Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

changed verifyOrigin to verifyClient and added info indicating connec…

…tion ssl status
  • Loading branch information...
commit 1686e63401f8c5dbe921eba094069c87a91114bd 1 parent a96c7fc
@einaros einaros authored
Showing with 114 additions and 13 deletions.
  1. +9 −4 lib/WebSocketServer.js
  2. +105 −9 test/WebSocketServer.test.js
View
13 lib/WebSocketServer.js
@@ -11,6 +11,7 @@ var util = require('util')
, url = require('url')
, Options = require('options')
, WebSocket = require('./WebSocket')
+ , tls = require('tls')
, url = require('url');
/**
@@ -22,7 +23,7 @@ function WebSocketServer(options, callback) {
host: '127.0.0.1',
port: null,
server: null,
- verifyOrigin: null,
+ verifyClient: null,
path: null,
noServer: false
}).merge(options);
@@ -147,12 +148,16 @@ WebSocketServer.prototype.handleUpgrade = function(req, socket, upgradeHead) {
return;
}
- // verify origin
+ // verify client
var origin = version < 13 ?
req.headers['sec-websocket-origin'] :
req.headers['origin'];
- if (typeof this.options.verifyOrigin == 'function') {
- if (!this.options.verifyOrigin(origin)) {
+ if (typeof this.options.verifyClient == 'function') {
+ var info = {
+ origin: origin,
+ secure: typeof req.connection.encrypted !== 'undefined'
+ };
+ if (!this.options.verifyClient(info)) {
abortConnection(socket, 401, 'Unauthorized');
return;
}
View
114 test/WebSocketServer.test.js
@@ -1,4 +1,5 @@
var http = require('http')
+ , https = require('https')
, WebSocket = require('../')
, WebSocketServer = WebSocket.Server
, fs = require('fs')
@@ -199,6 +200,9 @@ describe('WebSocketServer', function() {
done();
});
});
+ wss.on('connection', function(ws) {
+ done(new Error('connection must not be established'));
+ });
wss.on('error', function() {});
});
@@ -221,6 +225,9 @@ describe('WebSocketServer', function() {
done();
});
});
+ wss.on('connection', function(ws) {
+ done(new Error('connection must not be established'));
+ });
wss.on('error', function() {});
});
@@ -244,12 +251,14 @@ describe('WebSocketServer', function() {
done();
});
});
+ wss.on('connection', function(ws) {
+ done(new Error('connection must not be established'));
+ });
wss.on('error', function() {});
});
- it('does not accept connections with invalid sec-websocket-origin (8)', function(done) {
- var wss = new WebSocketServer({port: ++port, verifyOrigin: function(o) {
- o.should.eql('http://foobar.com');
+ it('client can be denied', function(done) {
+ var wss = new WebSocketServer({port: ++port, verifyClient: function(o) {
return false;
}}, function() {
var options = {
@@ -267,17 +276,21 @@ describe('WebSocketServer', function() {
req.end();
req.on('response', function(res) {
res.statusCode.should.eql(401);
- wss.close();
- done();
+ process.nextTick(function() {
+ wss.close();
+ done();
+ });
});
});
+ wss.on('connection', function(ws) {
+ done(new Error('connection must not be established'));
+ });
wss.on('error', function() {});
});
- it('does not accept connections with invalid origin', function(done) {
- var wss = new WebSocketServer({port: ++port, verifyOrigin: function(o) {
- o.should.eql('http://foobar.com');
- return false;
+ it('client can be accepted', function(done) {
+ var wss = new WebSocketServer({port: ++port, verifyClient: function(o) {
+ return true;
}}, function() {
var options = {
port: port,
@@ -294,12 +307,95 @@ describe('WebSocketServer', function() {
req.end();
req.on('response', function(res) {
res.statusCode.should.eql(401);
+ });
+ });
+ wss.on('connection', function(ws) {
+ ws.terminate();
+ wss.close();
+ done();
+ });
+ wss.on('error', function() {});
+ });
+
+ it('verifyClient gets client origin', function(done) {
+ var wss = new WebSocketServer({port: ++port, verifyClient: function(info) {
+ info.origin.should.eql('http://foobarbaz.com');
+ return false;
+ }}, function() {
+ var options = {
+ port: port,
+ host: '127.0.0.1',
+ headers: {
+ 'Connection': 'Upgrade',
+ 'Upgrade': 'websocket',
+ 'Sec-WebSocket-Key': 'dGhlIHNhbXBsZSBub25jZQ==',
+ 'Sec-WebSocket-Version': 13,
+ 'Origin': 'http://foobarbaz.com'
+ }
+ };
+ var req = http.request(options);
+ req.end();
+ req.on('response', function(res) {
wss.close();
done();
});
});
wss.on('error', function() {});
});
+
+ it('verifyClient has secure:true for ssl connections', function(done) {
+ var options = {
+ key: fs.readFileSync('test/fixtures/key.pem'),
+ cert: fs.readFileSync('test/fixtures/certificate.pem')
+ };
+ var app = https.createServer(options, function (req, res) {
+ res.writeHead(200);
+ res.end();
+ });
+ var success = false;
+ var wss = new WebSocketServer({
+ server: app,
+ verifyClient: function(info) {
+ success = info.secure === true;
+ return true;
+ }
+ });
+ app.listen(++port, function() {
+ var ws = new WebSocket('wss://localhost:' + port);
+ });
+ wss.on('connection', function(ws) {
+ app.close();
+ ws.terminate();
+ wss.close();
+ success.should.be.ok;
+ done();
+ });
+ });
+
+ it('verifyClient has secure:false for non-ssl connections', function(done) {
+ var app = http.createServer(function (req, res) {
+ res.writeHead(200);
+ res.end();
+ });
+ var success = false;
+ var wss = new WebSocketServer({
+ server: app,
+ verifyClient: function(info) {
+ success = info.secure === false;
+ return true;
+ }
+ });
+ app.listen(++port, function() {
+ var ws = new WebSocket('ws://localhost:' + port);
+ });
+ wss.on('connection', function(ws) {
+ app.close();
+ ws.terminate();
+ wss.close();
+ success.should.be.ok;
+ done();
+ });
+ });
});
it('can send data', function(done) {
Please sign in to comment.
Something went wrong with that request. Please try again.