Fix bug, Support thirdparty streaming access

src/api/streaming.ts

@@ -2,6 +2,7 @@ import * as http from 'http';
 import * as websocket from 'websocket';
 import * as redis from 'redis';
 import User from './models/user';
+import Userkey from './models/userkey';
 
 import homeStream from './stream/home';
 import messagingStream from './stream/messaging';
@@ -17,7 +18,13 @@ module.exports = (server: http.Server) => {
 	ws.on('request', async (request) => {
 		const connection = request.accept();
 
-		const user = await authenticate(connection);
+		const user = await authenticate(connection, request.resourceURL.query.i);
+
+		if (user == null) {
+			connection.send('authentication-failed');
+			connection.close();
+			return;
+		}
 
 		// Connect to Redis
 		const subscriber = redis.createClient(
@@ -41,29 +48,36 @@ module.exports = (server: http.Server) => {
 	});
 };
 
-function authenticate(connection: websocket.connection): Promise<any> {
+function authenticate(connection: websocket.connection, token: string): Promise<any> {
-	return new Promise((resolve, reject) => {
+	return new Promise(async (resolve, reject) => {
-		// Listen first message
+		if (token[0] == '!') {
-		connection.once('message', async (data) => {
-			const msg = JSON.parse(data.utf8Data);
-
 			// Fetch user
 			// SELECT _id
 			const user = await User
 				.findOne({
-					token: msg.i
+					token: token
 				}, {
 					_id: true
 				});
 
-			if (user === null) {
+			resolve(user);
-				connection.close();
+		} else {
-				return;
+			const userkey = await Userkey.findOne({
+				key: token
+			});
+
+			if (userkey == null) {
+				return reject('invalid userkey');
 			}
 
-			connection.send('authenticated');
+			// Fetch user
+			// SELECT _id
+			const user = await User
+				.findOne({ _id: userkey.user_id }, {
+					_id: true
+				});
 
 			resolve(user);
-		});
+		}
 	});
 }

src/web/app/boot.js

@@ -39,7 +39,7 @@ try {
 checkForUpdate();
 
 // Get token from cookie
-const i = (document.cookie.match(/i=(\w+)/) || [null, null])[1];
+const i = (document.cookie.match(/i=(!\w+)/) || [null, null])[1];
 
 // ユーザーをフェッチしてコールバックする
 module.exports = callback => {

src/web/app/common/scripts/messaging-stream.ls

@@ -9,7 +9,7 @@ class Connection
 		@event = riot.observable!
 		@me = me
 		host = CONFIG.api.url.replace \http \ws
-		@socket = new ReconnectingWebSocket "#{host}/messaging?otherparty=#{otherparty}"
+		@socket = new ReconnectingWebSocket "#{host}/messaging?i=#{me.token}&otherparty=#{otherparty}"
 
 		@socket.add-event-listener \open @on-open
 		@socket.add-event-listener \message @on-message

src/web/app/common/scripts/stream.ls

@@ -9,13 +9,12 @@ module.exports = (me) ~>
 	state-ev = riot.observable!
 	event = riot.observable!
 
-	socket = new ReconnectingWebSocket CONFIG.api.url.replace \http \ws
+	host = CONFIG.api.url.replace \http \ws
+	socket = new ReconnectingWebSocket "#{host}?i=#{me.token}"
 
 	socket.onopen = ~>
 		state := \connected
 		state-ev.trigger \connected
-		socket.send JSON.stringify do
-			i: me.token
 
 	socket.onclose = ~>
 		state := \reconnecting