em-websocket 0.3.7 → 0.5.2

data/lib/em-websocket/handshake75.rb

@@ -1,21 +1,28 @@
 module EventMachine
   module WebSocket
     module Handshake75
-      def handshake
-        location  = "#{request['host'].scheme}://#{request['host'].host}"
-        location << ":#{request['host'].port}" if request['host'].port
-        location << request['path']
+      def self.handshake(headers, path, secure)
+        scheme = (secure ? "wss" : "ws")
+        location = "#{scheme}://#{headers['host']}#{path}"
 
         upgrade =  "HTTP/1.1 101 Web Socket Protocol Handshake\r\n"
         upgrade << "Upgrade: WebSocket\r\n"
         upgrade << "Connection: Upgrade\r\n"
-        upgrade << "WebSocket-Origin: #{request['origin']}\r\n"
-        upgrade << "WebSocket-Location: #{location}\r\n\r\n"
-
-        debug [:upgrade_headers, upgrade]
+        upgrade << "WebSocket-Origin: #{headers['origin']}\r\n"
+        upgrade << "WebSocket-Location: #{location}\r\n"
+        if protocol = headers['sec-websocket-protocol']
+          validate_protocol!(protocol)
+          upgrade << "Sec-WebSocket-Protocol: #{protocol}\r\n"
+        end
+        upgrade << "\r\n"
 
         return upgrade
       end
+
+      def self.validate_protocol!(protocol)
+        raise HandshakeError, "Invalid WebSocket-Protocol: empty" if protocol.empty?
+        # TODO: Validate characters
+      end
     end
   end
 end

data/lib/em-websocket/handshake76.rb

@@ -1,33 +1,30 @@
 require 'digest/md5'
 
-module EventMachine
-  module WebSocket
-    module Handshake76
-      def handshake
+module EventMachine::WebSocket
+  module Handshake76
+    class << self
+      def handshake(headers, path, secure)
         challenge_response = solve_challenge(
-          request['sec-websocket-key1'],
-          request['sec-websocket-key2'],
-          request['third-key']
+          headers['sec-websocket-key1'],
+          headers['sec-websocket-key2'],
+          headers['third-key']
         )
 
-        location  = "#{request['host'].scheme}://#{request['host'].host}"
-        location << ":#{request['host'].port}" if request['host'].port
-        location << request['path']
+        scheme = (secure ? "wss" : "ws")
+        location = "#{scheme}://#{headers['host']}#{path}"
 
         upgrade =  "HTTP/1.1 101 WebSocket Protocol Handshake\r\n"
         upgrade << "Upgrade: WebSocket\r\n"
         upgrade << "Connection: Upgrade\r\n"
         upgrade << "Sec-WebSocket-Location: #{location}\r\n"
-        upgrade << "Sec-WebSocket-Origin: #{request['origin']}\r\n"
-        if protocol = request['sec-websocket-protocol']
+        upgrade << "Sec-WebSocket-Origin: #{headers['origin']}\r\n"
+        if protocol = headers['sec-websocket-protocol']
           validate_protocol!(protocol)
           upgrade << "Sec-WebSocket-Protocol: #{protocol}\r\n"
         end
         upgrade << "\r\n"
         upgrade << challenge_response
 
-        debug [:upgrade_headers, upgrade]
-
         return upgrade
       end
 
@@ -42,6 +39,10 @@ module EventMachine
       end
 
       def numbers_over_spaces(string)
+        unless string
+          raise HandshakeError, "WebSocket key1 or key2 is missing"
+        end
+
         numbers = string.scan(/[0-9]/).join.to_i
 
         spaces = string.scan(/ /).size

data/lib/em-websocket/masking04.rb

@@ -15,12 +15,8 @@ module EventMachine
         @masking_key = nil
       end
 
-      def slice_mask
-        slice!(0, 4)
-      end
-
       def getbyte(index)
-        if @masking_key
+        if defined?(@masking_key) && @masking_key
           masked_char = super
           masked_char ? masked_char ^ @masking_key.getbyte(index % 4) : nil
         else
@@ -29,7 +25,8 @@ module EventMachine
       end
 
       def getbytes(start_index, count)
-        data = ''.force_encoding('ASCII-8BIT')
+        data = ''
+        data.force_encoding('ASCII-8BIT') if data.respond_to?(:force_encoding)
         count.times do |i|
           data << getbyte(start_index + i)
         end

data/lib/em-websocket/message_processor_03.rb

@@ -6,17 +6,20 @@ module EventMachine
       def message(message_type, extension_data, application_data)
         case message_type
         when :close
+          @close_info = {
+            :code => 1005,
+            :reason => "",
+            :was_clean => true,
+          }
           if @state == :closing
             # TODO: Check that message body matches sent data
             # We can close connection immediately since there is no more data
             # is allowed to be sent or received on this connection
             @connection.close_connection
-            @state = :closed
           else
             # Acknowlege close
             # The connection is considered closed
             send_frame(:close, application_data)
-            @state = :closed
             @connection.close_connection_after_writing
           end
         when :ping
@@ -31,7 +34,7 @@ module EventMachine
           end
           @connection.trigger_on_message(application_data)
         when :binary
-          @connection.trigger_on_message(application_data)
+          @connection.trigger_on_binary(application_data)
         end
       end
 

data/lib/em-websocket/message_processor_06.rb

@@ -19,32 +19,53 @@ module EventMachine
           
           debug [:close_frame_received, status_code, application_data]
           
+          @close_info = {
+            :code => status_code || 1005,
+            :reason => application_data,
+            :was_clean => true,
+          }
+
           if @state == :closing
             # We can close connection immediately since no more data may be
             # sent or received on this connection
             @connection.close_connection
-            @state = :closed
-          else
-            # Acknowlege close
+          elsif @state == :connected
+            # Acknowlege close & echo status back to client
             # The connection is considered closed
-            send_frame(:close, '')
-            @state = :closed
+            close_data = [status_code || 1000].pack('n')
+            send_frame(:close, close_data)
             @connection.close_connection_after_writing
-            # TODO: Send close status code and body to app code
           end
         when :ping
-          # Pong back the same data
-          send_frame(:pong, application_data)
+          # There are a couple of protections here against malicious/broken WebSocket abusing ping frames.
+          #
+          # 1. Delay 200ms before replying. This reduces the number of pings from WebSocket clients behaving as
+          #    `for (;;) { send_ping(conn); rcv_pong(conn); }`. The spec says we "SHOULD respond with Pong frame as soon
+          #    as is practical".
+          # 2. Reply at most every 200ms. This reduces the number of pong frames sent to WebSocket clients behaving as
+          #    `for (;;) { send_ping(conn); }`. The spec says "If an endpoint receives a Ping frame and has not yet sent
+          #    Pong frame(s) in response to previous Ping frame(s), the endpoint MAY elect to send a Pong frame for only
+          #    the most recently processed Ping frame."
+          @most_recent_pong_application_data = application_data
+          if @pong_timer == nil then
+            @pong_timer = EventMachine.add_timer(0.2) do
+              @pong_timer = nil
+              send_frame(:pong, @most_recent_pong_application_data)
+            end
+          end
           @connection.trigger_on_ping(application_data)
         when :pong
           @connection.trigger_on_pong(application_data)
         when :text
           if application_data.respond_to?(:force_encoding)
             application_data.force_encoding("UTF-8")
+            unless application_data.valid_encoding?
+              raise InvalidDataError, "Invalid UTF8 data"
+            end
           end
           @connection.trigger_on_message(application_data)
         when :binary
-          @connection.trigger_on_message(application_data)
+          @connection.trigger_on_binary(application_data)
         end
       end
 

data/lib/em-websocket/version.rb

@@ -1,5 +1,5 @@
 module EventMachine
   module Websocket
-    VERSION = "0.3.7"
+    VERSION = "0.5.2"
   end
 end

data/lib/em-websocket/websocket.rb

@@ -1,47 +1,56 @@
 module EventMachine
   module WebSocket
+    class << self
+      attr_accessor :max_frame_size
+      attr_accessor :close_timeout
+    end
+    @max_frame_size = 10 * 1024 * 1024 # 10MB
+    # Connections are given 60s to close after being sent a close handshake
+    @close_timeout = 60
+
     # All errors raised by em-websocket should descend from this class
-    #
     class WebSocketError < RuntimeError; end
 
     # Used for errors that occur during WebSocket handshake
-    #
     class HandshakeError < WebSocketError; end
 
     # Used for errors which should cause the connection to close.
     # See RFC6455 §7.4.1 for a full description of meanings
-    #
     class WSProtocolError < WebSocketError
       def code; 1002; end
     end
 
+    class InvalidDataError < WSProtocolError
+      def code; 1007; end
+    end
+
     # 1009: Message too big to process
     class WSMessageTooBigError < WSProtocolError
       def code; 1009; end
     end
 
+    # Start WebSocket server, including starting eventmachine run loop
     def self.start(options, &blk)
       EM.epoll
-      EM.run do
-
+      EM.run {
         trap("TERM") { stop }
         trap("INT")  { stop }
 
-        EventMachine::start_server(options[:host], options[:port],
-          EventMachine::WebSocket::Connection, options) do |c|
-          blk.call(c)
-        end
+        run(options, &blk)
+      }
+    end
+
+    # Start WebSocket server inside eventmachine run loop
+    def self.run(options)
+      host, port = options.values_at(:host, :port)
+      EM.start_server(host, port, Connection, options) do |c|
+        yield c
       end
     end
 
     def self.stop
       puts "Terminating WebSocket Server"
-      EventMachine.stop
+      EM.stop
     end
-
-    class << self
-      attr_accessor :max_frame_size
-    end
-    @max_frame_size = 10 * 1024 * 1024 # 10MB
   end
 end

data/spec/helper.rb

@@ -1,10 +1,15 @@
+# encoding: BINARY
+
 require 'rubygems'
 require 'rspec'
 require 'em-spec/rspec'
-require 'pp'
 require 'em-http'
 
 require 'em-websocket'
+require 'em-websocket-client'
+
+require 'integration/shared_examples'
+require 'integration/gte_03_examples'
 
 RSpec.configure do |c|
   c.mock_with :rspec
@@ -27,75 +32,80 @@ class FakeWebSocketClient < EM::Connection
     # puts "RECEIVE DATA #{data}"
     if @state == :new
       @handshake_response = data
-      @onopen.call if @onopen
+      @onopen.call if defined? @onopen
       @state = :open
     else
-      @onmessage.call(data) if @onmessage
+      @onmessage.call(data) if defined? @onmessage
       @packets << data
     end
   end
 
-  def send(data)
-    send_data("\x00#{data}\xff")
+  def send(application_data)
+    send_frame(:text, application_data)
+  end
+
+  def send_frame(type, application_data)
+    send_data construct_frame(type, application_data)
   end
 
   def unbind
-    @onclose.call if @onclose
+    @onclose.call if defined? @onclose
+  end
+
+  private
+
+  def construct_frame(type, data)
+    "\x00#{data}\xff"
   end
 end
 
 class Draft03FakeWebSocketClient < FakeWebSocketClient
-  def send(application_data)
-    frame = ''
-    opcode = 4 # fake only supports text frames
-    byte1 = opcode # since more, rsv1-3 are 0
-    frame << byte1
+  private
+
+  def construct_frame(type, data)
+    frame = ""
+    frame << EM::WebSocket::Framing03::FRAME_TYPES[type]
+    frame << encoded_length(data.size)
+    frame << data
+  end
 
-    length = application_data.size
+  def encoded_length(length)
     if length <= 125
-      byte2 = length # since rsv4 is 0
-      frame << byte2
+      [length].pack('C') # since rsv4 is 0
     elsif length < 65536 # write 2 byte length
-      frame << 126
-      frame << [length].pack('n')
+      "\126#{[length].pack('n')}"
     else # write 8 byte length
-      frame << 127
-      frame << [length >> 32, length & 0xFFFFFFFF].pack("NN")
+      "\127#{[length >> 32, length & 0xFFFFFFFF].pack("NN")}"
     end
-
-    frame << application_data
-
-    send_data(frame)
   end
 end
 
-class Draft07FakeWebSocketClient < FakeWebSocketClient
-  def send(application_data)
-    frame = ''
-    opcode = 1 # fake only supports text frames
-    byte1 = opcode | 0b10000000 # since more, rsv1-3 are 0
-    frame << byte1
+class Draft05FakeWebSocketClient < Draft03FakeWebSocketClient
+  private
 
-    length = application_data.size
-    if length <= 125
-      byte2 = length # since rsv4 is 0
-      frame << byte2
-    elsif length < 65536 # write 2 byte length
-      frame << 126
-      frame << [length].pack('n')
-    else # write 8 byte length
-      frame << 127
-      frame << [length >> 32, length & 0xFFFFFFFF].pack("NN")
-    end
+  def construct_frame(type, data)
+    frame = ""
+    frame << "\x00\x00\x00\x00" # Mask with nothing for simplicity
+    frame << (EM::WebSocket::Framing05::FRAME_TYPES[type] | 0b10000000)
+    frame << encoded_length(data.size)
+    frame << data
+  end
+end
 
-    frame << application_data
+class Draft07FakeWebSocketClient < Draft05FakeWebSocketClient
+  private
 
-    send_data(frame)
+  def construct_frame(type, data)
+    frame = ""
+    frame << (EM::WebSocket::Framing07::FRAME_TYPES[type] | 0b10000000)
+    # Should probably mask the data, but I get away without bothering since
+    # the server doesn't enforce that incoming frames are masked
+    frame << encoded_length(data.size)
+    frame << data
   end
 end
 
-
-# Wrap EM:HttpRequest in a websocket like interface so that it can be used in the specs with the same interface as FakeWebSocketClient
+# Wrapper around em-websocket-client
 class Draft75WebSocketClient
   def onopen(&blk);     @onopen = blk;    end
   def onclose(&blk);    @onclose = blk;   end
@@ -103,15 +113,17 @@ class Draft75WebSocketClient
   def onmessage(&blk);  @onmessage = blk; end
 
   def initialize
-    @ws = EventMachine::HttpRequest.new('ws://127.0.0.1:12345/').get(:timeout => 0)
-    @ws.errback { @onerror.call if @onerror }
-    @ws.callback { @onopen.call if @onopen }
-    @ws.stream { |msg| @onmessage.call(msg) if @onmessage }
-    @ws.disconnect { @onclose.call if @onclose }
+    @ws = EventMachine::WebSocketClient.connect('ws://127.0.0.1:12345/',
+                                                :version => 75,
+                                                :origin => 'http://example.com')
+    @ws.errback { |err| @onerror.call if defined? @onerror }
+    @ws.callback { @onopen.call if defined? @onopen }
+    @ws.stream { |msg| @onmessage.call(msg) if defined? @onmessage }
+    @ws.disconnect { @onclose.call if defined? @onclose }
   end
 
   def send(message)
-    @ws.send(message)
+    @ws.send_msg(message)
   end
 
   def close_connection
@@ -119,6 +131,12 @@ class Draft75WebSocketClient
   end
 end
 
+def start_server(opts = {})
+  EM::WebSocket.run({:host => "0.0.0.0", :port => 12345}.merge(opts)) { |ws|
+    yield ws if block_given?
+  }
+end
+
 def format_request(r)
   data = "#{r[:method]} #{r[:path]} HTTP/1.1\r\n"
   header_lines = r[:headers].map { |k,v| "#{k}: #{v}" }
@@ -133,8 +151,23 @@ def format_response(r)
   data
 end
 
-RSpec::Matchers.define :send_handshake do |response|
+RSpec::Matchers.define :succeed_with_upgrade do |response|
+  match do |actual|
+    success = nil
+    actual.callback { |upgrade_response, handler_klass|
+      success = (upgrade_response.lines.sort == format_response(response).lines.sort)
+    }
+    success
+  end
+end
+
+RSpec::Matchers.define :fail_with_error do |error_klass, error_message|
   match do |actual|
-    actual.handshake.lines.sort == format_response(response).lines.sort
+    success = nil
+    actual.errback { |e|
+      success = (e.class == error_klass)
+      success &= (e.message == error_message) if error_message
+    }
+    success
   end
 end