* Verifies a request. * * @param {EngineRequest} req * @param upgrade - whether it's an upgrade request * @param fn * @protected * @return whether the request is valid
(
req: EngineRequest,
upgrade: boolean,
fn: ErrorCallback,
)
| 272 | * @return whether the request is valid |
| 273 | */ |
| 274 | protected verify( |
| 275 | req: EngineRequest, |
| 276 | upgrade: boolean, |
| 277 | fn: ErrorCallback, |
| 278 | ): void | boolean { |
| 279 | class="cm">// transport check |
| 280 | const transport = req._query.transport; |
| 281 | class="cm">// WebTransport does not go through the verify() method, see the onWebTransportSession() method |
| 282 | if ( |
| 283 | !~this.opts.transports.indexOf(transport as TransportName) || |
| 284 | transport === class="st">"webtransport" |
| 285 | ) { |
| 286 | debug(class="st">'unknown transport "%s"', transport); |
| 287 | return fn(Server.errors.UNKNOWN_TRANSPORT, { transport }); |
| 288 | } |
| 289 | |
| 290 | class="cm">// class="st">'Origin' header check |
| 291 | const isOriginInvalid = checkInvalidHeaderChar(req.headers.origin); |
| 292 | if (isOriginInvalid) { |
| 293 | const origin = req.headers.origin; |
| 294 | req.headers.origin = null; |
| 295 | debug(class="st">"origin header invalid"); |
| 296 | return fn(Server.errors.BAD_REQUEST, { |
| 297 | name: class="st">"INVALID_ORIGIN", |
| 298 | origin, |
| 299 | }); |
| 300 | } |
| 301 | |
| 302 | class="cm">// sid check |
| 303 | const sid = req._query.sid; |
| 304 | if (sid) { |
| 305 | if (!hasOwn(this.clients, sid)) { |
| 306 | debug(class="st">'unknown sid "%s"', sid); |
| 307 | return fn(Server.errors.UNKNOWN_SID, { |
| 308 | sid, |
| 309 | }); |
| 310 | } |
| 311 | const previousTransport = this.clients[sid].transport.name; |
| 312 | if (!upgrade && previousTransport !== transport) { |
| 313 | debug(class="st">"bad request: unexpected transport without upgrade"); |
| 314 | return fn(Server.errors.BAD_REQUEST, { |
| 315 | name: class="st">"TRANSPORT_MISMATCH", |
| 316 | transport, |
| 317 | previousTransport, |
| 318 | }); |
| 319 | } |
| 320 | } else { |
| 321 | class="cm">// handshake is GET only |
| 322 | if (class="st">"GET" !== req.method) { |
| 323 | return fn(Server.errors.BAD_HANDSHAKE_METHOD, { |
| 324 | method: req.method, |
| 325 | }); |
| 326 | } |
| 327 | |
| 328 | if (transport === class="st">"websocket" && !upgrade) { |
| 329 | debug(class="st">"invalid transport upgrade"); |
| 330 | return fn(Server.errors.BAD_REQUEST, { |
| 331 | name: class="st">"TRANSPORT_HANDSHAKE_ERROR", |
nothing calls this directly
no test coverage detected