Created
April 25, 2011 18:16
-
-
Save balupton/940934 to your computer and use it in GitHub Desktop.
In regards to the security and serialisation discussion for Now.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Counter Store for Original Functions | |
var originalFunctions = {}, originalFunctionCounter = 0; | |
// Secure a Client to Server Object | |
var serialise = function(args){ | |
// Prepare | |
var | |
functionKeys = {}, | |
result = {}, | |
functionAlias = function(){ | |
// Define Scope | |
var scope = { | |
complete: function(){ | |
delete originalFunctions[originalFunctionKey]; | |
} | |
}; | |
// Server Side | |
if ( now.isServerSide() ) { | |
// Send a Socket.IO Transmission to Call the Original Function | |
// ... | |
} | |
// Client Side | |
else { | |
// Trigger Original Function | |
originalFunctions[originalFunctionKey].apply(scope,Array.prototype.slice.call(arguments)); | |
} | |
}, | |
functionAliasString = functionAlias.toString(); | |
// Secure Functions and Convert to Strings | |
var _serialise = function(obj,fullKeys) { | |
// Prepare | |
fullKeys = fullKeys||''; | |
// Check if it isn't an iterable | |
if ( !((obj && typeof obj === 'object') || (a instanceof Array)) ) { | |
return obj; | |
} | |
// Cycle | |
for ( var key in obj ) { | |
// Check | |
if ( !obj.hasOwnProperty(key) ) { | |
return true; | |
} | |
// Prepare | |
var | |
item = obj[key], | |
fullKey = fullKeys+'.'+key; | |
// Type | |
switch ( typeof item ) { | |
case 'array': | |
case 'object': | |
if ( item ) { | |
item = _serialise(item,fullKey); | |
} | |
break; | |
case 'function': | |
// Regex | |
if ( item instanceof RegExp ) { | |
// Serialise Object Regex | |
item = item.toString(); | |
} | |
// Function | |
else { | |
// Store Original Function | |
originalFunctions[originalFunctionKey] = item; | |
// Serialise Object Function | |
item = functionAliasString.replace('originalFunctionKey',originalFunctionCounter); | |
++originalFunctionCounter; | |
} | |
// Store | |
if ( typeof functionKeys[fullKey] !== 'undefined' ) { | |
throw Error('Hacker'); | |
} | |
functionKeys[fullKey] = item; | |
// Break | |
break; | |
default: | |
break; | |
} | |
} | |
// Return | |
return item; | |
}; | |
// Handle | |
result.obj = JSON.stringify(_serialise(args)); | |
result.functionKeys = functionKeys; | |
// Return | |
return result; | |
} | |
// Deserialise a Client to Server Object | |
var deserialise = function(serialisedObject){ | |
// Prepare | |
var | |
result = {}, | |
obj = JSON.parse(serialisedObject.obj), | |
functionKeys = serialisedObject.functionKeys; | |
// Convert Function Strings to Functions | |
var _deserialise = function(obj,fullKeys) { | |
// Prepare | |
fullKeys = fullKeys||''; | |
// Check if it isn't an iterable | |
if ( !((obj && typeof obj === 'object') || (a instanceof Array)) ) { | |
return obj; | |
} | |
// Cycle | |
for ( var key in obj ) { | |
// Check | |
if ( !obj.hasOwnProperty(key) ) { | |
return true; | |
} | |
// Prepare | |
var | |
item = obj[key], | |
fullKey = fullKeys+'.'+key; | |
// Recurse | |
if ( item && typeof item === 'object' ) { | |
_deserialise(item,fullKey); | |
} | |
// Check for Function | |
else if ( typeof functionKeys[fullKey] !== 'undefined' ) { | |
// Deserialise Function | |
obj[key] = eval(item); | |
} | |
} | |
}; | |
// Return | |
return obj; | |
}; | |
// Example Use Case | |
// Server Side | |
// Initialise Connection | |
now.everyone.initConnection = function(options,callback){ | |
this.now.notify = options.notify; | |
callback(); | |
}; | |
// Synchronise | |
now.everyone.sync = function(){ | |
this.now.notify(); | |
} | |
// Client Side | |
now.ready(function(){ | |
// Initialise Connection | |
now.initConnection( | |
{ | |
str: 'I am a string', | |
notify: function(){} | |
}, | |
function(){ | |
// Delete the closure reference, so memory stays clean | |
this.complete(); | |
} | |
); | |
// Synchronise | |
now.sync(); | |
// Delete the closure reference, so memory stays clean | |
this.complete(); | |
}); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment