misc/cosmopolite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove the getUser API call and replace it with channel messages. Close channels when log in/out events occur for security.

Browse Source
This commit is contained in:
Ian Gulliver
2014-05-01 14:55:50 -07:00
parent 64f989e3ca
commit 0369266d60
2 changed files with 29 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
api.py
View File

@@ -26,20 +26,6 @@ from cosmopolite.lib import utils
import config import config
class GetUser(webapp2.RequestHandler):
@utils.chaos_monkey
@utils.returns_json
@utils.local_namespace
@security.google_user_xsrf_protection
@security.weak_security_checks
@session.session_required
def post(self):
ret = {}
if self.verified_google_user:
ret['google_user'] = self.verified_google_user.email()
return ret
class SetValue(webapp2.RequestHandler): class SetValue(webapp2.RequestHandler):
@utils.chaos_monkey @utils.chaos_monkey
@utils.returns_json @utils.returns_json
@@ -89,15 +75,25 @@ class CreateChannel(webapp2.RequestHandler):
token = channel.create_channel( token = channel.create_channel(
client_id=str(self.client.key()), client_id=str(self.client.key()),
duration_minutes=config.CHANNEL_DURATION_SECONDS / 60) duration_minutes=config.CHANNEL_DURATION_SECONDS / 60)
messages = [x.ToMessage()
for x in self.client.parent().GetStateEntries()]
if self.verified_google_user:
messages.append({
'message_type': 'login',
'google_user': self.verified_google_user.email(),
})
else:
messages.append({
'message_type': 'logout',
})
return { return {
'token': token, 'token': token,
'messages': [x.ToMessage() 'messages': messages,
for x in self.client.parent().GetStateEntries()],
} }
app = webapp2.WSGIApplication([ app = webapp2.WSGIApplication([
(config.URL_PREFIX + '/api/createChannel', CreateChannel), (config.URL_PREFIX + '/api/createChannel', CreateChannel),
(config.URL_PREFIX + '/api/getUser', GetUser),
(config.URL_PREFIX + '/api/setValue', SetValue), (config.URL_PREFIX + '/api/setValue', SetValue),
]) ])

20
static/cosmopolite.js
View File

@@ -42,7 +42,6 @@ cosmopolite.Client.prototype.onLoad_ = function() {
} }
this.$ = jQuery.noConflict(true); this.$ = jQuery.noConflict(true);
this.registerMessageHandlers_(); this.registerMessageHandlers_();
this.getUser_();
this.createChannel_(); this.createChannel_();
}; };
@@ -50,16 +49,16 @@ cosmopolite.Client.prototype.onLoad_ = function() {
cosmopolite.Client.prototype.onReceiveMessage_ = function(data) { cosmopolite.Client.prototype.onReceiveMessage_ = function(data) {
switch (data) { switch (data) {
case 'login_complete': case 'login_complete':
this.getUser_(); this.socket.close();
break; break;
case 'logout_complete': case 'logout_complete':
localStorage.removeItem(this.namespace_ + ':client_id'); localStorage.removeItem(this.namespace_ + ':client_id');
localStorage.removeItem(this.namespace_ + ':google_user_id'); localStorage.removeItem(this.namespace_ + ':google_user_id');
this.$('#google_user').empty(); this.$('#google_user').empty();
this.getUser_(); this.socket.close();
break; break;
default: default:
console.log('Unknown message type'); console.log('Unknown message type: ' + data);
break; break;
} }
}; };
@@ -217,6 +216,19 @@ cosmopolite.Client.prototype.onServerMessage_ = function(msg) {
this.callbacks_['onStateChange'](key, this.stateCache_[key]); this.callbacks_['onStateChange'](key, this.stateCache_[key]);
} }
break; break;
case 'login':
if ('onLogin' in this.callbacks_) {
this.callbacks_['onLogin'](
msg.google_user,
this.urlPrefix_ + '/auth/logout');
}
break;
case 'logout':
if ('onLogout' in this.callbacks_) {
this.callbacks_['onLogout'](
this.urlPrefix_ + '/auth/login');
}
break;
default: default:
// Client out of date? Force refresh? // Client out of date? Force refresh?
console.log('Unknown message type: ' + msg.message_type); console.log('Unknown message type: ' + msg.message_type);