correctly query for SID or SSID to handle https sessions [#1972128]

Hi All,

Thanks for all your work on a great module!

I've been trying to set up a node.js server and integration with my https Drupal site. The broadcast messages work, but messages to specific channels or users do not seem to work.

Here's my node.config.js:

backendSettings = {
  scheme: 'https',
  port: 9090,
  host: 'XXX.XXX.XXX.XXX',
  resource: '/socket.io',
  serviceKey: '***',
  backend: {
    port: 443,
    host: 'www.xxx.xxxxxxx.xxx',
    scheme: 'https',
    basePath: '',
    messagePath: '/nodejs/message'
  },
  debug: true,
  key:'/opt/sysconfig/cert/xxx.pem',
  cert:'/opt/sysconfig/pubcert/xxx.crt',
  sslKeyPath:'/opt/sysconfig/cert/xxx.pem',
  sslCertPath:'/opt/sysconfig/pubcert/xxx.crt',
  sslCAPath: '',
  baseAuthPath: '/nodejs/',
  publishUrl: 'publish',
  kickUserUrl: 'user/kick/:uid',
  logoutUserUrl: 'user/logout/:authtoken',
  addUserToChannelUrl: 'user/channel/add/:channel/:uid',
  removeUserFromChannelUrl: 'user/channel/remove/:channel/:uid',
  addChannelUrl: 'channel/add/:channel',
  removeChannelUrl: 'channel/remove/:channel',
  setUserPresenceListUrl: 'user/presence-list/:uid/:uidList',
  addAuthTokenToChannelUrl: 'authtoken/channel/add/:channel/:uid',
  removeAuthTokenFromChannelUrl: 'authtoken/channel/remove/:channel/:uid',
  toggleDebugUrl: 'debug/toggle',
  contentTokenUrl: 'content/token',
  publishMessageToContentChannelUrl: 'content/token/message',
  extensions: [],
  clientsCanWriteToChannels: false,
  clientsCanWriteToClients: false,
  transports: ['websocket', 'htmlfile', 'xhr-polling', 'jsonp-polling'], //'flashsocket',
  jsMinification: true,
  jsEtag: true,
  logLevel: 1
};

and the code I'm testing with that works is here:

function mymodule_user_login(&$edit, $account){
   $subject = 'User: '.$account->uid.' just logged in!';
   $body = 'Testing the nodejs login notifications';
   nodejs_broadcast_message($subject, $body);
}

but replacing nodejs_broadcast_message with nodejs_send_channel_message or nodejs_send_user_message will not work.

If I visit a page that has nodejs enabled, I get a debug message as follows on the command line:

Authenticating client with key "2b548d9c5149f5e704ca4909cce30c2b"
Sending message to backend { authToken: '2b548d9c5149f5e704ca4909cce30c2b',
  messageType: 'authenticate',
  clientId: 'yspGZ65wKnGU32Ouew8G' } { uri: 'https://www.mydomain.com:443/nodejs/message',
  port: 443,
  body: 'messageJson=%7B%22authToken%22%3A%222b548d9c5149f5e704ca4909cce30c2b%22%2C%22messageType%22%3A%22authenticate%22%2C%22clientId%22%3A%22yspGZ65wKnGU32Ouew8G%22%7D&serviceKey=***',
  headers:
   { 'Content-Length': 176,
     'Content-Type': 'application/x-www-form-urlencoded' } }
Invalid login for uid " 0 "

So it seems like it isn't associating my uid with an active user/session...

And if I try to add myself to a channel, I get this message:

getNodejsSessionIdsFromUid { uid: '1', sessionIds: [] }
No active sessions for uid: 1

but I'm not quite sure how to troubleshoot this...

Versions:
Node - v0.10.3
Socket.io - v0.9.11
Express - 2.5.11
Ubuntu - 10.04LTS

I'm not sure if this is a bug, or something I've misconfigured, but I followed the installation instructions and seem to be very close to having a working server...

Comments

Comment #0.0

ndevelder CreditAttribution: ndevelder commented 16 April 2013 at 20:32

Issue summary:

View changes

A few spacing changes

Comment #1

quiethero CreditAttribution: quiethero commented 28 April 2013 at 17:08

I am having the exact same problem. Could it be that its a problem on the Drupal side.

Comment #2

Anonymous (not verified) CreditAttribution: Anonymous commented 28 April 2013 at 22:37

hmm. i guess you should put some debug in the php?

invalid login means that the authToken passed from node.js to drupal didn't match anything on the drupal side.

are you using something other than the db for your session handling?

Comment #3

ndevelder CreditAttribution: ndevelder commented 21 May 2013 at 20:45

So I think I've partly figured out what is going on...here's the function in nodejs.module that's giving me problems:

/**
 * Default Node.js auth check callback implementation.
 */
function nodejs_auth_check_callback($auth_token) {
  return db_query("SELECT uid FROM {sessions} WHERE MD5(sid) = :auth_key", array(':auth_key' => $auth_token))->fetchField();
}

In my sessions table, I have two session IDs, SID and SSID, one for insecure sessions and one for secure sessions. The PHP function session_id() returns SSID (because I'm always in a secure session), but the above auth check function only compares against SID.

If I change "WHERE MD5(sid)" to "WHERE MD5(ssid)" I get a valid login for my user id. So I think that function needs either an OR statement in the sql query, or a check for session type and separate assembly of the query.

Comment #4

Anonymous (not verified) CreditAttribution: Anonymous commented 21 May 2013 at 21:05

Title:	https node.js integration issues	» correctly query for SID or SSID to handle https sessions
Category:	support	» bug

ooh, thanks for finding that, looks like a pretty dumb bug. patches welcome.

Comment #5

ndevelder CreditAttribution: ndevelder commented 23 September 2013 at 15:19

This is a pretty old issue, but here's the code change that worked for me, I'll try to get a patch out...but very short on time right now:

/**
 * Default Node.js auth check callback implementation.
 */
function nodejs_auth_check_callback($auth_token) {
  $sess_scheme = variable_get('nodejs_server_scheme');
  if($sess_scheme == 'https'){
  return db_query("SELECT uid FROM {sessions} WHERE MD5(ssid) = :auth_key", array(':auth_key' => $auth_token))->fetchField();
  }else{
  return db_query("SELECT uid FROM {sessions} WHERE MD5(sid) = :auth_key", array(':auth_key' => $auth_token))->fetchField();
  }
}