sonixlabs-em-websocket 0.3.8 → 0.5.1.1

data/lib/em-websocket/framing05.rb

@@ -3,17 +3,13 @@
 module EventMachine
   module WebSocket
     module Framing05
-      
-      # Set the max frame lenth to very high value (10MB) until there is a
-      # limit specified in the spec to protect against malicious attacks
-      MAXIMUM_FRAME_LENGTH = 10 * 1024 * 1024
-      
       def initialize_framing
         @data = MaskedString.new
         @application_data_buffer = '' # Used for MORE frames
+        @frame_type = nil
       end
       
-      def process_data(newdata)
+      def process_data
         error = false
 
         while !error && @data.size > 5 # mask plus first byte present
@@ -60,9 +56,8 @@ module EventMachine
             length
           end
 
-          # Addition to the spec to protect against malicious requests
-          if payload_length > MAXIMUM_FRAME_LENGTH
-            raise DataError, "Frame length too long (#{payload_length} bytes)"
+          if payload_length > @connection.max_frame_size
+            raise WSMessageTooBigError, "Frame length too long (#{payload_length} bytes)"
           end
 
           # Check buffer size
@@ -83,7 +78,7 @@ module EventMachine
           frame_type = opcode_to_type(opcode)
 
           if frame_type == :continuation && !@frame_type
-            raise WebSocketError, 'Continuation frame not expected'
+            raise WSProtocolError, 'Continuation frame not expected'
           end
 
           if !fin
@@ -157,7 +152,7 @@ module EventMachine
       end
 
       def opcode_to_type(opcode)
-        FRAME_TYPES_INVERSE[opcode] || raise(DataError, "Unknown opcode")
+        FRAME_TYPES_INVERSE[opcode] || raise(WSProtocolError, "Unknown opcode #{opcode}")
       end
 
       def data_frame?(type)

data/lib/em-websocket/framing07.rb

@@ -4,16 +4,13 @@ module EventMachine
   module WebSocket
     module Framing07
       
-      attr_accessor :mask_outbound_messages, :require_masked_inbound_messages
-
       def initialize_framing
         @data = MaskedString.new
         @application_data_buffer = '' # Used for MORE frames
-        @mask_outbound_messages = false
-        @require_masked_inbound_messages = true
+        @frame_type = nil
       end
       
-      def process_data(newdata)
+      def process_data
         error = false
 
         while !error && @data.size >= 2
@@ -28,9 +25,7 @@ module EventMachine
           length = @data.getbyte(pointer) & 0b01111111
           pointer += 1
 
-          if require_masked_inbound_messages
-            raise WebSocketError, 'Data from client must be masked' unless mask
-          end
+          # raise WebSocketError, 'Data from client must be masked' unless mask
 
           payload_length = case length
           when 127 # Length defined by 8 bytes
@@ -65,6 +60,10 @@ module EventMachine
           frame_length = pointer + payload_length
           frame_length += 4 if mask
 
+          if frame_length > @connection.max_frame_size
+            raise WSMessageTooBigError, "Frame length too long (#{frame_length} bytes)"
+          end
+
           # Check buffer size
           if @data.getbyte(frame_length - 1) == nil
             debug [:buffer_incomplete, @data]
@@ -88,8 +87,19 @@ module EventMachine
 
           frame_type = opcode_to_type(opcode)
 
-          if frame_type == :continuation && !@frame_type
-            raise WebSocketError, 'Continuation frame not expected'
+          if frame_type == :continuation
+            if !@frame_type
+              raise WSProtocolError, 'Continuation frame not expected'
+            end
+          else # Not a continuation frame
+            if @frame_type && data_frame?(frame_type)
+              raise WSProtocolError, "Continuation frame expected"
+            end
+          end
+
+          # Validate that control frames are not fragmented
+          if !fin && !data_frame?(frame_type)
+            raise WSProtocolError, 'Control frames must not be fragmented'
           end
 
           if !fin
@@ -124,24 +134,19 @@ module EventMachine
         byte1 = opcode | 0b10000000 # fin bit set, rsv1-3 are 0
         frame << byte1
 
-        mask = mask_outbound_messages ? 0b10000000 : 0b00000000 # must be masked if from client
         length = application_data.size
         if length <= 125
           byte2 = length # since rsv4 is 0
-          frame << (mask | byte2)
+          frame << byte2
         elsif length < 65536 # write 2 byte length
-          frame << (mask | 126)
+          frame << 126
           frame << [length].pack('n')
         else # write 8 byte length
-          frame << (mask | 127)
+          frame << 127
           frame << [length >> 32, length & 0xFFFFFFFF].pack("NN")
         end
 
-        if mask_outbound_messages
-          frame << MaskedString.create_masked_string(application_data)
-        else
-          frame << application_data
-        end
+        frame << application_data
 
         @connection.send_data(frame)
       end
@@ -169,7 +174,7 @@ module EventMachine
       end
 
       def opcode_to_type(opcode)
-        FRAME_TYPES_INVERSE[opcode] || raise(DataError, "Unknown opcode")
+        FRAME_TYPES_INVERSE[opcode] || raise(WSProtocolError, "Unknown opcode #{opcode}")
       end
 
       def data_frame?(type)

data/lib/em-websocket/framing76.rb

@@ -3,16 +3,11 @@
 module EventMachine
   module WebSocket
     module Framing76
-      
-      # Set the max frame lenth to very high value (10MB) until there is a
-      # limit specified in the spec to protect against malicious attacks
-      MAXIMUM_FRAME_LENGTH = 10 * 1024 * 1024
-      
       def initialize_framing
         @data = ''
       end
       
-      def process_data(newdata)
+      def process_data
         debug [:message, @data]
 
         # This algorithm comes straight from the spec
@@ -40,9 +35,8 @@ module EventMachine
               break unless (b & 0x80) == 0x80
             end
 
-            # Addition to the spec to protect against malicious requests
-            if length > MAXIMUM_FRAME_LENGTH
-              raise DataError, "Frame length too long (#{length} bytes)"
+            if length > @connection.max_frame_size
+              raise WSMessageTooBigError, "Frame length too long (#{length} bytes)"
             end
 
             if @data.getbyte(pointer+length-1) == nil
@@ -69,17 +63,14 @@ module EventMachine
 
             if @data.getbyte(0) != 0x00
               # Close the connection since this buffer can never match
-              raise DataError, "Invalid frame received"
+              raise WSProtocolError, "Invalid frame received"
             end
 
             # Addition to the spec to protect against malicious requests
-            if @data.size > MAXIMUM_FRAME_LENGTH
-              raise DataError, "Frame length too long (#{@data.size} bytes)"
+            if @data.size > @connection.max_frame_size
+              raise WSMessageTooBigError, "Frame length too long (#{@data.size} bytes)"
             end
 
-            # Optimization to avoid calling slice! unnecessarily
-            error = true and next unless newdata =~ /\xff/
-
             msg = @data.slice!(/\A\x00[^\xff]*\xff/)
             if msg
               msg.gsub!(/\A\x00|\xff\z/, '')

data/lib/em-websocket/handler.rb

@@ -1,55 +1,96 @@
 module EventMachine
   module WebSocket
     class Handler
+      def self.klass_factory(version)
+        case version
+        when 75
+          Handler75
+        when 76
+          Handler76
+        when 1..3
+          # We'll use handler03 - I believe they're all compatible
+          Handler03
+        when 5
+          Handler05
+        when 6
+          Handler06
+        when 7
+          Handler07
+        when 8
+          # drafts 9, 10, 11 and 12 should never change the version
+          # number as they are all the same as version 08.
+          Handler08
+        when 13
+          # drafts 13 to 17 all identify as version 13 as they are
+          # only minor changes or text changes.
+          Handler13
+        else
+          # According to spec should abort the connection
+          raise HandshakeError, "Protocol version #{version} not supported"
+        end
+      end
+
       include Debugger
 
       attr_reader :request, :state
 
-      def initialize(connection, request, debug = false)
-        @connection, @request = connection, request
+      def initialize(connection, debug = false)
+        @connection = connection
         @debug = debug
-        @state = :handshake
-        initialize_framing
-      end
-
-      def run_server
-        @connection.send_data handshake_server
         @state = :connected
-        @connection.trigger_on_open
+        @close_timer = nil
+        initialize_framing
       end
 
-      def run_client
-        self.mask_outbound_messages = true
-        self.require_masked_inbound_messages = false
-        @connection.send_data handshake_client
+      def receive_data(data)
+        @data << data
+        process_data
+      rescue WSProtocolError => e
+        fail_websocket(e)
       end
 
-      # Handshake response
-      def handshake
+      def close_websocket(code, body)
         # Implemented in subclass
       end
 
-      def handshake_server
-        handshake  #backwards compatibility
+      # Used to avoid un-acked and unclosed remaining open indefinitely
+      def start_close_timeout
+        @close_timer = EM::Timer.new(@connection.close_timeout) {
+          @connection.close_connection
+          e = WSProtocolError.new("Close handshake un-acked after #{@connection.close_timeout}s, closing tcp connection")
+          @connection.trigger_on_error(e)
+        }
       end
 
-      # Handshake initiation
-      def handshake_client
-        # Implemented in subclass
+      # This corresponds to "Fail the WebSocket Connection" in the spec.
+      def fail_websocket(e)
+        debug [:error, e]
+        close_websocket(e.code, e.message)
+        @connection.close_connection_after_writing
+        @connection.trigger_on_error(e)
       end
 
-      def receive_data(data)
-        @data << data
-        process_data(data)
+      def unbind
+        @state = :closed
+
+        @close_timer.cancel if @close_timer
+
+        @close_info = defined?(@close_info) ? @close_info : {
+          :code => 1006,
+          :was_clean => false,
+        }
+
+        @connection.trigger_on_close(@close_info)
       end
 
-      def close_websocket(code, body)
-        # Implemented in subclass
+      def ping
+        # Overridden in subclass
+        false
       end
 
-      def unbind
-        @state = :closed
-        @connection.trigger_on_close
+      def pingable?
+        # Also Overridden
+        false
       end
     end
   end

data/lib/em-websocket/handler03.rb

@@ -1,7 +1,6 @@
 module EventMachine
   module WebSocket
     class Handler03 < Handler
-      include Handshake76
       include Framing03
       include MessageProcessor03
       include Close03

data/lib/em-websocket/handler05.rb

@@ -1,7 +1,6 @@
 module EventMachine
   module WebSocket
     class Handler05 < Handler
-      include Handshake04
       include Framing05
       include MessageProcessor03
       include Close05

data/lib/em-websocket/handler06.rb

@@ -1,7 +1,6 @@
 module EventMachine
   module WebSocket
     class Handler06 < Handler
-      include Handshake04
       include Framing05
       include MessageProcessor06
       include Close06

data/lib/em-websocket/handler07.rb

@@ -1,7 +1,6 @@
 module EventMachine
   module WebSocket
     class Handler07 < Handler
-      include Handshake04
       include Framing07
       include MessageProcessor06
       include Close06

data/lib/em-websocket/handler08.rb

@@ -1,7 +1,6 @@
 module EventMachine
   module WebSocket
     class Handler08 < Handler
-      include Handshake04
       include Framing07
       include MessageProcessor06
       include Close06

data/lib/em-websocket/handler13.rb

@@ -1,7 +1,6 @@
 module EventMachine
   module WebSocket
     class Handler13 < Handler
-      include Handshake04
       include Framing07
       include MessageProcessor06
       include Close06

data/lib/em-websocket/handler76.rb

@@ -1,3 +1,5 @@
+# encoding: BINARY
+
 module EventMachine
   module WebSocket
     class Handler76 < Handler

data/lib/em-websocket/handshake.rb

@@ -0,0 +1,156 @@
+require "http/parser"
+require "uri"
+
+module EventMachine
+  module WebSocket
+
+    # Resposible for creating the server handshake response
+    class Handshake
+      include EM::Deferrable
+
+      attr_reader :parser, :protocol_version
+
+      # Unfortunately drafts 75 & 76 require knowledge of whether the
+      # connection is being terminated as ws/wss in order to generate the
+      # correct handshake response
+      def initialize(secure)
+        @parser = Http::Parser.new
+        @secure = secure
+
+        @parser.on_headers_complete = proc { |headers|
+          @headers = Hash[headers.map { |k,v| [k.downcase, v] }]
+        }
+      end
+
+      def receive_data(data)
+        @parser << data
+
+        if defined? @headers
+          process(@headers, @parser.upgrade_data)
+        end
+      rescue HTTP::Parser::Error => e
+        fail(HandshakeError.new("Invalid HTTP header: #{e.message}"))
+      end
+
+      # Returns the WebSocket upgrade headers as a hash.
+      #
+      # Keys are strings, unmodified from the request.
+      #
+      def headers
+        @parser.headers
+      end
+
+      # The same as headers, except that the hash keys are downcased
+      #
+      def headers_downcased
+        @headers
+      end
+
+      # Returns the request path (excluding any query params)
+      #
+      def path
+        @path
+      end
+
+      # Returns the query params as a string foo=bar&baz=...
+      def query_string
+        @query_string
+      end
+
+      def query
+        Hash[query_string.split('&').map { |c| c.split('=', 2) }]
+      end
+
+      # Returns the WebSocket origin header if provided
+      #
+      def origin
+        @headers["origin"] || @headers["sec-websocket-origin"] || nil
+      end
+
+      def secure?
+        @secure
+      end
+
+      private
+
+      def process(headers, remains)
+        unless @parser.http_method == "GET"
+          raise HandshakeError, "Must be GET request"
+        end
+
+        # Validate request path
+        #
+        # According to http://tools.ietf.org/search/rfc2616#section-5.1.2, an
+        # invalid Request-URI should result in a 400 status code, but
+        # HandshakeError's currently result in a WebSocket abort. It's not
+        # clear which should take precedence, but an abort will do just fine.
+        begin
+          uri = URI.parse(@parser.request_url)
+          @path = uri.path
+          @query_string = uri.query || ""
+        rescue URI::InvalidURIError
+          raise HandshakeError, "Invalid request URI: #{@parser.request_url}"
+        end
+
+        # Validate Upgrade
+        unless @parser.upgrade?
+          raise HandshakeError, "Not an upgrade request"
+        end
+        upgrade = @headers['upgrade']
+        unless upgrade.kind_of?(String) && upgrade.downcase == 'websocket'
+          raise HandshakeError, "Invalid upgrade header: #{upgrade.inspect}"
+        end
+
+        # Determine version heuristically
+        version = if @headers['sec-websocket-version']
+          # Used from drafts 04 onwards
+          @headers['sec-websocket-version'].to_i
+        elsif @headers['sec-websocket-draft']
+          # Used in drafts 01 - 03
+          @headers['sec-websocket-draft'].to_i
+        elsif @headers['sec-websocket-key1']
+          76
+        else
+          75
+        end
+
+        # Additional handling of bytes after the header if required
+        case version
+        when 75
+          if !remains.empty?
+            raise HandshakeError, "Extra bytes after header"
+          end
+        when 76, 1..3
+          if remains.length < 8
+            # The whole third-key has not been received yet.
+            return nil
+          elsif remains.length > 8
+            raise HandshakeError, "Extra bytes after third key"
+          end
+          @headers['third-key'] = remains
+        end
+
+        handshake_klass = case version
+        when 75
+          Handshake75
+        when 76, 1..3
+          Handshake76
+        when 5, 6, 7, 8, 13
+          Handshake04
+        else
+          # According to spec should abort the connection
+          raise HandshakeError, "Protocol version #{version} not supported"
+        end
+
+        upgrade_response = handshake_klass.handshake(@headers, @parser.request_url, @secure)
+
+        handler_klass = Handler.klass_factory(version)
+
+        @protocol_version = version
+        succeed(upgrade_response, handler_klass)
+      rescue HandshakeError => e
+        fail(e)
+      end
+    end
+  end
+end