From 95e147b5a0d768d349e576b859387ce72b670b74 Mon Sep 17 00:00:00 2001 From: Calvin Montgomery Date: Wed, 27 Dec 2017 14:18:46 -0800 Subject: [PATCH] Use socket.handshake instead of socket.client.request Fixes a bug where sockets would be rejected if they connected directly with the 'websocket' transport instead of doing an AJAX connection with websocket upgrade (e.g. if `transports: ['websocket']` is passed to the socket.io-client constructor). See https://github.com/socketio/socket.io/blob/master/docs/API.md#sockethandshake --- package.json | 2 +- src/io/ioserver.js | 12 ++++++++---- test/io/ioserver.js | 24 +++++++++--------------- 3 files changed, 18 insertions(+), 20 deletions(-) diff --git a/package.json b/package.json index 24e32f33..2c70dbbf 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "author": "Calvin Montgomery", "name": "CyTube", "description": "Online media synchronizer and chat", - "version": "3.51.15", + "version": "3.51.16", "repository": { "url": "http://github.com/calzoneman/sync" }, diff --git a/src/io/ioserver.js b/src/io/ioserver.js index 927430ea..697627db 100644 --- a/src/io/ioserver.js +++ b/src/io/ioserver.js @@ -52,8 +52,12 @@ class IOServer { if (!socket.context) socket.context = {}; try { + socket.handshake.connection = { + remoteAddress: socket.handshake.address + }; + socket.context.ipAddress = proxyaddr( - socket.client.request, + socket.handshake, this.proxyTrustFn ); @@ -159,7 +163,7 @@ class IOServer { // Parse cookies cookieParsingMiddleware(socket, next) { - const req = socket.request; + const req = socket.handshake; if (req.headers.cookie) { cookieParser(req, null, () => next()); } else { @@ -172,7 +176,7 @@ class IOServer { // Determine session age from ip-session cookie // (Used for restricting chat) ipSessionCookieMiddleware(socket, next) { - const cookie = socket.request.signedCookies['ip-session']; + const cookie = socket.handshake.signedCookies['ip-session']; if (!cookie) { socket.context.ipSessionFirstSeen = new Date(); next(); @@ -193,7 +197,7 @@ class IOServer { socket.context.aliases = []; const promises = []; - const auth = socket.request.signedCookies.auth; + const auth = socket.handshake.signedCookies.auth; if (auth) { promises.push(verifySession(auth).then(user => { socket.context.user = Object.assign({}, user); diff --git a/test/io/ioserver.js b/test/io/ioserver.js index 5ace9ae9..30e041e5 100644 --- a/test/io/ioserver.js +++ b/test/io/ioserver.js @@ -10,19 +10,13 @@ describe('IOServer', () => { context: { ipAddress: '9.9.9.9' }, - client: { - request: { - connection: { - remoteAddress: '127.0.0.1' - }, - headers: { - 'x-forwarded-for': '1.2.3.4' - } + handshake: { + address: '127.0.0.1', + headers: { + 'x-forwarded-for': '1.2.3.4' } } }; - - socket.request = socket.client.request; }); describe('#ipProxyMiddleware', () => { @@ -35,7 +29,7 @@ describe('IOServer', () => { }); it('does not proxy from a non-trusted address', done => { - socket.client.request.connection.remoteAddress = '5.6.7.8'; + socket.handshake.address = '5.6.7.8'; server.ipProxyMiddleware(socket, error => { assert(!error); assert.strictEqual(socket.context.ipAddress, '5.6.7.8'); @@ -128,18 +122,18 @@ describe('IOServer', () => { describe('#cookieParsingMiddleware', () => { it('parses cookies', done => { - socket.request.headers.cookie = 'flavor=chocolate%20chip'; + socket.handshake.headers.cookie = 'flavor=chocolate%20chip'; server.cookieParsingMiddleware(socket, () => { - assert.strictEqual(socket.request.cookies.flavor, 'chocolate chip'); + assert.strictEqual(socket.handshake.cookies.flavor, 'chocolate chip'); done(); }); }); it('defaults to empty objects if no cookies', done => { server.cookieParsingMiddleware(socket, () => { - assert.deepStrictEqual(socket.request.cookies, {}); - assert.deepStrictEqual(socket.request.signedCookies, {}); + assert.deepStrictEqual(socket.handshake.cookies, {}); + assert.deepStrictEqual(socket.handshake.signedCookies, {}); done(); }); });