npm - aedes - Versions diffs - 0.50.1 → 0.51.1 - Mend

aedes 0.50.1 → 0.51.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/.github/dependabot.yml +11 -10
package/.github/workflows/ci.yml +11 -11
package/.github/workflows/{sast.yml → codeql.yml} +11 -5
package/.github/workflows/labeler.yml +9 -4
package/README.md +3 -5
package/SECURITY.md +1 -1
package/aedes.js +10 -2
package/docs/Aedes.md +1 -0
package/lib/handlers/connect.js +6 -1
package/package.json +19 -15
package/test/connect.js +34 -0
package/test/events.js +17 -0
package/test/types/aedes.test-d.ts +1 -0
package/types/instance.d.ts +1 -0

package/.github/dependabot.yml CHANGED Viewed

@@ -1,12 +1,13 @@
 version: 2
 updates:
-- package-ecosystem: github-actions
-  directory: "/"
-  schedule:
-    interval: daily
-  open-pull-requests-limit: 10
-- package-ecosystem: npm
-  directory: "/"
-  schedule:
-    interval: daily
-  open-pull-requests-limit: 10
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10

package/.github/workflows/ci.yml CHANGED Viewed

@@ -1,4 +1,4 @@
-name: ci
+name: CI
 on:
   push:
@@ -10,33 +10,33 @@ on:
       - 'docs/**'
       - '*.md'
+permissions:
+  contents: read
 jobs:
   dependency-review:
     name: Dependency Review
     if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
-        - name: Check out repo
-          uses: actions/checkout@v3
+        - name: Checkout repository
+          uses: actions/checkout@v4
           with:
             persist-credentials: false
         - name: Dependency review
-          uses: actions/dependency-review-action@v2
+          uses: actions/dependency-review-action@v4
   test:
     runs-on: ${{ matrix.os }}
-    permissions:
-      contents: read
     strategy:
       matrix:
         node-version: [16, 18, 20]
         os: [ubuntu-latest, windows-latest, macOS-latest]
       fail-fast: false
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
@@ -45,6 +45,8 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
           check-latest: true
+          cache: npm
+          cache-dependency-path: package.json
       - name: Install
         run: |
@@ -68,8 +70,6 @@ jobs:
   coverage:
     needs: test
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Coveralls Finished
         uses: coverallsapp/github-action@master

package/.github/workflows/{sast.yml → codeql.yml} RENAMED Viewed

@@ -1,4 +1,4 @@
-name: sast
+name: CodeQL
 on:
   push:
@@ -11,19 +11,25 @@ jobs:
     name: Analyze
     runs-on: ubuntu-latest
     permissions:
+      actions: read
       contents: read
       security-events: write
     strategy:
       fail-fast: true
       matrix:
-        language: [ 'javascript' ]
+        language: [ 'javascript-typescript' ]
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - uses: github/codeql-action/init@v2
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
-      - uses: github/codeql-action/analyze@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{ matrix.language }}"

package/.github/workflows/labeler.yml CHANGED Viewed

@@ -1,10 +1,15 @@
-name: "Pull Request Labeler"
+name: Pull Request Labeler
 on: pull_request_target
+permissions:
+  contents: read
+  pull-requests: write
 jobs:
   label:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@main
-      with:
-        repo-token: "${{ secrets.GITHUB_TOKEN }}"
+      - uses: actions/labeler@v5
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"

package/README.md CHANGED Viewed

@@ -1,12 +1,10 @@
-<!-- markdownlint-disable MD013 MD024 -->
+<!-- markdownlint-disable MD013 -->
 # Aedes
 ![ci](https://github.com/moscajs/aedes/workflows/ci/badge.svg)
-[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/)
+[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://standardjs.com/)
 [![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/moscajs/aedes/graphs/commit-activity)
 [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](https://github.com/moscajs/aedes/pulls)\
-[![Total alerts](https://img.shields.io/lgtm/alerts/g/moscajs/aedes.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/moscajs/aedes/alerts/)
-[![Language grade: JavaScript](https://img.shields.io/lgtm/grade/javascript/g/moscajs/aedes.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/moscajs/aedes/context:javascript)
 [![Coverage Status](https://coveralls.io/repos/moscajs/aedes/badge.svg?branch=main&service=github)](https://coveralls.io/github/moscajs/aedes?branch=main)
 [![Known Vulnerabilities](https://snyk.io/test/github/moscajs/aedes/badge.svg)](https://snyk.io/test/github/moscajs/aedes)\
 ![node](https://img.shields.io/node/v/aedes)
@@ -283,7 +281,7 @@ Want to contribute? Check our list of
 ## Security notice
-Messages sent to the broker are considered _valid_ once they pass the [`authorizePublish`](https://github.com/moscajs/aedes/blob/main/docs/Aedes.md#handler-authorizepublish-client-packet-callback) callback.
+Messages sent to the broker are considered _valid_ once they pass the [`authorizePublish`](./docs/Aedes.md#handler-authorizepublish-client-packet-callback) callback.
 In other terms, if permissions for the given client are revoked after the call completes, the message is still considered valid.
 In case you are sending time-sensitive messages, make sure to use QoS 0 or connect with a clean session.

package/SECURITY.md CHANGED Viewed

@@ -2,4 +2,4 @@
 ## Reporting a Vulnerability
-Please email daniel.sorridi+aedes@gmail.com; matteo.collina+aedes@gmail.com
+Please report all vulnerabilities to [https://github.com/moscajs/aedes/security](https://github.com/moscajs/aedes/security).

package/aedes.js CHANGED Viewed

@@ -29,7 +29,8 @@ const defaultOptions = {
   trustProxy: false,
   trustedProxies: [],
   queueLimit: 42,
-  maxClientsIdLength: 23
+  maxClientsIdLength: 23,
+  keepaliveLimit: 0
 }
 function Aedes (opts) {
@@ -47,6 +48,7 @@ function Aedes (opts) {
   this.counter = 0
   this.queueLimit = opts.queueLimit
   this.connectTimeout = opts.connectTimeout
+  this.keepaliveLimit = opts.keepaliveLimit
   this.maxClientsIdLength = opts.maxClientsIdLength
   this.mq = opts.mq || mqemitter({
     concurrency: opts.concurrency,
@@ -168,7 +170,13 @@ function Aedes (opts) {
     const clientId = packet.payload.toString()
     if (that.clients[clientId] && serverId !== that.id) {
-      that.clients[clientId].close(done)
+      if (that.clients[clientId].closed) {
+        // remove the client from the list if it is already closed
+        delete that.clients[clientId]
+        done()
+      } else {
+        that.clients[clientId].close(done)
+      }
     } else {
       done()
     }

package/docs/Aedes.md CHANGED Viewed

@@ -42,6 +42,7 @@
   - `heartbeatInterval` `<number>` an interval in millisconds at which server beats its health signal in `$SYS/<aedes.id>/heartbeat` topic. __Default__: `60000`
   - `id` `<string>` aedes broker unique identifier. __Default__: `uuidv4()`
   - `connectTimeout` `<number>` maximum waiting time in milliseconds waiting for a [`CONNECT`][CONNECT] packet. __Default__: `30000`
+  - `keepaliveLimit` `<number>` maximum client keep alive time allowed, 0 means no limit. __Default__: `0`
 - Returns `<Aedes>`
 Create a new Aedes server.

package/lib/handlers/connect.js CHANGED Viewed

@@ -36,7 +36,8 @@ const errorMessages = [
   'identifier rejected',
   'Server unavailable',
   'bad user name or password',
-  'not authorized'
+  'not authorized',
+  'keep alive limit exceeded'
 ]
 function handleConnect (client, packet, done) {
@@ -66,6 +67,10 @@ function init (client, packet, done) {
   if (packet.protocolVersion === 3 && clientId.length > client.broker.maxClientsIdLength) {
     returnCode = 2
   }
+  // check if the client keepalive is compatible with broker settings
+  if (client.broker.keepaliveLimit && (!packet.keepalive || packet.keepalive > client.broker.keepaliveLimit)) {
+    returnCode = 6
+  }
   if (returnCode > 0) {
     const error = new Error(errorMessages[returnCode])
     error.errorCode = returnCode

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "aedes",
-  "version": "0.50.1",
+  "version": "0.51.1",
   "description": "Stream-based MQTT broker",
   "main": "aedes.js",
   "types": "aedes.d.ts",
@@ -16,7 +16,7 @@
     "test:typescript": "tsd",
     "unit": "tap -J test/*.js",
     "unit:report": "tap -J test/*.js --cov --coverage-report=html --coverage-report=cobertura | tee out.tap",
-    "license-checker": "license-checker --production --onlyAllow=\"MIT;ISC;BSD-3-Clause;BSD-2-Clause\"",
+    "license-checker": "license-checker --production --onlyAllow=\"MIT;ISC;BSD-3-Clause;BSD-2-Clause;0BSD\"",
     "release": "read -p 'GITHUB_TOKEN: ' GITHUB_TOKEN && export GITHUB_TOKEN=$GITHUB_TOKEN && release-it --disable-metrics"
   },
   "release-it": {
@@ -89,6 +89,10 @@
     }
   ],
   "license": "MIT",
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/aedes"
+  },
   "bugs": {
     "url": "https://github.com/moscajs/aedes/issues"
   },
@@ -97,24 +101,24 @@
     "node": ">=16"
   },
   "devDependencies": {
-    "@sinonjs/fake-timers": "^10.3.0",
-    "@types/node": "^20.4.5",
-    "@typescript-eslint/eslint-plugin": "^6.2.0",
-    "@typescript-eslint/parser": "^6.2.0",
+    "@sinonjs/fake-timers": "^11.2.2",
+    "@types/node": "^20.11.17",
+    "@typescript-eslint/eslint-plugin": "^7.0.1",
+    "@typescript-eslint/parser": "^7.0.1",
     "concat-stream": "^2.0.0",
     "duplexify": "^4.1.2",
     "license-checker": "^25.0.1",
-    "markdownlint-cli": "^0.35.0",
-    "mqtt": "^5.0.0",
+    "markdownlint-cli": "^0.39.0",
+    "mqtt": "^5.3.5",
     "mqtt-connection": "^4.1.0",
     "pre-commit": "^1.2.2",
     "proxyquire": "^2.1.3",
-    "release-it": "^16.1.3",
+    "release-it": "^17.0.5",
     "snazzy": "^9.0.0",
     "standard": "^17.1.0",
-    "tap": "^16.3.7",
-    "tsd": "^0.28.1",
-    "typescript": "^5.1.6",
+    "tap": "^16.3.10",
+    "tsd": "^0.30.4",
+    "typescript": "^5.3.3",
     "websocket-stream": "^5.5.2"
   },
   "dependencies": {
@@ -124,11 +128,11 @@
     "fastfall": "^1.5.1",
     "fastparallel": "^2.4.1",
     "fastseries": "^2.0.0",
-    "hyperid": "^3.1.1",
+    "hyperid": "^3.2.0",
     "mqemitter": "^5.0.0",
     "mqtt-packet": "^9.0.0",
-    "retimer": "^3.0.0",
+    "retimer": "^4.0.0",
     "reusify": "^1.0.4",
-    "uuid": "^9.0.0"
+    "uuid": "^9.0.1"
   }
 }

package/test/connect.js CHANGED Viewed

@@ -97,6 +97,40 @@ test('reject client requested for unsupported protocol version', function (t) {
   })
 })
+test('reject clients that exceed the keepalive limit', function (t) {
+  t.plan(3)
+  const broker = aedes({
+    keepaliveLimit: 100
+  })
+  t.teardown(broker.close.bind(broker))
+  const s = setup(broker)
+  s.inStream.write({
+    cmd: 'connect',
+    keepalive: 150
+  })
+  s.outStream.on('data', function (packet) {
+    console.log(packet)
+    t.same(packet, {
+      cmd: 'connack',
+      returnCode: 6,
+      length: 2,
+      qos: 0,
+      retain: false,
+      dup: false,
+      topic: null,
+      payload: null,
+      sessionPresent: false
+    }, 'unsuccessful connack, keep alive limit exceeded')
+  })
+  broker.on('connectionError', function (client, err) {
+    t.equal(err.message, 'keep alive limit exceeded')
+    t.equal(broker.connectedClients, 0)
+  })
+})
 // Guarded in mqtt-packet
 test('reject clients with no clientId running on MQTT 3.1.0', function (t) {
   t.plan(3)

package/test/events.js CHANGED Viewed

@@ -221,3 +221,20 @@ test('Test backpressure aedes published function', function (t) {
     })
   })
 })
+test('clear closed clients when the same clientId is managed by another broker', function (t) {
+  t.plan(1)
+  const clientId = 'closed-client'
+  const broker = aedes()
+  // simulate a closed client on the broker
+  broker.clients[clientId] = { closed: true }
+  // simulate the creation of the same client on another broker of the cluster
+  broker.publish({ topic: '$SYS/anotherbroker/new/clients', payload: clientId }, () => {
+    t.equal(broker.clients[clientId], undefined) // check that the closed client was removed
+  })
+  t.teardown(broker.close.bind(broker))
+})

package/test/types/aedes.test-d.ts CHANGED Viewed

@@ -23,6 +23,7 @@ broker = new Aedes({
   heartbeatInterval: 60000,
   connectTimeout: 30000,
   maxClientsIdLength: 23,
+  keepaliveLimit: 0,
   preConnect: (client: Client, packet: ConnectPacket, callback) => {
     if (client.req) {
       callback(new Error('not websocket stream'), false)

package/types/instance.d.ts CHANGED Viewed

@@ -75,6 +75,7 @@ export interface AedesOptions {
   concurrency?: number;
   heartbeatInterval?: number;
   connectTimeout?: number;
+  keepaliveLimit?: number;
   queueLimit?: number;
   maxClientsIdLength?: number;
   preConnect?: PreConnectHandler;