,
+        ':authenticated': true
+      }
+    })
   }
 
   public deleteSession = (clientId: string): Promise<any> => {

diff --git a/src/delivery-mqtt.ts b/src/delivery-mqtt.ts
@@ -53,8 +53,9 @@ proto.deliverBatch = co(function* ({ clientId, recipient, messages }) {
   const strings = messages.map(stringify)
   const subBatches = batchStringsBySize(strings, MAX_PAYLOAD_SIZE)
   for (let subBatch of subBatches) {
-    yield this.iot.publish({
-      topic: this._prefixTopic(`${clientId}/sub/inbox`),
+    yield this.emit({
+      clientId,
+      topic: 'inbox',
       payload: `{"messages":[${subBatch.join(',')}]}`
     })
   }
@@ -65,8 +66,9 @@ proto.deliverBatch = co(function* ({ clientId, recipient, messages }) {
 proto.ack = function ack ({ clientId, message }) {
   debug(`acking message from ${clientId}`)
   const stub = this.messages.getMessageStub({ message })
-  return this.iot.publish({
-    topic: this._prefixTopic(`${clientId}/sub/ack`),
+  return this.emit({
+    clientId,
+    topic: 'ack',
     payload: {
       message: stub
     }
@@ -76,15 +78,23 @@ proto.ack = function ack ({ clientId, message }) {
 proto.reject = function reject ({ clientId, message, error }) {
   debug(`rejecting message from ${clientId}`, error)
   const stub = this.messages.getMessageStub({ message, error })
-  return this.iot.publish({
-    topic: this._prefixTopic(`${clientId}/sub/reject`),
+  return this.emit({
+    clientId,
+    topic: 'reject',
     payload: {
       message: stub,
       reason: Errors.export(error)
     }
   })
 }
 
+proto.emit = function emit ({ clientId, topic, payload }) {
+  return this.iot.publish({
+    topic: this._prefixTopic(`${clientId}/sub/${topic}`),
+    payload
+  })
+}
+
 function stringify (msg) {
   return JSON.stringify(omitVirtual(msg))
 }
diff --git a/src/delivery.ts b/src/delivery.ts
@@ -38,9 +38,8 @@ function withTransport (method: string) {
 export default class Delivery extends EventEmitter implements IDelivery {
   public ack = withTransport('ack')
   public reject = withTransport('reject')
-
-  private mqtt: any
-  private http: DeliveryHTTP
+  public mqtt: any
+  public http: DeliveryHTTP
   private friends: any
   private messages: Messages
   private objects: any

diff --git a/src/logger.ts b/src/logger.ts
@@ -1,6 +1,8 @@
 // inspired by
 // http://theburningmonk.com/2017/09/capture-and-forward-correlation-ids-through-different-lambda-event-sources/
 
+import stringifySafe = require('json-stringify-safe')
+
 export const Level = {
   ERROR: 0,
   WARN: 1,
@@ -152,10 +154,10 @@ export default class Logger {
 
       if (params) logMsg.params = params
 
-      return JSON.stringify(logMsg)
+      return stringifySafe(logMsg)
     }
 
-    const stringifiedParams = params ? JSON.stringify(params) : ''
+    const stringifiedParams = params ? stringifySafe(params) : ''
     let part1 = this.namespace
     if (part1) part1 += ':'
 

diff --git a/src/routes/auth.ts b/src/routes/auth.ts
@@ -14,8 +14,6 @@ export = function attachHandler ({ tradle, router }: {
   router.use(bodyParser.json({ limit: '10mb' }))
   // router.use(bodyParser.urlencoded({ limit: '10mb', extended: true }))
   router.post('/auth', coexpress(function* (req, res) {
-    yield init.ensureInitialized()
-
     // debug('[START] /auth', Date.now())
     const event = req.body
     // TODO: use @tradle/validate-resource

diff --git a/src/routes/preauth.ts b/src/routes/preauth.ts
@@ -15,8 +15,6 @@ export = function attachHandler ({ tradle, router }: {
   router.use(bodyParser.json({ limit: '10mb' }))
   // router.use(bodyParser.urlencoded({ limit: '10mb', extended: true }))
   router.post('/preauth', coexpress(function* (req, res) {
-    yield init.ensureInitialized()
-
     // debug('[START]', now)
     const ips = getRequestIps(req)
     const { clientId, identity } = req.body

diff --git a/src/user.ts b/src/user.ts
@@ -184,9 +184,20 @@ proto.onDisconnected = function ({ clientId }) {
   return this.auth.updatePresence({ clientId, connected: false })
 }
 
-proto.onConnected = function ({ clientId }) {
-  return this.auth.updatePresence({ clientId, connected: true })
-}
+proto.onConnected = co(function* ({ clientId }) {
+  try {
+    yield this.auth.updatePresence({ clientId, connected: true })
+  } catch (err) {
+    this.logger.error('failed to update presence information', err)
+    yield this.delivery.mqtt.emit({
+      clientId,
+      topic: 'error',
+      payload: {
+        message: 'please reconnect'
+      }
+    })
+  }
+})
 
 proto.onPreAuth = function (...args) {
   return this.auth.createTemporaryIdentity(...args)