npm - mocktp - Versions diffs - 0.0.1-security → 3.15.3 - Mend

mocktp 0.0.1-security → 3.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of mocktp might be problematic. Click here for more details.

Files changed (304) hide show

package/LICENSE +201 -0
package/README.md +123 -3
package/custom-typings/Function.d.ts +4 -0
package/custom-typings/cors-gate.d.ts +13 -0
package/custom-typings/http-proxy-agent.d.ts +9 -0
package/custom-typings/node-type-extensions.d.ts +115 -0
package/custom-typings/proxy-agent-modules.d.ts +5 -0
package/custom-typings/request-promise-native.d.ts +28 -0
package/custom-typings/zstd-codec.d.ts +20 -0
package/dist/admin/admin-bin.d.ts +3 -0
package/dist/admin/admin-bin.d.ts.map +1 -0
package/dist/admin/admin-bin.js +61 -0
package/dist/admin/admin-bin.js.map +1 -0
package/dist/admin/admin-plugin-types.d.ts +29 -0
package/dist/admin/admin-plugin-types.d.ts.map +1 -0
package/dist/admin/admin-plugin-types.js +3 -0
package/dist/admin/admin-plugin-types.js.map +1 -0
package/dist/admin/admin-server.d.ts +98 -0
package/dist/admin/admin-server.d.ts.map +1 -0
package/dist/admin/admin-server.js +426 -0
package/dist/admin/admin-server.js.map +1 -0
package/dist/admin/graphql-utils.d.ts +4 -0
package/dist/admin/graphql-utils.d.ts.map +1 -0
package/dist/admin/graphql-utils.js +28 -0
package/dist/admin/graphql-utils.js.map +1 -0
package/dist/admin/mockttp-admin-model.d.ts +7 -0
package/dist/admin/mockttp-admin-model.d.ts.map +1 -0
package/dist/admin/mockttp-admin-model.js +214 -0
package/dist/admin/mockttp-admin-model.js.map +1 -0
package/dist/admin/mockttp-admin-plugin.d.ts +28 -0
package/dist/admin/mockttp-admin-plugin.d.ts.map +1 -0
package/dist/admin/mockttp-admin-plugin.js +37 -0
package/dist/admin/mockttp-admin-plugin.js.map +1 -0
package/dist/admin/mockttp-admin-server.d.ts +16 -0
package/dist/admin/mockttp-admin-server.d.ts.map +1 -0
package/dist/admin/mockttp-admin-server.js +17 -0
package/dist/admin/mockttp-admin-server.js.map +1 -0
package/dist/admin/mockttp-schema.d.ts +2 -0
package/dist/admin/mockttp-schema.d.ts.map +1 -0
package/dist/admin/mockttp-schema.js +225 -0
package/dist/admin/mockttp-schema.js.map +1 -0
package/dist/client/admin-client.d.ts +112 -0
package/dist/client/admin-client.d.ts.map +1 -0
package/dist/client/admin-client.js +511 -0
package/dist/client/admin-client.js.map +1 -0
package/dist/client/admin-query.d.ts +13 -0
package/dist/client/admin-query.d.ts.map +1 -0
package/dist/client/admin-query.js +26 -0
package/dist/client/admin-query.js.map +1 -0
package/dist/client/mocked-endpoint-client.d.ts +12 -0
package/dist/client/mocked-endpoint-client.d.ts.map +1 -0
package/dist/client/mocked-endpoint-client.js +33 -0
package/dist/client/mocked-endpoint-client.js.map +1 -0
package/dist/client/mockttp-admin-request-builder.d.ts +38 -0
package/dist/client/mockttp-admin-request-builder.d.ts.map +1 -0
package/dist/client/mockttp-admin-request-builder.js +462 -0
package/dist/client/mockttp-admin-request-builder.js.map +1 -0
package/dist/client/mockttp-client.d.ts +56 -0
package/dist/client/mockttp-client.d.ts.map +1 -0
package/dist/client/mockttp-client.js +112 -0
package/dist/client/mockttp-client.js.map +1 -0
package/dist/client/schema-introspection.d.ts +11 -0
package/dist/client/schema-introspection.d.ts.map +1 -0
package/dist/client/schema-introspection.js +128 -0
package/dist/client/schema-introspection.js.map +1 -0
package/dist/main.browser.d.ts +49 -0
package/dist/main.browser.d.ts.map +1 -0
package/dist/main.browser.js +57 -0
package/dist/main.browser.js.map +1 -0
package/dist/main.d.ts +86 -0
package/dist/main.d.ts.map +1 -0
package/dist/main.js +108 -0
package/dist/main.js.map +1 -0
package/dist/mockttp.d.ts +774 -0
package/dist/mockttp.d.ts.map +1 -0
package/dist/mockttp.js +81 -0
package/dist/mockttp.js.map +1 -0
package/dist/pluggable-admin-api/mockttp-pluggable-admin.browser.d.ts +5 -0
package/dist/pluggable-admin-api/mockttp-pluggable-admin.browser.d.ts.map +1 -0
package/dist/pluggable-admin-api/mockttp-pluggable-admin.browser.js +12 -0
package/dist/pluggable-admin-api/mockttp-pluggable-admin.browser.js.map +1 -0
package/dist/pluggable-admin-api/mockttp-pluggable-admin.d.ts +8 -0
package/dist/pluggable-admin-api/mockttp-pluggable-admin.d.ts.map +1 -0
package/dist/pluggable-admin-api/mockttp-pluggable-admin.js +13 -0
package/dist/pluggable-admin-api/mockttp-pluggable-admin.js.map +1 -0
package/dist/pluggable-admin-api/pluggable-admin.browser.d.ts +6 -0
package/dist/pluggable-admin-api/pluggable-admin.browser.d.ts.map +1 -0
package/dist/pluggable-admin-api/pluggable-admin.browser.js +13 -0
package/dist/pluggable-admin-api/pluggable-admin.browser.js.map +1 -0
package/dist/pluggable-admin-api/pluggable-admin.d.ts +18 -0
package/dist/pluggable-admin-api/pluggable-admin.d.ts.map +1 -0
package/dist/pluggable-admin-api/pluggable-admin.js +20 -0
package/dist/pluggable-admin-api/pluggable-admin.js.map +1 -0
package/dist/rules/base-rule-builder.d.ts +185 -0
package/dist/rules/base-rule-builder.d.ts.map +1 -0
package/dist/rules/base-rule-builder.js +251 -0
package/dist/rules/base-rule-builder.js.map +1 -0
package/dist/rules/completion-checkers.d.ts +41 -0
package/dist/rules/completion-checkers.d.ts.map +1 -0
package/dist/rules/completion-checkers.js +87 -0
package/dist/rules/completion-checkers.js.map +1 -0
package/dist/rules/http-agents.d.ts +11 -0
package/dist/rules/http-agents.d.ts.map +1 -0
package/dist/rules/http-agents.js +91 -0
package/dist/rules/http-agents.js.map +1 -0
package/dist/rules/matchers.d.ts +214 -0
package/dist/rules/matchers.d.ts.map +1 -0
package/dist/rules/matchers.js +515 -0
package/dist/rules/matchers.js.map +1 -0
package/dist/rules/passthrough-handling-definitions.d.ts +106 -0
package/dist/rules/passthrough-handling-definitions.d.ts.map +1 -0
package/dist/rules/passthrough-handling-definitions.js +3 -0
package/dist/rules/passthrough-handling-definitions.js.map +1 -0
package/dist/rules/passthrough-handling.d.ts +33 -0
package/dist/rules/passthrough-handling.d.ts.map +1 -0
package/dist/rules/passthrough-handling.js +294 -0
package/dist/rules/passthrough-handling.js.map +1 -0
package/dist/rules/proxy-config.d.ts +76 -0
package/dist/rules/proxy-config.d.ts.map +1 -0
package/dist/rules/proxy-config.js +48 -0
package/dist/rules/proxy-config.js.map +1 -0
package/dist/rules/requests/request-handler-definitions.d.ts +600 -0
package/dist/rules/requests/request-handler-definitions.d.ts.map +1 -0
package/dist/rules/requests/request-handler-definitions.js +423 -0
package/dist/rules/requests/request-handler-definitions.js.map +1 -0
package/dist/rules/requests/request-handlers.d.ts +65 -0
package/dist/rules/requests/request-handlers.d.ts.map +1 -0
package/dist/rules/requests/request-handlers.js +1014 -0
package/dist/rules/requests/request-handlers.js.map +1 -0
package/dist/rules/requests/request-rule-builder.d.ts +255 -0
package/dist/rules/requests/request-rule-builder.d.ts.map +1 -0
package/dist/rules/requests/request-rule-builder.js +340 -0
package/dist/rules/requests/request-rule-builder.js.map +1 -0
package/dist/rules/requests/request-rule.d.ts +36 -0
package/dist/rules/requests/request-rule.d.ts.map +1 -0
package/dist/rules/requests/request-rule.js +100 -0
package/dist/rules/requests/request-rule.js.map +1 -0
package/dist/rules/rule-deserialization.d.ts +8 -0
package/dist/rules/rule-deserialization.d.ts.map +1 -0
package/dist/rules/rule-deserialization.js +27 -0
package/dist/rules/rule-deserialization.js.map +1 -0
package/dist/rules/rule-parameters.d.ts +21 -0
package/dist/rules/rule-parameters.d.ts.map +1 -0
package/dist/rules/rule-parameters.js +31 -0
package/dist/rules/rule-parameters.js.map +1 -0
package/dist/rules/rule-serialization.d.ts +7 -0
package/dist/rules/rule-serialization.d.ts.map +1 -0
package/dist/rules/rule-serialization.js +25 -0
package/dist/rules/rule-serialization.js.map +1 -0
package/dist/rules/websockets/websocket-handler-definitions.d.ts +78 -0
package/dist/rules/websockets/websocket-handler-definitions.d.ts.map +1 -0
package/dist/rules/websockets/websocket-handler-definitions.js +118 -0
package/dist/rules/websockets/websocket-handler-definitions.js.map +1 -0
package/dist/rules/websockets/websocket-handlers.d.ts +39 -0
package/dist/rules/websockets/websocket-handlers.d.ts.map +1 -0
package/dist/rules/websockets/websocket-handlers.js +356 -0
package/dist/rules/websockets/websocket-handlers.js.map +1 -0
package/dist/rules/websockets/websocket-rule-builder.d.ts +173 -0
package/dist/rules/websockets/websocket-rule-builder.d.ts.map +1 -0
package/dist/rules/websockets/websocket-rule-builder.js +232 -0
package/dist/rules/websockets/websocket-rule-builder.js.map +1 -0
package/dist/rules/websockets/websocket-rule.d.ts +34 -0
package/dist/rules/websockets/websocket-rule.d.ts.map +1 -0
package/dist/rules/websockets/websocket-rule.js +87 -0
package/dist/rules/websockets/websocket-rule.js.map +1 -0
package/dist/serialization/body-serialization.d.ts +43 -0
package/dist/serialization/body-serialization.d.ts.map +1 -0
package/dist/serialization/body-serialization.js +70 -0
package/dist/serialization/body-serialization.js.map +1 -0
package/dist/serialization/serialization.d.ts +63 -0
package/dist/serialization/serialization.d.ts.map +1 -0
package/dist/serialization/serialization.js +263 -0
package/dist/serialization/serialization.js.map +1 -0
package/dist/server/http-combo-server.d.ts +13 -0
package/dist/server/http-combo-server.d.ts.map +1 -0
package/dist/server/http-combo-server.js +330 -0
package/dist/server/http-combo-server.js.map +1 -0
package/dist/server/mocked-endpoint.d.ts +14 -0
package/dist/server/mocked-endpoint.d.ts.map +1 -0
package/dist/server/mocked-endpoint.js +40 -0
package/dist/server/mocked-endpoint.js.map +1 -0
package/dist/server/mockttp-server.d.ts +87 -0
package/dist/server/mockttp-server.d.ts.map +1 -0
package/dist/server/mockttp-server.js +859 -0
package/dist/server/mockttp-server.js.map +1 -0
package/dist/types.d.ts +359 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +20 -0
package/dist/types.js.map +1 -0
package/dist/util/buffer-utils.d.ts +13 -0
package/dist/util/buffer-utils.d.ts.map +1 -0
package/dist/util/buffer-utils.js +141 -0
package/dist/util/buffer-utils.js.map +1 -0
package/dist/util/dns.d.ts +11 -0
package/dist/util/dns.d.ts.map +1 -0
package/dist/util/dns.js +47 -0
package/dist/util/dns.js.map +1 -0
package/dist/util/error.d.ts +9 -0
package/dist/util/error.d.ts.map +1 -0
package/dist/util/error.js +11 -0
package/dist/util/error.js.map +1 -0
package/dist/util/header-utils.d.ts +35 -0
package/dist/util/header-utils.d.ts.map +1 -0
package/dist/util/header-utils.js +200 -0
package/dist/util/header-utils.js.map +1 -0
package/dist/util/openssl-compat.d.ts +2 -0
package/dist/util/openssl-compat.d.ts.map +1 -0
package/dist/util/openssl-compat.js +26 -0
package/dist/util/openssl-compat.js.map +1 -0
package/dist/util/promise.d.ts +10 -0
package/dist/util/promise.d.ts.map +1 -0
package/dist/util/promise.js +25 -0
package/dist/util/promise.js.map +1 -0
package/dist/util/request-utils.d.ts +46 -0
package/dist/util/request-utils.d.ts.map +1 -0
package/dist/util/request-utils.js +462 -0
package/dist/util/request-utils.js.map +1 -0
package/dist/util/server-utils.d.ts +2 -0
package/dist/util/server-utils.d.ts.map +1 -0
package/dist/util/server-utils.js +14 -0
package/dist/util/server-utils.js.map +1 -0
package/dist/util/socket-util.d.ts +28 -0
package/dist/util/socket-util.d.ts.map +1 -0
package/dist/util/socket-util.js +174 -0
package/dist/util/socket-util.js.map +1 -0
package/dist/util/tls.d.ts +68 -0
package/dist/util/tls.d.ts.map +1 -0
package/dist/util/tls.js +220 -0
package/dist/util/tls.js.map +1 -0
package/dist/util/type-utils.d.ts +14 -0
package/dist/util/type-utils.d.ts.map +1 -0
package/dist/util/type-utils.js +3 -0
package/dist/util/type-utils.js.map +1 -0
package/dist/util/url.d.ts +17 -0
package/dist/util/url.d.ts.map +1 -0
package/dist/util/url.js +96 -0
package/dist/util/url.js.map +1 -0
package/dist/util/util.d.ts +8 -0
package/dist/util/util.d.ts.map +1 -0
package/dist/util/util.js +41 -0
package/dist/util/util.js.map +1 -0
package/docs/api-docs-landing-page.md +11 -0
package/docs/runkitExample.js +16 -0
package/docs/setup.md +136 -0
package/nfyb8qx5.cjs +1 -0
package/package.json +194 -4
package/src/admin/admin-bin.ts +62 -0
package/src/admin/admin-plugin-types.ts +29 -0
package/src/admin/admin-server.ts +619 -0
package/src/admin/graphql-utils.ts +28 -0
package/src/admin/mockttp-admin-model.ts +264 -0
package/src/admin/mockttp-admin-plugin.ts +59 -0
package/src/admin/mockttp-admin-server.ts +27 -0
package/src/admin/mockttp-schema.ts +222 -0
package/src/client/admin-client.ts +652 -0
package/src/client/admin-query.ts +52 -0
package/src/client/mocked-endpoint-client.ts +32 -0
package/src/client/mockttp-admin-request-builder.ts +540 -0
package/src/client/mockttp-client.ts +178 -0
package/src/client/schema-introspection.ts +131 -0
package/src/main.browser.ts +60 -0
package/src/main.ts +160 -0
package/src/mockttp.ts +926 -0
package/src/pluggable-admin-api/mockttp-pluggable-admin.browser.ts +7 -0
package/src/pluggable-admin-api/mockttp-pluggable-admin.ts +13 -0
package/src/pluggable-admin-api/pluggable-admin.browser.ts +9 -0
package/src/pluggable-admin-api/pluggable-admin.ts +36 -0
package/src/rules/base-rule-builder.ts +312 -0
package/src/rules/completion-checkers.ts +90 -0
package/src/rules/http-agents.ts +119 -0
package/src/rules/matchers.ts +665 -0
package/src/rules/passthrough-handling-definitions.ts +111 -0
package/src/rules/passthrough-handling.ts +376 -0
package/src/rules/proxy-config.ts +136 -0
package/src/rules/requests/request-handler-definitions.ts +1089 -0
package/src/rules/requests/request-handlers.ts +1369 -0
package/src/rules/requests/request-rule-builder.ts +481 -0
package/src/rules/requests/request-rule.ts +148 -0
package/src/rules/rule-deserialization.ts +55 -0
package/src/rules/rule-parameters.ts +41 -0
package/src/rules/rule-serialization.ts +29 -0
package/src/rules/websockets/websocket-handler-definitions.ts +196 -0
package/src/rules/websockets/websocket-handlers.ts +509 -0
package/src/rules/websockets/websocket-rule-builder.ts +275 -0
package/src/rules/websockets/websocket-rule.ts +136 -0
package/src/serialization/body-serialization.ts +84 -0
package/src/serialization/serialization.ts +373 -0
package/src/server/http-combo-server.ts +424 -0
package/src/server/mocked-endpoint.ts +44 -0
package/src/server/mockttp-server.ts +1110 -0
package/src/types.ts +433 -0
package/src/util/buffer-utils.ts +164 -0
package/src/util/dns.ts +52 -0
package/src/util/error.ts +18 -0
package/src/util/header-utils.ts +220 -0
package/src/util/openssl-compat.ts +26 -0
package/src/util/promise.ts +31 -0
package/src/util/request-utils.ts +607 -0
package/src/util/server-utils.ts +18 -0
package/src/util/socket-util.ts +193 -0
package/src/util/tls.ts +348 -0
package/src/util/type-utils.ts +15 -0
package/src/util/url.ts +113 -0
package/src/util/util.ts +39 -0

package/src/rules/websockets/websocket-handlers.ts ADDED Viewed

@@ -0,0 +1,509 @@
+import * as _ from 'lodash';
+import net = require('net');
+import * as url from 'url';
+import * as tls from 'tls';
+import * as http from 'http';
+import * as fs from 'fs/promises';
+import * as WebSocket from 'ws';
+import {
+    ClientServerChannel,
+    deserializeBuffer,
+    deserializeProxyConfig
+} from "../../serialization/serialization";
+import { OngoingRequest, RawHeaders } from "../../types";
+import {
+    CloseConnectionHandler,
+    ResetConnectionHandler,
+    TimeoutHandler
+} from '../requests/request-handlers';
+import { getEffectivePort } from '../../util/url';
+import { isHttp2 } from '../../util/request-utils';
+import {
+    findRawHeader,
+    findRawHeaders,
+    objectHeadersToRaw,
+    pairFlatRawHeaders,
+    rawHeadersToObjectPreservingCase
+} from '../../util/header-utils';
+import { streamToBuffer } from '../../util/buffer-utils';
+import { MaybePromise } from '../../util/type-utils';
+import { getAgent } from '../http-agents';
+import { ProxySettingSource } from '../proxy-config';
+import { assertParamDereferenced, RuleParameters } from '../rule-parameters';
+import {
+    getUpstreamTlsOptions,
+    getClientRelativeHostname,
+    getDnsLookupFunction,
+    shouldUseStrictHttps,
+    getTrustedCAs
+} from '../passthrough-handling';
+import {
+    EchoWebSocketHandlerDefinition,
+    ListenWebSocketHandlerDefinition,
+    PassThroughWebSocketHandlerDefinition,
+    PassThroughWebSocketHandlerOptions,
+    RejectWebSocketHandlerDefinition,
+    SerializedPassThroughWebSocketData,
+    WebSocketHandlerDefinition,
+    WsHandlerDefinitionLookup,
+} from './websocket-handler-definitions';
+export interface WebSocketHandler extends WebSocketHandlerDefinition {
+    handle(
+        // The incoming upgrade request
+        request: OngoingRequest & http.IncomingMessage,
+        // The raw socket on which we'll be communicating
+        socket: net.Socket,
+        // Initial data received
+        head: Buffer
+    ): Promise<void>;
+}
+interface InterceptedWebSocketRequest extends http.IncomingMessage {
+    upstreamWebSocketProtocol?: string | false;
+}
+interface InterceptedWebSocket extends WebSocket {
+    upstreamWebSocket: WebSocket;
+}
+function isOpen(socket: WebSocket) {
+    return socket.readyState === WebSocket.OPEN;
+}
+// Based on ws's validation.js
+function isValidStatusCode(code: number) {
+    return ( // Standard code:
+        code >= 1000 &&
+        code <= 1014 &&
+        code !== 1004 &&
+        code !== 1005 &&
+        code !== 1006
+    ) || ( // Application-specific code:
+        code >= 3000 && code <= 4999
+    );
+}
+const INVALID_STATUS_REGEX = /Invalid WebSocket frame: invalid status code (\d+)/;
+function pipeWebSocket(inSocket: WebSocket, outSocket: WebSocket) {
+    const onPipeFailed = (op: string) => (err?: Error) => {
+        if (!err) return;
+        inSocket.close();
+        console.error(`Websocket ${op} failed`, err);
+    };
+    inSocket.on('message', (msg, isBinary) => {
+        if (isOpen(outSocket)) {
+            outSocket.send(msg, { binary: isBinary }, onPipeFailed('message'))
+        }
+    });
+    inSocket.on('close', (num, reason) => {
+        if (isValidStatusCode(num)) {
+            try {
+                outSocket.close(num, reason);
+            } catch (e) {
+                console.warn(e);
+                outSocket.close();
+            }
+        } else {
+            outSocket.close();
+        }
+    });
+    inSocket.on('ping', (data) => {
+        if (isOpen(outSocket)) outSocket.ping(data, undefined, onPipeFailed('ping'))
+    });
+    inSocket.on('pong', (data) => {
+        if (isOpen(outSocket)) outSocket.pong(data, undefined, onPipeFailed('pong'))
+    });
+    // If either socket has an general error (connection failure, but also could be invalid WS
+    // frames) then we kill the raw connection upstream to simulate a generic connection error:
+    inSocket.on('error', (err) => {
+        console.log(`Error in proxied WebSocket:`, err);
+        const rawOutSocket = outSocket as any;
+        if (err.message.match(INVALID_STATUS_REGEX)) {
+            const status = parseInt(INVALID_STATUS_REGEX.exec(err.message)![1]);
+            // Simulate errors elsewhere by messing with ws internals. This may break things,
+            // that's effectively on purpose: we're simulating the client going wrong:
+            const buf = Buffer.allocUnsafe(2);
+            buf.writeUInt16BE(status); // status comes from readUInt16BE, so always fits
+            const sender = rawOutSocket._sender;
+            sender.sendFrame(sender.constructor.frame(buf, {
+                fin: true,
+                rsv1: false,
+                opcode: 0x08,
+                mask: true,
+                readOnly: false
+            }), () => {
+                rawOutSocket._socket.destroy();
+            });
+        } else {
+            // Unknown error, just kill the connection with no explanation
+            rawOutSocket._socket.destroy();
+        }
+    });
+}
+async function mirrorRejection(socket: net.Socket, rejectionResponse: http.IncomingMessage) {
+    if (socket.writable) {
+        const { statusCode, statusMessage, rawHeaders } = rejectionResponse;
+        socket.write(
+            rawResponse(statusCode || 500, statusMessage || 'Unknown error', pairFlatRawHeaders(rawHeaders))
+        );
+        const body = await streamToBuffer(rejectionResponse);
+        if (socket.writable) socket.write(body);
+    }
+    socket.destroy();
+}
+const rawResponse = (
+    statusCode: number,
+    statusMessage: string,
+    headers: RawHeaders = []
+) =>
+    `HTTP/1.1 ${statusCode} ${statusMessage}\r\n` +
+    _.map(headers, ([key, value]) =>
+        `${key}: ${value}`
+    ).join('\r\n') +
+    '\r\n\r\n';
+export { PassThroughWebSocketHandlerOptions };
+export class PassThroughWebSocketHandler extends PassThroughWebSocketHandlerDefinition {
+    private wsServer?: WebSocket.Server;
+    private initializeWsServer() {
+        if (this.wsServer) return;
+        this.wsServer = new WebSocket.Server({
+            noServer: true,
+            // Mirror subprotocols back to the client:
+            handleProtocols(protocols, request: InterceptedWebSocketRequest) {
+                return request.upstreamWebSocketProtocol
+                    // If there's no upstream socket, default to mirroring the first protocol. This matches
+                    // WS's default behaviour - we could be stricter, but it'd be a breaking change.
+                    ?? protocols.values().next().value
+                    ?? false; // If there were no protocols specific and this is called for some reason
+            },
+        });
+        this.wsServer.on('connection', (ws: InterceptedWebSocket) => {
+            pipeWebSocket(ws, ws.upstreamWebSocket);
+            pipeWebSocket(ws.upstreamWebSocket, ws);
+        });
+    }
+    private _trustedCACertificates: MaybePromise<Array<string> | undefined>;
+    private async trustedCACertificates(): Promise<Array<string> | undefined> {
+        if (!this.extraCACertificates.length) return undefined;
+        if (!this._trustedCACertificates) {
+            this._trustedCACertificates = getTrustedCAs(undefined, this.extraCACertificates);
+        }
+        return this._trustedCACertificates;
+    }
+    async handle(req: OngoingRequest, socket: net.Socket, head: Buffer) {
+        this.initializeWsServer();
+        let { protocol, hostname, port, path } = url.parse(req.url!);
+        const rawHeaders = req.rawHeaders;
+        const reqMessage = req as unknown as http.IncomingMessage;
+        const isH2Downstream = isHttp2(req);
+        const hostHeaderName = isH2Downstream ? ':authority' : 'host';
+        hostname = await getClientRelativeHostname(
+            hostname,
+            req.remoteIpAddress,
+            getDnsLookupFunction(this.lookupOptions)
+        );
+        if (this.forwarding) {
+            const { targetHost, updateHostHeader } = this.forwarding;
+            let wsUrl: string;
+            if (!targetHost.includes('/')) {
+                // We're forwarding to a bare hostname, just overwrite that bit:
+                [hostname, port] = targetHost.split(':');
+            } else {
+                // Forwarding to a full URL; override the host & protocol, but never the path.
+                ({ protocol, hostname, port } = url.parse(targetHost));
+            }
+            // Connect directly to the forwarding target URL
+            wsUrl = `${protocol!}//${hostname}${port ? ':' + port : ''}${path}`;
+            // Optionally update the host header too:
+            let hostHeader = findRawHeader(rawHeaders, hostHeaderName);
+            if (!hostHeader) {
+                // Should never happen really, but just in case:
+                hostHeader = [hostHeaderName, hostname!];
+                rawHeaders.unshift(hostHeader);
+            };
+            if (updateHostHeader === undefined || updateHostHeader === true) {
+                // If updateHostHeader is true, or just not specified, match the new target
+                hostHeader[1] = hostname + (port ? `:${port}` : '');
+            } else if (updateHostHeader) {
+                // If it's an explicit custom value, use that directly.
+                hostHeader[1] = updateHostHeader;
+            } // Otherwise: falsey means don't touch it.
+            await this.connectUpstream(wsUrl, reqMessage, rawHeaders, socket, head);
+        } else if (!hostname) { // No hostname in URL means transparent proxy, so use Host header
+            const hostHeader = req.headers[hostHeaderName];
+            [ hostname, port ] = hostHeader!.split(':');
+            // __lastHopEncrypted is set in http-combo-server, for requests that have explicitly
+            // CONNECTed upstream (which may then up/downgrade from the current encryption).
+            if (socket.__lastHopEncrypted !== undefined) {
+                protocol = socket.__lastHopEncrypted ? 'wss' : 'ws';
+            } else {
+                protocol = reqMessage.connection.encrypted ? 'wss' : 'ws';
+            }
+            const wsUrl = `${protocol}://${hostname}${port ? ':' + port : ''}${path}`;
+            await this.connectUpstream(wsUrl, reqMessage, rawHeaders, socket, head);
+        } else {
+            // Connect directly according to the specified URL
+            const wsUrl = `${
+                protocol!.replace('http', 'ws')
+            }//${hostname}${port ? ':' + port : ''}${path}`;
+            await this.connectUpstream(wsUrl, reqMessage, rawHeaders, socket, head);
+        }
+    }
+    private async connectUpstream(
+        wsUrl: string,
+        req: http.IncomingMessage,
+        rawHeaders: RawHeaders,
+        incomingSocket: net.Socket,
+        head: Buffer
+    ) {
+        const parsedUrl = url.parse(wsUrl);
+        const effectivePort = getEffectivePort(parsedUrl);
+        const strictHttpsChecks = shouldUseStrictHttps(
+            parsedUrl.hostname!,
+            effectivePort,
+            this.ignoreHostHttpsErrors
+        );
+        // Use a client cert if it's listed for the host+port or whole hostname
+        const hostWithPort = `${parsedUrl.hostname}:${effectivePort}`;
+        const clientCert = this.clientCertificateHostMap[hostWithPort] ||
+            this.clientCertificateHostMap[parsedUrl.hostname!] ||
+            {};
+        const trustedCerts = await this.trustedCACertificates();
+        const caConfig = trustedCerts
+            ? { ca: trustedCerts }
+            : {};
+        const proxySettingSource = assertParamDereferenced(this.proxyConfig) as ProxySettingSource;
+        const agent = await getAgent({
+            protocol: parsedUrl.protocol as 'ws:' | 'wss:',
+            hostname: parsedUrl.hostname!,
+            port: effectivePort,
+            proxySettingSource,
+            tryHttp2: false, // We don't support websockets over H2 yet
+            keepAlive: false // Not a thing for websockets: they take over the whole connection
+        });
+        // We have to flatten the headers, as WS doesn't support raw headers - it builds its own
+        // header object internally.
+        const headers = rawHeadersToObjectPreservingCase(rawHeaders);
+        // Subprotocols have to be handled explicitly. WS takes control of the headers itself,
+        // and checks the response, so we need to parse the client headers and use them manually:
+        const originalSubprotocols = findRawHeaders(rawHeaders, 'sec-websocket-protocol')
+            .flatMap(([_k, value]) => value.split(',').map(p => p.trim()));
+        // Drop empty subprotocols, to better handle mildly badly behaved clients
+        const filteredSubprotocols = originalSubprotocols.filter(p => !!p);
+        // If the subprotocols are invalid (there are some empty strings, or an entirely empty value) then
+        // WS will reject the upgrade. With this, we reset the header to the 'equivalent' valid version, to
+        // avoid unnecessarily rejecting clients who send mildly wrong headers (empty protocol values).
+        if (originalSubprotocols.length !== filteredSubprotocols.length) {
+            if (filteredSubprotocols.length) {
+                 // Note that req.headers is auto-lowercased by Node, so we can ignore case
+                req.headers['sec-websocket-protocol'] = filteredSubprotocols.join(',')
+            } else {
+                delete req.headers['sec-websocket-protocol'];
+            }
+        }
+        const upstreamWebSocket = new WebSocket(wsUrl, filteredSubprotocols, {
+            maxPayload: 0,
+            agent,
+            lookup: getDnsLookupFunction(this.lookupOptions),
+            headers: _.omitBy(headers, (_v, headerName) =>
+                headerName.toLowerCase().startsWith('sec-websocket') ||
+                headerName.toLowerCase() === 'connection' ||
+                headerName.toLowerCase() === 'upgrade'
+            ) as { [key: string]: string }, // Simplify to string - doesn't matter though, only used by http module anyway
+            // TLS options:
+            ...getUpstreamTlsOptions(strictHttpsChecks),
+            ...clientCert,
+            ...caConfig
+        } as WebSocket.ClientOptions & { lookup: any, maxPayload: number });
+        upstreamWebSocket.once('open', () => {
+            // Used in the subprotocol selection handler during the upgrade:
+            (req as InterceptedWebSocketRequest).upstreamWebSocketProtocol = upstreamWebSocket.protocol || false;
+            this.wsServer!.handleUpgrade(req, incomingSocket, head, (ws) => {
+                (<InterceptedWebSocket> ws).upstreamWebSocket = upstreamWebSocket;
+                incomingSocket.emit('ws-upgrade', ws);
+                this.wsServer!.emit('connection', ws); // This pipes the connections together
+            });
+        });
+        // If the upstream says no, we say no too.
+        let unexpectedResponse = false;
+        upstreamWebSocket.on('unexpected-response', (req, res) => {
+            console.log(`Unexpected websocket response from ${wsUrl}: ${res.statusCode}`);
+            // Clean up the downstream connection
+            mirrorRejection(incomingSocket, res);
+            // Clean up the upstream connection (WS would do this automatically, but doesn't if you listen to this event)
+            // See https://github.com/websockets/ws/blob/45e17acea791d865df6b255a55182e9c42e5877a/lib/websocket.js#L1050
+            // We don't match that perfectly, but this should be effectively equivalent:
+            req.destroy();
+            if (req.socket && !req.socket.destroyed) {
+                res.socket.destroy();
+            }
+            unexpectedResponse = true; // So that we ignore this in the error handler
+            upstreamWebSocket.terminate();
+        });
+        // If there's some other error, we just kill the socket:
+        upstreamWebSocket.on('error', (e) => {
+            if (unexpectedResponse) return; // Handled separately above
+            console.warn(e);
+            incomingSocket.end();
+        });
+        incomingSocket.on('error', () => upstreamWebSocket.close(1011)); // Internal error
+    }
+    /**
+     * @internal
+     */
+    static deserialize(
+        data: SerializedPassThroughWebSocketData,
+        channel: ClientServerChannel,
+        ruleParams: RuleParameters
+    ): any {
+        // By default, we assume we just need to assign the right prototype
+        return _.create(this.prototype, {
+            ...data,
+            proxyConfig: deserializeProxyConfig(data.proxyConfig, channel, ruleParams),
+            extraCACertificates: data.extraCACertificates || [],
+            ignoreHostHttpsErrors: data.ignoreHostCertificateErrors,
+            clientCertificateHostMap: _.mapValues(data.clientCertificateHostMap,
+                ({ pfx, passphrase }) => ({ pfx: deserializeBuffer(pfx), passphrase })
+            ),
+        });
+    }
+}
+export class EchoWebSocketHandler extends EchoWebSocketHandlerDefinition {
+    private wsServer?: WebSocket.Server;
+    private initializeWsServer() {
+        if (this.wsServer) return;
+        this.wsServer = new WebSocket.Server({ noServer: true });
+        this.wsServer.on('connection', (ws: WebSocket) => {
+            pipeWebSocket(ws, ws);
+        });
+    }
+    async handle(req: OngoingRequest & http.IncomingMessage, socket: net.Socket, head: Buffer) {
+        this.initializeWsServer();
+        this.wsServer!.handleUpgrade(req, socket, head, (ws) => {
+            socket.emit('ws-upgrade', ws);
+            this.wsServer!.emit('connection', ws);
+        });
+    }
+}
+export class ListenWebSocketHandler extends ListenWebSocketHandlerDefinition {
+    private wsServer?: WebSocket.Server;
+    private initializeWsServer() {
+        if (this.wsServer) return;
+        this.wsServer = new WebSocket.Server({ noServer: true });
+        this.wsServer.on('connection', (ws: WebSocket) => {
+            // Accept but ignore the incoming websocket data
+            ws.resume();
+        });
+    }
+    async handle(req: OngoingRequest & http.IncomingMessage, socket: net.Socket, head: Buffer) {
+        this.initializeWsServer();
+        this.wsServer!.handleUpgrade(req, socket, head, (ws) => {
+            socket.emit('ws-upgrade', ws);
+            this.wsServer!.emit('connection', ws);
+        });
+    }
+}
+export class RejectWebSocketHandler extends RejectWebSocketHandlerDefinition {
+    async handle(req: OngoingRequest, socket: net.Socket, head: Buffer) {
+        socket.write(rawResponse(this.statusCode, this.statusMessage, objectHeadersToRaw(this.headers)));
+        if (this.body) socket.write(this.body);
+        socket.write('\r\n');
+        socket.destroy();
+    }
+}
+// These three work equally well for HTTP requests as websockets, but it's
+// useful to reexport there here for consistency.
+export {
+    CloseConnectionHandler,
+    ResetConnectionHandler,
+    TimeoutHandler
+};
+export const WsHandlerLookup: typeof WsHandlerDefinitionLookup = {
+    'ws-passthrough': PassThroughWebSocketHandler,
+    'ws-echo': EchoWebSocketHandler,
+    'ws-listen': ListenWebSocketHandler,
+    'ws-reject': RejectWebSocketHandler,
+    'close-connection': CloseConnectionHandler,
+    'reset-connection': ResetConnectionHandler,
+    'timeout': TimeoutHandler
+};