Add a WS subprotocol check #3

yanfali · 2022-04-12T04:13:29Z

This seems like an interesting idea, specify a websocket sub protocol

https://websockets.spec.whatwg.org/#ref-for-dom-websocket-websocket%E2%91%A0

I'm not sure how to do this in fastify with a websocket connection, so add the check on the message for now.

Description

- just trying this out

- add a verifyClient handler in options

- specify initial subprotocol of XAPWS1 - set sec-websocket-protocol headers on response if they match - verify sec-websocket-protocol on request

- check the sub protocol header before upgrading connection

zekth · 2022-04-12T08:36:05Z

src/app.ts

+     * @param protocols set of subprotocols from header
+     * @returns subprotocol accepted or false
+     */
+    handleProtocols: (protocols: Set<string>) => {


i'd replace handleProtocols with:

verifyClient: (info: { origin: string; req: IncomingMessage; secure: boolean }) => { return ( (info.req.headers['sec-websocket-protocol'] && validSubprotocols.find((x) => info.req.headers['sec-websocket-protocol'] === x)) || false ) }

If there is no subprotocol this will not be executed. See: websockets/ws#1552 (comment)

In the notes they recommended not using this hook. I wasn't sure why

Handle protocols only sets the headers as per the spec. It doesn't seem to care about verification

I tried verify client in an earlier version of patch but the docs pointed at prevalidatoon for some reaspn

we can have prevalidation, so we need to use app.route and add prehandler on it. We cannot use the shorthand route definition like app.get

zekth · 2022-04-12T08:36:53Z

src/app.ts

+})
+
+app.register(async (fastify: FastifyInstance) => {
+  fastify.addHook('preValidation', async (req: FastifyRequest, reply: FastifyReply) => {


With the comment on handleProtocols we can get rid of prevalidation hook.
also you don't need to await the reply.send() just return it.

Sounds good

zekth · 2022-04-12T08:37:22Z

src/app.ts

@@ -1,4 +1,4 @@
-import fastify from 'fastify'
+import fastify, { FastifyInstance } from 'fastify'


Suggested change

import fastify, { FastifyInstance } from 'fastify'

import fastify from 'fastify'

import type { FastifyInstance } from 'fastify'

yanfali added 5 commits April 11, 2022 21:10

Add a WS subprotocol check

65ff5fc

- just trying this out

Validate subprotocol the fastifyws way

0e40006

- add a verifyClient handler in options

Use subprotocols to enforce message formats

0f93cbc

- specify initial subprotocol of XAPWS1 - set sec-websocket-protocol headers on response if they match - verify sec-websocket-protocol on request

Add preValidation hook to ws

ccd5d9b

- check the sub protocol header before upgrading connection

Follow style of rest of code

914c2a3

zekth suggested changes Apr 12, 2022

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Add a WS subprotocol check #3

Add a WS subprotocol check #3

Uh oh!

yanfali commented Apr 12, 2022

Uh oh!

zekth Apr 12, 2022

Uh oh!

yanfali Apr 12, 2022

Uh oh!

yanfali Apr 12, 2022

Uh oh!

yanfali Apr 12, 2022

Uh oh!

zekth Apr 12, 2022

Uh oh!

zekth Apr 12, 2022

Uh oh!

yanfali Apr 12, 2022

Uh oh!

zekth Apr 12, 2022

Uh oh!

Uh oh!

		@@ -1,4 +1,4 @@
		import fastify from 'fastify'
		import fastify, { FastifyInstance } from 'fastify'

	import fastify, { FastifyInstance } from 'fastify'
	import fastify from 'fastify'
	import type { FastifyInstance } from 'fastify'

Uh oh!

Add a WS subprotocol check #3

Are you sure you want to change the base?

Add a WS subprotocol check #3

Uh oh!

Conversation

yanfali commented Apr 12, 2022

Description

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!