Add validation for server opening handshake response in Ember WebSocket client #7138
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mergify
bot
added
series/0.23
|
Thanks! I retargeted to a new |
armanbilge
reviewed
Jun 7, 2023
Comment on lines
35
to
41
| /** Validate the opening handshake response from the server | ||
| * https://datatracker.ietf.org/doc/html/rfc6455#page-6 | ||
| */ | ||
| def validateServerHandshake[F[_]]( | ||
| response: Response[F], | ||
| secWebSocketKey: String, | ||
| )(implicit F: MonadThrow[F]): F[Boolean] = |
There was a problem hiding this comment.
This looks great! Can we add a WebSocketHelpersSuite that validates a successful response, and also one response for each of the different failure kinds?
armanbilge
approved these changes
Jun 16, 2023
|
|
||
| private[client] object WebSocketHelpers { | ||
|
|
||
| private[internal] val supportedWebSocketVersion = 13L |
There was a problem hiding this comment.
Adding final makes it a constant that will be inlined, because the right-hand-side is known at compile-time.
Suggested change
| private[internal] val supportedWebSocketVersion = 13L | |
| private[internal] final val supportedWebSocketVersion = 13L |
Comment on lines
+65
to
+89
| private def serverHandshake[F[_]](res: Response[F]): Either[ServerHandshakeError, ByteVector] = { | ||
| val status = res.status match { | ||
| case Status.SwitchingProtocols => Either.unit | ||
| case _ => Left(InvalidStatus) | ||
| } | ||
|
|
||
| val connection = res.headers.get[Connection] match { | ||
| case Some(header) if header.hasUpgrade => Either.unit | ||
| case _ => Left(UpgradeRequired) | ||
| } | ||
|
|
||
| val upgrade = res.headers.get[Upgrade] match { | ||
| case Some(header) if header.values.contains_(webSocketProtocol) => Either.unit | ||
| case _ => Left(UpgradeRequired) | ||
| } | ||
|
|
||
| val secWebSocketAcceptKey = res.headers.get[`Sec-WebSocket-Accept`] match { | ||
| case Some(header) => Right(header.hashedKey) | ||
| case None => Left(SecWebSocketAcceptNotFound) | ||
| } | ||
|
|
||
| (status, connection, upgrade, secWebSocketAcceptKey).mapN { | ||
| case (_, _, _, secWebSocketAcceptKey) => | ||
| secWebSocketAcceptKey | ||
| } |
There was a problem hiding this comment.
This way each check evaluates lazily and will short-circuit immediately if there is an error.
Suggested change
| private def serverHandshake[F[_]](res: Response[F]): Either[ServerHandshakeError, ByteVector] = { | |
| val status = res.status match { | |
| case Status.SwitchingProtocols => Either.unit | |
| case _ => Left(InvalidStatus) | |
| } | |
| val connection = res.headers.get[Connection] match { | |
| case Some(header) if header.hasUpgrade => Either.unit | |
| case _ => Left(UpgradeRequired) | |
| } | |
| val upgrade = res.headers.get[Upgrade] match { | |
| case Some(header) if header.values.contains_(webSocketProtocol) => Either.unit | |
| case _ => Left(UpgradeRequired) | |
| } | |
| val secWebSocketAcceptKey = res.headers.get[`Sec-WebSocket-Accept`] match { | |
| case Some(header) => Right(header.hashedKey) | |
| case None => Left(SecWebSocketAcceptNotFound) | |
| } | |
| (status, connection, upgrade, secWebSocketAcceptKey).mapN { | |
| case (_, _, _, secWebSocketAcceptKey) => | |
| secWebSocketAcceptKey | |
| } | |
| private def serverHandshake[F[_]](res: Response[F]): Either[ServerHandshakeError, ByteVector] = { | |
| def status = res.status match { | |
| case Status.SwitchingProtocols => Either.unit | |
| case _ => Left(InvalidStatus) | |
| } | |
| def connection = res.headers.get[Connection] match { | |
| case Some(header) if header.hasUpgrade => Either.unit | |
| case _ => Left(UpgradeRequired) | |
| } | |
| def upgrade = res.headers.get[Upgrade] match { | |
| case Some(header) if header.values.contains_(webSocketProtocol) => Either.unit | |
| case _ => Left(UpgradeRequired) | |
| } | |
| def secWebSocketAcceptKey = res.headers.get[`Sec-WebSocket-Accept`] match { | |
| case Some(header) => Right(header.hashedKey) | |
| case None => Left(SecWebSocketAcceptNotFound) | |
| } | |
| status >> connection >> upgrade >> secWebSocketAcceptKey |
ChristopherDavenport
approved these changes
Jun 16, 2023
|
I'll merge, we can do optimizations later 😁 correctness first! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is part of the Ember WebSocket client implementation. This validates the opening handshake response from the server.
http://rfc-editor.org/rfc/rfc6455#page-6