Hello community, here is the log from the commit of package rubygem-websocket-driver for openSUSE:Factory checked in at 2019-06-30 10:22:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-websocket-driver (Old) and /work/SRC/openSUSE:Factory/.rubygem-websocket-driver.new.4615 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rubygem-websocket-driver" Sun Jun 30 10:22:27 2019 rev:4 rq:712552 version:0.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-websocket-driver/rubygem-websocket-driver.changes 2017-10-06 11:03:17.662759033 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-websocket-driver.new.4615/rubygem-websocket-driver.changes 2019-06-30 10:22:32.631717373 +0200 @@ -1,0 +2,14 @@ +Sat Jun 29 22:12:11 UTC 2019 - Manuel Schnitzer <mschnitzer@suse.com> + +- updated to version 0.7.1 + + * Catch any exceptions produced while generating a handshake + response and send a `400 Bad Request` response to the client + * Pick the RFC-6455 protocol version if the request contains any + of the headers + used by that version + * Handle errors encountered while handling malformed draft-76 + requests + * Change license from MIT to Apache 2.0 + +------------------------------------------------------------------- Old: ---- websocket-driver-0.7.0.gem New: ---- websocket-driver-0.7.1.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-websocket-driver.spec ++++++ --- /var/tmp/diff_new_pack.4x83iC/_old 2019-06-30 10:22:33.191718243 +0200 +++ /var/tmp/diff_new_pack.4x83iC/_new 2019-06-30 10:22:33.191718243 +0200 @@ -1,7 +1,7 @@ # # spec file for package rubygem-websocket-driver # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-websocket-driver -Version: 0.7.0 +Version: 0.7.1 Release: 0 %define mod_name websocket-driver %define mod_full_name %{mod_name}-%{version} @@ -37,7 +37,7 @@ Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1: gem2rpm.yml Summary: WebSocket protocol handler with pluggable I/O -License: MIT +License: Apache-2.0 Group: Development/Languages/Ruby %description ++++++ websocket-driver-0.7.0.gem -> websocket-driver-0.7.1.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2017-09-11 23:16:18.000000000 +0200 +++ new/CHANGELOG.md 2019-06-10 13:40:12.000000000 +0200 @@ -1,127 +1,136 @@ +### 0.7.1 / 2019-06-10 + +- Catch any exceptions produced while generating a handshake response and send a + `400 Bad Request` response to the client +- Pick the RFC-6455 protocol version if the request contains any of the headers + used by that version +- Handle errors encountered while handling malformed draft-76 requests + ### 0.7.0 / 2017-09-11 -* Add `ping` and `pong` to the set of events users can listen to +- Add `ping` and `pong` to the set of events users can listen to ### 0.6.5 / 2017-01-22 -* Provide a pure-Ruby fallback for the native unmasking code +- Provide a pure-Ruby fallback for the native unmasking code ### 0.6.4 / 2016-05-20 -* Amend warnings issued when running with -W2 -* Make sure message strings passed in by the app are transcoded to UTF-8 -* Copy strings if necessary for frozen-string compatibility +- Amend warnings issued when running with -W2 +- Make sure message strings passed in by the app are transcoded to UTF-8 +- Copy strings if necessary for frozen-string compatibility ### 0.6.3 / 2015-11-06 -* Reject draft-76 handshakes if their Sec-WebSocket-Key headers are invalid -* Throw a more helpful error if a client is created with an invalid URL +- Reject draft-76 handshakes if their Sec-WebSocket-Key headers are invalid +- Throw a more helpful error if a client is created with an invalid URL ### 0.6.2 / 2015-07-18 -* When the peer sends a close frame with no error code, emit 1000 +- When the peer sends a close frame with no error code, emit 1000 ### 0.6.1 / 2015-07-13 -* Fix how events are stored in `EventEmitter` to fix a backward-compatibility +- Fix how events are stored in `EventEmitter` to fix a backward-compatibility violation introduced in the last release -* Use the `Array#pack` and `String#unpack` methods for reading/writing numbers +- Use the `Array#pack` and `String#unpack` methods for reading/writing numbers to buffers rather than including duplicate logic for this ### 0.6.0 / 2015-07-08 -* Use `SecureRandom` to generate the `Sec-WebSocket-Key` header -* Allow the parser to recover cleanly if event listeners raise an error -* Let the `on()` method take a lambda as a positional argument rather than a block -* Add a `pong` method for sending unsolicited pong frames +- Use `SecureRandom` to generate the `Sec-WebSocket-Key` header +- Allow the parser to recover cleanly if event listeners raise an error +- Let the `on()` method take a lambda as a positional argument rather than a + block +- Add a `pong` method for sending unsolicited pong frames ### 0.5.4 / 2015-03-29 -* Don't emit extra close frames if we receive a close frame after we already +- Don't emit extra close frames if we receive a close frame after we already sent one -* Fail the connection when the driver receives an invalid +- Fail the connection when the driver receives an invalid `Sec-WebSocket-Extensions` header ### 0.5.3 / 2015-02-22 -* Don't treat incoming data as WebSocket frames if a client driver is closed +- Don't treat incoming data as WebSocket frames if a client driver is closed before receiving the server handshake ### 0.5.2 / 2015-02-19 -* Don't emit multiple `error` events +- Don't emit multiple `error` events ### 0.5.1 / 2014-12-18 -* Don't allow drivers to be created with unrecognized options +- Don't allow drivers to be created with unrecognized options ### 0.5.0 / 2014-12-13 -* Support protocol extensions via the websocket-extensions module +- Support protocol extensions via the websocket-extensions module ### 0.4.0 / 2014-11-08 -* Support connection via HTTP proxies using `CONNECT` +- Support connection via HTTP proxies using `CONNECT` ### 0.3.5 / 2014-10-04 -* Fix bug where the `Server` driver doesn't pass `ping` callbacks to its +- Fix bug where the `Server` driver doesn't pass `ping` callbacks to its delegate -* Fix an arity error when calling `fail_request` -* Allow `close` to be called before `start` to close the driver +- Fix an arity error when calling `fail_request` +- Allow `close` to be called before `start` to close the driver ### 0.3.4 / 2014-07-06 -* Don't hold references to frame buffers after a message has been emitted -* Make sure that `protocol` and `version` are exposed properly by the TCP driver -* Correct HTTP header parsing based on RFC 7230; header names cannot contain +- Don't hold references to frame buffers after a message has been emitted +- Make sure that `protocol` and `version` are exposed properly by the TCP driver +- Correct HTTP header parsing based on RFC 7230; header names cannot contain backslashes ### 0.3.3 / 2014-04-24 -* Fix problems with loading C and Java native extension code -* Correct the acceptable characters used in the HTTP parser -* Correct the draft-76 status line reason phrase +- Fix problems with loading C and Java native extension code +- Correct the acceptable characters used in the HTTP parser +- Correct the draft-76 status line reason phrase ### 0.3.2 / 2013-12-29 -* Expand `max_length` to cover sequences of continuation frames and +- Expand `max_length` to cover sequences of continuation frames and `draft-{75,76}` -* Decrease default maximum frame buffer size to 64MB -* Stop parsing when the protocol enters a failure mode, to save CPU cycles +- Decrease default maximum frame buffer size to 64MB +- Stop parsing when the protocol enters a failure mode, to save CPU cycles ### 0.3.1 / 2013-12-03 -* Add a `max_length` option to limit allowed frame size +- Add a `max_length` option to limit allowed frame size ### 0.3.0 / 2013-09-09 -* Support client URLs with Basic Auth credentials +- Support client URLs with Basic Auth credentials ### 0.2.3 / 2013-08-04 -* Fix bug in EventEmitter#emit when listeners are removed +- Fix bug in EventEmitter#emit when listeners are removed ### 0.2.2 / 2013-08-04 -* Fix bug in EventEmitter#listener_count for unregistered events +- Fix bug in EventEmitter#listener_count for unregistered events ### 0.2.1 / 2013-07-05 -* Queue sent messages if the client has not begun trying to connect -* Encode all strings sent to I/O as `ASCII-8BIT` +- Queue sent messages if the client has not begun trying to connect +- Encode all strings sent to I/O as `ASCII-8BIT` ### 0.2.0 / 2013-05-12 -* Add API for setting and reading headers -* Add Driver.server() method for getting a driver for TCP servers +- Add API for setting and reading headers +- Add Driver.server() method for getting a driver for TCP servers ### 0.1.0 / 2013-05-04 -* First stable release +- First stable release ### 0.0.0 / 2013-04-22 -* First release -* Proof of concept for people to try out -* Might be unstable +- First release +- Proof of concept for people to try out +- Might be unstable diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/LICENSE.md new/LICENSE.md --- old/LICENSE.md 2017-09-11 23:16:18.000000000 +0200 +++ new/LICENSE.md 2019-06-10 13:40:12.000000000 +0200 @@ -1,20 +1,12 @@ -# The MIT License +Copyright 2010-2019 James Coglan -Copyright (c) 2010-2017 James Coglan +Licensed under the Apache License, Version 2.0 (the "License"); you may not use +this file except in compliance with the License. You may obtain a copy of the +License at -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the 'Software'), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: + http://www.apache.org/licenses/LICENSE-2.0 -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +Unless required by applicable law or agreed to in writing, software distributed +under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR +CONDITIONS OF ANY KIND, either express or implied. See the License for the +specific language governing permissions and limitations under the License. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md --- old/README.md 2017-09-11 23:16:18.000000000 +0200 +++ new/README.md 2019-06-10 13:40:12.000000000 +0200 @@ -10,21 +10,21 @@ Due to this design, you get a lot of things for free. In particular, if you hook this module up to some I/O object, it will do all of this for you: -* Select the correct server-side driver to talk to the client -* Generate and send both server- and client-side handshakes -* Recognize when the handshake phase completes and the WS protocol begins -* Negotiate subprotocol selection based on `Sec-WebSocket-Protocol` -* Negotiate and use extensions via the +- Select the correct server-side driver to talk to the client +- Generate and send both server- and client-side handshakes +- Recognize when the handshake phase completes and the WS protocol begins +- Negotiate subprotocol selection based on `Sec-WebSocket-Protocol` +- Negotiate and use extensions via the [websocket-extensions](https://github.com/faye/websocket-extensions-ruby) module -* Buffer sent messages until the handshake process is finished -* Deal with proxies that defer delivery of the draft-76 handshake body -* Notify you when the socket is open and closed and when messages arrive -* Recombine fragmented messages -* Dispatch text, binary, ping, pong and close frames -* Manage the socket-closing handshake process -* Automatically reply to ping frames with a matching pong -* Apply masking to messages sent by the client +- Buffer sent messages until the handshake process is finished +- Deal with proxies that defer delivery of the draft-76 handshake body +- Notify you when the socket is open and closed and when messages arrive +- Recombine fragmented messages +- Dispatch text, binary, ping, pong and close frames +- Manage the socket-closing handshake process +- Automatically reply to ping frames with a matching pong +- Apply masking to messages sent by the client This library was originally extracted from the [Faye](http://faye.jcoglan.com) project but now aims to provide simple WebSocket support for any Ruby server or @@ -43,12 +43,12 @@ To build either a server-side or client-side socket, the only requirement is that you supply a `socket` object with these methods: -* `socket.url` - returns the full URL of the socket as a string. -* `socket.write(string)` - writes the given string to a TCP stream. +- `socket.url` - returns the full URL of the socket as a string. +- `socket.write(string)` - writes the given string to a TCP stream. Server-side sockets require one additional method: -* `socket.env` - returns a Rack-style env hash that will contain some of the +- `socket.env` - returns a Rack-style env hash that will contain some of the following fields. Their values are strings containing the value of the named header, unless stated otherwise. * `HTTP_CONNECTION` @@ -193,8 +193,8 @@ Client drivers have two additional methods for reading the HTTP data that was sent back by the server: -* `driver.status` - the integer value of the HTTP status code -* `driver.headers` - a hash-like object containing the response headers +- `driver.status` - the integer value of the HTTP status code +- `driver.headers` - a hash-like object containing the response headers ### HTTP Proxies @@ -261,9 +261,9 @@ The `options` argument is optional, and is a hash. It may contain the following keys: -* `:max_length` - the maximum allowed size of incoming message frames, in bytes. +- `:max_length` - the maximum allowed size of incoming message frames, in bytes. The default value is `2^26 - 1`, or 1 byte short of 64 MiB. -* `:protocols` - an array of strings representing acceptable subprotocols for +- `:protocols` - an array of strings representing acceptable subprotocols for use over the socket. The driver will negotiate one of these to use via the `Sec-WebSocket-Protocol` header if supported by the other peer. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ext/websocket-driver/WebsocketMaskService.java new/ext/websocket-driver/WebsocketMaskService.java --- old/ext/websocket-driver/WebsocketMaskService.java 2017-09-11 23:16:18.000000000 +0200 +++ new/ext/websocket-driver/WebsocketMaskService.java 2019-06-10 13:40:12.000000000 +0200 @@ -1,8 +1,6 @@ package com.jcoglan.websocket; -import java.lang.Long; import java.io.IOException; - import org.jruby.Ruby; import org.jruby.RubyClass; import org.jruby.RubyModule; @@ -15,41 +13,45 @@ import org.jruby.runtime.load.BasicLibraryService; public class WebsocketMaskService implements BasicLibraryService { - private Ruby runtime; + private Ruby runtime; + + public boolean basicLoad(Ruby runtime) throws IOException { + this.runtime = runtime; + + RubyModule websocket = runtime.defineModule("WebSocket"); + RubyClass webSocketMask = websocket.defineClassUnder("Mask", runtime.getObject(), getAllocator()); + + webSocketMask.defineAnnotatedMethods(WebsocketMask.class); + return true; + } - public boolean basicLoad(Ruby runtime) throws IOException { - this.runtime = runtime; - RubyModule websocket = runtime.defineModule("WebSocket"); - - RubyClass webSocketMask = websocket.defineClassUnder("Mask", runtime.getObject(), new ObjectAllocator() { - public IRubyObject allocate(Ruby runtime, RubyClass rubyClass) { - return new WebsocketMask(runtime, rubyClass); - } - }); - - webSocketMask.defineAnnotatedMethods(WebsocketMask.class); - return true; - } - - public class WebsocketMask extends RubyObject { - public WebsocketMask(final Ruby runtime, RubyClass rubyClass) { - super(runtime, rubyClass); + ObjectAllocator getAllocator() { + return new ObjectAllocator() { + public IRubyObject allocate(Ruby runtime, RubyClass rubyClass) { + return new WebsocketMask(runtime, rubyClass); + } + }; } - @JRubyMethod - public IRubyObject mask(ThreadContext context, IRubyObject payload, IRubyObject mask) { - if (mask.isNil()) return payload; - - byte[] payload_a = ((RubyString)payload).getBytes(); - byte[] mask_a = ((RubyString)mask).getBytes(); - int i, n = payload_a.length; - - if (n == 0) return payload; - - for (i = 0; i < n; i++) { - payload_a[i] ^= mask_a[i % 4]; - } - return RubyString.newStringNoCopy(runtime, payload_a); + public class WebsocketMask extends RubyObject { + public WebsocketMask(final Ruby runtime, RubyClass rubyClass) { + super(runtime, rubyClass); + } + + @JRubyMethod + public IRubyObject mask(ThreadContext context, IRubyObject payload, IRubyObject mask) { + if (mask.isNil()) return payload; + + byte[] payload_a = ((RubyString)payload).getBytes(); + byte[] mask_a = ((RubyString)mask).getBytes(); + int i, n = payload_a.length; + + if (n == 0) return payload; + + for (i = 0; i < n; i++) { + payload_a[i] ^= mask_a[i % 4]; + } + return RubyString.newStringNoCopy(runtime, payload_a); + } } - } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ext/websocket-driver/websocket_mask.c new/ext/websocket-driver/websocket_mask.c --- old/ext/websocket-driver/websocket_mask.c 2017-09-11 23:16:18.000000000 +0200 +++ new/ext/websocket-driver/websocket_mask.c 2019-06-10 13:40:12.000000000 +0200 @@ -1,41 +1,32 @@ #include <ruby.h> -VALUE WebSocket = Qnil; -VALUE WebSocketMask = Qnil; - -void Init_websocket_mask(); -VALUE method_websocket_mask(VALUE self, VALUE payload, VALUE mask); - -void -Init_websocket_mask() +VALUE method_websocket_mask(VALUE self, VALUE payload, VALUE mask) { - WebSocket = rb_define_module("WebSocket"); - WebSocketMask = rb_define_module_under(WebSocket, "Mask"); - rb_define_singleton_method(WebSocketMask, "mask", method_websocket_mask, 2); + char *payload_s, *mask_s, *unmasked_s; + long i, n; + VALUE unmasked; + + if (mask == Qnil || RSTRING_LEN(mask) != 4) { + return payload; + } + + payload_s = RSTRING_PTR(payload); + mask_s = RSTRING_PTR(mask); + n = RSTRING_LEN(payload); + + unmasked = rb_str_new(0, n); + unmasked_s = RSTRING_PTR(unmasked); + + for (i = 0; i < n; i++) { + unmasked_s[i] = payload_s[i] ^ mask_s[i % 4]; + } + return unmasked; } -VALUE -method_websocket_mask(VALUE self, - VALUE payload, - VALUE mask) +void Init_websocket_mask() { - char *payload_s, *mask_s, *unmasked_s; - long i, n; - VALUE unmasked; - - if (mask == Qnil || RSTRING_LEN(mask) != 4) { - return payload; - } - - payload_s = RSTRING_PTR(payload); - mask_s = RSTRING_PTR(mask); - n = RSTRING_LEN(payload); - - unmasked = rb_str_new(0, n); - unmasked_s = RSTRING_PTR(unmasked); - - for (i = 0; i < n; i++) { - unmasked_s[i] = payload_s[i] ^ mask_s[i % 4]; - } - return unmasked; + VALUE WebSocket = rb_define_module("WebSocket"); + VALUE Mask = rb_define_module_under(WebSocket, "Mask"); + + rb_define_singleton_method(Mask, "mask", method_websocket_mask, 2); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/websocket/driver/client.rb new/lib/websocket/driver/client.rb --- old/lib/websocket/driver/client.rb 2017-09-11 23:16:18.000000000 +0200 +++ new/lib/websocket/driver/client.rb 2019-06-10 13:40:12.000000000 +0200 @@ -31,7 +31,7 @@ @headers['Upgrade'] = 'websocket' @headers['Connection'] = 'Upgrade' @headers['Sec-WebSocket-Key'] = @key - @headers['Sec-WebSocket-Version'] = '13' + @headers['Sec-WebSocket-Version'] = VERSION if @protocols.size > 0 @headers['Sec-WebSocket-Protocol'] = @protocols * ', ' @@ -44,7 +44,7 @@ end def version - 'hybi-13' + "hybi-#{VERSION}" end def proxy(origin, options = {}) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/websocket/driver/draft76.rb new/lib/websocket/driver/draft76.rb --- old/lib/websocket/driver/draft76.rb 2017-09-11 23:16:18.000000000 +0200 +++ new/lib/websocket/driver/draft76.rb 2019-06-10 13:40:12.000000000 +0200 @@ -29,7 +29,7 @@ def close(reason = nil, code = nil) return false if @ready_state == 3 - @socket.write([0xFF, 0x00].pack('C*')) + @socket.write([0xFF, 0x00].pack('C*')) if @ready_state == 1 @ready_state = 3 emit(:close, CloseEvent.new(nil, nil)) true @@ -39,19 +39,20 @@ def handshake_response env = @socket.env - key1 = env['HTTP_SEC_WEBSOCKET_KEY1'] + key2 = env['HTTP_SEC_WEBSOCKET_KEY2'] + + raise ProtocolError.new('Missing required header: Sec-WebSocket-Key1') unless key1 + raise ProtocolError.new('Missing required header: Sec-WebSocket-Key2') unless key2 + number1 = number_from_key(key1) spaces1 = spaces_in_key(key1) - key2 = env['HTTP_SEC_WEBSOCKET_KEY2'] number2 = number_from_key(key2) spaces2 = spaces_in_key(key2) if number1 % spaces1 != 0 or number2 % spaces2 != 0 - emit(:error, ProtocolError.new('Client sent invalid Sec-WebSocket-Key headers')) - close - return nil + raise ProtocolError.new('Client sent invalid Sec-WebSocket-Key headers') end @key_values = [number1 / spaces1, number2 / spaces2] @@ -84,7 +85,8 @@ end def number_from_key(key) - key.scan(/[0-9]/).join('').to_i(10) + number = key.scan(/[0-9]/).join('') + number == '' ? Float::NAN : number.to_i(10) end def spaces_in_key(key) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/websocket/driver/hybi.rb new/lib/websocket/driver/hybi.rb --- old/lib/websocket/driver/hybi.rb 2017-09-11 23:16:18.000000000 +0200 +++ new/lib/websocket/driver/hybi.rb 2019-06-10 13:40:12.000000000 +0200 @@ -11,7 +11,8 @@ Base64.strict_encode64(Digest::SHA1.digest(key + GUID)) end - GUID = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11' + VERSION = '13' + GUID = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11' BYTE = 0b11111111 FIN = MASK = 0b10000000 @@ -68,22 +69,16 @@ return unless @socket.respond_to?(:env) - sec_key = @socket.env['HTTP_SEC_WEBSOCKET_KEY'] - protos = @socket.env['HTTP_SEC_WEBSOCKET_PROTOCOL'] - - @headers['Upgrade'] = 'websocket' - @headers['Connection'] = 'Upgrade' - @headers['Sec-WebSocket-Accept'] = Hybi.generate_accept(sec_key) - if protos = @socket.env['HTTP_SEC_WEBSOCKET_PROTOCOL'] protos = protos.split(/ *, */) if String === protos @protocol = protos.find { |p| @protocols.include?(p) } - @headers['Sec-WebSocket-Protocol'] = @protocol if @protocol + else + @protocol = nil end end def version - "hybi-#{@socket.env['HTTP_SEC_WEBSOCKET_VERSION']}" + "hybi-#{VERSION}" end def add_extension(extension) @@ -229,13 +224,24 @@ end def handshake_response - begin - extensions = @extensions.generate_response(@socket.env['HTTP_SEC_WEBSOCKET_EXTENSIONS']) - rescue => error - fail(:protocol_error, error.message) - return nil + sec_key = @socket.env['HTTP_SEC_WEBSOCKET_KEY'] + version = @socket.env['HTTP_SEC_WEBSOCKET_VERSION'] + + unless version == VERSION + raise ProtocolError.new("Unsupported WebSocket version: #{VERSION}") + end + + unless sec_key + raise ProtocolError.new('Missing handshake request header: Sec-WebSocket-Key') end + @headers['Upgrade'] = 'websocket' + @headers['Connection'] = 'Upgrade' + @headers['Sec-WebSocket-Accept'] = Hybi.generate_accept(sec_key) + + @headers['Sec-WebSocket-Protocol'] = @protocol if @protocol + + extensions = @extensions.generate_response(@socket.env['HTTP_SEC_WEBSOCKET_EXTENSIONS']) @headers['Sec-WebSocket-Extensions'] = extensions if extensions start = 'HTTP/1.1 101 Switching Protocols' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/websocket/driver.rb new/lib/websocket/driver.rb --- old/lib/websocket/driver.rb 2017-09-11 23:16:18.000000000 +0200 +++ new/lib/websocket/driver.rb 2019-06-10 13:40:12.000000000 +0200 @@ -101,8 +101,17 @@ def start return false unless @ready_state == 0 - response = handshake_response - return false unless response + + unless Driver.websocket?(@socket.env) + return fail_handshake(ProtocolError.new('Not a WebSocket request')) + end + + begin + response = handshake_response + rescue => error + return fail_handshake(error) + end + @socket.write(response) open unless @stage == -1 true @@ -134,6 +143,24 @@ private + def fail_handshake(error) + headers = Headers.new + headers['Content-Type'] = 'text/plain' + headers['Content-Length'] = error.message.bytesize + + headers = ['HTTP/1.1 400 Bad Request', headers.to_s, error.message] + @socket.write(headers.join("\r\n")) + fail(:protocol_error, error.message) + + false + end + + def fail(type, message) + @ready_state = 2 + emit(:error, ProtocolError.new(message)) + close + end + def open @ready_state = 1 @queue.each { |message| frame(*message) } @@ -155,10 +182,15 @@ end def self.rack(socket, options = {}) - env = socket.env - if env['HTTP_SEC_WEBSOCKET_VERSION'] + env = socket.env + version = env['HTTP_SEC_WEBSOCKET_VERSION'] + key = env['HTTP_SEC_WEBSOCKET_KEY'] + key1 = env['HTTP_SEC_WEBSOCKET_KEY1'] + key2 = env['HTTP_SEC_WEBSOCKET_KEY2'] + + if version or key Hybi.new(socket, options.merge(:require_masking => true)) - elsif env['HTTP_SEC_WEBSOCKET_KEY1'] + elsif key1 or key2 Draft76.new(socket, options) else Draft75.new(socket, options) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2017-09-11 23:16:18.000000000 +0200 +++ new/metadata 2019-06-10 13:40:12.000000000 +0200 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: websocket-driver version: !ruby/object:Gem::Version - version: 0.7.0 + version: 0.7.1 platform: ruby authors: - James Coglan autorequire: bindir: bin cert_chain: [] -date: 2017-09-11 00:00:00.000000000 Z +date: 2019-06-10 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: websocket-extensions @@ -56,16 +56,16 @@ name: rake-compiler requirement: !ruby/object:Gem::Requirement requirements: - - - "~>" + - - ">=" - !ruby/object:Gem::Version - version: 0.8.0 + version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - "~>" + - - ">=" - !ruby/object:Gem::Version - version: 0.8.0 + version: '0' - !ruby/object:Gem::Dependency name: rspec requirement: !ruby/object:Gem::Requirement @@ -114,7 +114,7 @@ - lib/websocket/websocket_mask.rb homepage: https://github.com/faye/websocket-driver-ruby licenses: -- MIT +- Apache-2.0 metadata: {} post_install_message: rdoc_options: @@ -135,8 +135,7 @@ - !ruby/object:Gem::Version version: '0' requirements: [] -rubyforge_project: -rubygems_version: 2.6.11 +rubygems_version: 3.0.3 signing_key: specification_version: 4 summary: WebSocket protocol handler with pluggable I/O