mirror of
https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git
synced 2025-12-18 10:31:15 +00:00
fix(core): Refactor push sessionid validation, and add unit tests (no-changelog) (#8815)
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™
committed by
GitHub
GitHub
parent
82f66c87e0
commit
2b0e14e936
@@ -2,7 +2,7 @@ import { EventEmitter } from 'events';
|
||||
import { ServerResponse } from 'http';
|
||||
import type { Server } from 'http';
|
||||
import type { Socket } from 'net';
|
||||
import type { Application, RequestHandler } from 'express';
|
||||
import type { Application } from 'express';
|
||||
import { Server as WSServer } from 'ws';
|
||||
import { parse as parseUrl } from 'url';
|
||||
import { Container, Service } from 'typedi';
|
||||
@@ -14,6 +14,7 @@ import type { IPushDataType } from '@/Interfaces';
|
||||
import type { User } from '@db/entities/User';
|
||||
import { OnShutdown } from '@/decorators/OnShutdown';
|
||||
import { AuthService } from '@/auth/auth.service';
|
||||
import { BadRequestError } from '@/errors/response-errors/bad-request.error';
|
||||
|
||||
const useWebSockets = config.getEnv('push.backend') === 'websocket';
|
||||
|
||||
@@ -38,14 +39,24 @@ export class Push extends EventEmitter {
|
||||
|
||||
handleRequest(req: SSEPushRequest | WebSocketPushRequest, res: PushResponse) {
|
||||
const {
|
||||
userId,
|
||||
user,
|
||||
ws,
|
||||
query: { sessionId },
|
||||
} = req;
|
||||
|
||||
if (!sessionId) {
|
||||
if (ws) {
|
||||
ws.send('The query parameter "sessionId" is missing!');
|
||||
ws.close(1008);
|
||||
return;
|
||||
}
|
||||
throw new BadRequestError('The query parameter "sessionId" is missing!');
|
||||
}
|
||||
|
||||
if (req.ws) {
|
||||
(this.backend as WebSocketPush).add(sessionId, userId, req.ws);
|
||||
(this.backend as WebSocketPush).add(sessionId, user.id, req.ws);
|
||||
} else if (!useWebSockets) {
|
||||
(this.backend as SSEPush).add(sessionId, userId, { req, res });
|
||||
(this.backend as SSEPush).add(sessionId, user.id, { req, res });
|
||||
} else {
|
||||
res.status(401).send('Unauthorized');
|
||||
return;
|
||||
@@ -101,35 +112,12 @@ export const setupPushServer = (restEndpoint: string, server: Server, app: Appli
|
||||
|
||||
export const setupPushHandler = (restEndpoint: string, app: Application) => {
|
||||
const endpoint = `/${restEndpoint}/push`;
|
||||
|
||||
const pushValidationMiddleware: RequestHandler = async (
|
||||
req: SSEPushRequest | WebSocketPushRequest,
|
||||
_,
|
||||
next,
|
||||
) => {
|
||||
const ws = req.ws;
|
||||
|
||||
const { sessionId } = req.query;
|
||||
if (sessionId === undefined) {
|
||||
if (ws) {
|
||||
ws.send('The query parameter "sessionId" is missing!');
|
||||
ws.close(1008);
|
||||
} else {
|
||||
next(new Error('The query parameter "sessionId" is missing!'));
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
next();
|
||||
};
|
||||
|
||||
const push = Container.get(Push);
|
||||
const authService = Container.get(AuthService);
|
||||
app.use(
|
||||
endpoint,
|
||||
// eslint-disable-next-line @typescript-eslint/unbound-method
|
||||
authService.authMiddleware,
|
||||
pushValidationMiddleware,
|
||||
(req: SSEPushRequest | WebSocketPushRequest, res: PushResponse) => push.handleRequest(req, res),
|
||||
);
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user