socket-function 1.1.29 → 1.1.31

package/SocketFunction.d.ts

@@ -22,7 +22,6 @@ export declare class SocketFunction {
     static HTTP_ETAG_CACHE: boolean;
     static silent: boolean;
     static HTTP_COMPRESS: boolean;
-    static LEGACY_INITIALIZE: boolean;
     static COEP: string;
     static COOP: string;
     static TOTAL_CALLS: number;
@@ -64,8 +63,10 @@ export declare class SocketFunction {
     private static socketCache;
     static rehydrateSocketCaller<Controller>(socketRegistered: SocketRegisterType<Controller>, shapeFnc?: () => SocketExposedShape): SocketRegistered<Controller>;
     private static callFromGuid;
-    /** Will dedupe callbacks, so if you call with the same callback it won't call it multiple times (otherwise it's difficult to manage this, as this only calls on the NEXT callback). */
-    static onNextDisconnect(nodeId: string, callback: () => void): void;
+    /** Will dedupe callbacks, so if you call with the same callback it won't call it multiple times (otherwise it's difficult to manage this, as this only calls on the NEXT callback).
+        IMPORTANT! Client node ids will NEVER reconnect, so this can full cleanup. However full nodeIds might if we try to use that nodeId again, so this cannot fully clean them up.
+    */
+    static onNextDisconnect(nodeId: string, callback: () => void, noServerNodeIdWarning?: "iKnowThatServerNodeIdsMayReconnect_andDontPermanentlyCleanThemUp"): void;
     static getLastDisconnectTime(nodeId: string): number | undefined;
     static isNodeConnected(nodeId: string): boolean;
     /** NOTE: Only works if the nodeIs used is from SocketFunction.connect (we can't convert arbitrary nodeIds into urls,

package/SocketFunction.ts

@@ -3,7 +3,7 @@
 import { SocketExposedInterface, SocketFunctionHook, SocketFunctionClientHook, SocketExposedShape, SocketRegistered, CallerContext, FullCallType, CallType, FncType, SocketRegisterType } from "./SocketFunctionTypes";
 import { exposeClass, registerClass, registerGlobalClientHook, registerGlobalHook, runClientHooks } from "./src/callManager";
 import { SocketServerConfig, startSocketServer } from "./src/webSocketServer";
-import { getCallFactory, getCreateCallFactory, getNodeId, getNodeIdLocation } from "./src/nodeCache";
+import { getCallFactory, getCreateCallFactory, getNodeId, getNodeIdLocation, isClientNodeId } from "./src/nodeCache";
 import { getCallProxy } from "./src/nodeProxy";
 import { Args, MaybePromise } from "./src/types";
 import { setDefaultHTTPCall } from "./src/callHTTPHandler";
@@ -61,8 +61,6 @@ export class SocketFunction {
 
     public static HTTP_COMPRESS = false;
 
-    public static LEGACY_INITIALIZE = false;
-
     // If you have HTTP resources that require cookies you might to set `SocketFunction.COEP = "require-corp"`
     //  - Cross-origin-resource-policy.
     public static COEP = "credentialless";
@@ -289,8 +287,18 @@ export class SocketFunction {
         }
     }
 
-    /** Will dedupe callbacks, so if you call with the same callback it won't call it multiple times (otherwise it's difficult to manage this, as this only calls on the NEXT callback). */
-    public static onNextDisconnect(nodeId: string, callback: () => void) {
+    /** Will dedupe callbacks, so if you call with the same callback it won't call it multiple times (otherwise it's difficult to manage this, as this only calls on the NEXT callback).
+        IMPORTANT! Client node ids will NEVER reconnect, so this can full cleanup. However full nodeIds might if we try to use that nodeId again, so this cannot fully clean them up.
+    */
+    public static onNextDisconnect(
+        nodeId: string,
+        callback: () => void,
+        // NOTE: It's important to know that unlike client ids, server ids (a nodeId YOU connect to, instead of connecting to you), might be alive again, and so you need some kind of logic to try it again or in some way reconnect. For clients you don't need to, as it's their job to reconnect to you, and they will reconnect with a NEW nodeId.
+        noServerNodeIdWarning?: "iKnowThatServerNodeIdsMayReconnect_andDontPermanentlyCleanThemUp"
+    ) {
+        if (!isClientNodeId(nodeId) && !noServerNodeIdWarning) {
+            console.warn(`Watching for disconnections of ${nodeId}. This is a server nodeId and may be alive again after disconnection. Please set the noServerNodeIdWarning flag in this argument to confirm you are handling reconnecting if the server becomes available again.`);
+        }
         (async () => {
             let factory = await getCallFactory(nodeId);
             if (!factory) {

package/index.d.ts

@@ -31,7 +31,6 @@ declare module "socket-function/SocketFunction" {
         static HTTP_ETAG_CACHE: boolean;
         static silent: boolean;
         static HTTP_COMPRESS: boolean;
-        static LEGACY_INITIALIZE: boolean;
         static COEP: string;
         static COOP: string;
         static TOTAL_CALLS: number;
@@ -73,8 +72,10 @@ declare module "socket-function/SocketFunction" {
         private static socketCache;
         static rehydrateSocketCaller<Controller>(socketRegistered: SocketRegisterType<Controller>, shapeFnc?: () => SocketExposedShape): SocketRegistered<Controller>;
         private static callFromGuid;
-        /** Will dedupe callbacks, so if you call with the same callback it won't call it multiple times (otherwise it's difficult to manage this, as this only calls on the NEXT callback). */
-        static onNextDisconnect(nodeId: string, callback: () => void): void;
+        /** Will dedupe callbacks, so if you call with the same callback it won't call it multiple times (otherwise it's difficult to manage this, as this only calls on the NEXT callback).
+            IMPORTANT! Client node ids will NEVER reconnect, so this can full cleanup. However full nodeIds might if we try to use that nodeId again, so this cannot fully clean them up.
+        */
+        static onNextDisconnect(nodeId: string, callback: () => void, noServerNodeIdWarning?: "iKnowThatServerNodeIdsMayReconnect_andDontPermanentlyCleanThemUp"): void;
         static getLastDisconnectTime(nodeId: string): number | undefined;
         static isNodeConnected(nodeId: string): boolean;
         /** NOTE: Only works if the nodeIs used is from SocketFunction.connect (we can't convert arbitrary nodeIds into urls,
@@ -472,6 +473,7 @@ declare module "socket-function/src/CallFactory" {
         closedForever?: boolean;
         isConnected?: boolean;
         receivedInitializeState?: InitializeState;
+        protocolNegotiated?: boolean;
         performCall(call: CallType): Promise<unknown>;
         onNextDisconnect(callback: () => void): void;
         disconnect(): void;
@@ -482,6 +484,7 @@ declare module "socket-function/src/CallFactory" {
     export interface SenderInterface {
         nodeId?: string;
         _socket?: tls.TLSSocket;
+        protocol?: string;
         send(data: string | Buffer): void;
         close(): void;
         addEventListener(event: "open", listener: () => void): void;
@@ -1079,11 +1082,6 @@ declare module "socket-function/src/nodeCache" {
     export declare function getNodeIdDomain(nodeId: string): string;
     export declare function getNodeIdDomainMaybeUndefined(nodeId: string): string | undefined;
     export declare function registerNodeClient(callFactory: CallFactory): void;
-    export declare function changeNodeId(config: {
-        originalNodeId: string;
-        newNodeId: string;
-        callFactory: CallFactory;
-    }): boolean;
     export declare function getCreateCallFactory(nodeId: string): MaybePromise<CallFactory>;
     export declare function getCallFactory(nodeId: string): MaybePromise<CallFactory | undefined>;
     export declare function debugGetAllCallFactories(): CallFactory[];
@@ -1283,6 +1281,25 @@ declare module "socket-function/src/promiseRace" {
 
 }
 
+declare module "socket-function/src/protocolNegotiation" {
+    export type ConnectionFlags = {
+        clientLZ4: boolean;
+        serverLZ4: boolean;
+    };
+    export type DecodedProtocol = {
+        target: string;
+        flags: ConnectionFlags;
+    };
+    export declare function decodeProtocol(hex: string): DecodedProtocol | undefined;
+    export declare function proposeProtocols(target: string | undefined, clientCapabilities: {
+        lz4: boolean;
+    }): string[];
+    export declare function chooseProtocol(proposed: string[], serverNodeId: string, serverCapabilities: {
+        lz4: boolean;
+    }): string | undefined;
+
+}
+
 declare module "socket-function/src/runPromise" {
     export declare const runAsync: typeof runPromise;
     export declare function runPromise(command: string, config?: {
@@ -1419,10 +1436,11 @@ declare module "socket-function/src/websocketFactory" {
     import { SenderInterface } from "socket-function/src/CallFactory";
     import type * as ws from "ws";
     export declare function getTLSSocket(webSocket: ws.WebSocket): tls.TLSSocket;
+    export type WebsocketFactory = (nodeId: string, proposedProtocols?: string[]) => SenderInterface;
     /** NOTE: We create a factory, which embeds the key/cert information. Otherwise retries might use
      *      a different key/cert context.
      */
-    export declare function createWebsocketFactory(): (nodeId: string) => SenderInterface;
+    export declare function createWebsocketFactory(): WebsocketFactory;
 
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "socket-function",
-	"version": "1.1.29",
+	"version": "1.1.31",
 	"main": "index.js",
 	"license": "MIT",
 	"dependencies": {

package/src/CallFactory.d.ts

@@ -11,6 +11,7 @@ export interface CallFactory {
     closedForever?: boolean;
     isConnected?: boolean;
     receivedInitializeState?: InitializeState;
+    protocolNegotiated?: boolean;
     performCall(call: CallType): Promise<unknown>;
     onNextDisconnect(callback: () => void): void;
     disconnect(): void;
@@ -21,6 +22,7 @@ export interface CallFactory {
 export interface SenderInterface {
     nodeId?: string;
     _socket?: tls.TLSSocket;
+    protocol?: string;
     send(data: string | Buffer): void;
     close(): void;
     addEventListener(event: "open", listener: () => void): void;

package/src/CallFactory.ts

@@ -5,7 +5,7 @@ import { convertErrorStackToError, formatNumberSuffixed, isBufferType, isNode, l
 import { createWebsocketFactory, getTLSSocket } from "./websocketFactory";
 import { SocketFunction } from "../SocketFunction";
 import * as tls from "tls";
-import { changeNodeId, getClientNodeId, getNodeIdLocation, registerNodeClient } from "./nodeCache";
+import { getClientNodeId, getNodeIdLocation, registerNodeClient } from "./nodeCache";
 import debugbreak from "debugbreak";
 import { lazy } from "./caching";
 import { blue, green, red, yellow } from "./formatting/logColors";
@@ -18,7 +18,8 @@ import { setFlag } from "../require/compileFlags";
 import { measureFnc, measureWrap, registerMeasureInfo } from "./profiling/measure";
 import { MaybePromise } from "./types";
 import { Zip } from "./Zip";
-import { LZ4 } from "./lz4/LZ4";
+import { decodeProtocol, proposeProtocols } from "./protocolNegotiation";
+setImmediate(() => import("./lz4/LZ4"));
 
 setFlag(require, "pako", "allowclient", true);
 
@@ -49,6 +50,9 @@ export interface CallFactory {
     closedForever?: boolean;
     isConnected?: boolean;
     receivedInitializeState?: InitializeState;
+    // True if the connection was established with a negotiated
+    // Sec-WebSocket-Protocol (so the legacy initialize packet should be skipped).
+    protocolNegotiated?: boolean;
     // NOTE: May or may not have reconnection or retry logic inside of performCall.
     //  Trigger performLocalCall on the other side of the connection
     performCall(call: CallType): Promise<unknown>;
@@ -62,6 +66,9 @@ export interface SenderInterface {
     nodeId?: string;
     // Only set AFTER "open" (if set at all, as in the browser we don't have access to the socket).
     _socket?: tls.TLSSocket;
+    // The chosen Sec-WebSocket-Protocol value (set after "open" by both Node `ws`
+    // and the browser WebSocket). Empty string means none was negotiated.
+    protocol?: string;
 
     send(data: string | Buffer): void;
     close(): void;
@@ -368,6 +375,23 @@ export async function createCallFactory(
         } else {
             onClose(new Error(`Websocket received in closed state`).stack!);
         }
+
+        if (callFactory.lastClosed && callFactory.isConnected) {
+            console.log(`Successfully reconnected to ${nodeId}, which has been closed for ${formatTime(Date.now() - callFactory.lastClosed)}`, { nodeId });
+        }
+
+        if (callFactory.isConnected && newWebSocket.protocol) {
+            let decoded = decodeProtocol(newWebSocket.protocol);
+            if (decoded) {
+                callFactory.receivedInitializeState = {
+                    supportsLZ4: decoded.flags.serverLZ4,
+                };
+                callFactory.protocolNegotiated = true;
+                if (SocketFunction.logMessages) {
+                    console.log(green(`Negotiated protocol with ${niceConnectionName}: target=${decoded.target}, clientLZ4=${decoded.flags.clientLZ4}, serverLZ4=${decoded.flags.serverLZ4}`));
+                }
+            }
+        }
     }
 
     const BASE_LENGTH_OFFSET = 324_432_461_592_612;
@@ -450,6 +474,7 @@ export async function createCallFactory(
             ...data,
         ]);
     }
+    // IMPORTANT! NEVER allow for reconnection of client ids. A lot of code depends on the fact that clients will reconnect with a new client node id when they disconnect!
     async function tryToReconnect(): Promise<SenderInterface> {
         // Don't try to reconnect too often!
         let timeSinceLastAttempt = Date.now() - lastConnectionAttempt;
@@ -458,12 +483,12 @@ export async function createCallFactory(
         }
         lastConnectionAttempt = Date.now();
 
-        // Try alternates, and if any work, use them
+        // Try alternates, and if any work, use them.
         try {
             let alternates = await SocketFunction.GET_ALTERNATE_NODE_IDS(nodeId);
             if (alternates) {
                 for (let alternateNodeId of alternates) {
-                    let newWebSocket = createWebsocket(alternateNodeId);
+                    let newWebSocket = createWebsocket(alternateNodeId, proposeProtocols(isNode() ? nodeId : undefined, { lz4: true }));
                     await initializeWebsocket(newWebSocket, true);
 
                     if (callFactory.isConnected) {
@@ -475,7 +500,7 @@ export async function createCallFactory(
             console.error("Error getting alternate node IDs", e);
         }
 
-        let newWebSocket = createWebsocket(nodeId);
+        let newWebSocket = createWebsocket(nodeId, proposeProtocols(isNode() ? nodeId : undefined, { lz4: true }));
         await initializeWebsocket(newWebSocket);
 
         return newWebSocket;
@@ -556,11 +581,10 @@ export async function createCallFactory(
         };
 
         if (call.isReturn) {
-            if (!SocketFunction.LEGACY_INITIALIZE && call.seqNum === INITIALIZE_STATE_SEQ_NUM) {
-                callFactory.receivedInitializeState = call.result as InitializeState;
-                if (SocketFunction.logMessages) {
-                    console.log(green(`Received initialize state from ${callFactory.realNodeId} (for ${nodeId}) at ${Date.now()}`));
-                }
+            // Tolerate the legacy initialize packet from old peers — silently
+            // ignore so it doesn't get logged as an unknown call. Our actual
+            // initialize state comes from Sec-WebSocket-Protocol negotiation.
+            if (call.seqNum === INITIALIZE_STATE_SEQ_NUM) {
                 return;
             }
             let callbackObj = pendingCalls.get(call.seqNum);
@@ -770,25 +794,6 @@ export async function createCallFactory(
     }
 
 
-    if (!SocketFunction.LEGACY_INITIALIZE) {
-        let initState: InitializeState = {
-            supportsLZ4: true,
-        };
-        let initReturn: InternalReturnType = {
-            isReturn: true,
-            result: initState,
-            seqNum: INITIALIZE_STATE_SEQ_NUM,
-        };
-        if (SocketFunction.logMessages) {
-            console.log(`Sending initialize state to ${nodeId}`);
-        }
-        let data = await SocketFunction.WIRE_SERIALIZER.serialize(initReturn);
-        await send(data);
-        if (SocketFunction.logMessages) {
-            console.log(`Sent initialize state to ${nodeId}`);
-        }
-    }
-
     return callFactory;
 }
 
@@ -850,6 +855,7 @@ const decompressObj = measureWrap(async function wireCallDecompress(obj: Buffer,
 });
 
 const compressObjLZ4 = measureWrap(async function wireCallCompressLZ4(obj: unknown, stats: CompressionStats): Promise<Buffer[]> {
+    const { LZ4 } = await import("./lz4/LZ4");
     let headerParts: number[];
     let dataBuffers: Buffer[];
 
@@ -952,6 +958,8 @@ const compressObjLZ4 = measureWrap(async function wireCallCompressLZ4(obj: unkno
 });
 
 const decompressObjLZ4 = measureWrap(async function wireCallDecompressLZ4(obj: Buffer[], stats: CompressionStats): Promise<unknown> {
+
+    const { LZ4 } = await import("./lz4/LZ4");
     stats.compressedSize += obj.reduce((sum, buf) => sum + buf.length, 0);
 
     let decompressed: Buffer[] = [];

package/src/nodeCache.d.ts

@@ -18,11 +18,6 @@ export declare function getNodeIdLocation(nodeId: string): {
 export declare function getNodeIdDomain(nodeId: string): string;
 export declare function getNodeIdDomainMaybeUndefined(nodeId: string): string | undefined;
 export declare function registerNodeClient(callFactory: CallFactory): void;
-export declare function changeNodeId(config: {
-    originalNodeId: string;
-    newNodeId: string;
-    callFactory: CallFactory;
-}): boolean;
 export declare function getCreateCallFactory(nodeId: string): MaybePromise<CallFactory>;
 export declare function getCallFactory(nodeId: string): MaybePromise<CallFactory | undefined>;
 export declare function debugGetAllCallFactories(): CallFactory[];

package/src/nodeCache.ts

@@ -77,20 +77,6 @@ export function registerNodeClient(callFactory: CallFactory) {
     startCleanupLoop();
 }
 
-export function changeNodeId(config: {
-    originalNodeId: string;
-    newNodeId: string;
-    callFactory: CallFactory;
-}) {
-    if (nodeCache.has(config.newNodeId)) {
-        console.warn(`Received connection we already have. Likely we and them tried to connect at the same time. Other nodeId: ${config.newNodeId}`);
-        return false;
-    }
-    nodeCache.delete(config.originalNodeId);
-    nodeCache.set(config.newNodeId, config.callFactory);
-    return true;
-}
-
 export function getCreateCallFactory(nodeId: string): MaybePromise<CallFactory> {
     let callFactory = nodeCache.get(nodeId);
     if (callFactory === undefined) {

package/src/protocolNegotiation.d.ts

@@ -0,0 +1,15 @@
+export type ConnectionFlags = {
+    clientLZ4: boolean;
+    serverLZ4: boolean;
+};
+export type DecodedProtocol = {
+    target: string;
+    flags: ConnectionFlags;
+};
+export declare function decodeProtocol(hex: string): DecodedProtocol | undefined;
+export declare function proposeProtocols(target: string | undefined, clientCapabilities: {
+    lz4: boolean;
+}): string[];
+export declare function chooseProtocol(proposed: string[], serverNodeId: string, serverCapabilities: {
+    lz4: boolean;
+}): string | undefined;

package/src/protocolNegotiation.ts

@@ -0,0 +1,108 @@
+// Negotiates connection-level flags via Sec-WebSocket-Protocol on the WebSocket
+// upgrade handshake. The client proposes every flag combination it accepts (hex-
+// encoded so the value is a valid HTTP token). The server picks the first value
+// whose target nodeId matches its own, then returns it verbatim. If none match,
+// the server returns no protocol and the handshake fails — which is exactly the
+// rejection semantics we want (indistinguishable from "node not reachable").
+
+const PROTOCOL_VERSION = "v1";
+
+export type ConnectionFlags = {
+    // Client supports receiving LZ4-compressed frames
+    clientLZ4: boolean;
+    // Server supports receiving LZ4-compressed frames (i.e. server can accept LZ4)
+    serverLZ4: boolean;
+};
+
+export type DecodedProtocol = {
+    target: string;
+    flags: ConnectionFlags;
+};
+
+function hexEncode(s: string): string {
+    return Buffer.from(s, "utf8").toString("hex");
+}
+function hexDecode(s: string): string {
+    return Buffer.from(s, "hex").toString("utf8");
+}
+
+function encodeFlagBit(b: boolean): string { return b ? "1" : "0"; }
+
+// An empty-string target encodes "match any server nodeId" — used for
+// browser clients which don't know our internal nodeId because they're
+// connecting through a Let's Encrypt cert on a public domain.
+const WILDCARD_TARGET = "";
+
+function encodeOne(target: string, flags: ConnectionFlags): string {
+    let plain = `${PROTOCOL_VERSION}|${target}|clz4=${encodeFlagBit(flags.clientLZ4)}|slz4=${encodeFlagBit(flags.serverLZ4)}`;
+    return hexEncode(plain);
+}
+
+export function decodeProtocol(hex: string): DecodedProtocol | undefined {
+    if (!/^[0-9a-fA-F]+$/.test(hex)) return undefined;
+    let plain: string;
+    try {
+        plain = hexDecode(hex);
+    } catch {
+        return undefined;
+    }
+    let parts = plain.split("|");
+    if (parts.length < 2) return undefined;
+    if (parts[0] !== PROTOCOL_VERSION) return undefined;
+    let target = parts[1];
+    let flags: ConnectionFlags = { clientLZ4: false, serverLZ4: false };
+    for (let i = 2; i < parts.length; i++) {
+        let [k, v] = parts[i].split("=");
+        if (k === "clz4") flags.clientLZ4 = v === "1";
+        else if (k === "slz4") flags.serverLZ4 = v === "1";
+    }
+    return { target, flags };
+}
+
+// Build the list of subprotocol values the client wants to propose. We enumerate
+// every flag combination the client accepts — the server will pick whichever
+// one it can serve (matching its own flag support). Caller is responsible for
+// not proposing flags it can't handle.
+//
+// `target` is the nodeId the client wants to reach. Pass undefined for browser
+// clients (or any context where the client doesn't know the server's nodeId,
+// because it's reaching the server through a public DNS name + Let's Encrypt
+// cert). The server then accepts the connection regardless of its identity,
+// while still negotiating flags.
+export function proposeProtocols(target: string | undefined, clientCapabilities: { lz4: boolean }): string[] {
+    let out: string[] = [];
+    let clientLZ4Options = clientCapabilities.lz4 ? [true, false] : [false];
+    let serverLZ4Options = [true, false];
+    let encodedTarget = target ?? WILDCARD_TARGET;
+    for (let clientLZ4 of clientLZ4Options) {
+        for (let serverLZ4 of serverLZ4Options) {
+            out.push(encodeOne(encodedTarget, { clientLZ4, serverLZ4 }));
+        }
+    }
+    return out;
+}
+
+// Server-side: given the proposed (hex-encoded) subprotocol values from the
+// client, the server's own nodeId, and the server's capabilities — pick the
+// first value matching this server with a flag combo we can support. Returns
+// the chosen hex string verbatim (so the server echoes it back), or undefined
+// to signal no match → reject the handshake.
+//
+// A proposal with target === WILDCARD_TARGET ("") matches any server (used
+// by browsers that don't know our internal nodeId).
+export function chooseProtocol(
+    proposed: string[],
+    serverNodeId: string,
+    serverCapabilities: { lz4: boolean }
+): string | undefined {
+    for (let hex of proposed) {
+        let decoded = decodeProtocol(hex);
+        if (!decoded) continue;
+        if (decoded.target !== WILDCARD_TARGET && decoded.target !== serverNodeId) continue;
+        // Server capability check: if the proposal asks the server to receive
+        // LZ4 (slz4=1) but the server doesn't support it, skip.
+        if (decoded.flags.serverLZ4 && !serverCapabilities.lz4) continue;
+        return hex;
+    }
+    return undefined;
+}

package/src/webSocketServer.ts

@@ -3,6 +3,7 @@ import http from "http";
 import net from "net";
 import tls from "tls";
 import { getNodeIdsFromRequest, httpCallHandler } from "./callHTTPHandler";
+import { chooseProtocol, decodeProtocol } from "./protocolNegotiation";
 import { SocketFunction } from "../SocketFunction";
 import { getTrustedCertificates, watchTrustedCertificates } from "./certStore";
 import { createCallFactory } from "./CallFactory";
@@ -63,6 +64,26 @@ export async function startSocketServer(
 
     const webSocketServer = new ws.Server({
         noServer: true,
+        // Negotiate connection-level flags via Sec-WebSocket-Protocol. The
+        // client proposes hex-encoded values that include the target nodeId;
+        // we accept only those whose target matches OUR identity
+        // (SocketFunction.mountedNodeId — not the address the client used to
+        // reach us). If none match we return false, which rejects the
+        // handshake — exactly the semantics we want (indistinguishable from
+        // "node not reachable"). If the client sent no Sec-WebSocket-Protocol
+        // at all, this callback isn't invoked and the handshake proceeds as
+        // a legacy client.
+        handleProtocols: (protocols, request) => {
+            const ourNodeId = SocketFunction.mountedNodeId;
+            const proposed = Array.from(protocols);
+            const chosen = chooseProtocol(proposed, ourNodeId, { lz4: true });
+            if (!chosen) {
+                const proposedDecoded = proposed.map(p => decodeProtocol(p) ?? `<undecodable: ${p}>`);
+                console.log(`Rejecting handshake on ${ourNodeId}: none of the ${proposed.length} proposed protocols target us`, { ourNodeId, proposedDecoded });
+                return false;
+            }
+            return chosen;
+        },
     });
 
     async function setupHTTPSServer(watchOptions: Watchable<https.ServerOptions>) {

package/src/websocketFactory.d.ts

@@ -3,7 +3,8 @@ import tls from "tls";
 import { SenderInterface } from "./CallFactory";
 import type * as ws from "ws";
 export declare function getTLSSocket(webSocket: ws.WebSocket): tls.TLSSocket;
+export type WebsocketFactory = (nodeId: string, proposedProtocols?: string[]) => SenderInterface;
 /** NOTE: We create a factory, which embeds the key/cert information. Otherwise retries might use
  *      a different key/cert context.
  */
-export declare function createWebsocketFactory(): (nodeId: string) => SenderInterface;
+export declare function createWebsocketFactory(): WebsocketFactory;

package/src/websocketFactory.ts

@@ -1,52 +1,56 @@
-import tls from "tls";
-import { isNode } from "./misc";
-import { SenderInterface } from "./CallFactory";
-import { getTrustedCertificates } from "./certStore";
-import { getNodeIdLocation } from "./nodeCache";
-import debugbreak from "debugbreak";
-import { SocketFunction } from "../SocketFunction";
-import type * as ws from "ws";
-
-export function getTLSSocket(webSocket: ws.WebSocket) {
-    return (webSocket as any)._socket as tls.TLSSocket;
-}
-
-/** NOTE: We create a factory, which embeds the key/cert information. Otherwise retries might use
- *      a different key/cert context.
- */
-export function createWebsocketFactory(): (nodeId: string) => SenderInterface {
-
-    if (!isNode()) {
-        return (nodeId: string) => {
-            let location = getNodeIdLocation(nodeId);
-            if (!location) throw new Error(`Cannot connect to ${nodeId}, no address known`);
-            let { address, port } = location;
-
-            if (!SocketFunction.silent) {
-                console.log(`Connecting to ${address}:${port}`);
-            }
-            return new WebSocket(`wss://${address}:${port}`);
-        };
-    } else {
-        return (nodeId: string) => {
-            let location = getNodeIdLocation(nodeId);
-            if (!location) throw new Error(`Cannot connect to ${nodeId}, no address known`);
-            let { address, port } = location;
-
-            if (!SocketFunction.silent) {
-                console.log(`Connecting to ${address}:${port}`);
-            }
-            const ws = require("ws") as typeof import("ws");
-            let webSocket = new ws.WebSocket(`wss://${address}:${port}`, undefined, {
-                ca: getTrustedCertificates(),
-            });
-
-            // NOTE: Little setup is done here, because Sometimes websockets are created here,
-            //      and sometimes via incoming connections, We should do most setup in
-            //      CallFactory.ts:initializeWebsocket
-
-            return webSocket;
-        };
-    }
-}
-
+import tls from "tls";
+import { isNode } from "./misc";
+import { SenderInterface } from "./CallFactory";
+import { getTrustedCertificates } from "./certStore";
+import { getNodeIdLocation } from "./nodeCache";
+import debugbreak from "debugbreak";
+import { SocketFunction } from "../SocketFunction";
+import type * as ws from "ws";
+
+export function getTLSSocket(webSocket: ws.WebSocket) {
+    return (webSocket as any)._socket as tls.TLSSocket;
+}
+
+export type WebsocketFactory = (nodeId: string, proposedProtocols?: string[]) => SenderInterface;
+
+/** NOTE: We create a factory, which embeds the key/cert information. Otherwise retries might use
+ *      a different key/cert context.
+ */
+export function createWebsocketFactory(): WebsocketFactory {
+
+    if (!isNode()) {
+        return (nodeId: string, proposedProtocols?: string[]) => {
+            let location = getNodeIdLocation(nodeId);
+            if (!location) throw new Error(`Cannot connect to ${nodeId}, no address known`);
+            let { address, port } = location;
+
+            if (!SocketFunction.silent) {
+                console.log(`Connecting to ${address}:${port}`);
+            }
+            if (proposedProtocols && proposedProtocols.length > 0) {
+                return new WebSocket(`wss://${address}:${port}`, proposedProtocols);
+            }
+            return new WebSocket(`wss://${address}:${port}`);
+        };
+    } else {
+        return (nodeId: string, proposedProtocols?: string[]) => {
+            let location = getNodeIdLocation(nodeId);
+            if (!location) throw new Error(`Cannot connect to ${nodeId}, no address known`);
+            let { address, port } = location;
+
+            if (!SocketFunction.silent) {
+                console.log(`Connecting to ${address}:${port}`);
+            }
+            const ws = require("ws") as typeof import("ws");
+            let webSocket = new ws.WebSocket(`wss://${address}:${port}`, proposedProtocols, {
+                ca: getTrustedCertificates(),
+            });
+
+            // NOTE: Little setup is done here, because Sometimes websockets are created here,
+            //      and sometimes via incoming connections, We should do most setup in
+            //      CallFactory.ts:initializeWebsocket
+
+            return webSocket;
+        };
+    }
+}