Fix relay protocol hijack (#162)

* move _jwtAuth property to BrowserSession * add signature to Relay client * use signature to hijack prev protocol * remove protocol from the storage on disconnect * update js and react-native CHANGELOGs
signalwire · Aug 21, 2019 · 3d42f3e · 3d42f3e
1 parent 822bd00
commit 3d42f3e
Show file tree

Hide file tree

Showing 8 changed files with 19 additions and 32 deletions.
diff --git a/packages/common/src/BaseSession.ts b/packages/common/src/BaseSession.ts
@@ -10,6 +10,7 @@ import { ADD, REMOVE, SwEvent, BladeMethod, NOTIFICATION_TYPE } from './util/con
 import { BroadcastParams, ISignalWireOptions, SubscribeParams, IBladeConnectResult } from './util/interfaces'
 import { Subscription, Connect, Reauthenticate } from './messages/Blade'
 import { isFunction } from './util/helpers'
+import { sessionStorage } from './util/storage/'
 
 export default abstract class BaseSession {
   public uuid: string = uuidv4()
@@ -18,6 +19,7 @@ export default abstract class BaseSession {
   public nodeid: string
   public master_nodeid: string
   public expiresAt: number = 0
+  public signature: string = null
   public relayProtocol: string = null
   public contexts: string[] = []
 
@@ -138,6 +140,7 @@ export default abstract class BaseSession {
     this.subscriptions = {}
     this._autoReconnect = false
     this._removeConnection()
+    await sessionStorage.removeItem(this.signature)
     this._executeQueue = []
     this._detachListeners()
   }
@@ -219,9 +222,10 @@ export default abstract class BaseSession {
     const response: IBladeConnectResult = await this.execute(bc).catch(this._handleLoginError)
     if (response) {
       this._autoReconnect = true
-      this.relayProtocol = await Setup(this)
-      const { sessionid, nodeid, master_nodeid, authorization: { expires_at = null } = {} } = response
+      const { sessionid, nodeid, master_nodeid, authorization: { expires_at = null, signature = null } = {} } = response
       this.expiresAt = +expires_at || 0
+      this.signature = signature
+      this.relayProtocol = await Setup(this)
       this._checkTokenExpiration()
       this.sessionid = sessionid
       this.nodeid = nodeid

diff --git a/packages/common/src/BrowserSession.ts b/packages/common/src/BrowserSession.ts
@@ -22,8 +22,9 @@ export default abstract class BrowserSession extends BaseSession {
   private _iceServers: RTCIceServer[] = []
   private _localElement: HTMLMediaElement = null
   private _remoteElement: HTMLMediaElement = null
-  protected _reconnectDelay: number = 1000
 
+  protected _jwtAuth: boolean = true
+  protected _reconnectDelay: number = 1000
   protected _devices: ICacheDevices = {}
   protected _audioConstraints: boolean | MediaTrackConstraints = true
   protected _videoConstraints: boolean | MediaTrackConstraints = false

diff --git a/packages/common/src/services/Setup.ts b/packages/common/src/services/Setup.ts
@@ -10,16 +10,15 @@ const SETUP_CHANNEL = 'notifications'
 export default async (session: BaseSession): Promise<string> => {
   // TODO: service as an empty string for now. Remove it accordingly to Blade changes
   const params: { service: '', protocol?: string } = { service: '' }
-  const storageKey = `${session.options.project}-setup`
-  const currentProtocol = await sessionStorage.getItem(storageKey)
-  if (currentProtocol) {
-    params.protocol = currentProtocol
+  const prevProtocol = await sessionStorage.getItem(session.signature)
+  if (prevProtocol) {
+    params.protocol = prevProtocol
   }
   const be = new Execute({ protocol: SETUP_PROTOCOL, method: SETUP_METHOD, params })
   const { protocol = null } = await session.execute(be)
   if (protocol) {
     await session.subscribe({ protocol, channels: [SETUP_CHANNEL] })
-    await sessionStorage.setItem(storageKey, protocol)
+    await sessionStorage.setItem(session.signature, protocol)
   } else {
     logger.error('Error during setup the session protocol.')
   }

diff --git a/packages/common/src/util/interfaces.ts b/packages/common/src/util/interfaces.ts
@@ -24,6 +24,7 @@ export interface IBladeConnectResult extends IMessageBase {
   protocols_uncertified: string[]
   authorization: {
     expires_at: number
+    signature: string
   }
 }
 

diff --git a/packages/js/CHANGELOG.md b/packages/js/CHANGELOG.md
@@ -4,26 +4,8 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
-### Added
-- Expose moderator methods on the Call object.
-- A notification that belongs to a Call now contains a reference to the call itself.
-- Set/Get default `localElement` for the client to handle the localStream for all calls.
-- Set/Get default `remoteElement` for the client to handle the remoteStream for all calls.
-- newCall() method now accepts `localElement` and `remoteElement` to override the default ones.
-- Set default audio & video settings.
-- Expose speedTest() method.
-- Force SDP to use plan-b.
-- Set default iceServers.
-- User can now join conferences without audio & video.
-- Expose static method uuid().
-- Retrieve supported resolution during client init
-- Add property `resolutions` to get supported resolutions.
-- Add async method `refreshResolutions()` to refresh cached resolutions
-### Changed
-- client.connect() is now async to check browser permissions before open the websocket connection.
-- client.supportedResolutions() now returns a device list for each resolution supported.
-### Removed
-- `chatChannel` / `infoChannel` / `conferenceChannel` have been removed from the `conferenceUpdate` notification (**join** & **leave** actions).
+### Fixed
+- Try to re-establish the previous protocol only if the signature has not changed.
 ### Security
 - Update dependencies
 

diff --git a/packages/js/src/SignalWire.ts b/packages/js/src/SignalWire.ts
@@ -4,8 +4,6 @@ import { Execute } from '../../common/src/messages/Blade'
 import BaseRequest from '../../common/src/messages/verto/BaseRequest'
 
 export default class SignalWire extends BrowserSession {
-  protected _jwtAuth: boolean = true
-
   execute(message: BaseMessage) {
     let msg: BaseMessage = message
     if (message instanceof BaseRequest) {

diff --git a/packages/react-native/CHANGELOG.md b/packages/react-native/CHANGELOG.md
@@ -4,7 +4,11 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Fixed
+- Try to re-establish the previous protocol only if the signature has not changed.
 
+## [1.0.0] - 2019-06-28
+## First Release!
 
 <!---
 ### Added

diff --git a/packages/react-native/src/Relay.ts b/packages/react-native/src/Relay.ts
@@ -4,8 +4,6 @@ import { Execute } from '../../common/src/messages/Blade'
 import BaseRequest from '../../common/src/messages/verto/BaseRequest'
 
 export default class Relay extends BrowserSession {
-  protected _jwtAuth: boolean = true
-
   execute(message: BaseMessage) {
     let msg: BaseMessage = message
     if (message instanceof BaseRequest) {