From ab8cb77f81fa85e1a0c221c9d198b294f82f7e6e Mon Sep 17 00:00:00 2001 From: Bryan Ashby Date: Thu, 1 Jun 2017 18:48:14 -0600 Subject: [PATCH 1/3] * secureProxy -> proxied in webSocket config * Add support for X-Forwarded-For and X-Real-IP in WebSocket for remoteAddr --- core/servers/login/websocket.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/core/servers/login/websocket.js b/core/servers/login/websocket.js index 41a3e838..1a9a1ed1 100644 --- a/core/servers/login/websocket.js +++ b/core/servers/login/websocket.js @@ -25,7 +25,7 @@ const ModuleInfo = exports.moduleInfo = { function WebSocketClient(ws, req, serverType) { Object.defineProperty(this, 'isSecure', { - get : () => ('secure' === serverType || true === this.secureProxyConnection) ? true : false, + get : () => ('secure' === serverType || true === this.proxied) ? true : false, }); // @@ -47,7 +47,8 @@ function WebSocketClient(ws, req, serverType) { } get remoteAddress() { - return req.connection.remoteAddress; + // Support X-Forwarded-For and X-Real-IP headers for proxied connections + return (this.proxied && (req.headers['x-forwarded-for'] || req.headers['x-real-ip'])) || req.connection.remoteAddress; } }(ws); @@ -75,11 +76,11 @@ function WebSocketClient(ws, req, serverType) { // If the config allows it, look for 'x-forwarded-proto' as "https" // to override |isSecure| // - if(true === _.get(Config, 'loginServers.webSocket.secureProxy') && + if(true === _.get(Config, 'loginServers.webSocket.proxied') && 'https' === req.headers['x-forwarded-proto']) { - Log.debug(`Assuming secure connection due to X-Forwarded-Proto of ${req.headers['x-forwarded-proto']}`); - this.secureProxyConnection = true; + Log.debug(`Assuming secure connection due to X-Forwarded-Proto of "${req.headers['x-forwarded-proto']}"`); + this.proxied = true; } // start handshake process From ff5896e80cfeb5bb1a6fc4341fe7bc9725661800 Mon Sep 17 00:00:00 2001 From: Bryan Ashby Date: Thu, 1 Jun 2017 18:56:05 -0600 Subject: [PATCH 2/3] Fix proxied check for remoteAddress --- core/servers/login/websocket.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/core/servers/login/websocket.js b/core/servers/login/websocket.js index 1a9a1ed1..9e638a40 100644 --- a/core/servers/login/websocket.js +++ b/core/servers/login/websocket.js @@ -28,6 +28,8 @@ function WebSocketClient(ws, req, serverType) { get : () => ('secure' === serverType || true === this.proxied) ? true : false, }); + const self = this; + // // This bridge makes accessible various calls that client sub classes // want to access on I/O socket @@ -48,7 +50,7 @@ function WebSocketClient(ws, req, serverType) { get remoteAddress() { // Support X-Forwarded-For and X-Real-IP headers for proxied connections - return (this.proxied && (req.headers['x-forwarded-for'] || req.headers['x-real-ip'])) || req.connection.remoteAddress; + return (self.proxied && (req.headers['x-forwarded-for'] || req.headers['x-real-ip'])) || req.connection.remoteAddress; } }(ws); @@ -81,6 +83,8 @@ function WebSocketClient(ws, req, serverType) { { Log.debug(`Assuming secure connection due to X-Forwarded-Proto of "${req.headers['x-forwarded-proto']}"`); this.proxied = true; + } else { + this.proxied = false; } // start handshake process From 64aa63e8b5b0ce7ceb7b58bfeb7f2f5610f1ece8 Mon Sep 17 00:00:00 2001 From: Bryan Ashby Date: Tue, 6 Jun 2017 20:04:28 -0600 Subject: [PATCH 3/3] Fix disconnect of WebSocket --- core/servers/login/websocket.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/core/servers/login/websocket.js b/core/servers/login/websocket.js index 9e638a40..6f826cc9 100644 --- a/core/servers/login/websocket.js +++ b/core/servers/login/websocket.js @@ -41,7 +41,7 @@ function WebSocketClient(ws, req, serverType) { } end() { - return ws.terminate(); + return ws.terminate(); } write(data, cb) { @@ -59,7 +59,8 @@ function WebSocketClient(ws, req, serverType) { }); ws.on('close', () => { - this.end(); + // we'll remove client connection which will in turn end() via our SocketBridge above + return this.emit('end'); }); //