Fixes #1017 Logs an error and closes connection when invalid frame re…

…ceived

conf/config.yml

@@ -63,6 +63,14 @@ httpServer:
     headers:
       - user-agent
 
+  # type: uws
+  # options:
+  #   # url path for http health-checks, GET requests to this path will return 200 if deepstream is alive
+  #   healthCheckPath: /health-check
+  #   # Headers to copy over from websocket
+  #   headers:
+  #     - user-agent
+
 # Connection Endpoint Configuration
 # to disable, replace configuration with null eg. `http: null`
 connectionEndpoints:
@@ -106,6 +114,27 @@ connectionEndpoints:
       # maximum allowed size of an individual message in bytes
       maxMessageSize: 1048576
 
+  - type: ws-json
+    options:
+      # url path websocket connections connect to
+      urlPath: /deepstream-json
+      # the amount of milliseconds between each ping/heartbeat message
+      heartbeatInterval: 30000
+      # the amount of milliseconds that writes to sockets are buffered
+      outgoingBufferTimeout: 10
+      # the maximum amount of bytes to buffer before flushing, stops the client from large enough packages
+      # to block its responsiveness
+      maxBufferByteSize: 100000
+
+      # Security
+      # amount of time a connection can remain open while not being logged in
+      unauthenticatedClientTimeout: 180000
+      # invalid login attempts before the connection is cut
+      maxAuthAttempts: 3
+      # maximum allowed size of an individual message in bytes
+      maxMessageSize: 1048576
+
+
   - type: http
     options:
       # allow 'authData' parameter in POST requests, if disabled only token and OPEN auth is

src/connection-endpoint/base/socket-wrapper.ts

@@ -32,6 +32,11 @@ export abstract class WSSocketWrapper<SerializedType extends { length: number }>
     return this.isClosed !== true
   }
 
+  protected invalidTypeReceived () {
+    this.services.logger.error(EVENT.ERROR, `Received an invalid message type on ${this.uuid}`)
+    this.destroy()
+  }
+
   /**
    * Called by the connection endpoint to flush all buffered writes.
    * A buffered write is a write that is not a high priority, such as an ack

src/connection-endpoint/websocket/binary/socket-wrapper-factory.ts

@@ -15,6 +15,11 @@ export class WSBinarySocketWrapper extends WSSocketWrapper<Uint8Array> {
   }
 
   public parseMessage (message: ArrayBuffer): ParseResult[] {
+    if (typeof message === 'string') {
+      this.invalidTypeReceived()
+      return []
+    }
+
     /* we copy the underlying buffer (since a shallow reference won't be safe
      * outside of the callback)
      * the copy could be avoided if we make sure not to store references to the

src/connection-endpoint/websocket/json/socket-wrapper-factory.ts

@@ -13,7 +13,17 @@ export class JSONSocketWrapper extends WSSocketWrapper<string> {
   }
 
   public parseMessage (message: string): ParseResult[] {
-    return [JSON.parse(message)]
+    if (typeof message !== 'string') {
+      this.invalidTypeReceived()
+      return []
+    }
+
+    try {
+      return [JSON.parse(message)]
+    } catch (e) {
+      this.invalidTypeReceived()
+      return []
+    }
   }
 
   public parseData (message: Message): true | Error {

src/connection-endpoint/websocket/text/socket-wrapper-factory.ts

@@ -15,6 +15,11 @@ export class TextWSSocketWrapper extends WSSocketWrapper<string> {
   }
 
   public parseMessage (message: string): ParseResult[] {
+    if (typeof message !== 'string') {
+      this.invalidTypeReceived()
+      return []
+    }
+
     return textMessageParse.parse(message)
   }