em-websocket 0.5.1 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 623f09b2677a73143c0f625ba3b516a00219103e
-  data.tar.gz: 0ebcdd8490811e0b69a64262b2a63daeb8d6aa14
+SHA256:
+  metadata.gz: b5ae1d6db2d88e23c98fce247af5c18d9af7343d196cc85224d2d62e6f39cf6b
+  data.tar.gz: eff929c27eb3949705cf0e5438af33c7b05612c5e5deedaf2ea39a81f0308559
 SHA512:
-  metadata.gz: aad00490beaf8c9ae3606dc506d111c7d60c1f83c6b08c93ebbafd9d877f3c7a7ec2273cbb0a3d97f59d7fb749e4a6f157cdc1a53f4bab88c21cb6eb99605435
-  data.tar.gz: 002ff0471519223522a43a3e865272af61c033960d4a74506080b551d8b01f3cc73471c4b19d677b7c3f90c76b8022c34aa5fbb0b4a3b348b37102b1a3ad597e
+  metadata.gz: 301e06c551ea5414cd463a606fc709676932094bdf92743555cf5ecccb20fb0c0d7abe14c19a61942337ea8c60053bd59d7b31841178df9f05dbae3c6e66232f
+  data.tar.gz: 5020a0dd90126780266b55c197acadcbabc40044e5513b4461f4f4d9500d9ace38646c931aeb19fd638b852a68346b5cb44c48b9cc5e5b5f2e96e3a80ff2cbf4

data/Gemfile

@@ -5,5 +5,5 @@ gemspec
 gem "em-websocket-client", git: "git@github.com:movitto/em-websocket-client.git", branch: "expose-websocket-api"
 gem "em-spec", "~> 0.2.6"
 gem "em-http-request", "~> 1.1.1"
-gem "rspec", "~> 2.12.0"
+gem "rspec", "~> 3.5.0"
 gem "rake"

data/LICENCE

@@ -0,0 +1,7 @@
+Copyright (c) 2009-2014 Ilya Grigorik, Martyn Loughran
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -73,7 +73,7 @@ If unsure use a code in the 4xxx range. em-websocket may also close a connection
 
 ## Secure server
 
-It is possible to accept secure `wss://` connections by passing `:secure => true` when opening the connection. Pass a `:tls_options` hash containing keys as described in http://eventmachine.rubyforge.org/EventMachine/Connection.html#start_tls-instance_method
+It is possible to accept secure `wss://` connections by passing `:secure => true` when opening the connection. Pass a `:tls_options` hash containing keys as described in http://www.rubydoc.info/github/eventmachine/eventmachine/EventMachine/Connection:start_tls
 
 **Warning**: Safari 5 does not currently support prompting on untrusted SSL certificates therefore using a self signed certificate may leave you scratching your head.
 
@@ -140,7 +140,3 @@ Using flash emulation does require some minimal support from em-websocket which
 * [Twitter AMQP WebSocket Example](http://github.com/rubenfonseca/twitter-amqp-websocket-example)
 * examples/multicast.rb - broadcast all ruby tweets to all subscribers
 * examples/echo.rb - server <> client exchange via a websocket
-
-# License
-
-The MIT License - Copyright (c) 2009-2013 Ilya Grigorik, Martyn Loughran

data/lib/em-websocket/connection.rb

@@ -45,6 +45,7 @@ module EventMachine
         @secure_proxy = options[:secure_proxy] || false
         @tls_options = options[:tls_options] || {}
         @close_timeout = options[:close_timeout]
+        @outbound_limit = options[:outbound_limit] || 0
 
         @handler = nil
 
@@ -88,6 +89,16 @@ module EventMachine
         trigger_on_error(e) || raise(e)
       end
 
+      def send_data(data)
+        if @outbound_limit > 0 &&
+            get_outbound_data_size + data.bytesize > @outbound_limit
+          abort(:outbound_limit_reached)
+          return 0
+        end
+
+        super(data)
+      end
+
       def unbind
         debug [:unbind, :connection]
 
@@ -99,7 +110,9 @@ module EventMachine
       end
 
       def dispatch(data)
-        if data.match(/\A<policy-file-request\s*\/>/)
+        if data.match(%r|^GET /healthcheck|)
+          send_healthcheck_response
+        elsif data.match(/\A<policy-file-request\s*\/>/)
           send_flash_cross_domain_file
         else
           @handshake ||= begin
@@ -118,7 +131,7 @@ module EventMachine
               debug [:error, e]
               trigger_on_error(e)
               # Handshake errors require the connection to be aborted
-              abort
+              abort(:handshake_error)
             }
 
             handshake
@@ -128,6 +141,23 @@ module EventMachine
         end
       end
 
+      def send_healthcheck_response
+        debug [:healthcheck, 'OK']
+
+        healthcheck_res = ["HTTP/1.1 200 OK"]
+        healthcheck_res << "Content-Type: text/plain"
+        healthcheck_res << "Content-Length: 2"
+
+        healthcheck_res = healthcheck_res.join("\r\n") + "\r\n\r\nOK"
+
+        send_data healthcheck_res
+
+        # handle the healthcheck request transparently
+        # no need to notify the user about this connection
+        @onclose = nil
+        close_connection_after_writing
+      end
+
       def send_flash_cross_domain_file
         file =  '<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*" to-ports="*"/></cross-domain-policy>'
         debug [:cross_domain, file]
@@ -236,6 +266,11 @@ module EventMachine
         @handler ? @handler.state : :handshake
       end
 
+      # Returns the IP address for the remote peer
+      def remote_ip
+        get_peername[2,6].unpack('nC4')[1..4].join('.')
+      end
+
       # Returns the maximum frame size which this connection is configured to
       # accept. This can be set globally or on a per connection basis, and
       # defaults to a value of 10MB if not set.
@@ -256,7 +291,8 @@ module EventMachine
 
       # As definited in draft 06 7.2.2, some failures require that the server
       # abort the websocket connection rather than close cleanly
-      def abort
+      def abort(reason)
+        debug [:abort, reason]
         close_connection
       end
 
@@ -266,7 +302,7 @@ module EventMachine
           @handler.close_websocket(code, body)
         else
           # The handshake hasn't completed - should be safe to terminate
-          abort
+          abort(:handshake_incomplete)
         end
       end
 

data/lib/em-websocket/handshake04.rb

@@ -17,12 +17,21 @@ module EventMachine
         upgrade << "Upgrade: websocket"
         upgrade << "Connection: Upgrade"
         upgrade << "Sec-WebSocket-Accept: #{signature}"
+        if protocol = headers['sec-websocket-protocol']
+          validate_protocol!(protocol)
+          upgrade << "Sec-WebSocket-Protocol: #{protocol}"
+        end
 
-        # TODO: Support sec-websocket-protocol
+        # TODO: Support sec-websocket-protocol selection
         # TODO: sec-websocket-extensions
 
         return upgrade.join("\r\n") + "\r\n\r\n"
       end
+
+      def self.validate_protocol!(protocol)
+        raise HandshakeError, "Invalid WebSocket-Protocol: empty" if protocol.empty?
+        # TODO: Validate characters
+      end
     end
   end
 end

data/lib/em-websocket/handshake75.rb

@@ -9,10 +9,20 @@ module EventMachine
         upgrade << "Upgrade: WebSocket\r\n"
         upgrade << "Connection: Upgrade\r\n"
         upgrade << "WebSocket-Origin: #{headers['origin']}\r\n"
-        upgrade << "WebSocket-Location: #{location}\r\n\r\n"
+        upgrade << "WebSocket-Location: #{location}\r\n"
+        if protocol = headers['sec-websocket-protocol']
+          validate_protocol!(protocol)
+          upgrade << "Sec-WebSocket-Protocol: #{protocol}\r\n"
+        end
+        upgrade << "\r\n"
 
         return upgrade
       end
+
+      def self.validate_protocol!(protocol)
+        raise HandshakeError, "Invalid WebSocket-Protocol: empty" if protocol.empty?
+        # TODO: Validate characters
+      end
     end
   end
 end

data/lib/em-websocket/message_processor_06.rb

@@ -37,8 +37,22 @@ module EventMachine
             @connection.close_connection_after_writing
           end
         when :ping
-          # Pong back the same data
-          send_frame(:pong, application_data)
+          # There are a couple of protections here against malicious/broken WebSocket abusing ping frames.
+          #
+          # 1. Delay 200ms before replying. This reduces the number of pings from WebSocket clients behaving as
+          #    `for (;;) { send_ping(conn); rcv_pong(conn); }`. The spec says we "SHOULD respond with Pong frame as soon
+          #    as is practical".
+          # 2. Reply at most every 200ms. This reduces the number of pong frames sent to WebSocket clients behaving as
+          #    `for (;;) { send_ping(conn); }`. The spec says "If an endpoint receives a Ping frame and has not yet sent
+          #    Pong frame(s) in response to previous Ping frame(s), the endpoint MAY elect to send a Pong frame for only
+          #    the most recently processed Ping frame."
+          @most_recent_pong_application_data = application_data
+          if @pong_timer == nil then
+            @pong_timer = EventMachine.add_timer(0.2) do
+              @pong_timer = nil
+              send_frame(:pong, @most_recent_pong_application_data)
+            end
+          end
           @connection.trigger_on_ping(application_data)
         when :pong
           @connection.trigger_on_pong(application_data)

data/lib/em-websocket/version.rb

@@ -1,5 +1,5 @@
 module EventMachine
   module Websocket
-    VERSION = "0.5.1"
+    VERSION = "0.5.2"
   end
 end

data/spec/integration/common_spec.rb

@@ -108,4 +108,31 @@ describe "WebSocket server" do
       end
     }
   end
+
+  context "outbound limit set" do
+    it "should close the connection if the limit is reached" do
+      em {
+        start_server(:outbound_limit => 150) do |ws|
+          # Increase the message size by one on each loop
+          ws.onmessage{|msg| ws.send(msg + "x") }
+          ws.onclose{|status|
+            status[:code].should == 1006 # Unclean
+            status[:was_clean].should be false
+          }
+        end
+
+        EM.add_timer(0.1) do
+          ws = EventMachine::WebSocketClient.connect('ws://127.0.0.1:12345/')
+          ws.callback { ws.send_msg "hello" }
+          ws.disconnect { done } # Server closed the connection
+          ws.stream { |msg|
+            # minus frame size ? (getting 146 max here)
+            msg.data.size.should <= 150
+            # Return back the message
+            ws.send_msg(msg.data)
+          }
+        end
+      }
+    end
+  end
 end

data/spec/integration/draft06_spec.rb

@@ -26,6 +26,7 @@ describe "draft06" do
         "Upgrade" => "websocket",
         "Connection" => "Upgrade",
         "Sec-WebSocket-Accept" => "s3pPLMBiTxaQ9kYGzzhZRbK+xOo=",
+        "Sec-WebSocket-Protocol" => "sample",
       }
     }
   end

data/spec/integration/draft13_spec.rb

@@ -28,6 +28,7 @@ describe "draft13" do
         "Upgrade" => "websocket",
         "Connection" => "Upgrade",
         "Sec-WebSocket-Accept" => "s3pPLMBiTxaQ9kYGzzhZRbK+xOo=",
+        "Sec-WebSocket-Protocol" => "sample",
       }
     }
   end

data/spec/integration/shared_examples.rb

@@ -29,6 +29,19 @@ shared_examples_for "a websocket server" do
     }
   end
 
+  it "should expose the remote IP address" do
+    em {
+      start_server { |ws|
+        ws.onopen {
+          ws.remote_ip.should == "127.0.0.1"
+          done
+        }
+      }
+
+      start_client
+    }
+  end
+
   it "should send messages successfully" do
     em {
       start_server { |ws|

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: em-websocket
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.5.2
 platform: ruby
 authors:
 - Ilya Grigorik
 - Martyn Loughran
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-04-23 00:00:00.000000000 Z
+date: 2020-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: eventmachine
@@ -50,6 +50,7 @@ files:
 - ".gitignore"
 - CHANGELOG.rdoc
 - Gemfile
+- LICENCE
 - README.md
 - Rakefile
 - em-websocket.gemspec
@@ -101,9 +102,10 @@ files:
 - spec/unit/handshake_spec.rb
 - spec/unit/masking_spec.rb
 homepage: http://github.com/igrigorik/em-websocket
-licenses: []
+licenses:
+- MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -118,9 +120,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: em-websocket
-rubygems_version: 2.2.2
-signing_key: 
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: EventMachine based WebSocket server
 test_files: