feat(websocket): add websocket origin limit

tarotlwei · tarotlwei · commit 7e2bb2225493 · 2018-07-23T10:46:25.000+08:00
diff --git a/bin/proxy/webSocketServer.js b/bin/proxy/webSocketServer.js
@@ -0,0 +1,60 @@
+const WebSocket = require('ws');
+const http = require('http');
+const url = require('url');
+const config = require('./config.js');
+
+class webSocketServer extends WebSocket.Server {
+    handleUpgrade(req, socket, head, cb) {
+        const origin = req['headers']['origin'] || '';
+        if (origin) {
+            const obj = url.parse(origin);
+            const host = req['headers']['host'];
+
+            if (obj.host !== host) {
+                const allowWebSocketOriginHost = config.allowWebSocketOriginHost || [];
+                if (allowWebSocketOriginHost.length === 0) {
+                    abortConnection(socket, 403);
+                    return;
+                }
+
+                let i,
+                    len,
+                    v;
+                for (i = 0, len = allowWebSocketOriginHost.length; i < len; i++) {
+                    v = allowWebSocketOriginHost[i];
+
+                    if (typeof v === 'string') {
+                        if (v !== obj.host) {
+                            abortConnection(socket, 403);
+                            return;
+                        }
+                    } else if (typeof v === 'object') {
+                        if (!v.test || (v.test && !v.test(host))) {
+                            abortConnection(socket, 403);
+                            return;
+                        }
+                    }
+                }
+            }
+        }
+
+        super.handleUpgrade(req, socket, head, cb);
+    }
+}
+
+module.exports = webSocketServer;
+
+function abortConnection(socket, code, message) {
+    if (socket.writable) {
+        message = message || http.STATUS_CODES[code];
+        socket.write(
+            `HTTP/1.1 ${code} ${http.STATUS_CODES[code]}\r\n` +
+            'Connection: close\r\n' +
+            'Content-type: text/html\r\n' +
+            `Content-Length: ${Buffer.byteLength(message)}\r\n` +
+            '\r\n' + message
+        );
+    }
+
+    socket.destroy();
+}
diff --git a/bin/proxy/websocket.js b/bin/proxy/websocket.js
@@ -9,7 +9,7 @@
 
 
 const WebSocket = require('ws');
-const WSServer = WebSocket.Server;
+const WSServer = require('./webSocketServer');
 const logger = require('logger');
 const domain = require('domain');
 const Context = require('runtime/Context');
@@ -46,7 +46,7 @@ function wsFiller(ws, req) {
         }
     };
 
-    ws.logKey = Math.random();
+    ws.logKey = req.headers['sec-websocket-key'] || Math.random();
 }
 
 function reportWebSocketLog(ws, isEnd) {

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`
`10`	`10`
`11`	`11`	`const WebSocket = require('ws');`
`12`		`-const WSServer = WebSocket.Server;`
	`12`	`+const WSServer = require('./webSocketServer');`
`13`	`13`	`const logger = require('logger');`
`14`	`14`	`const domain = require('domain');`
`15`	`15`	`const Context = require('runtime/Context');`
`@@ -46,7 +46,7 @@ function wsFiller(ws, req) {`
`46`	`46`	`}`
`47`	`47`	`};`
`48`	`48`
`49`		`- ws.logKey = Math.random();`
	`49`	`+ ws.logKey = req.headers['sec-websocket-key'] \|\| Math.random();`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`function reportWebSocketLog(ws, isEnd) {`