Skip to content

Instantly share code, notes, and snippets.

@balupton

balupton/nowsecure.js

Created April 25, 2011 18:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save balupton/940934 to your computer and use it in GitHub Desktop.
Save balupton/940934 to your computer and use it in GitHub Desktop.
Download ZIP
In regards to the security and serialisation discussion for Now.js
Raw
nowsecure.js
// Counter Store for Original Functions
var originalFunctions = {}, originalFunctionCounter = 0;
// Secure a Client to Server Object
var serialise = function(args){
// Prepare
var
functionKeys = {},
result = {},
functionAlias = function(){
// Define Scope
var scope = {
complete: function(){
delete originalFunctions[originalFunctionKey];
}
};
// Server Side
if ( now.isServerSide() ) {
// Send a Socket.IO Transmission to Call the Original Function
// ...
}
// Client Side
else {
// Trigger Original Function
originalFunctions[originalFunctionKey].apply(scope,Array.prototype.slice.call(arguments));
}
},
functionAliasString = functionAlias.toString();
// Secure Functions and Convert to Strings
var _serialise = function(obj,fullKeys) {
// Prepare
fullKeys = fullKeys||'';
// Check if it isn't an iterable
if ( !((obj && typeof obj === 'object') || (a instanceof Array)) ) {
return obj;
}
// Cycle
for ( var key in obj ) {
// Check
if ( !obj.hasOwnProperty(key) ) {
return true;
}
// Prepare
var
item = obj[key],
fullKey = fullKeys+'.'+key;
// Type
switch ( typeof item ) {
case 'array':
case 'object':
if ( item ) {
item = _serialise(item,fullKey);
}
break;
case 'function':
// Regex
if ( item instanceof RegExp ) {
// Serialise Object Regex
item = item.toString();
}
// Function
else {
// Store Original Function
originalFunctions[originalFunctionKey] = item;
// Serialise Object Function
item = functionAliasString.replace('originalFunctionKey',originalFunctionCounter);
++originalFunctionCounter;
}
// Store
if ( typeof functionKeys[fullKey] !== 'undefined' ) {
throw Error('Hacker');
}
functionKeys[fullKey] = item;
// Break
break;
default:
break;
}
}
// Return
return item;
};
// Handle
result.obj = JSON.stringify(_serialise(args));
result.functionKeys = functionKeys;
// Return
return result;
}
// Deserialise a Client to Server Object
var deserialise = function(serialisedObject){
// Prepare
var
result = {},
obj = JSON.parse(serialisedObject.obj),
functionKeys = serialisedObject.functionKeys;
// Convert Function Strings to Functions
var _deserialise = function(obj,fullKeys) {
// Prepare
fullKeys = fullKeys||'';
// Check if it isn't an iterable
if ( !((obj && typeof obj === 'object') || (a instanceof Array)) ) {
return obj;
}
// Cycle
for ( var key in obj ) {
// Check
if ( !obj.hasOwnProperty(key) ) {
return true;
}
// Prepare
var
item = obj[key],
fullKey = fullKeys+'.'+key;
// Recurse
if ( item && typeof item === 'object' ) {
_deserialise(item,fullKey);
}
// Check for Function
else if ( typeof functionKeys[fullKey] !== 'undefined' ) {
// Deserialise Function
obj[key] = eval(item);
}
}
};
// Return
return obj;
};
// Example Use Case
// Server Side
// Initialise Connection
now.everyone.initConnection = function(options,callback){
this.now.notify = options.notify;
callback();
};
// Synchronise
now.everyone.sync = function(){
this.now.notify();
}
// Client Side
now.ready(function(){
// Initialise Connection
now.initConnection(
{
str: 'I am a string',
notify: function(){}
},
function(){
// Delete the closure reference, so memory stays clean
this.complete();
}
);
// Synchronise
now.sync();
// Delete the closure reference, so memory stays clean
this.complete();
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment