Use socket.handshake instead of socket.client.request

Fixes a bug where sockets would be rejected if they connected directly
with the 'websocket' transport instead of doing an AJAX connection with
websocket upgrade (e.g. if `transports: ['websocket']` is passed to the
socket.io-client constructor).

See https://github.com/socketio/socket.io/blob/master/docs/API.md#sockethandshake
This commit is contained in:
Calvin Montgomery 2017-12-27 14:18:46 -08:00
parent 0b6106a89e
commit 95e147b5a0
3 changed files with 18 additions and 20 deletions

View File

@ -2,7 +2,7 @@
"author": "Calvin Montgomery",
"name": "CyTube",
"description": "Online media synchronizer and chat",
"version": "3.51.15",
"version": "3.51.16",
"repository": {
"url": "http://github.com/calzoneman/sync"
},

View File

@ -52,8 +52,12 @@ class IOServer {
if (!socket.context) socket.context = {};
try {
socket.handshake.connection = {
remoteAddress: socket.handshake.address
};
socket.context.ipAddress = proxyaddr(
socket.client.request,
socket.handshake,
this.proxyTrustFn
);
@ -159,7 +163,7 @@ class IOServer {
// Parse cookies
cookieParsingMiddleware(socket, next) {
const req = socket.request;
const req = socket.handshake;
if (req.headers.cookie) {
cookieParser(req, null, () => next());
} else {
@ -172,7 +176,7 @@ class IOServer {
// Determine session age from ip-session cookie
// (Used for restricting chat)
ipSessionCookieMiddleware(socket, next) {
const cookie = socket.request.signedCookies['ip-session'];
const cookie = socket.handshake.signedCookies['ip-session'];
if (!cookie) {
socket.context.ipSessionFirstSeen = new Date();
next();
@ -193,7 +197,7 @@ class IOServer {
socket.context.aliases = [];
const promises = [];
const auth = socket.request.signedCookies.auth;
const auth = socket.handshake.signedCookies.auth;
if (auth) {
promises.push(verifySession(auth).then(user => {
socket.context.user = Object.assign({}, user);

View File

@ -10,19 +10,13 @@ describe('IOServer', () => {
context: {
ipAddress: '9.9.9.9'
},
client: {
request: {
connection: {
remoteAddress: '127.0.0.1'
},
headers: {
'x-forwarded-for': '1.2.3.4'
}
handshake: {
address: '127.0.0.1',
headers: {
'x-forwarded-for': '1.2.3.4'
}
}
};
socket.request = socket.client.request;
});
describe('#ipProxyMiddleware', () => {
@ -35,7 +29,7 @@ describe('IOServer', () => {
});
it('does not proxy from a non-trusted address', done => {
socket.client.request.connection.remoteAddress = '5.6.7.8';
socket.handshake.address = '5.6.7.8';
server.ipProxyMiddleware(socket, error => {
assert(!error);
assert.strictEqual(socket.context.ipAddress, '5.6.7.8');
@ -128,18 +122,18 @@ describe('IOServer', () => {
describe('#cookieParsingMiddleware', () => {
it('parses cookies', done => {
socket.request.headers.cookie = 'flavor=chocolate%20chip';
socket.handshake.headers.cookie = 'flavor=chocolate%20chip';
server.cookieParsingMiddleware(socket, () => {
assert.strictEqual(socket.request.cookies.flavor, 'chocolate chip');
assert.strictEqual(socket.handshake.cookies.flavor, 'chocolate chip');
done();
});
});
it('defaults to empty objects if no cookies', done => {
server.cookieParsingMiddleware(socket, () => {
assert.deepStrictEqual(socket.request.cookies, {});
assert.deepStrictEqual(socket.request.signedCookies, {});
assert.deepStrictEqual(socket.handshake.cookies, {});
assert.deepStrictEqual(socket.handshake.signedCookies, {});
done();
});
});