MCPcopy
hub / github.com/socketio/socket.io / verify

Function verify

packages/engine.io/lib/server.ts:274–348  ·  packages/engine.io/lib/server.ts::verify

* Verifies a request. * * @param {EngineRequest} req * @param upgrade - whether it's an upgrade request * @param fn * @protected * @return whether the request is valid

(
    req: EngineRequest,
    upgrade: boolean,
    fn: ErrorCallback,
  )

Source from the content-addressed store, hash-verified

272 * @return whether the request is valid
273 */
274 protected verify(
275 req: EngineRequest,
276 upgrade: boolean,
277 fn: ErrorCallback,
278 ): void | boolean {
279 class="cm">// transport check
280 const transport = req._query.transport;
281 class="cm">// WebTransport does not go through the verify() method, see the onWebTransportSession() method
282 if (
283 !~this.opts.transports.indexOf(transport as TransportName) ||
284 transport === class="st">"webtransport"
285 ) {
286 debug(class="st">'unknown transport "%s"', transport);
287 return fn(Server.errors.UNKNOWN_TRANSPORT, { transport });
288 }
289
290 class="cm">// class="st">'Origin' header check
291 const isOriginInvalid = checkInvalidHeaderChar(req.headers.origin);
292 if (isOriginInvalid) {
293 const origin = req.headers.origin;
294 req.headers.origin = null;
295 debug(class="st">"origin header invalid");
296 return fn(Server.errors.BAD_REQUEST, {
297 name: class="st">"INVALID_ORIGIN",
298 origin,
299 });
300 }
301
302 class="cm">// sid check
303 const sid = req._query.sid;
304 if (sid) {
305 if (!hasOwn(this.clients, sid)) {
306 debug(class="st">'unknown sid "%s"', sid);
307 return fn(Server.errors.UNKNOWN_SID, {
308 sid,
309 });
310 }
311 const previousTransport = this.clients[sid].transport.name;
312 if (!upgrade && previousTransport !== transport) {
313 debug(class="st">"bad request: unexpected transport without upgrade");
314 return fn(Server.errors.BAD_REQUEST, {
315 name: class="st">"TRANSPORT_MISMATCH",
316 transport,
317 previousTransport,
318 });
319 }
320 } else {
321 class="cm">// handshake is GET only
322 if (class="st">"GET" !== req.method) {
323 return fn(Server.errors.BAD_HANDSHAKE_METHOD, {
324 method: req.method,
325 });
326 }
327
328 if (transport === class="st">"websocket" && !upgrade) {
329 debug(class="st">"invalid transport upgrade");
330 return fn(Server.errors.BAD_REQUEST, {
331 name: class="st">"TRANSPORT_HANDSHAKE_ERROR",

Callers

nothing calls this directly

Calls 4

debugFunction · 0.85
fnFunction · 0.85
checkInvalidHeaderCharFunction · 0.85
hasOwnFunction · 0.85

Tested by

no test coverage detected