test auth via ws-protocol headers

yjs · Jul 15, 2024 · ecf8278 · ecf8278
1 parent 43232f5
commit ecf8278
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 9 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -91,6 +91,6 @@
     "standard": "^17.1.0",
     "typescript": "^5.3.3",
     "ws": "^8.16.0",
-    "y-websocket": "^2.0.3"
+    "y-websocket": "^2.0.4"
   }
 }
diff --git a/src/api.js b/src/api.js
@@ -294,6 +294,11 @@ export class Api {
         }
         await promise.all([
           storeReferences && docChanged ? this.store.deleteReferences(room, docid, storeReferences) : promise.resolve(),
+          // if `redisTaskDebounce` is small, or if updateCallback taskes too long, then we might
+          // add a task twice to this list.
+          // @todo either use a different datastructure or make sure that task doesn't exist yet
+          // before adding it to the worker queue
+          // This issue is not critical, as no data will be lost if this happens.
           this.redis.multi()
             .xTrim(task.stream, 'MINID', lastId - this.redisMinMessageLifetime)
             .xAdd(this.redisWorkerStreamName, '*', { compact: task.stream })

diff --git a/src/server.js b/src/server.js
@@ -46,11 +46,11 @@ export const createYWebsocketServer = async ({
   const app = uws.App({})
   await registerYWebsocketServer(app, '/:room', store, async (req) => {
     const room = req.getParameter(0)
-    const token = req.getQuery('yauth')
+    const headerWsProtocol = req.getHeader('sec-websocket-protocol')
+    const [, , token] = /(^|,)yauth-(((?!,).)*)/.exec(headerWsProtocol) ?? [null, null, req.getQuery('yauth')]
     if (token == null) {
       throw new Error('Missing Token')
     }
-
     // verify that the user has a valid token
     const { payload: userToken } = await jwt.verifyJwt(wsServerPublicKey, token)
     if (userToken.yuserid == null) {

diff --git a/tests/ws.tests.js b/tests/ws.tests.js
@@ -24,7 +24,7 @@ const authToken = await jwt.encodeJwt(utils.authPrivateKey, {
 const createWsClient = (tc, room) => {
   const ydoc = new Y.Doc()
   const roomPrefix = tc.testName
-  const provider = new WebsocketProvider(utils.yredisUrl, roomPrefix + '-' + room, ydoc, { WebSocketPolyfill: /** @type {any} */ (WebSocket), disableBc: true, params: { yauth: authToken } })
+  const provider = new WebsocketProvider(utils.yredisUrl, roomPrefix + '-' + room, ydoc, { WebSocketPolyfill: /** @type {any} */ (WebSocket), disableBc: true, params: {}, protocols: [`yauth-${authToken}`] })
   return { ydoc, provider }
 }