3 const EventEmitter = require('events');
4 const { createHash } = require('crypto');
5 const { createServer, STATUS_CODES } = require('http');
7 const PerMessageDeflate = require('./permessage-deflate');
8 const WebSocket = require('./websocket');
9 const { format, parse } = require('./extension');
10 const { GUID, kWebSocket } = require('./constants');
12 const keyRegex = /^[+/0-9A-Za-z]{22}==$/;
15 * Class representing a WebSocket server.
17 * @extends EventEmitter
19 class WebSocketServer extends EventEmitter {
21 * Create a `WebSocketServer` instance.
23 * @param {Object} options Configuration options
24 * @param {Number} [options.backlog=511] The maximum length of the queue of
26 * @param {Boolean} [options.clientTracking=true] Specifies whether or not to
28 * @param {Function} [options.handleProtocols] A hook to handle protocols
29 * @param {String} [options.host] The hostname where to bind the server
30 * @param {Number} [options.maxPayload=104857600] The maximum allowed message
32 * @param {Boolean} [options.noServer=false] Enable no server mode
33 * @param {String} [options.path] Accept only connections matching this path
34 * @param {(Boolean|Object)} [options.perMessageDeflate=false] Enable/disable
36 * @param {Number} [options.port] The port where to bind the server
37 * @param {http.Server} [options.server] A pre-created HTTP/S server to use
38 * @param {Function} [options.verifyClient] A hook to reject connections
39 * @param {Function} [callback] A listener for the `listening` event
41 constructor(options, callback) {
45 maxPayload: 100 * 1024 * 1024,
46 perMessageDeflate: false,
47 handleProtocols: null,
51 backlog: null, // use default (511 as implemented in net.js)
59 if (options.port == null && !options.server && !options.noServer) {
61 'One of the "port", "server", or "noServer" options must be specified'
65 if (options.port != null) {
66 this._server = createServer((req, res) => {
67 const body = STATUS_CODES[426];
70 'Content-Length': body.length,
71 'Content-Type': 'text/plain'
81 } else if (options.server) {
82 this._server = options.server;
86 const emitConnection = this.emit.bind(this, 'connection');
88 this._removeListeners = addListeners(this._server, {
89 listening: this.emit.bind(this, 'listening'),
90 error: this.emit.bind(this, 'error'),
91 upgrade: (req, socket, head) => {
92 this.handleUpgrade(req, socket, head, emitConnection);
97 if (options.perMessageDeflate === true) options.perMessageDeflate = {};
98 if (options.clientTracking) this.clients = new Set();
99 this.options = options;
103 * Returns the bound address, the address family name, and port of the server
104 * as reported by the operating system if listening on an IP socket.
105 * If the server is listening on a pipe or UNIX domain socket, the name is
106 * returned as a string.
108 * @return {(Object|String|null)} The address of the server
112 if (this.options.noServer) {
113 throw new Error('The server is operating in "noServer" mode');
116 if (!this._server) return null;
117 return this._server.address();
123 * @param {Function} [cb] Callback
127 if (cb) this.once('close', cb);
130 // Terminate all associated clients.
133 for (const client of this.clients) client.terminate();
136 const server = this._server;
139 this._removeListeners();
140 this._removeListeners = this._server = null;
143 // Close the http server if it was internally created.
145 if (this.options.port != null) {
146 server.close(() => this.emit('close'));
151 process.nextTick(emitClose, this);
155 * See if a given request should be handled by this server instance.
157 * @param {http.IncomingMessage} req Request object to inspect
158 * @return {Boolean} `true` if the request is valid, else `false`
162 if (this.options.path) {
163 const index = req.url.indexOf('?');
164 const pathname = index !== -1 ? req.url.slice(0, index) : req.url;
166 if (pathname !== this.options.path) return false;
173 * Handle a HTTP Upgrade request.
175 * @param {http.IncomingMessage} req The request object
176 * @param {net.Socket} socket The network socket between the server and client
177 * @param {Buffer} head The first packet of the upgraded stream
178 * @param {Function} cb Callback
181 handleUpgrade(req, socket, head, cb) {
182 socket.on('error', socketOnError);
185 req.headers['sec-websocket-key'] !== undefined
186 ? req.headers['sec-websocket-key'].trim()
188 const version = +req.headers['sec-websocket-version'];
189 const extensions = {};
192 req.method !== 'GET' ||
193 req.headers.upgrade.toLowerCase() !== 'websocket' ||
195 !keyRegex.test(key) ||
196 (version !== 8 && version !== 13) ||
197 !this.shouldHandle(req)
199 return abortHandshake(socket, 400);
202 if (this.options.perMessageDeflate) {
203 const perMessageDeflate = new PerMessageDeflate(
204 this.options.perMessageDeflate,
206 this.options.maxPayload
210 const offers = parse(req.headers['sec-websocket-extensions']);
212 if (offers[PerMessageDeflate.extensionName]) {
213 perMessageDeflate.accept(offers[PerMessageDeflate.extensionName]);
214 extensions[PerMessageDeflate.extensionName] = perMessageDeflate;
217 return abortHandshake(socket, 400);
222 // Optionally call external client verification handler.
224 if (this.options.verifyClient) {
227 req.headers[`${version === 8 ? 'sec-websocket-origin' : 'origin'}`],
228 secure: !!(req.socket.authorized || req.socket.encrypted),
232 if (this.options.verifyClient.length === 2) {
233 this.options.verifyClient(info, (verified, code, message, headers) => {
235 return abortHandshake(socket, code || 401, message, headers);
238 this.completeUpgrade(key, extensions, req, socket, head, cb);
243 if (!this.options.verifyClient(info)) return abortHandshake(socket, 401);
246 this.completeUpgrade(key, extensions, req, socket, head, cb);
250 * Upgrade the connection to WebSocket.
252 * @param {String} key The value of the `Sec-WebSocket-Key` header
253 * @param {Object} extensions The accepted extensions
254 * @param {http.IncomingMessage} req The request object
255 * @param {net.Socket} socket The network socket between the server and client
256 * @param {Buffer} head The first packet of the upgraded stream
257 * @param {Function} cb Callback
258 * @throws {Error} If called more than once with the same socket
261 completeUpgrade(key, extensions, req, socket, head, cb) {
263 // Destroy the socket if the client has already sent a FIN packet.
265 if (!socket.readable || !socket.writable) return socket.destroy();
267 if (socket[kWebSocket]) {
269 'server.handleUpgrade() was called more than once with the same ' +
270 'socket, possibly due to a misconfiguration'
274 const digest = createHash('sha1')
279 'HTTP/1.1 101 Switching Protocols',
280 'Upgrade: websocket',
281 'Connection: Upgrade',
282 `Sec-WebSocket-Accept: ${digest}`
285 const ws = new WebSocket(null);
286 let protocol = req.headers['sec-websocket-protocol'];
289 protocol = protocol.trim().split(/ *, */);
292 // Optionally call external protocol selection handler.
294 if (this.options.handleProtocols) {
295 protocol = this.options.handleProtocols(protocol, req);
297 protocol = protocol[0];
301 headers.push(`Sec-WebSocket-Protocol: ${protocol}`);
302 ws._protocol = protocol;
306 if (extensions[PerMessageDeflate.extensionName]) {
307 const params = extensions[PerMessageDeflate.extensionName].params;
308 const value = format({
309 [PerMessageDeflate.extensionName]: [params]
311 headers.push(`Sec-WebSocket-Extensions: ${value}`);
312 ws._extensions = extensions;
316 // Allow external modification/inspection of handshake headers.
318 this.emit('headers', headers, req);
320 socket.write(headers.concat('\r\n').join('\r\n'));
321 socket.removeListener('error', socketOnError);
323 ws.setSocket(socket, head, this.options.maxPayload);
326 this.clients.add(ws);
327 ws.on('close', () => this.clients.delete(ws));
334 module.exports = WebSocketServer;
337 * Add event listeners on an `EventEmitter` using a map of <event, listener>
340 * @param {EventEmitter} server The event emitter
341 * @param {Object.<String, Function>} map The listeners to add
342 * @return {Function} A function that will remove the added listeners when
346 function addListeners(server, map) {
347 for (const event of Object.keys(map)) server.on(event, map[event]);
349 return function removeListeners() {
350 for (const event of Object.keys(map)) {
351 server.removeListener(event, map[event]);
357 * Emit a `'close'` event on an `EventEmitter`.
359 * @param {EventEmitter} server The event emitter
362 function emitClose(server) {
363 server.emit('close');
367 * Handle premature socket errors.
371 function socketOnError() {
376 * Close the connection when preconditions are not fulfilled.
378 * @param {net.Socket} socket The socket of the upgrade request
379 * @param {Number} code The HTTP response status code
380 * @param {String} [message] The HTTP response body
381 * @param {Object} [headers] Additional HTTP response headers
384 function abortHandshake(socket, code, message, headers) {
385 if (socket.writable) {
386 message = message || STATUS_CODES[code];
389 'Content-Type': 'text/html',
390 'Content-Length': Buffer.byteLength(message),
395 `HTTP/1.1 ${code} ${STATUS_CODES[code]}\r\n` +
397 .map((h) => `${h}: ${headers[h]}`)
404 socket.removeListener('error', socketOnError);