Use socket.handshake instead of socket.client.request

Fixes a bug where sockets would be rejected if they connected directly
with the 'websocket' transport instead of doing an AJAX connection with
websocket upgrade (e.g. if `transports: ['websocket']` is passed to the
socket.io-client constructor).

See https://github.com/socketio/socket.io/blob/master/docs/API.md#sockethandshake
This commit is contained in:
Calvin Montgomery 2017-12-27 14:18:46 -08:00
parent 0b6106a89e
commit 95e147b5a0
3 changed files with 18 additions and 20 deletions

View File

@ -2,7 +2,7 @@
"author": "Calvin Montgomery", "author": "Calvin Montgomery",
"name": "CyTube", "name": "CyTube",
"description": "Online media synchronizer and chat", "description": "Online media synchronizer and chat",
"version": "3.51.15", "version": "3.51.16",
"repository": { "repository": {
"url": "http://github.com/calzoneman/sync" "url": "http://github.com/calzoneman/sync"
}, },

View File

@ -52,8 +52,12 @@ class IOServer {
if (!socket.context) socket.context = {}; if (!socket.context) socket.context = {};
try { try {
socket.handshake.connection = {
remoteAddress: socket.handshake.address
};
socket.context.ipAddress = proxyaddr( socket.context.ipAddress = proxyaddr(
socket.client.request, socket.handshake,
this.proxyTrustFn this.proxyTrustFn
); );
@ -159,7 +163,7 @@ class IOServer {
// Parse cookies // Parse cookies
cookieParsingMiddleware(socket, next) { cookieParsingMiddleware(socket, next) {
const req = socket.request; const req = socket.handshake;
if (req.headers.cookie) { if (req.headers.cookie) {
cookieParser(req, null, () => next()); cookieParser(req, null, () => next());
} else { } else {
@ -172,7 +176,7 @@ class IOServer {
// Determine session age from ip-session cookie // Determine session age from ip-session cookie
// (Used for restricting chat) // (Used for restricting chat)
ipSessionCookieMiddleware(socket, next) { ipSessionCookieMiddleware(socket, next) {
const cookie = socket.request.signedCookies['ip-session']; const cookie = socket.handshake.signedCookies['ip-session'];
if (!cookie) { if (!cookie) {
socket.context.ipSessionFirstSeen = new Date(); socket.context.ipSessionFirstSeen = new Date();
next(); next();
@ -193,7 +197,7 @@ class IOServer {
socket.context.aliases = []; socket.context.aliases = [];
const promises = []; const promises = [];
const auth = socket.request.signedCookies.auth; const auth = socket.handshake.signedCookies.auth;
if (auth) { if (auth) {
promises.push(verifySession(auth).then(user => { promises.push(verifySession(auth).then(user => {
socket.context.user = Object.assign({}, user); socket.context.user = Object.assign({}, user);

View File

@ -10,19 +10,13 @@ describe('IOServer', () => {
context: { context: {
ipAddress: '9.9.9.9' ipAddress: '9.9.9.9'
}, },
client: { handshake: {
request: { address: '127.0.0.1',
connection: { headers: {
remoteAddress: '127.0.0.1' 'x-forwarded-for': '1.2.3.4'
},
headers: {
'x-forwarded-for': '1.2.3.4'
}
} }
} }
}; };
socket.request = socket.client.request;
}); });
describe('#ipProxyMiddleware', () => { describe('#ipProxyMiddleware', () => {
@ -35,7 +29,7 @@ describe('IOServer', () => {
}); });
it('does not proxy from a non-trusted address', done => { it('does not proxy from a non-trusted address', done => {
socket.client.request.connection.remoteAddress = '5.6.7.8'; socket.handshake.address = '5.6.7.8';
server.ipProxyMiddleware(socket, error => { server.ipProxyMiddleware(socket, error => {
assert(!error); assert(!error);
assert.strictEqual(socket.context.ipAddress, '5.6.7.8'); assert.strictEqual(socket.context.ipAddress, '5.6.7.8');
@ -128,18 +122,18 @@ describe('IOServer', () => {
describe('#cookieParsingMiddleware', () => { describe('#cookieParsingMiddleware', () => {
it('parses cookies', done => { it('parses cookies', done => {
socket.request.headers.cookie = 'flavor=chocolate%20chip'; socket.handshake.headers.cookie = 'flavor=chocolate%20chip';
server.cookieParsingMiddleware(socket, () => { server.cookieParsingMiddleware(socket, () => {
assert.strictEqual(socket.request.cookies.flavor, 'chocolate chip'); assert.strictEqual(socket.handshake.cookies.flavor, 'chocolate chip');
done(); done();
}); });
}); });
it('defaults to empty objects if no cookies', done => { it('defaults to empty objects if no cookies', done => {
server.cookieParsingMiddleware(socket, () => { server.cookieParsingMiddleware(socket, () => {
assert.deepStrictEqual(socket.request.cookies, {}); assert.deepStrictEqual(socket.handshake.cookies, {});
assert.deepStrictEqual(socket.request.signedCookies, {}); assert.deepStrictEqual(socket.handshake.signedCookies, {});
done(); done();
}); });
}); });