socket-function 0.7.14 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/webSocketServer.ts +17 -28
package/package.json
CHANGED
package/src/webSocketServer.ts
CHANGED
|
@@ -52,6 +52,19 @@ export async function startSocketServer(
|
|
|
52
52
|
noServer: true,
|
|
53
53
|
});
|
|
54
54
|
httpsServer.on("upgrade", (request, socket, upgradeHead) => {
|
|
55
|
+
let originHeader = request.headers["origin"];
|
|
56
|
+
if (originHeader) {
|
|
57
|
+
try {
|
|
58
|
+
let host = new URL("ws://" + request.headers["host"]).hostname;
|
|
59
|
+
let origin = new URL(originHeader).hostname;
|
|
60
|
+
if (host !== origin) {
|
|
61
|
+
throw new Error(`Invalid cross thread request, ${JSON.stringify(host)} !== ${JSON.stringify(origin)}`);
|
|
62
|
+
}
|
|
63
|
+
} catch (e) {
|
|
64
|
+
console.error(e);
|
|
65
|
+
return;
|
|
66
|
+
}
|
|
67
|
+
}
|
|
55
68
|
webSocketServer.handleUpgrade(request, socket, upgradeHead, async (ws) => {
|
|
56
69
|
// NOTE: For the browser, the request will likely have a nodeId, from making an HTTP request.
|
|
57
70
|
// We would prefer peer certificates, so this isn't the default (in getNodeId), but it will
|
|
@@ -73,20 +86,6 @@ export async function startSocketServer(
|
|
|
73
86
|
res.end();
|
|
74
87
|
});
|
|
75
88
|
|
|
76
|
-
httpServer.listen(0, "127.0.0.1");
|
|
77
|
-
httpsServer.listen(0, "127.0.0.1");
|
|
78
|
-
|
|
79
|
-
// TODO: We should really add error handling here, but... we should always be able to listen
|
|
80
|
-
// on ANY port on localhost, as why couldn't we?
|
|
81
|
-
let httpServerReady = new Promise(resolve => httpServer.once("listening", resolve));
|
|
82
|
-
let httpsServerReady = new Promise(resolve => httpsServer.once("listening", resolve));
|
|
83
|
-
await httpServerReady;
|
|
84
|
-
await httpsServerReady;
|
|
85
|
-
|
|
86
|
-
let httpAddress = httpServer.address() as net.AddressInfo;
|
|
87
|
-
let httpsAddress = httpsServer.address() as net.AddressInfo;
|
|
88
|
-
|
|
89
|
-
|
|
90
89
|
let realServer = net.createServer(socket => {
|
|
91
90
|
// NOTE: ONCE is used, so we only look at the first buffer, and then after that
|
|
92
91
|
// we pipe. This should be very efficient, as pipe has insane throughput
|
|
@@ -94,21 +93,11 @@ export async function startSocketServer(
|
|
|
94
93
|
socket.once("data", buffer => {
|
|
95
94
|
// All HTTPS requests start with 22, and no HTTP requests start with 22,
|
|
96
95
|
// so we just need to read the first byte.
|
|
97
|
-
let
|
|
98
|
-
let isHTTPS = byte === 22;
|
|
99
|
-
let address = httpAddress;
|
|
100
|
-
if (isHTTPS) {
|
|
101
|
-
address = httpsAddress;
|
|
102
|
-
}
|
|
103
|
-
let baseSocket = net.connect(address.port);
|
|
104
|
-
|
|
105
|
-
baseSocket.write(buffer);
|
|
106
|
-
socket.pipe(baseSocket);
|
|
107
|
-
baseSocket.pipe(socket);
|
|
96
|
+
let server = buffer[0] === 22 ? httpsServer : httpServer;
|
|
108
97
|
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
98
|
+
// NOTE: Messages aren't dequeued until the current handler finishes, so we don't need to pause the socket or anything.
|
|
99
|
+
server.emit("connection", socket);
|
|
100
|
+
socket.unshift(buffer);
|
|
112
101
|
});
|
|
113
102
|
socket.on("error", (e) => {
|
|
114
103
|
console.error(`Exposed socket error, ${e.stack}`);
|