chore(deps): bump engine.io from 4.1.2 to 6.2.1 in /examples/latency (#…
…663) Bumps [engine.io](https://github.com/socketio/engine.io) from 4.1.2 to 6.2.1. - [Release notes](https://github.com/socketio/engine.io/releases) - [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md) - [Commits](4.1.2...6.2.1) --- updated-dependencies: - dependency-name: engine.io dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
chore(deps): bump qs from 6.9.4 to 6.11.0 (#664)
Bumps [qs](https://github.com/ljharb/qs) from 6.9.4 to 6.11.0. - [Release notes](https://github.com/ljharb/qs/releases) - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.9.4...v6.11.0) --- updated-dependencies: - dependency-name: qs dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
chore(deps): bump qs and express in /examples/latency (#665)
Bumps [qs](https://github.com/ljharb/qs) to 6.11.0 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together. Updates `qs` from 6.7.0 to 6.11.0 - [Release notes](https://github.com/ljharb/qs/releases) - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.7.0...v6.11.0) Updates `express` from 4.17.1 to 4.18.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.1...4.18.2) --- updated-dependencies: - dependency-name: qs dependency-type: indirect - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
perf: add the wsPreEncodedFrame option
This optimization is only applied if: - the permessage-deflate extension is disabled (which is the default) - the "ws" package is used (which is the default) In that case, the WebSocket frame will only be computed once, when broadcasting to multiple clients. Related: socketio/socket.io-adapter@5f7b47d
feat: add the "addTrailingSlash" option (#655)
The "addTrailingSlash" option allows to control whether a trailing slash is added to the path of the HTTP requests: - true (default): "/engine.io/" - false: "/engine.io" Related: socketio/engine.io-client@21a6e12 Signed-off-by: iifawzi <iifawzie@gmail.com>
refactor: bump prettier to version 2.8.1
This major bump creates a lot of noise, but it is necessary for
prettier to be able to parse new syntax such as:
- typed imports: `import { type xxx } from ...`
- private attributes: `class A { #b; #c() {} }`fix: fix the ES module wrapper
The package does not have a default export, so importing it from a project using ES modules would break in some cases. > Cannot destructure property 'Server' of '_engineIo.default' Related: #657
fix: wait for all packets to be sent before closing the WebSocket con…
…nection This reverts commit [1], which was included in `engine.io@5.1.0` and `socket.io@4.1.0`. The WebSocket connection was closed before all packets were written out, so for example when calling `socket.disconnect(true)` on the Socket.IO server (which disconnect from all namespaces and close the connection), the client would receive only the first disconnect packet and kept trying to reconnect to the other namespaces. The only difference with the previous implementation (pre 5.1.0) is that the "drain" event gets only called once at the end, and not after each packet. [1]: ad5306a Related: #648
refactor: make the compress option optional
The compress option was inadvertently made mandatory in [1]. [1]: 6d87a40
feat: add support for Express middlewares
This commit implements middlewares at the Engine.IO level, because
Socket.IO middlewares are meant for namespace authorization and are not
executed during a classic HTTP request/response cycle.
A workaround was possible by using the allowRequest option and the
"headers" event, but this feels way cleaner and works with upgrade
requests too.
Syntax:
```js
engine.use((req, res, next) => {
// do something
next();
});
// with express-session
import session from "express-session";
engine.use(session({
secret: "keyboard cat",
resave: false,
saveUninitialized: true,
cookie: { secure: true }
});
// with helmet
import helmet from "helmet";
engine.use(helmet());
```
Related:
- #668
- #651
- socketio/socket.io#4609
- socketio/socket.io#3933
- a lot of other issues asking for compatibility with express-sessionchore(deps): bump cookiejar from 2.1.2 to 2.1.4 (#667)
Bumps [cookiejar](https://github.com/bmeck/node-cookiejar) from 2.1.2 to 2.1.4. - [Release notes](https://github.com/bmeck/node-cookiejar/releases) - [Commits](https://github.com/bmeck/node-cookiejar/commits) --- updated-dependencies: - dependency-name: cookiejar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
refactor: return HTTP 400 upon invalid request overlap
In both cases, the error comes from the client as it should not send multiple concurrent requests, so a HTTP 4xx code is mandated. Related: #650
fix(uws): prevent crash when using with middlewares
The class used to accumulate the response headers did not expose the exact same API as its wrapped type, which could lead to the following error in some rare cases: > TypeError: Cannot read properties of undefined (reading 'end') > at Polling.onDataRequest (build/transports-uws/polling.js:109:53) > at Polling.onRequest (build/transports-uws/polling.js:47:18) > at callback (build/userver.js:94:56) > at uServer.verify (build/server.js:152:9) Related: socketio/socket.io#4643
refactor(types): ensure compatibility with Express middlewares
In order to prevent issues like:
> error TS2345: Argument of type 'RequestHandler<ParamsDictionary, any, any, ParsedQs, Record<string, any>>' is not assignable to parameter of type 'Middleware'.
> Types of parameters 'req' and 'req' are incompatible.
> Type 'IncomingMessage' is missing the following properties from type 'Request<ParamsDictionary, any, any, ParsedQs, Record<string, any>>': get, header, accepts, acceptsCharsets, and 29 more.
>
> io.engine.use(sessionMiddleware);
~~~~~~~~~~~~~~~~~
Related: socketio/socket.io#4644
We could also have use the RequestHandler type from the
@types/express-serve-static-core package, but that would add 5 new
dependencies.
See also: https://github.com/socketio/engine.io/issues/673fix: prevent crash when provided with an invalid query param
A specially crafted request could lead to the following exception: > TypeError: Cannot read properties of undefined (reading 'handlesUpgrades') > at Server.onWebSocket (build/server.js:515:67) This bug was introduced in [1], released in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are not impacted. [1]: 7096e98