diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000..0f7c8963a --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,24 @@ +name: CI + +on: + push: + pull_request: + +jobs: + test-node: + runs-on: ubuntu-latest + + strategy: + matrix: + node-version: [8.x] + + steps: + - uses: actions/checkout@v2 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 + with: + node-version: ${{ matrix.node-version }} + - run: npm ci + - run: npm test + env: + CI: true diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index fbda89be8..000000000 --- a/.travis.yml +++ /dev/null @@ -1,9 +0,0 @@ -sudo: false -language: node_js -node_js: - - "8" - - "9" -git: - depth: 1 -notifications: - irc: "irc.freenode.org#socket.io" diff --git a/CHANGELOG.md b/CHANGELOG.md index c234bc0d4..8b2261fd1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +# [3.5.0](https://github.com/socketio/engine.io/compare/3.4.2...3.5.0) (2020-12-30) + + +### Features + +* add support for all cookie options ([19cc582](https://github.com/socketio/engine.io/commit/19cc58264a06dca47ed401fbaca32dcdb80a903b)), closes [/github.com/jshttp/cookie#options-1](https://github.com//github.com/jshttp/cookie/issues/options-1) +* disable perMessageDeflate by default ([5ad2736](https://github.com/socketio/engine.io/commit/5ad273601eb66c7b318542f87026837bf9dddd21)) + + + ## [3.4.2](https://github.com/socketio/engine.io/compare/3.4.1...3.4.2) (2020-06-04) diff --git a/README.md b/README.md index 7c632064a..8009d6808 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Engine.IO: the realtime engine -[![Build Status](https://travis-ci.org/socketio/engine.io.svg?branch=master)](http://travis-ci.org/socketio/engine.io) +[![Build Status](https://github.com/socketio/engine.io/workflows/CI/badge.svg)](https://github.com/socketio/engine.io/actions) [![NPM version](https://badge.fury.io/js/engine.io.svg)](http://badge.fury.io/js/engine.io) `Engine.IO` is the implementation of transport-based @@ -239,7 +239,7 @@ to a single process. - `allowUpgrades` (`Boolean`): whether to allow transport upgrades (`true`) - `perMessageDeflate` (`Object|Boolean`): parameters of the WebSocket permessage-deflate extension - (see [ws module](https://github.com/einaros/ws) api docs). Set to `false` to disable. (`true`) + (see [ws module](https://github.com/einaros/ws) api docs). Set to `true` to enable. (`false`) - `threshold` (`Number`): data is compressed only if the byte size is above this value (`1024`) - `httpCompression` (`Object|Boolean`): parameters of the http compression for the polling transports (see [zlib](http://nodejs.org/api/zlib.html#zlib_options) api docs). Set to `false` to disable. (`true`) diff --git a/lib/server.js b/lib/server.js index 6d998e8fb..c691561b6 100644 --- a/lib/server.js +++ b/lib/server.js @@ -47,7 +47,7 @@ function Server (opts) { this.cookie = false !== opts.cookie ? (opts.cookie || 'io') : false; this.cookiePath = false !== opts.cookiePath ? (opts.cookiePath || '/') : false; this.cookieHttpOnly = false !== opts.cookieHttpOnly; - this.perMessageDeflate = false !== opts.perMessageDeflate ? (opts.perMessageDeflate || true) : false; + this.perMessageDeflate = opts.perMessageDeflate || false; this.httpCompression = false !== opts.httpCompression ? (opts.httpCompression || {}) : false; this.initialPacket = opts.initialPacket; @@ -316,12 +316,16 @@ Server.prototype.handshake = function (transportName, req) { if (false !== this.cookie) { transport.on('headers', function (headers) { - headers['Set-Cookie'] = cookieMod.serialize(self.cookie, id, - { - path: self.cookiePath, - httpOnly: self.cookiePath ? self.cookieHttpOnly : false, - sameSite: true - }); + if (typeof self.cookie === 'object') { + headers['Set-Cookie'] = cookieMod.serialize(self.cookie.name, id, self.cookie); + } else { + headers['Set-Cookie'] = cookieMod.serialize(self.cookie, id, + { + path: self.cookiePath, + httpOnly: self.cookiePath ? self.cookieHttpOnly : false, + sameSite: true + }); + } }); } diff --git a/package-lock.json b/package-lock.json index 3feabf0e6..3e4105f83 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "engine.io", - "version": "3.4.2", + "version": "3.5.0", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -229,11 +229,6 @@ "resolved": "https://registry.npmjs.org/arraybuffer.slice/-/arraybuffer.slice-0.0.7.tgz", "integrity": "sha512-wGUIVQXuehL5TCqQun8OW81jGzAWycqzFF8lFp+GOM5BXLYj3bKNsYC4daB7n6XjCqxQA/qgTJ+8ANR3acjrog==" }, - "async-limiter": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==" - }, "asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", @@ -806,15 +801,6 @@ "resolved": "https://registry.npmjs.org/base64id/-/base64id-2.0.0.tgz", "integrity": "sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==" }, - "better-assert": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/better-assert/-/better-assert-1.0.2.tgz", - "integrity": "sha1-QIZrnhueC1W0gYlDEeaPr/rrxSI=", - "dev": true, - "requires": { - "callsite": "1.0.0" - } - }, "blob": { "version": "0.0.5", "resolved": "https://registry.npmjs.org/blob/-/blob-0.0.5.tgz", @@ -851,12 +837,6 @@ "callsites": "^0.2.0" } }, - "callsite": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/callsite/-/callsite-1.0.0.tgz", - "integrity": "sha1-KAOY5dZkvXQDi28JBRU+borxvCA=", - "dev": true - }, "callsites": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-0.2.0.tgz", @@ -974,9 +954,9 @@ "dev": true }, "cookie": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz", - "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s=" + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz", + "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==" }, "cookiejar": { "version": "2.1.2", @@ -1052,20 +1032,20 @@ } }, "engine.io-client": { - "version": "3.4.2", - "resolved": "https://registry.npmjs.org/engine.io-client/-/engine.io-client-3.4.2.tgz", - "integrity": "sha512-AWjc1Xg06a6UPFOBAzJf48W1UR/qKYmv/ubgSCumo9GXgvL/xGIvo05dXoBL+2NTLMipDI7in8xK61C17L25xg==", + "version": "3.5.0", + "resolved": "https://registry.npmjs.org/engine.io-client/-/engine.io-client-3.5.0.tgz", + "integrity": "sha512-12wPRfMrugVw/DNyJk34GQ5vIVArEcVMXWugQGGuw2XxUSztFNmJggZmv8IZlLyEdnpO1QB9LkcjeWewO2vxtA==", "dev": true, "requires": { "component-emitter": "~1.3.0", "component-inherit": "0.0.3", - "debug": "~4.1.0", + "debug": "~3.1.0", "engine.io-parser": "~2.2.0", "has-cors": "1.1.0", "indexof": "0.0.1", - "parseqs": "0.0.5", - "parseuri": "0.0.5", - "ws": "~6.1.0", + "parseqs": "0.0.6", + "parseuri": "0.0.6", + "ws": "~7.4.2", "xmlhttprequest-ssl": "~1.5.4", "yeast": "0.1.2" }, @@ -1076,14 +1056,20 @@ "integrity": "sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==", "dev": true }, - "ws": { - "version": "6.1.4", - "resolved": "https://registry.npmjs.org/ws/-/ws-6.1.4.tgz", - "integrity": "sha512-eqZfL+NE/YQc1/ZynhojeV8q+H050oR8AZ2uIev7RU10svA9ZnJUddHcOUZTJLinZ9yEfdA2kSATS2qZK5fhJA==", + "debug": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", + "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", "dev": true, "requires": { - "async-limiter": "~1.0.0" + "ms": "2.0.0" } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true } } }, @@ -2170,22 +2156,16 @@ } }, "parseqs": { - "version": "0.0.5", - "resolved": "https://registry.npmjs.org/parseqs/-/parseqs-0.0.5.tgz", - "integrity": "sha1-1SCKNzjkZ2bikbouoXNoSSGouJ0=", - "dev": true, - "requires": { - "better-assert": "~1.0.0" - } + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/parseqs/-/parseqs-0.0.6.tgz", + "integrity": "sha512-jeAGzMDbfSHHA091hr0r31eYfTig+29g3GKKE/PPbEQ65X0lmMwlEoqmhzu0iztID5uJpZsFlUPDP8ThPL7M8w==", + "dev": true }, "parseuri": { - "version": "0.0.5", - "resolved": "https://registry.npmjs.org/parseuri/-/parseuri-0.0.5.tgz", - "integrity": "sha1-gCBKUNTbt3m/3G6+J3jZDkvOMgo=", - "dev": true, - "requires": { - "better-assert": "~1.0.0" - } + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/parseuri/-/parseuri-0.0.6.tgz", + "integrity": "sha512-AUjen8sAkGgao7UyCX6Ahv0gIK2fABKmYjvP4xmy5JaKvcbTRueIqIPHLAfq30xJddqSE033IOMUSOMCcK3Sow==", + "dev": true }, "path-is-absolute": { "version": "1.0.1", @@ -2832,12 +2812,9 @@ } }, "ws": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/ws/-/ws-7.2.0.tgz", - "integrity": "sha512-+SqNqFbwTm/0DC18KYzIsMTnEWpLwJsiasW/O17la4iDRRIO9uaHbvKiAS3AHgTiuuWerK/brj4O6MYZkei9xg==", - "requires": { - "async-limiter": "^1.0.0" - } + "version": "7.4.2", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.2.tgz", + "integrity": "sha512-T4tewALS3+qsrpGI/8dqNMLIVdq/g/85U98HPMa6F0m6xTbvhXU6RCQLqPH3+SlomNV/LdY6RXEbBpMH6EOJnA==" }, "xmlhttprequest-ssl": { "version": "1.5.5", diff --git a/package.json b/package.json index b106ec79f..cdf25fcaa 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "engine.io", - "version": "3.4.2", + "version": "3.5.0", "description": "The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server", "main": "lib/engine.io", "author": "Guillermo Rauch ", @@ -27,15 +27,15 @@ "dependencies": { "accepts": "~1.3.4", "base64id": "2.0.0", - "cookie": "0.3.1", + "cookie": "~0.4.1", "debug": "~4.1.0", "engine.io-parser": "~2.2.0", - "ws": "^7.1.2" + "ws": "~7.4.2" }, "devDependencies": { "babel-eslint": "^8.0.2", "babel-preset-es2015": "^6.24.0", - "engine.io-client": "3.4.2", + "engine.io-client": "3.5.0", "eslint": "^4.5.0", "eslint-config-standard": "^10.2.1", "eslint-plugin-import": "^2.7.0", diff --git a/test/server.js b/test/server.js index 0d49c8a5b..d34f2f235 100644 --- a/test/server.js +++ b/test/server.js @@ -123,6 +123,25 @@ describe('server', function () { }); }); + it('should forward all cookie options', function (done) { + listen({ cookie: { + name: 'woot', + path: '/test', + httpOnly: true, + sameSite: 'lax' + }}, function (port) { + request.get('http://localhost:%d/engine.io/default/'.s(port)) + .query({ transport: 'polling', b64: 1 }) + .end(function (err, res) { + expect(err).to.be(null); + // hack-obtain sid + var sid = res.text.match(/"sid":"([^"]+)"/)[1]; + expect(res.headers['set-cookie'][0]).to.be('woot=' + sid + '; Path=/test; HttpOnly; SameSite=Lax'); + done(); + }); + }); + }); + it('should send the io cookie custom name', function (done) { listen({ cookie: 'woot' }, function (port) { request.get('http://localhost:%d/engine.io/default/'.s(port)) @@ -932,7 +951,7 @@ describe('server', function () { it('should trigger transport close before open for ws', function (done) { var opts = { transports: ['websocket'] }; listen(opts, function (port) { - var url = 'ws://%s:%d'.s('0.0.0.50', port); + var url = 'ws://%s:%d'.s('0.0.0.0', port); var socket = new eioc.Socket(url); socket.on('open', function () { done(new Error('Test invalidation')); @@ -2503,7 +2522,7 @@ describe('server', function () { }); it('should not compress when the byte size is below threshold', function (done) { - var engine = listen({ transports: ['websocket'] }, function (port) { + var engine = listen({ transports: ['websocket'], perMessageDeflate: true }, function (port) { engine.on('connection', function (conn) { var socket = conn.transport.socket; var send = socket.send;