jschan/lib/misc/socketio.js

'use strict';

const { redis: redisConfig } = require(__dirname+'/../../configs/secrets.js')
	, { Boards } = require(__dirname+'/../../db/')
	, roomRegex = /^(?<roomBoard>[a-z0-9]+)-(?<roomName>[a-z0-9-]+)$/i
	, calcPerms = require(__dirname+'/../permission/calcperms.js')
	, { Permissions } = require(__dirname+'/../permission/permissions.js')
	, socketIO = require('socket.io')
	, createAdapter = require('@socket.io/redis-adapter')
	, Redis = require('ioredis');

module.exports = {

	io: null, //null to begin with

	connect: (server, sessionMiddleware) => {
		//create redis adapter
		const io = socketIO(server)
			, pubClient = new Redis(redisConfig)
			, subClient = pubClient.duplicate();
		io.adapter(createAdapter(pubClient, subClient));
		//setup the middleware for sessions on socket
		const sessionRefresh = require(__dirname+'/../middleware/permission/sessionrefresh.js');
		io.use((socket, next) => {
			sessionMiddleware(socket.request, socket.request, next);
		});
		io.use((socket, next) => {
			sessionRefresh(socket.request, socket.request, next);
		});
		module.exports.io = io;
		//start accepting connections
		module.exports.startRooms();
	},

	startRooms: () => {
		module.exports.io.on('connection', socket => {
			socket.on('ping', cb => {
				if (typeof cb === 'function') {
					cb();
				}
			});
			socket.on('room', async (room) => {

				//check if a valid formatted room name
				const roomMatch = room.match(roomRegex);
				if (roomMatch && roomMatch.groups) {
					const { roomBoard, roomName } = roomMatch.groups;

					let hasPermission = true;

					//permission to manage/globalmanage based on MANAGE_GLOBAL/BOARD permissions
					if (room === 'globalmanage-recent-raw'
						|| room === 'globalmanage-recent-hashed') {
						socket.request.locals.board = null;
						socket.request.locals.permissions = calcPerms(socket.request, socket.request);
						hasPermission = socket.request.locals.permissions.get(Permissions.MANAGE_GLOBAL_GENERAL);
					} else {
						/* unlike normal endpoints, we cant get board from params and compare staffBoards and ownerBoards
						to roomBoard, so we need to put this here, in the room event and use the internal calcPerms after,
						instead of using a io.use( calcPermsMiddleware() after sessionRefresh() */
						socket.request.locals.board = await Boards.findOne(roomBoard);
						socket.request.locals.permissions = calcPerms(socket.request, socket.request);
						if (roomName === 'manage-recent-hashed'
							|| roomName === 'manage-recent-raw') {
							hasPermission = socket.request.locals.permissions.get(Permissions.MANAGE_BOARD_GENERAL);
						}
					}

					//if raw, must have room permission AND raw ip permission
					if (room.endsWith('-raw')) {
						hasPermission = hasPermission && socket.request.locals.permissions.get(Permissions.VIEW_RAW_IP);
					}

					//user has perms to join
					if (hasPermission === true) {
						socket.join(room);
						return socket.send('joined');
					}

				}

				//invalid room or no perms
				socket.disconnect(true);

			});
		});
	},

	emitRoom: (room, event, message) => {
		if (!module.exports.io) {
			return; //not initialized or in process that doesnt emit these events
		}
		module.exports.io.to(room).emit(event, message);
	},

};