feat(websocket): only consume necessary bytes #1812
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportBase: 87.27% // Head: 87.27% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## main #1812 +/- ##
==========================================
- Coverage 87.27% 87.27% -0.01%
==========================================
Files 66 66
Lines 5792 5799 +7
==========================================
+ Hits 5055 5061 +6
- Misses 737 738 +1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
|
Can you add the copyright notice? FWIW const { Receiver } = require('ws'); |
|
Sure, although none of the code is copied directly from ws. Everything was written by hand, which is probably the reason it took so long to get right (and the reason there are still bugs). Since both use Writable node streams, there's going to be overlap with how some things are handled, but if I did copy code anywhere, I would have left a copyright notice already. Obviously ws was a big inspiration and a good library to base another implementation of because it's much older and much more used. |
|
There are so many similarities here and in a0094a4 that I think it is deserved even if Extending |
|
I've added a notice, let me know if there's anything else! |
|
That's ok, thanks. If you think no notice should be added and want to remove it, feel free to do that, I won't get in the way anymore. |
|
No, you deserve recognition - without your help the last week, there's no way I'd have as good of an understanding of websockets, and undici's implementation, without ws, would be incomplete and full of bugs. A notice is the least I can do, all things considered. |
lpinca
reviewed
Dec 18, 2022
lpinca
reviewed
Dec 18, 2022
ronag
approved these changes
Dec 19, 2022
anonrig
pushed a commit
to anonrig/undici
that referenced
this pull request
Apr 4, 2023
kodiakhq bot
pushed a commit
to X-oss-byte/Canary-nextjs
that referenced
this pull request
Sep 18, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [undici](https://undici.nodejs.org) ([source](https://togithub.com/nodejs/undici)) | [`5.14.0` -> `5.19.1`](https://renovatebot.com/diffs/npm/undici/5.14.0/5.19.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-23936](https://togithub.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff) ### Impact undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. ### Patches This issue was patched in Undici v5.19.1. ### Workarounds Sanitize the `headers.host` string before passing to undici. ### References Reported at https://hackerone.com/reports/1820955. ### Credits Thank you to Zhipeng Zhang ([@​timon8](https://hackerone.com/timon8)) for reporting this vulnerability. --- ### Release Notes <details> <summary>nodejs/undici (undici)</summary> ### [`v5.19.1`](https://togithub.com/nodejs/undici/releases/tag/v5.19.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.19.0...v5.19.1) ####⚠️ Security Release⚠️ - [Regular Expression Denial of Service in Headers](https://togithub.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w) with CVE-2023-24807 - [CRLF Injection in Nodejs ‘undici’ via host](https://togithub.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff) with CVE-2023-23936 This release is part of the Node.js security release train: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/ ### [`v5.19.0`](https://togithub.com/nodejs/undici/releases/tag/v5.19.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.18.0...v5.19.0) #### What's Changed - fix(fetch): raise AbortSignal max event listeners by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1910 - fix: content-disposition header parsing by [@​climba03003](https://togithub.com/climba03003) in [nodejs/undici#1911 - fix: remove test by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1916 - feat: add Headers.prototype.getSetCookie by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1915 - fix(headers): clone getSetCookie list & add getSetCookie type by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1917 - doc(mock): update out-of-date reply documentation by [@​p9f](https://togithub.com/p9f) in [nodejs/undici#1913 - fix(types): add missing keepAlive params by [@​SkeLLLa](https://togithub.com/SkeLLLa) in [nodejs/undici#1918 - Make the fetch() abort test pass locally, on Linux and Mac, Node 18/19. by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#1927 #### New Contributors - [@​climba03003](https://togithub.com/climba03003) made their first contribution in [nodejs/undici#1911 - [@​p9f](https://togithub.com/p9f) made their first contribution in [nodejs/undici#1913 **Full Changelog**: nodejs/undici@v5.18.0...v5.19.0 ### [`v5.18.0`](https://togithub.com/nodejs/undici/releases/tag/v5.18.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.17.1...v5.18.0) ##### What's Changed - Add ability to set TCP keepalive by [@​xconverge](https://togithub.com/xconverge) in [nodejs/undici#1904 - use faster timers by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#1908 - fix: ensure header value is a string by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#1899 **Full Changelog**: nodejs/undici@v5.17.1...v5.18.0 ### [`v5.17.1`](https://togithub.com/nodejs/undici/releases/tag/v5.17.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.17.0...v5.17.1) #### What's Changed - fix: bad buffer slice (nodejs/undici@d2be675) **Full Changelog**: nodejs/undici@v5.17.0...v5.17.1 ### [`v5.17.0`](https://togithub.com/nodejs/undici/releases/tag/v5.17.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.16.0...v5.17.0) #### What's Changed - fix(wpts): Blob is a global getter in >=v19.x.x by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1880 - doc: fix anchor links dispatcher.stream by [@​RafaelGSS](https://togithub.com/RafaelGSS) in [nodejs/undici#1881 - wpt: make runner more resilient by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1884 - Make test pass in v19.x by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#1879 - Correct the type of DispatchOptions\["headers"] by [@​pan93412](https://togithub.com/pan93412) in [nodejs/undici#1896 - perf(content-type parser): faster string collector by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1894 - feat: expose content-type parser by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1895 - fix(types): Update DispatchOptions type for missing "blocking" by [@​xconverge](https://togithub.com/xconverge) in [nodejs/undici#1889 - fix(types): update error type definitions by [@​rafaelcr](https://togithub.com/rafaelcr) in [nodejs/undici#1888 - fix: ensure connection header is a string by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#1900 - fix: throw if invalid content-type header by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#1901 - fix(fetch): use semicolon for Cookie header delimiter by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1906 - Use FastBuffer by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#1907 #### New Contributors - [@​pan93412](https://togithub.com/pan93412) made their first contribution in [nodejs/undici#1896 - [@​rafaelcr](https://togithub.com/rafaelcr) made their first contribution in [nodejs/undici#1888 **Full Changelog**: nodejs/undici@v5.16.0...v5.17.0 ### [`v5.16.0`](https://togithub.com/nodejs/undici/releases/tag/v5.16.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.15.2...v5.16.0) #### What's Changed - Add feature to specify custom headers for proxies by [@​Sebmaster](https://togithub.com/Sebmaster) in [nodejs/undici#1877 #### New Contributors - [@​Sebmaster](https://togithub.com/Sebmaster) made their first contribution in [nodejs/undici#1877 **Full Changelog**: nodejs/undici@v5.15.2...v5.16.0 ### [`v5.15.2`](https://togithub.com/nodejs/undici/compare/9d5f23177408dc16d3d4cbb8cebf463081c54e16...9457c9719029945ef9ff36b71d58557443730942) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.15.1...v5.15.2) ### [`v5.15.1`](https://togithub.com/nodejs/undici/releases/tag/v5.15.1) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.15.0...v5.15.1) #### What's Changed - fix(websocket): simplify typedarray copying by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1854 - fix: wpts on node v18.13.0+ by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1859 - perf: allow keep alive for HEAD requests by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#1858 - fix: flaky abort test by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1863 **Full Changelog**: nodejs/undici@v5.15.0...v5.15.1 ### [`v5.15.0`](https://togithub.com/nodejs/undici/releases/tag/v5.15.0) [Compare Source](https://togithub.com/nodejs/undici/compare/v5.14.0...v5.15.0) #### What's Changed - \[types] update ProxyAgent Options (timeout) by [@​sosoba](https://togithub.com/sosoba) in [nodejs/undici#1801 - feat: implement websockets by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1795 - feat(websocket): handle ping/pong frames & fix fragmented frames by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1809 - docs: add basic fetch & company docs by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1810 - make formdata body immutable and encode it only once by [@​jimmywarting](https://togithub.com/jimmywarting) in [nodejs/undici#1814 - test: add regression test for [#​1814](https://togithub.com/nodejs/undici/issues/1814) by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1815 - feat(websocket): only consume necessary bytes by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1812 - websocket: use Buffer.allocUnsafe by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1817 - build(deps-dev): bump [@​sinonjs/fake-timers](https://togithub.com/sinonjs/fake-timers) from 9.1.2 to 10.0.2 by [@​dependabot](https://togithub.com/dependabot) in [nodejs/undici#1819 - fix(websocket): deprecation warning & 64-bit unsigned int body length by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1818 - Use nodejs.stream.destroyed symbol by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#1816 - fetch: removal of redundant condition by [@​debadree25](https://togithub.com/debadree25) in [nodejs/undici#1821 - fix(request): request headers array by [@​jd-carroll](https://togithub.com/jd-carroll) in [nodejs/undici#1807 - fix(websocket): validate payload length received by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1822 - fix(websocket): run parser in loop, instead of recursively by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1828 - fix(fetch): weaker refs by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#1824 - websocket: add tests for opening handshake by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1831 - websocket: add tests for constructor, close, and send by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1832 - websocket: more test coverage by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1833 - fix(WPTs): flaky abort test by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1835 - wpt: add test by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1836 - fix: don't send keep-alive if we want reset by [@​ronag](https://togithub.com/ronag) in [nodejs/undici#1846 - fetch: update body consume to match spec by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1847 - feat: allow connection header in request by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#1829 - feat: add cookie parsing ability by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1848 - fix(cookie): add docs & expose in node v16 by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1849 - fix(cookies): work with global Headers by [@​KhafraDev](https://togithub.com/KhafraDev) in [nodejs/undici#1850 - docs(Dispatcher): adjust documentation for reset flag by [@​metcoder95](https://togithub.com/metcoder95) in [nodejs/undici#1852 - Fix broken interceptor test by [@​mcollina](https://togithub.com/mcollina) in [nodejs/undici#1853 #### New Contributors - [@​sosoba](https://togithub.com/sosoba) made their first contribution in [nodejs/undici#1801 - [@​debadree25](https://togithub.com/debadree25) made their first contribution in [nodejs/undici#1821 - [@​jd-carroll](https://togithub.com/jd-carroll) made their first contribution in [nodejs/undici#1807 **Full Changelog**: nodejs/undici@v5.14.0...v5.15.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/sammyfilly/Canary-nextjs).
1 task
crysmags
pushed a commit
to crysmags/undici
that referenced
this pull request
Feb 27, 2024
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refs: #1811
Before, for every parsing stage, we would concatenate every buffer, even if we only needed to read the first few bytes (for most cases). Now, we can consume
nbytes from the buffers, removing them & handling the total length. This simplifies the logic quite a bit and should improve performance (although there aren't any benchmarks to confirm this).ws implements something similar:
https://github.com/websockets/ws/blob/fb1dfd217861757d60c1d02c6e66b4da3630cc93/lib/receiver.js#L94-L131