socket-function 0.7.14 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "socket-function",
3
- "version": "0.7.14",
3
+ "version": "0.8.0",
4
4
  "main": "index.js",
5
5
  "license": "MIT",
6
6
  "dependencies": {
@@ -52,6 +52,19 @@ export async function startSocketServer(
52
52
  noServer: true,
53
53
  });
54
54
  httpsServer.on("upgrade", (request, socket, upgradeHead) => {
55
+ let originHeader = request.headers["origin"];
56
+ if (originHeader) {
57
+ try {
58
+ let host = new URL("ws://" + request.headers["host"]).hostname;
59
+ let origin = new URL(originHeader).hostname;
60
+ if (host !== origin) {
61
+ throw new Error(`Invalid cross thread request, ${JSON.stringify(host)} !== ${JSON.stringify(origin)}`);
62
+ }
63
+ } catch (e) {
64
+ console.error(e);
65
+ return;
66
+ }
67
+ }
55
68
  webSocketServer.handleUpgrade(request, socket, upgradeHead, async (ws) => {
56
69
  // NOTE: For the browser, the request will likely have a nodeId, from making an HTTP request.
57
70
  // We would prefer peer certificates, so this isn't the default (in getNodeId), but it will
@@ -73,20 +86,6 @@ export async function startSocketServer(
73
86
  res.end();
74
87
  });
75
88
 
76
- httpServer.listen(0, "127.0.0.1");
77
- httpsServer.listen(0, "127.0.0.1");
78
-
79
- // TODO: We should really add error handling here, but... we should always be able to listen
80
- // on ANY port on localhost, as why couldn't we?
81
- let httpServerReady = new Promise(resolve => httpServer.once("listening", resolve));
82
- let httpsServerReady = new Promise(resolve => httpsServer.once("listening", resolve));
83
- await httpServerReady;
84
- await httpsServerReady;
85
-
86
- let httpAddress = httpServer.address() as net.AddressInfo;
87
- let httpsAddress = httpsServer.address() as net.AddressInfo;
88
-
89
-
90
89
  let realServer = net.createServer(socket => {
91
90
  // NOTE: ONCE is used, so we only look at the first buffer, and then after that
92
91
  // we pipe. This should be very efficient, as pipe has insane throughput
@@ -94,21 +93,11 @@ export async function startSocketServer(
94
93
  socket.once("data", buffer => {
95
94
  // All HTTPS requests start with 22, and no HTTP requests start with 22,
96
95
  // so we just need to read the first byte.
97
- let byte = buffer[0];
98
- let isHTTPS = byte === 22;
99
- let address = httpAddress;
100
- if (isHTTPS) {
101
- address = httpsAddress;
102
- }
103
- let baseSocket = net.connect(address.port);
104
-
105
- baseSocket.write(buffer);
106
- socket.pipe(baseSocket);
107
- baseSocket.pipe(socket);
96
+ let server = buffer[0] === 22 ? httpsServer : httpServer;
108
97
 
109
- baseSocket.on("error", (e) => {
110
- console.error(`Base socket error, ${e.stack}`);
111
- });
98
+ // NOTE: Messages aren't dequeued until the current handler finishes, so we don't need to pause the socket or anything.
99
+ server.emit("connection", socket);
100
+ socket.unshift(buffer);
112
101
  });
113
102
  socket.on("error", (e) => {
114
103
  console.error(`Exposed socket error, ${e.stack}`);