From 53ce20ef86010187ef9015b7b019e0c3de8c0b38 Mon Sep 17 00:00:00 2001
From: Anton <anton@hedvig.com>
Date: Sun, 30 Jan 2022 12:36:48 +0100
Subject: [PATCH] trying to fix web socket disconnect
---
lab4/twidder/database.db | Bin 28672 -> 28672 bytes
lab4/twidder/server.py | 27 ++++++++++++++++++++++++++-
lab4/twidder/static/client.js | 7 ++++++-
3 files changed, 32 insertions(+), 2 deletions(-)
diff --git a/lab4/twidder/database.db b/lab4/twidder/database.db
index fb8b3a80470a0ee2dd1e55dcbb5893fea291cf33..62e952b66560737a684cb293009fc3c04ec37119 100644
GIT binary patch
delta 66
zcmZp8z}WDBae_3X*+dy<Mzf6xrS{tCC5hRYZo!oSmc||iA;qR4Ia!9KKDjPtUXDp2
VKH>3R1{Nib{sk7EMcIoS3;^tb73u&0
delta 66
zcmZp8z}WDBae_3X!9*EnMuUwBrS{rYl}U!h{<`TQo{?_8PRS9$J{ExnDQ;!?!R}^`
VMm~<l0TCt{76Ga8K_-hF3;^Ag6(j%v
diff --git a/lab4/twidder/server.py b/lab4/twidder/server.py
index 8003291..1734acd 100644
--- a/lab4/twidder/server.py
+++ b/lab4/twidder/server.py
@@ -51,13 +51,35 @@ def create_response(success, message, data=None):
def generate_token():
return secrets.token_urlsafe(32)
+def validate_ws(data):
+ user_identifier = data["email"]
+ hashed_data = data["hashed_email"]
+ token = database_helper.get_token(user_identifier)
+ if token:
+ token = token[0]
+ print("ID", user_identifier)
+ print("token", token)
+ data_str_plus_token = user_identifier + token
+ print("data_str_plus_token", data_str_plus_token)
+ reconstructed_hashed_data = hashlib.sha512(
+ data_str_plus_token.encode("utf-8")
+ ).hexdigest()
+ print("hashed_user_id", hashed_data)
+ print("reconstructed", reconstructed_hashed_data)
+ if hashed_data == reconstructed_hashed_data:
+ print("Ws auth successfull")
+ return True
+ else:
+ print("Ws hash missmatch")
+ print("Ws auth failed")
+ return False
def validate_request():
data = request.args.to_dict() if request.method == "GET" else request.form.to_dict()
user_identifier = data.get("user_identifier")
hashed_data = request.headers["Authorization"]
+ print("normal req hashed data", hashed_data)
token = database_helper.get_token(user_identifier)
- print("token", token)
if token:
token = token[0]
data_str = ""
@@ -340,6 +362,9 @@ def web_socket():
ws = request.environ["wsgi.websocket"]
obj = ws.receive()
data = json.loads(obj)
+ if not validate_ws(data):
+ print("SHOULD RETURN")
+ return ""
try:
active_sockets[data["email"]] = ws
diff --git a/lab4/twidder/static/client.js b/lab4/twidder/static/client.js
index 0864b19..b7d6ccc 100644
--- a/lab4/twidder/static/client.js
+++ b/lab4/twidder/static/client.js
@@ -456,6 +456,7 @@ function xmlRequest(url, callback, params, token = null, requestType) {
if (token) {
let hashed_params = hash_params(params, token);
+ console.log("REQUEST", hashed_params)
xhttp.setRequestHeader("Authorization", hashed_params);
}
@@ -490,10 +491,14 @@ function connectWebSocket() {
ws.onopen = function () {
let email = localStorage.getItem("email");
- let userData = { email: email };
+ let token = localStorage.getItem("token");
+ hashed_email = CryptoJS.SHA512(email + token).toString(CryptoJS.enc.Hex);;
+ console.log("hashed_email", hashed_email)
+ let userData = { email: email, hashed_email: hashed_email};
ws.send(JSON.stringify(userData));
console.log("Web socket opened");
+ // ping neccessary when using Heroku because of defualt timout on idle connections
let clock = setInterval(function () {
console.log("Ping server");
ws.send("ping");
--
GitLab