From ddb80a20cf375dac434a5add3a8d9b9bbeea74f6 Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne Date: Sat, 5 Dec 2020 01:22:13 +0100 Subject: [PATCH 1/5] ci: migrate to GitHub Actions Due to the recent changes to the Travis CI platform (see [1]), we will now use GitHub Actions to run the tests. Reference: https://docs.github.com/en/free-pro-team@latest/actions/guides/building-and-testing-nodejs [1]: https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing Backported from master: https://github.com/socketio/engine.io/commit/312bd356c743d1df0bd5b62faba42feb5cb8dda0 --- .github/workflows/ci.yml | 24 ++++++++++++++++++++++++ .travis.yml | 9 --------- README.md | 2 +- test/server.js | 2 +- 4 files changed, 26 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/ci.yml delete mode 100644 .travis.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000..0f7c8963a --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,24 @@ +name: CI + +on: + push: + pull_request: + +jobs: + test-node: + runs-on: ubuntu-latest + + strategy: + matrix: + node-version: [8.x] + + steps: + - uses: actions/checkout@v2 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 + with: + node-version: ${{ matrix.node-version }} + - run: npm ci + - run: npm test + env: + CI: true diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index fbda89be8..000000000 --- a/.travis.yml +++ /dev/null @@ -1,9 +0,0 @@ -sudo: false -language: node_js -node_js: - - "8" - - "9" -git: - depth: 1 -notifications: - irc: "irc.freenode.org#socket.io" diff --git a/README.md b/README.md index 7c632064a..6e1854ff9 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Engine.IO: the realtime engine -[![Build Status](https://travis-ci.org/socketio/engine.io.svg?branch=master)](http://travis-ci.org/socketio/engine.io) +[![Build Status](https://github.com/socketio/engine.io/workflows/CI/badge.svg)](https://github.com/socketio/engine.io/actions) [![NPM version](https://badge.fury.io/js/engine.io.svg)](http://badge.fury.io/js/engine.io) `Engine.IO` is the implementation of transport-based diff --git a/test/server.js b/test/server.js index 0d49c8a5b..40b22244f 100644 --- a/test/server.js +++ b/test/server.js @@ -932,7 +932,7 @@ describe('server', function () { it('should trigger transport close before open for ws', function (done) { var opts = { transports: ['websocket'] }; listen(opts, function (port) { - var url = 'ws://%s:%d'.s('0.0.0.50', port); + var url = 'ws://%s:%d'.s('0.0.0.0', port); var socket = new eioc.Socket(url); socket.on('open', function () { done(new Error('Test invalidation')); From f632269ff133d77ce80dacd23867048cba2f7124 Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne Date: Wed, 30 Dec 2020 08:57:15 +0100 Subject: [PATCH 2/5] chore: bump ws version --- package-lock.json | 12 +++++------- package.json | 2 +- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3feabf0e6..c26b6a819 100644 --- a/package-lock.json +++ b/package-lock.json @@ -232,7 +232,8 @@ "async-limiter": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==" + "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==", + "dev": true }, "asynckit": { "version": "0.4.0", @@ -2832,12 +2833,9 @@ } }, "ws": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/ws/-/ws-7.2.0.tgz", - "integrity": "sha512-+SqNqFbwTm/0DC18KYzIsMTnEWpLwJsiasW/O17la4iDRRIO9uaHbvKiAS3AHgTiuuWerK/brj4O6MYZkei9xg==", - "requires": { - "async-limiter": "^1.0.0" - } + "version": "7.4.2", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.2.tgz", + "integrity": "sha512-T4tewALS3+qsrpGI/8dqNMLIVdq/g/85U98HPMa6F0m6xTbvhXU6RCQLqPH3+SlomNV/LdY6RXEbBpMH6EOJnA==" }, "xmlhttprequest-ssl": { "version": "1.5.5", diff --git a/package.json b/package.json index b106ec79f..454060f9e 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "cookie": "0.3.1", "debug": "~4.1.0", "engine.io-parser": "~2.2.0", - "ws": "^7.1.2" + "ws": "~7.4.2" }, "devDependencies": { "babel-eslint": "^8.0.2", From 5ad273601eb66c7b318542f87026837bf9dddd21 Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne Date: Wed, 30 Dec 2020 09:04:16 +0100 Subject: [PATCH 3/5] feat: disable perMessageDeflate by default The WebSocket permessage-deflate extension, while useful is some cases, adds some extra memory overhead for each WebSocket connection, and results in huge memory usage in production deployments. It will now be disabled by default. Backported from master: https://github.com/socketio/engine.io/commit/078527a384b70dc46d99083fa218be5d45213e51 --- README.md | 2 +- lib/server.js | 2 +- test/server.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6e1854ff9..8009d6808 100644 --- a/README.md +++ b/README.md @@ -239,7 +239,7 @@ to a single process. - `allowUpgrades` (`Boolean`): whether to allow transport upgrades (`true`) - `perMessageDeflate` (`Object|Boolean`): parameters of the WebSocket permessage-deflate extension - (see [ws module](https://github.com/einaros/ws) api docs). Set to `false` to disable. (`true`) + (see [ws module](https://github.com/einaros/ws) api docs). Set to `true` to enable. (`false`) - `threshold` (`Number`): data is compressed only if the byte size is above this value (`1024`) - `httpCompression` (`Object|Boolean`): parameters of the http compression for the polling transports (see [zlib](http://nodejs.org/api/zlib.html#zlib_options) api docs). Set to `false` to disable. (`true`) diff --git a/lib/server.js b/lib/server.js index 6d998e8fb..e64c6293a 100644 --- a/lib/server.js +++ b/lib/server.js @@ -47,7 +47,7 @@ function Server (opts) { this.cookie = false !== opts.cookie ? (opts.cookie || 'io') : false; this.cookiePath = false !== opts.cookiePath ? (opts.cookiePath || '/') : false; this.cookieHttpOnly = false !== opts.cookieHttpOnly; - this.perMessageDeflate = false !== opts.perMessageDeflate ? (opts.perMessageDeflate || true) : false; + this.perMessageDeflate = opts.perMessageDeflate || false; this.httpCompression = false !== opts.httpCompression ? (opts.httpCompression || {}) : false; this.initialPacket = opts.initialPacket; diff --git a/test/server.js b/test/server.js index 40b22244f..79c61bf46 100644 --- a/test/server.js +++ b/test/server.js @@ -2503,7 +2503,7 @@ describe('server', function () { }); it('should not compress when the byte size is below threshold', function (done) { - var engine = listen({ transports: ['websocket'] }, function (port) { + var engine = listen({ transports: ['websocket'], perMessageDeflate: true }, function (port) { engine.on('connection', function (conn) { var socket = conn.transport.socket; var send = socket.send; From 19cc58264a06dca47ed401fbaca32dcdb80a903b Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne Date: Wed, 30 Dec 2020 09:19:14 +0100 Subject: [PATCH 4/5] feat: add support for all cookie options The "cookie" options can now be an object, which will be forwarded to the "cookie" module. The previous syntax is still valid: ``` new Server({ cookieName: "test", cookieHttpOnly: false, cookiePath: "/custom" }) ``` but the new syntax add support for all options: ``` new Server({ cookie: { name: "test", httpOnly: false, path: "/custom" sameSite: "lax" } }) ``` Reference: https://github.com/jshttp/cookie#options-1 Backported from master: https://github.com/socketio/engine.io/commit/a374471d06e3681a769766a1d068898182f9305f --- lib/server.js | 16 ++++++++++------ package-lock.json | 6 +++--- package.json | 2 +- test/server.js | 19 +++++++++++++++++++ 4 files changed, 33 insertions(+), 10 deletions(-) diff --git a/lib/server.js b/lib/server.js index e64c6293a..c691561b6 100644 --- a/lib/server.js +++ b/lib/server.js @@ -316,12 +316,16 @@ Server.prototype.handshake = function (transportName, req) { if (false !== this.cookie) { transport.on('headers', function (headers) { - headers['Set-Cookie'] = cookieMod.serialize(self.cookie, id, - { - path: self.cookiePath, - httpOnly: self.cookiePath ? self.cookieHttpOnly : false, - sameSite: true - }); + if (typeof self.cookie === 'object') { + headers['Set-Cookie'] = cookieMod.serialize(self.cookie.name, id, self.cookie); + } else { + headers['Set-Cookie'] = cookieMod.serialize(self.cookie, id, + { + path: self.cookiePath, + httpOnly: self.cookiePath ? self.cookieHttpOnly : false, + sameSite: true + }); + } }); } diff --git a/package-lock.json b/package-lock.json index c26b6a819..b8b1b6827 100644 --- a/package-lock.json +++ b/package-lock.json @@ -975,9 +975,9 @@ "dev": true }, "cookie": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz", - "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s=" + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz", + "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==" }, "cookiejar": { "version": "2.1.2", diff --git a/package.json b/package.json index 454060f9e..3fd22d64d 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "dependencies": { "accepts": "~1.3.4", "base64id": "2.0.0", - "cookie": "0.3.1", + "cookie": "~0.4.1", "debug": "~4.1.0", "engine.io-parser": "~2.2.0", "ws": "~7.4.2" diff --git a/test/server.js b/test/server.js index 79c61bf46..d34f2f235 100644 --- a/test/server.js +++ b/test/server.js @@ -123,6 +123,25 @@ describe('server', function () { }); }); + it('should forward all cookie options', function (done) { + listen({ cookie: { + name: 'woot', + path: '/test', + httpOnly: true, + sameSite: 'lax' + }}, function (port) { + request.get('http://localhost:%d/engine.io/default/'.s(port)) + .query({ transport: 'polling', b64: 1 }) + .end(function (err, res) { + expect(err).to.be(null); + // hack-obtain sid + var sid = res.text.match(/"sid":"([^"]+)"/)[1]; + expect(res.headers['set-cookie'][0]).to.be('woot=' + sid + '; Path=/test; HttpOnly; SameSite=Lax'); + done(); + }); + }); + }); + it('should send the io cookie custom name', function (done) { listen({ cookie: 'woot' }, function (port) { request.get('http://localhost:%d/engine.io/default/'.s(port)) From b9dee7ba6700b7523a009f1c90ef98b603941f6e Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne Date: Wed, 30 Dec 2020 09:50:38 +0100 Subject: [PATCH 5/5] chore(release): 3.5.0 Diff: https://github.com/socketio/engine.io/compare/3.4.2...3.5.0 --- CHANGELOG.md | 10 +++++++ package-lock.json | 75 +++++++++++++++++------------------------------ package.json | 4 +-- 3 files changed, 39 insertions(+), 50 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c234bc0d4..8b2261fd1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +# [3.5.0](https://github.com/socketio/engine.io/compare/3.4.2...3.5.0) (2020-12-30) + + +### Features + +* add support for all cookie options ([19cc582](https://github.com/socketio/engine.io/commit/19cc58264a06dca47ed401fbaca32dcdb80a903b)), closes [/github.com/jshttp/cookie#options-1](https://github.com//github.com/jshttp/cookie/issues/options-1) +* disable perMessageDeflate by default ([5ad2736](https://github.com/socketio/engine.io/commit/5ad273601eb66c7b318542f87026837bf9dddd21)) + + + ## [3.4.2](https://github.com/socketio/engine.io/compare/3.4.1...3.4.2) (2020-06-04) diff --git a/package-lock.json b/package-lock.json index b8b1b6827..3e4105f83 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "engine.io", - "version": "3.4.2", + "version": "3.5.0", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -229,12 +229,6 @@ "resolved": "https://registry.npmjs.org/arraybuffer.slice/-/arraybuffer.slice-0.0.7.tgz", "integrity": "sha512-wGUIVQXuehL5TCqQun8OW81jGzAWycqzFF8lFp+GOM5BXLYj3bKNsYC4daB7n6XjCqxQA/qgTJ+8ANR3acjrog==" }, - "async-limiter": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==", - "dev": true - }, "asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", @@ -807,15 +801,6 @@ "resolved": "https://registry.npmjs.org/base64id/-/base64id-2.0.0.tgz", "integrity": "sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==" }, - "better-assert": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/better-assert/-/better-assert-1.0.2.tgz", - "integrity": "sha1-QIZrnhueC1W0gYlDEeaPr/rrxSI=", - "dev": true, - "requires": { - "callsite": "1.0.0" - } - }, "blob": { "version": "0.0.5", "resolved": "https://registry.npmjs.org/blob/-/blob-0.0.5.tgz", @@ -852,12 +837,6 @@ "callsites": "^0.2.0" } }, - "callsite": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/callsite/-/callsite-1.0.0.tgz", - "integrity": "sha1-KAOY5dZkvXQDi28JBRU+borxvCA=", - "dev": true - }, "callsites": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-0.2.0.tgz", @@ -1053,20 +1032,20 @@ } }, "engine.io-client": { - "version": "3.4.2", - "resolved": "https://registry.npmjs.org/engine.io-client/-/engine.io-client-3.4.2.tgz", - "integrity": "sha512-AWjc1Xg06a6UPFOBAzJf48W1UR/qKYmv/ubgSCumo9GXgvL/xGIvo05dXoBL+2NTLMipDI7in8xK61C17L25xg==", + "version": "3.5.0", + "resolved": "https://registry.npmjs.org/engine.io-client/-/engine.io-client-3.5.0.tgz", + "integrity": "sha512-12wPRfMrugVw/DNyJk34GQ5vIVArEcVMXWugQGGuw2XxUSztFNmJggZmv8IZlLyEdnpO1QB9LkcjeWewO2vxtA==", "dev": true, "requires": { "component-emitter": "~1.3.0", "component-inherit": "0.0.3", - "debug": "~4.1.0", + "debug": "~3.1.0", "engine.io-parser": "~2.2.0", "has-cors": "1.1.0", "indexof": "0.0.1", - "parseqs": "0.0.5", - "parseuri": "0.0.5", - "ws": "~6.1.0", + "parseqs": "0.0.6", + "parseuri": "0.0.6", + "ws": "~7.4.2", "xmlhttprequest-ssl": "~1.5.4", "yeast": "0.1.2" }, @@ -1077,14 +1056,20 @@ "integrity": "sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==", "dev": true }, - "ws": { - "version": "6.1.4", - "resolved": "https://registry.npmjs.org/ws/-/ws-6.1.4.tgz", - "integrity": "sha512-eqZfL+NE/YQc1/ZynhojeV8q+H050oR8AZ2uIev7RU10svA9ZnJUddHcOUZTJLinZ9yEfdA2kSATS2qZK5fhJA==", + "debug": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", + "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", "dev": true, "requires": { - "async-limiter": "~1.0.0" + "ms": "2.0.0" } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true } } }, @@ -2171,22 +2156,16 @@ } }, "parseqs": { - "version": "0.0.5", - "resolved": "https://registry.npmjs.org/parseqs/-/parseqs-0.0.5.tgz", - "integrity": "sha1-1SCKNzjkZ2bikbouoXNoSSGouJ0=", - "dev": true, - "requires": { - "better-assert": "~1.0.0" - } + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/parseqs/-/parseqs-0.0.6.tgz", + "integrity": "sha512-jeAGzMDbfSHHA091hr0r31eYfTig+29g3GKKE/PPbEQ65X0lmMwlEoqmhzu0iztID5uJpZsFlUPDP8ThPL7M8w==", + "dev": true }, "parseuri": { - "version": "0.0.5", - "resolved": "https://registry.npmjs.org/parseuri/-/parseuri-0.0.5.tgz", - "integrity": "sha1-gCBKUNTbt3m/3G6+J3jZDkvOMgo=", - "dev": true, - "requires": { - "better-assert": "~1.0.0" - } + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/parseuri/-/parseuri-0.0.6.tgz", + "integrity": "sha512-AUjen8sAkGgao7UyCX6Ahv0gIK2fABKmYjvP4xmy5JaKvcbTRueIqIPHLAfq30xJddqSE033IOMUSOMCcK3Sow==", + "dev": true }, "path-is-absolute": { "version": "1.0.1", diff --git a/package.json b/package.json index 3fd22d64d..cdf25fcaa 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "engine.io", - "version": "3.4.2", + "version": "3.5.0", "description": "The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server", "main": "lib/engine.io", "author": "Guillermo Rauch ", @@ -35,7 +35,7 @@ "devDependencies": { "babel-eslint": "^8.0.2", "babel-preset-es2015": "^6.24.0", - "engine.io-client": "3.4.2", + "engine.io-client": "3.5.0", "eslint": "^4.5.0", "eslint-config-standard": "^10.2.1", "eslint-plugin-import": "^2.7.0",