OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2014, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. |
| 4 |
| 5 library shelf_web_socket; |
| 6 |
| 7 import 'package:shelf/shelf.dart'; |
| 8 |
| 9 import 'src/web_socket_handler.dart'; |
| 10 |
| 11 /// A typedef used to determine if a function takes two arguments or not. |
| 12 typedef _BinaryFunction(arg1, arg2); |
| 13 |
| 14 /// Creates a Shelf handler that upgrades HTTP requests to WebSocket |
| 15 /// connections. |
| 16 /// |
| 17 /// Only valid WebSocket upgrade requests are upgraded. If a request doesn't |
| 18 /// look like a WebSocket upgrade request, a 404 Not Found is returned; if a |
| 19 /// request looks like an upgrade request but is invalid, a 400 Bad Request is |
| 20 /// returned; and if a request is a valid upgrade request but has an origin that |
| 21 /// doesn't match [allowedOrigins] (see below), a 403 Forbidden is returned. |
| 22 /// This means that this can be placed first in a [Cascade] and only upgrade |
| 23 /// requests will be handled. |
| 24 /// |
| 25 /// The [onConnection] must take a [CompatibleWebSocket] as its first argument. |
| 26 /// It may also take a string, the [WebSocket subprotocol][], as its second |
| 27 /// argument. The subprotocol is determined by looking at the client's |
| 28 /// `Sec-WebSocket-Protocol` header and selecting the first entry that also |
| 29 /// appears in [protocols]. If no subprotocols are shared between the client and |
| 30 /// the server, `null` will be passed instead. Note that if [onConnection] takes |
| 31 /// two arguments, [protocols] must be passed. |
| 32 /// |
| 33 /// [WebSocket subprotocol]: https://tools.ietf.org/html/rfc6455#section-1.9 |
| 34 /// |
| 35 /// If [allowedOrigins] is passed, browser connections will only be accepted if |
| 36 /// they're made by a script from one of the given origins. This ensures that |
| 37 /// malicious scripts running in the browser are unable to fake a WebSocket |
| 38 /// handshake. Note that non-browser programs can still make connections freely. |
| 39 /// See also the WebSocket spec's discussion of [origin considerations][]. |
| 40 /// |
| 41 /// [origin considerations]: https://tools.ietf.org/html/rfc6455#section-10.2 |
| 42 Handler webSocketHandler(Function onConnection, {Iterable<String> protocols, |
| 43 Iterable<String> allowedOrigins}) { |
| 44 if (protocols != null) protocols = protocols.toSet(); |
| 45 if (allowedOrigins != null) { |
| 46 allowedOrigins = allowedOrigins |
| 47 .map((origin) => origin.toLowerCase()).toSet(); |
| 48 } |
| 49 |
| 50 if (onConnection is! _BinaryFunction) { |
| 51 if (protocols != null) { |
| 52 throw new ArgumentError("If protocols is non-null, onConnection must " |
| 53 "take two arguments, the WebSocket and the protocol."); |
| 54 } |
| 55 |
| 56 var innerOnConnection = onConnection; |
| 57 onConnection = (webSocket, _) => innerOnConnection(webSocket); |
| 58 } |
| 59 |
| 60 return new WebSocketHandler(onConnection, protocols, allowedOrigins).handle; |
| 61 } |
OLD | NEW |