123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536 |
- /* eslint no-unused-vars: ["error", { "varsIgnorePattern": "^net|tls|https$" }] */
- 'use strict';
- const EventEmitter = require('events');
- const http = require('http');
- const https = require('https');
- const net = require('net');
- const tls = require('tls');
- const { createHash } = require('crypto');
- const extension = require('./extension');
- const PerMessageDeflate = require('./permessage-deflate');
- const subprotocol = require('./subprotocol');
- const WebSocket = require('./websocket');
- const { GUID, kWebSocket } = require('./constants');
- const keyRegex = /^[+/0-9A-Za-z]{22}==$/;
- const RUNNING = 0;
- const CLOSING = 1;
- const CLOSED = 2;
- /**
- * Class representing a WebSocket server.
- *
- * @extends EventEmitter
- */
- class WebSocketServer extends EventEmitter {
- /**
- * Create a `WebSocketServer` instance.
- *
- * @param {Object} options Configuration options
- * @param {Number} [options.backlog=511] The maximum length of the queue of
- * pending connections
- * @param {Boolean} [options.clientTracking=true] Specifies whether or not to
- * track clients
- * @param {Function} [options.handleProtocols] A hook to handle protocols
- * @param {String} [options.host] The hostname where to bind the server
- * @param {Number} [options.maxPayload=104857600] The maximum allowed message
- * size
- * @param {Boolean} [options.noServer=false] Enable no server mode
- * @param {String} [options.path] Accept only connections matching this path
- * @param {(Boolean|Object)} [options.perMessageDeflate=false] Enable/disable
- * permessage-deflate
- * @param {Number} [options.port] The port where to bind the server
- * @param {(http.Server|https.Server)} [options.server] A pre-created HTTP/S
- * server to use
- * @param {Boolean} [options.skipUTF8Validation=false] Specifies whether or
- * not to skip UTF-8 validation for text and close messages
- * @param {Function} [options.verifyClient] A hook to reject connections
- * @param {Function} [options.WebSocket=WebSocket] Specifies the `WebSocket`
- * class to use. It must be the `WebSocket` class or class that extends it
- * @param {Function} [callback] A listener for the `listening` event
- */
- constructor(options, callback) {
- super();
- options = {
- maxPayload: 100 * 1024 * 1024,
- skipUTF8Validation: false,
- perMessageDeflate: false,
- handleProtocols: null,
- clientTracking: true,
- verifyClient: null,
- noServer: false,
- backlog: null, // use default (511 as implemented in net.js)
- server: null,
- host: null,
- path: null,
- port: null,
- WebSocket,
- ...options
- };
- if (
- (options.port == null && !options.server && !options.noServer) ||
- (options.port != null && (options.server || options.noServer)) ||
- (options.server && options.noServer)
- ) {
- throw new TypeError(
- 'One and only one of the "port", "server", or "noServer" options ' +
- 'must be specified'
- );
- }
- if (options.port != null) {
- this._server = http.createServer((req, res) => {
- const body = http.STATUS_CODES[426];
- res.writeHead(426, {
- 'Content-Length': body.length,
- 'Content-Type': 'text/plain'
- });
- res.end(body);
- });
- this._server.listen(
- options.port,
- options.host,
- options.backlog,
- callback
- );
- } else if (options.server) {
- this._server = options.server;
- }
- if (this._server) {
- const emitConnection = this.emit.bind(this, 'connection');
- this._removeListeners = addListeners(this._server, {
- listening: this.emit.bind(this, 'listening'),
- error: this.emit.bind(this, 'error'),
- upgrade: (req, socket, head) => {
- this.handleUpgrade(req, socket, head, emitConnection);
- }
- });
- }
- if (options.perMessageDeflate === true) options.perMessageDeflate = {};
- if (options.clientTracking) {
- this.clients = new Set();
- this._shouldEmitClose = false;
- }
- this.options = options;
- this._state = RUNNING;
- }
- /**
- * Returns the bound address, the address family name, and port of the server
- * as reported by the operating system if listening on an IP socket.
- * If the server is listening on a pipe or UNIX domain socket, the name is
- * returned as a string.
- *
- * @return {(Object|String|null)} The address of the server
- * @public
- */
- address() {
- if (this.options.noServer) {
- throw new Error('The server is operating in "noServer" mode');
- }
- if (!this._server) return null;
- return this._server.address();
- }
- /**
- * Stop the server from accepting new connections and emit the `'close'` event
- * when all existing connections are closed.
- *
- * @param {Function} [cb] A one-time listener for the `'close'` event
- * @public
- */
- close(cb) {
- if (this._state === CLOSED) {
- if (cb) {
- this.once('close', () => {
- cb(new Error('The server is not running'));
- });
- }
- process.nextTick(emitClose, this);
- return;
- }
- if (cb) this.once('close', cb);
- if (this._state === CLOSING) return;
- this._state = CLOSING;
- if (this.options.noServer || this.options.server) {
- if (this._server) {
- this._removeListeners();
- this._removeListeners = this._server = null;
- }
- if (this.clients) {
- if (!this.clients.size) {
- process.nextTick(emitClose, this);
- } else {
- this._shouldEmitClose = true;
- }
- } else {
- process.nextTick(emitClose, this);
- }
- } else {
- const server = this._server;
- this._removeListeners();
- this._removeListeners = this._server = null;
- //
- // The HTTP/S server was created internally. Close it, and rely on its
- // `'close'` event.
- //
- server.close(() => {
- emitClose(this);
- });
- }
- }
- /**
- * See if a given request should be handled by this server instance.
- *
- * @param {http.IncomingMessage} req Request object to inspect
- * @return {Boolean} `true` if the request is valid, else `false`
- * @public
- */
- shouldHandle(req) {
- if (this.options.path) {
- const index = req.url.indexOf('?');
- const pathname = index !== -1 ? req.url.slice(0, index) : req.url;
- if (pathname !== this.options.path) return false;
- }
- return true;
- }
- /**
- * Handle a HTTP Upgrade request.
- *
- * @param {http.IncomingMessage} req The request object
- * @param {(net.Socket|tls.Socket)} socket The network socket between the
- * server and client
- * @param {Buffer} head The first packet of the upgraded stream
- * @param {Function} cb Callback
- * @public
- */
- handleUpgrade(req, socket, head, cb) {
- socket.on('error', socketOnError);
- const key = req.headers['sec-websocket-key'];
- const version = +req.headers['sec-websocket-version'];
- if (req.method !== 'GET') {
- const message = 'Invalid HTTP method';
- abortHandshakeOrEmitwsClientError(this, req, socket, 405, message);
- return;
- }
- if (req.headers.upgrade.toLowerCase() !== 'websocket') {
- const message = 'Invalid Upgrade header';
- abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
- return;
- }
- if (!key || !keyRegex.test(key)) {
- const message = 'Missing or invalid Sec-WebSocket-Key header';
- abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
- return;
- }
- if (version !== 8 && version !== 13) {
- const message = 'Missing or invalid Sec-WebSocket-Version header';
- abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
- return;
- }
- if (!this.shouldHandle(req)) {
- abortHandshake(socket, 400);
- return;
- }
- const secWebSocketProtocol = req.headers['sec-websocket-protocol'];
- let protocols = new Set();
- if (secWebSocketProtocol !== undefined) {
- try {
- protocols = subprotocol.parse(secWebSocketProtocol);
- } catch (err) {
- const message = 'Invalid Sec-WebSocket-Protocol header';
- abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
- return;
- }
- }
- const secWebSocketExtensions = req.headers['sec-websocket-extensions'];
- const extensions = {};
- if (
- this.options.perMessageDeflate &&
- secWebSocketExtensions !== undefined
- ) {
- const perMessageDeflate = new PerMessageDeflate(
- this.options.perMessageDeflate,
- true,
- this.options.maxPayload
- );
- try {
- const offers = extension.parse(secWebSocketExtensions);
- if (offers[PerMessageDeflate.extensionName]) {
- perMessageDeflate.accept(offers[PerMessageDeflate.extensionName]);
- extensions[PerMessageDeflate.extensionName] = perMessageDeflate;
- }
- } catch (err) {
- const message =
- 'Invalid or unacceptable Sec-WebSocket-Extensions header';
- abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
- return;
- }
- }
- //
- // Optionally call external client verification handler.
- //
- if (this.options.verifyClient) {
- const info = {
- origin:
- req.headers[`${version === 8 ? 'sec-websocket-origin' : 'origin'}`],
- secure: !!(req.socket.authorized || req.socket.encrypted),
- req
- };
- if (this.options.verifyClient.length === 2) {
- this.options.verifyClient(info, (verified, code, message, headers) => {
- if (!verified) {
- return abortHandshake(socket, code || 401, message, headers);
- }
- this.completeUpgrade(
- extensions,
- key,
- protocols,
- req,
- socket,
- head,
- cb
- );
- });
- return;
- }
- if (!this.options.verifyClient(info)) return abortHandshake(socket, 401);
- }
- this.completeUpgrade(extensions, key, protocols, req, socket, head, cb);
- }
- /**
- * Upgrade the connection to WebSocket.
- *
- * @param {Object} extensions The accepted extensions
- * @param {String} key The value of the `Sec-WebSocket-Key` header
- * @param {Set} protocols The subprotocols
- * @param {http.IncomingMessage} req The request object
- * @param {(net.Socket|tls.Socket)} socket The network socket between the
- * server and client
- * @param {Buffer} head The first packet of the upgraded stream
- * @param {Function} cb Callback
- * @throws {Error} If called more than once with the same socket
- * @private
- */
- completeUpgrade(extensions, key, protocols, req, socket, head, cb) {
- //
- // Destroy the socket if the client has already sent a FIN packet.
- //
- if (!socket.readable || !socket.writable) return socket.destroy();
- if (socket[kWebSocket]) {
- throw new Error(
- 'server.handleUpgrade() was called more than once with the same ' +
- 'socket, possibly due to a misconfiguration'
- );
- }
- if (this._state > RUNNING) return abortHandshake(socket, 503);
- const digest = createHash('sha1')
- .update(key + GUID)
- .digest('base64');
- const headers = [
- 'HTTP/1.1 101 Switching Protocols',
- 'Upgrade: websocket',
- 'Connection: Upgrade',
- `Sec-WebSocket-Accept: ${digest}`
- ];
- const ws = new this.options.WebSocket(null);
- if (protocols.size) {
- //
- // Optionally call external protocol selection handler.
- //
- const protocol = this.options.handleProtocols
- ? this.options.handleProtocols(protocols, req)
- : protocols.values().next().value;
- if (protocol) {
- headers.push(`Sec-WebSocket-Protocol: ${protocol}`);
- ws._protocol = protocol;
- }
- }
- if (extensions[PerMessageDeflate.extensionName]) {
- const params = extensions[PerMessageDeflate.extensionName].params;
- const value = extension.format({
- [PerMessageDeflate.extensionName]: [params]
- });
- headers.push(`Sec-WebSocket-Extensions: ${value}`);
- ws._extensions = extensions;
- }
- //
- // Allow external modification/inspection of handshake headers.
- //
- this.emit('headers', headers, req);
- socket.write(headers.concat('\r\n').join('\r\n'));
- socket.removeListener('error', socketOnError);
- ws.setSocket(socket, head, {
- maxPayload: this.options.maxPayload,
- skipUTF8Validation: this.options.skipUTF8Validation
- });
- if (this.clients) {
- this.clients.add(ws);
- ws.on('close', () => {
- this.clients.delete(ws);
- if (this._shouldEmitClose && !this.clients.size) {
- process.nextTick(emitClose, this);
- }
- });
- }
- cb(ws, req);
- }
- }
- module.exports = WebSocketServer;
- /**
- * Add event listeners on an `EventEmitter` using a map of <event, listener>
- * pairs.
- *
- * @param {EventEmitter} server The event emitter
- * @param {Object.<String, Function>} map The listeners to add
- * @return {Function} A function that will remove the added listeners when
- * called
- * @private
- */
- function addListeners(server, map) {
- for (const event of Object.keys(map)) server.on(event, map[event]);
- return function removeListeners() {
- for (const event of Object.keys(map)) {
- server.removeListener(event, map[event]);
- }
- };
- }
- /**
- * Emit a `'close'` event on an `EventEmitter`.
- *
- * @param {EventEmitter} server The event emitter
- * @private
- */
- function emitClose(server) {
- server._state = CLOSED;
- server.emit('close');
- }
- /**
- * Handle socket errors.
- *
- * @private
- */
- function socketOnError() {
- this.destroy();
- }
- /**
- * Close the connection when preconditions are not fulfilled.
- *
- * @param {(net.Socket|tls.Socket)} socket The socket of the upgrade request
- * @param {Number} code The HTTP response status code
- * @param {String} [message] The HTTP response body
- * @param {Object} [headers] Additional HTTP response headers
- * @private
- */
- function abortHandshake(socket, code, message, headers) {
- //
- // The socket is writable unless the user destroyed or ended it before calling
- // `server.handleUpgrade()` or in the `verifyClient` function, which is a user
- // error. Handling this does not make much sense as the worst that can happen
- // is that some of the data written by the user might be discarded due to the
- // call to `socket.end()` below, which triggers an `'error'` event that in
- // turn causes the socket to be destroyed.
- //
- message = message || http.STATUS_CODES[code];
- headers = {
- Connection: 'close',
- 'Content-Type': 'text/html',
- 'Content-Length': Buffer.byteLength(message),
- ...headers
- };
- socket.once('finish', socket.destroy);
- socket.end(
- `HTTP/1.1 ${code} ${http.STATUS_CODES[code]}\r\n` +
- Object.keys(headers)
- .map((h) => `${h}: ${headers[h]}`)
- .join('\r\n') +
- '\r\n\r\n' +
- message
- );
- }
- /**
- * Emit a `'wsClientError'` event on a `WebSocketServer` if there is at least
- * one listener for it, otherwise call `abortHandshake()`.
- *
- * @param {WebSocketServer} server The WebSocket server
- * @param {http.IncomingMessage} req The request object
- * @param {(net.Socket|tls.Socket)} socket The socket of the upgrade request
- * @param {Number} code The HTTP response status code
- * @param {String} message The HTTP response body
- * @private
- */
- function abortHandshakeOrEmitwsClientError(server, req, socket, code, message) {
- if (server.listenerCount('wsClientError')) {
- const err = new Error(message);
- Error.captureStackTrace(err, abortHandshakeOrEmitwsClientError);
- server.emit('wsClientError', err, socket, req);
- } else {
- abortHandshake(socket, code, message);
- }
- }
|