92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
# File 'lib/roda/component/faye.rb', line 92
def incoming(message, request, callback)
case message['channel']
when '/meta/connect', '/meta/handshake', '/meta/subscribe', '/meta/disconnect', '/meta/unsubscribe'
session_token = request.session['csrf.token']
message_token = message['ext'] && message['ext'].delete('csrfToken')
unless session_token == message_token
message['error'] = '401::Access denied'
end
else
app_token = Roda::Component.app.component_opts[:token]
message_token = message['data'] && message['data'].delete('token')
unless app_token == message_token
message['error'] = '401::Access denied'
end
end
callback.call(message)
end
|