Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(513)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: pkg/shelf_web_socket/lib/src/web_socket_handler.dart

Issue 297593003: Add a shelf_web_socket package. (Closed) Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart
Patch Set: fixes Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « pkg/shelf_web_socket/lib/shelf_web_socket.dart ('k') | pkg/shelf_web_socket/pubspec.yaml » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2014, the Dart project authors. Please see the AUTHORS file
2 // for details. All rights reserved. Use of this source code is governed by a
3 // BSD-style license that can be found in the LICENSE file.
4
5 library shelf_web_socket.web_socket_handler;
6
7 import 'dart:convert';
8
9 import 'package:http_parser/http_parser.dart';
10 import 'package:shelf/shelf.dart';
11
12 /// A class that exposes a handler for upgrading WebSocket requests.
13 class WebSocketHandler {
14 /// The function to call when a request is upgraded.
15 final Function _onConnection;
16
17 /// The set of protocols the user supports, or `null`.
18 final Set<String> _protocols;
19
20 /// The set of allowed browser origin connections, or `null`..
21 final Set<String> _allowedOrigins;
22
23 WebSocketHandler(this._onConnection, this._protocols, this._allowedOrigins);
24
25 /// The [Handler].
26 Response handle(Request request) {
27 if (request.method != 'GET') return _notFound();
28
29 var connection = request.headers['Connection'];
30 if (connection == null) return _notFound();
31 if (connection.toLowerCase() != 'upgrade') return _notFound();
32
33 var upgrade = request.headers['Upgrade'];
34 if (upgrade == null) return _notFound();
35 if (upgrade.toLowerCase() != 'websocket') return _notFound();
36
37 var version = request.headers['Sec-WebSocket-Version'];
38 if (version == null) {
39 return _badRequest('missing Sec-WebSocket-Version header.');
40 } else if (version != '13') {
41 return _notFound();
42 }
43
44 if (request.protocolVersion != '1.1') {
45 return _badRequest('unexpected HTTP version '
46 '"${request.protocolVersion}".');
47 }
48
49 var key = request.headers['Sec-WebSocket-Key'];
50 if (key == null) return _badRequest('missing Sec-WebSocket-Key header.');
51
52 if (!request.canHijack) {
53 throw new ArgumentError("webSocketHandler may only be used with a server "
54 "that supports request hijacking.");
55 }
56
57 // The Origin header is always set by browser connections. By filtering out
58 // unexpected origins, we ensure that malicious JavaScript is unable to fake
59 // a WebSocket handshake.
60 var origin = request.headers['Origin'];
61 if (origin != null && _allowedOrigins != null &&
62 !_allowedOrigins.contains(origin.toLowerCase())) {
63 return _forbidden('invalid origin "$origin".');
64 }
65
66 var protocol = _chooseProtocol(request);
67 request.hijack((stream, byteSink) {
68 var sink = UTF8.encoder.startChunkedConversion(byteSink);
69 sink.add(
70 "HTTP/1.1 101 Switching Protocols\r\n"
71 "Upgrade: websocket\r\n"
72 "Connection: Upgrade\r\n"
73 "Sec-WebSocket-Accept: ${CompatibleWebSocket.signKey(key)}\r\n");
74 if (protocol != null) sink.add("Sec-WebSocket-Protocol: $protocol\r\n");
75 sink.add("\r\n");
76
77 _onConnection(new CompatibleWebSocket(stream, sink: byteSink), protocol);
78 });
79
80 // [request.hijack] is guaranteed to throw a [HijackException], so we'll
81 // never get here.
82 assert(false);
83 return null;
84 }
85
86 /// Selects a subprotocol to use for the given connection.
87 ///
88 /// If no matching protocol can be found, returns `null`.
89 String _chooseProtocol(Request request) {
90 var protocols = request.headers['Sec-WebSocket-Protocol'];
91 if (protocols == null) return null;
92 for (var protocol in protocols.split(',')) {
93 protocol = protocol.trim();
94 if (_protocols.contains(protocol)) return protocol;
95 }
96 return null;
97 }
98
99 /// Returns a 404 Not Found response.
100 Response _notFound() => _htmlResponse(404, "404 Not Found",
101 "Only WebSocket connections are supported.");
102
103 /// Returns a 400 Bad Request response.
104 ///
105 /// [message] will be HTML-escaped before being included in the response body.
106 Response _badRequest(String message) => _htmlResponse(400, "400 Bad Request",
107 "Invalid WebSocket upgrade request: $message");
108
109 /// Returns a 403 Forbidden response.
110 ///
111 /// [message] will be HTML-escaped before being included in the response body.
112 Response _forbidden(String message) => _htmlResponse(403, "403 Forbidden",
113 "WebSocket upgrade refused: $message");
114
115 /// Creates an HTTP response with the given [statusCode] and an HTML body with
116 /// [title] and [message].
117 ///
118 /// [title] and [message] will be automatically HTML-escaped.
119 Response _htmlResponse(int statusCode, String title, String message) {
120 title = HTML_ESCAPE.convert(title);
121 message = HTML_ESCAPE.convert(message);
122 return new Response(statusCode, body: """
123 <!doctype html>
124 <html>
125 <head><title>$title</title></head>
126 <body>
127 <h1>$title</h1>
128 <p>$message</p>
129 </body>
130 </html>
131 """, headers: {'content-type': 'text/html'});
132 }
133 }
OLDNEW
« no previous file with comments | « pkg/shelf_web_socket/lib/shelf_web_socket.dart ('k') | pkg/shelf_web_socket/pubspec.yaml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698