ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

sessions: ignore self-emitted update events

Browse Source 
Signed-off-by: chandi Langecker <git@chandi.it>
This commit is contained in:
chandi Langecker
2022-11-21 20:01:53 +01:00
parent 6d86ec70ef
commit 541ee13780
4 changed files with 74 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/Listeners/LiveUpdateListener.php
View File

@@ -33,25 +33,30 @@ use OCA\Deck\Service\SessionService;
use OCA\NotifyPush\Queue\IQueue;
use OCP\EventDispatcher\Event;
use OCP\EventDispatcher\IEventListener;
use OCP\IRequest;
use Psr\Container\ContainerInterface;
use Psr\Log\LoggerInterface;
class LiveUpdateListener implements IEventListener {
private string $userId;
private LoggerInterface $logger;
private SessionService $sessionService;
private IRequest $request;
private $queue;
public function __construct(ContainerInterface $container, SessionService $sessionService, $userId) {
public function __construct(
ContainerInterface $container,
IRequest $request,
SessionService $sessionService
) {
try {
$this->queue = $container->get(IQueue::class);
} catch (\Exception $e) {
// most likely notify_push is not installed.
return;
}
$this->userId = $userId;
$this->logger = $container->get(LoggerInterface::class);
$this->sessionService = $sessionService;
$this->request = $request;
}
public function handle(Event $event): void {
@@ -61,10 +66,17 @@ class LiveUpdateListener implements IEventListener {
}
try {
if ($event instanceof SessionCreatedEvent || $event instanceof SessionClosedEvent) {
$this->sessionService->notifyAllSessions($this->queue, $event->getBoardId(), NotifyPushEvents::DeckBoardUpdate, $event->getUserId(), [
// the web frontend is adding the Session-ID as a header on every request
// TODO: verify the token! this currently allows to spoof a token from someone
// else, preventing this person from getting any live updates
$causingSessionToken = $this->request->getHeader('x-nc-deck-session');
if (
$event instanceof SessionCreatedEvent ||
$event instanceof SessionClosedEvent
) {
$this->sessionService->notifyAllSessions($this->queue, $event->getBoardId(), NotifyPushEvents::DeckBoardUpdate, [
'id' => $event->getBoardId()
]);
], $causingSessionToken);
}
} catch (\Exception $e) {
$this->logger->error('Error when handling live update event', ['exception' => $e]);