sockjs / sockjs-node Goto Github PK
View Code? Open in Web Editor NEWWebSocket emulation - Node.js server
Home Page: http://sockjs.org
License: MIT License
WebSocket emulation - Node.js server
Home Page: http://sockjs.org
License: MIT License
In SockJS 0.2.1 we removed the Origin
header from the white list of not-terribly-bad headers that can be exposed to the app.
Apparently, there are some proper uses of that header - namely for logging. We should bring back this header, just clear it up for the iframe transports.
There is no way for a client to "gracefully" close the SockJS connection (.close
on the client just drops the connection on the floor). But there is a way to request the client to disconnect from the server. It would be nice to be able to distinguish on the server side between:
Although, I'm not sure how useful that is in practice.
Protocol changes: sockjs/sockjs-protocol#7
Hi!
At webjs.coffee L#74 sheduled is an unconditional call to log
function. When connection rate is high, these ordinary messages do flood. Please, consider making them optional.
TIA,
--Vladimir
WebSocket disconnect_delay should be 15ms or less. The current delay of 5 seconds makes no sense for this transport.
With about 3k users connected we're getting a ridiculous number of logs like:
GET /sockets/568/40y6ze7z/websocket 2ms (unfinished)
GET /sockets/664/qoj9_gr2/websocket 1ms (unfinished)
What do they mean and how can I stop them?
Thanks!
Some people suggest sockjs-node is not very good in terms of memory usage:
I did a few simple benchmarks and it went well. Under real load it seems to be performing well, but the memory usage is a bit high ( ~400 MB for 1000 connections)!
We should investigate what's happening.
Sockjs responds with ws:// while safari expects wss://, see:
https://sockjs.popcnt.org/tests-qunit.html?filter=websocket%3A%20echo1
We should give the user an option to opt-in to repond with wss to all requests that come from https Origin.
In #16 we've refactored the API. We should keep the old API for a while (and print 'deprectated' warning) to avoid annoying our users.
How do we relate to http://blog.silktide.com/2011/05/cookie-law-makes-most-uk-websites-illegal-what-you-need-to-know/ ?
Shouldn't we drop cookies in favor of other techniques?
So that you can stream from/to other sockets to the browser
http://nodejs.org/docs/v0.5.7/api/streams.html#stream.pipe
As reported by gdamjan in sockjs/sockjs-client#11
debug
flag or something?logging
module for node? What other frameworks use?A banner is a must-have for any decent server. Matthew proposes:
_---\
\ \
\ \
\ \
\ \
\ \
/ |
/ -/
,-' /
\___--'
It's used only for $.extend, not enough to justify a heavy dependency.
Opera claims that they have implemented WebSockets. They can be enabled using this config item: opera:config#UserPrefs|EnableWebSockets . Currently, it doesn't work with SockJS-node, it would be nice if it worked.
http://dev.w3.org/html5/websockets/ :
When the WebSocket connection is closed, possibly cleanly, the user agent must queue a task to run the following substeps:
Create an event that uses the CloseEvent interface, with the event name close, which does not bubble, is not
cancelable, has no default action, whose wasClean attribute is initialized to true if the connection closed cleanly and
false otherwise, whose code attribute is initialized to the WebSocket connection close code, and whose reason
attribute is initialized to the WebSocket connection close reason decoded as UTF-8, with error handling, and dispatch
the event at the WebSocket object. [WSP]
Please, consider replacing (or aliasing) status
property with code
property, and introducing wasClean
property which is code === 1000
TIA,
--Vladimir
FF 6.0.2 (at least) sends Connection: keep-alive, Upgrade
. Not surprisingly, receives 400, Connection must be "Upgrade"
.
Please, consider introducing more flexible analysis, or invalidate the way FF opens WebSocket connections.
TIA,
--Vladimir
We should expose origin
on a session.
We should also expose referrer
Instead of having a custom websocket implementation, let's use @jcoglan 's one:
https://github.com/jcoglan/faye-websocket-node
Just thought I would put this in here so someone else can find it maybe this could go in a readme/wiki page somewhere.
I couldn't get npm working. It doesn't even download the "src" folder (it gets "examples", "node_modules" and the top level files) but gives me no errors just the following output:
npm http GET https://registry.npmjs.org/sockjs
npm http 304 https://registry.npmjs.org/sockjs
npm http GET https://registry.npmjs.org/faye-websocket/0.4.0
npm http GET https://registry.npmjs.org/node-uuid/1.3.3
npm http 304 https://registry.npmjs.org/faye-websocket/0.4.0
npm http 304 https://registry.npmjs.org/node-uuid/1.3.3
[email protected] ./node_modules/sockjs
├── [email protected]
└── [email protected]
But I got it working manually with the following steps:
.\node_modules.bin\coffee -o lib -c src\chunking-test.coffee
.\node_modules.bin\coffee -o lib -c src\iframe.coffee
.\node_modules.bin\coffee -o lib -c src\sockjs.coffee
(for some reason coffee didn't like *.coffee in windows)
npm install faye-websocket
npm install node-uuid
npm install node-static```
5. Try to run the echo sample with "node examples\echo\server.js" and browse to "http://127.0.0.1:9999".
6. It failed for me with the error:
Error: The "sys" module is now called "util".
at sys.js:1:69
at NativeModule.compile (node.js:548:5)
7. So I replaced the "node_modules\node-static\examples\file-server.js" and "node_modules\node_static\lib\node-static.js" :
```require('sys')```
to be
```require('util')```
Then the echo sample works.
Released examples are wrong, and are using old 0.0 sockjs javascript. Need to do a new release.
eg, what happens if there is not a transport available? (I have disabled all transports other than websockets for our server - was necessary)
var sock = this.socket = new SockJS(this.server_url + '/sockets', ['websocket']);
sock.onopen = function() {
};
sock.onmessage = function(e) {
if (e.data === self.channel) self.retrieve();
};
sock.onclose = function() {
self.failures++;
if (self.failures > 5) self.start_polling();
else setTimeout(function() { self.connect(); }, 1000);
};
So in that case, is there a way for me to recognize that the websocket will not work?
(btw, I have tested this app with socket.io, the native node-websocket implementation, and sockjs, and so far sockjs is the best all-around)
How does sockjs deal with cluster (node 0.6.x baked-in)? Is this somewhere in the documentation? What will happen when opening a socket on several cluster workers simultaneously?
Installing sockjs with npm submodule sockjs
installs the old repository (github.com/majek).
SyntaxError: Unexpected token ILLEGAL
at Object.parse (native)
at Object.xhr_send (/sockjs-node/lib/trans-xhr.js:48:16)
at /sockjs-node/lib/webjs.js:15:37
at /sockjs-node/lib/webjs.js:91:18
at IncomingMessage.<anonymous> (/sockjs-node/lib/webjs.js:260:16)
at IncomingMessage.emit (events.js:61:17)
at HTTPParser.onMessageComplete (http.js:133:23)
at Socket.ondata (http.js:1018:22)
at Socket._onReadable (net.js:683:27)
at IOWatcher.onReadable [as callback] (net.js:177:10)
WebSocket transports are inefficient, especially trans-websocket-hybi10.coffee, which iterates character-by-character.
In #36 we started using faye-websocket. Einaros brougt up the question about faye speed: http://twitter.com/einaros/status/147303616439533568 . And his previous benchmarks: http://einaros.github.com/ws/fast.html
We should try to reproduce the results and understand what is the problem.
Need it to know how many users use each particular protocol.
For now it's possible to get it this way:
connection._session.recv.protocol
But this way uses private member of connection and is not documented.
I'm seeing an issue where the connection event is fired twice for XHR requests from the Android browser.
Here is a log of what I'm seeing, the extra logging happens directly after the connection
and close
events, the source code is available here: https://github.com/lucaspiller/sockjs-demo/blob/master/server.js
SockJS v0.3.0 bound to "/echo"
GET /echo/info 1ms 200
POST /echo/275/_v9pbtqj/xhr_streaming 4ms (unfinished)
new connection d679ef6e-c99f-4665-a452-f4a747708d43
disconnect d679ef6e-c99f-4665-a452-f4a747708d43
POST /echo/275/rhczkkuz/xhr 3ms 200
new connection c4fca7d9-9824-4066-afdd-a21aa24b63b9
POST /echo/275/rhczkkuz/xhr 1ms (unfinished)
POST /echo/275/rhczkkuz/xhr 0ms (unfinished)
I'm new to sockjs (I've played with websockets and socketio before though), so I'm not sure whether this is actually a bug or just a misunderstanding of how it works.
Browser: Android 2.3.7
NodeJs: 0.6.14
SockJS: 0.3.0
Express: 2.5.8
Currently, any char can be passed as a callback paramter for jsonp protocol, this allows a trivial XSS attack, for example:
For now, there isn't a known way to exploit this feature, (as with other json-p implementations), but I may be wrong.
To limit the possible attack surface let's alllow only a certain set of characters to be passed to calback paramter, namely:
[a-zA-Z0-9-_.]
supplying any other char shall result in a 500-something error
Because node-waf doesn't work on windows the c++ extension can't be compiled. Can npm differ dependecies depending on the os? sockjs does work without it doesn't it? (i haven't seen any problems).
That error is what Chrome produces in some very rare cases. I'm suspecting, because I'm relaying information from other sources, that some funky Unicode has slipped it, but I'm not sure what.
Socket.io has a similar bug report open: socketio/socket.io#572
Sorry if this is vague. Figured it'd be a good idea to at least document it. I hope to be able to reproduce this soon.
Spec says that send
method should accept string
, Blob
, and ArrayBuffer
data types as a parameter. We should support that.
https://github.com/sockjs/sockjs-node/blob/master/src/trans-eventsource.coffee#L11 -- is it still needed now that we always JSON encode strings?
The server sends heartbeats once in a while. This should be configurable.
Hi!
I can't distinguish orderly "close" (one after close frame received) from "disconnect" (when session is timed out)?
"close" event seems to always get 1001 as status. This makes it hard to manage persistent connections.
If close frame is very specific to native WebSocket, should I implement orderly close by sending a special message?
Or do you see another solution?
TIA,
--Vladimir
For example event names: connect
not open
, end
not close
and so on
Hi!
I would be more flexible to de-hardcode cookie name, use cookie: 'JSESSIONID'
instead of cookie: true
, and let options.cookie
define actual cookie name.
What do you think?
Best regards,
--Vladimir
Or is it already implemented, and I don't know how to?
Tim raised a very intersting point:
http://groups.google.com/group/sockjs/browse_thread/thread/4a51e07e2fc26aa0
Flushing buffer should be optimized, we should do it on nextTick
.
Please, consider providing interface to safely access overwise private MAPS
in transport.coffee.
The rationale is to provide means for authors to implement broadcasting and filtering.
TIA,
--Vladimir
In 296a921 we introduced connection.remoteAddress
. This kind of makes sense in a context of a web server exposed to the internet, but SockJS
will often work behind a proxy.
In such case connection.remoteAddress
would be useless (ie: it will always point to proxy).
We should expose X-Forwarded-For
in similar matter (for example take a look at haproxy config).
Also proxies (squid?) usually add some magical header (is it x-forwarded-for
?).
Maybe connection.remoteAddress
should be list? But that introduces a potential security risk - what if user is able to add arbitrary x-forwarded-for
(think: ajax) and the application is looking only at the last IP number in the list.
What other frameworks are dealing with that?
For example during ticker
we should not see heartbeat frames:
curl http://localhost:8081/ticker/0/0/xhr_streaming -v -X POST
Also, investigate how sockjs-erlang
behaves.
It'd be great to be able to do something like the following:
var handler = sockjs.createServer(options);
handler.on('connection', function(conn) {
console.log(conn.request.path);
});
@msackman suggests that for various reasons user may be late with installing on('close') handler on a connection.
The user should be able to check if the close is going to be fired in future, or in other words - what is the state of the conneciton. This is quite similar to readyState websocket property
Hi!
In order to ease commonjs pattern, wonder if you could consider making Session expose WebSocket-like interface: #sendUTF, #sendBinary, incoming messages of form {type: 'utf8', utf8Data: ...}.
TIA,
--Vladimir
Hello im experimenting with sockjs and when testing on localhost the close event fires and gives all connected users the message that a user just leave. But when i put my app on a online server it doesn´t fire that event!!
You can check it here.
http://er-u-count.herokuapp.com/
var cons = {};
var sockjs_echo = sockjs.createServer(sockjs_opts);
sockjs_echo.on('connection', function(conn) {
console.log('connection' + conn);
//SAY WELCOME
conn.write("Welcome");
//NOTIFY OTHER USERS THAT WE HAVE ARRIVED
broadcastmsg(conn.sesion+" Joined");
cons[conn.id] = conn;
conn.on('data', function(message){
broadcastmsg(conn.sesion+" SAY: "+message);
});
conn.on('close', function() {
console.log('close ' + conn);
delete cons[conn.sesion];
broadcastmsg(conn.sesion+" is leaving");
});
});
//HELPERS
function broadcastmsg(msg){
for(c in cons){
cons[c].write(msg);
}
}
Is there any way to see if a connection is still on?
At the moment SockJS-node doesn't do any form of flow control, this can lead to a trivial out-of-memory segfault.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.