@automerge/automerge-repo-network-websocket 2.0.0-alpha.12 → 2.0.0-alpha.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/NodeWSServerAdapter.d.ts.map +1 -1
  2. package/dist/NodeWSServerAdapter.js +9 -1
  3. package/package.json +3 -3
  4. package/src/NodeWSServerAdapter.ts +8 -1
  5. package/test/Websocket.test.ts +37 -0
package/dist/NodeWSServerAdapter.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"NodeWSServerAdapter.d.ts","sourceRoot":"","sources":["../src/NodeWSServerAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,SAAS,MAAM,eAAe,CAAA;AACrC,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,eAAe,CAAA;AAKpD,OAAO,EAEL,cAAc,EACd,KAAK,YAAY,EACjB,KAAK,MAAM,EACZ,MAAM,gCAAgC,CAAA;AACvC,OAAO,EAEL,iBAAiB,EAElB,MAAM,eAAe,CAAA;AAOtB,qBAAa,mBAAoB,SAAQ,cAAc;;IAyBnD,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,iBAAiB;IAzB3B,OAAO,EAAE;QAAE,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;KAAE,CAAK;IAQ7C,OAAO;IAIP,SAAS;gBAYC,MAAM,EAAE,eAAe,EACvB,iBAAiB,SAAO;IAKlC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY;IAyCnD,UAAU;IAQV,IAAI,CAAC,OAAO,EAAE,iBAAiB;IAqB/B,cAAc,CAAC,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS;CAoE3D"}
1
+ {"version":3,"file":"NodeWSServerAdapter.d.ts","sourceRoot":"","sources":["../src/NodeWSServerAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,SAAS,MAAM,eAAe,CAAA;AACrC,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,eAAe,CAAA;AAKpD,OAAO,EAEL,cAAc,EACd,KAAK,YAAY,EACjB,KAAK,MAAM,EACZ,MAAM,gCAAgC,CAAA;AACvC,OAAO,EAEL,iBAAiB,EAElB,MAAM,eAAe,CAAA;AAOtB,qBAAa,mBAAoB,SAAQ,cAAc;;IAyBnD,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,iBAAiB;IAzB3B,OAAO,EAAE;QAAE,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;KAAE,CAAK;IAQ7C,OAAO;IAIP,SAAS;gBAYC,MAAM,EAAE,eAAe,EACvB,iBAAiB,SAAO;IAKlC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY;IAyCnD,UAAU;IAQV,IAAI,CAAC,OAAO,EAAE,iBAAiB;IAqB/B,cAAc,CAAC,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS;CA2E3D"}
package/dist/NodeWSServerAdapter.js CHANGED
@@ -89,7 +89,15 @@ export class NodeWSServerAdapter extends NetworkAdapter {
89
89
  socket.send(arrayBuf);
90
90
  }
91
91
  receiveMessage(messageBytes, socket) {
92
- const message = decode(messageBytes);
92
+ let message;
93
+ try {
94
+ message = decode(messageBytes);
95
+ }
96
+ catch (e) {
97
+ log("invalid message received, closing connection");
98
+ socket.close();
99
+ return;
100
+ }
93
101
  const { type, senderId } = message;
94
102
  const myPeerId = this.peerId;
95
103
  assert(myPeerId);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@automerge/automerge-repo-network-websocket",
3
- "version": "2.0.0-alpha.12",
3
+ "version": "2.0.0-alpha.14",
4
4
  "description": "isomorphic node/browser Websocket network adapter for Automerge Repo",
5
5
  "repository": "https://github.com/automerge/automerge-repo/tree/master/packages/automerge-repo-network-websocket",
6
6
  "author": "Peter van Hardenberg <pvh@pvh.ca>",
@@ -13,7 +13,7 @@
13
13
  "test": "vitest"
14
14
  },
15
15
  "dependencies": {
16
- "@automerge/automerge-repo": "2.0.0-alpha.12",
16
+ "@automerge/automerge-repo": "2.0.0-alpha.14",
17
17
  "cbor-x": "^1.3.0",
18
18
  "debug": "^4.3.4",
19
19
  "eventemitter3": "^5.0.1",
@@ -31,5 +31,5 @@
31
31
  "publishConfig": {
32
32
  "access": "public"
33
33
  },
34
- "gitHead": "8b016e42d2518ebb11eb148f52b9fb9a0b4467ff"
34
+ "gitHead": "3048251989fc0cdbf605f534e48750f0c681004a"
35
35
  }
package/src/NodeWSServerAdapter.ts CHANGED
@@ -123,7 +123,14 @@ export class NodeWSServerAdapter extends NetworkAdapter {
123
123
  }
124
124
 
125
125
  receiveMessage(messageBytes: Uint8Array, socket: WebSocket) {
126
- const message: FromClientMessage = decode(messageBytes)
126
+ let message: FromClientMessage
127
+ try {
128
+ message = decode(messageBytes)
129
+ } catch (e) {
130
+ log("invalid message received, closing connection")
131
+ socket.close()
132
+ return
133
+ }
127
134
 
128
135
  const { type, senderId } = message
129
136
 
package/test/Websocket.test.ts CHANGED
@@ -338,6 +338,43 @@ describe("Websocket adapters", () => {
338
338
  await eventPromise(serverAdapter, "peer-disconnected")
339
339
  })
340
340
 
341
+ it("should disconnect from a client that sends an invalid CBOR message", async () => {
342
+ // Set up a server and wait for it to be ready
343
+ const port = await getPort()
344
+ const serverUrl = `ws://localhost:${port}`
345
+ const server = http.createServer()
346
+ const serverSocket = new WebSocket.Server({ server })
347
+ await new Promise<void>(resolve => server.listen(port, resolve))
348
+
349
+ // Create a repo listening on the socket
350
+ const serverAdapter = new NodeWSServerAdapter(serverSocket)
351
+ const serverRepo = new Repo({
352
+ network: [serverAdapter],
353
+ peerId: serverPeerId,
354
+ })
355
+
356
+ // Create a new socket connected to the repo
357
+ const browserSocket = new WebSocket(serverUrl)
358
+ await new Promise(resolve => browserSocket.on("open", resolve))
359
+ const disconnected = new Promise(resolve =>
360
+ browserSocket.on("close", resolve)
361
+ )
362
+
363
+ // Send an invalid CBOR message, in this case we use a definite length
364
+ // array with too many elements. This test should actually work for any
365
+ // invalid message but this reproduces a specific issue we were seeing on
366
+ // the sycn server
367
+ //
368
+ // 0x9 (1001) is major type 4, for an array
369
+ // 0xB (1011) indicates that the length will be encoded in the next 8 bytes
370
+ // 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00 is 2**32, which is longer than allowed
371
+ const invalidLargeArray = new Uint8Array([
372
+ 0x9b, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
373
+ ])
374
+ browserSocket.send(invalidLargeArray)
375
+ await disconnected
376
+ })
377
+
341
378
  it("should send the negotiated protocol version in its hello message", async () => {
342
379
  const response = await serverResponse({
343
380
  type: "join",