Add partial context implementation for WebSocket routes + Security fix #559
+241
−22
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Only the headers / session available in WebSocket are initialized. A fake RequestFromVertX is created to comply with the HttpRequest context workflow. Signed-off-by: Nicolas Rempulski <[email protected]>
|
It looks good to me. Would have been nice to have a few tests. |
|
If the overall process seems good, I'll try to add some tonight. How many is a "few" at least ? 2 ? ^^ 2016-10-21 16:30 GMT+02:00 Clement Escoffier [email protected]:
|
|
"few" means it should cover the new code ;-) |
|
ping ? |
|
pong ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This one started as a feature request and escalated to a security issue.
The problem arisen when we tried to authenticate user on WebSocket routes (@OPEN, @close, @message) : the authentication failed as Wisdom doesn't use Http headers on Socket to populate the Context available in Controllers (context(), session(), ....).
Several options were possible from there :
? Opening a WebSocket after a HttpRequest allow to retrieve credentials ? Ok, surely some VertX or Wisdom wizardry, let's go onward.
Security issue shred to light when we hit our Proxy (Nginx) timeout that disconnected our WebSockets after 5Mn of inactivyty.
To solve this issue, when the socket timed-out, we made our client re-establish the WebSocket connection immediatly...
And we tested this feature by hot restarting Nginx while several client had WebSockets opened on our server...
And Wisdom saw each client reconnecting ... as one and only user, all with the same sessionId (same session, same flash, same Context).
It appears that, when a websocket Opening, arrive in the few milliseconds after a HttpRequest, Wisdom mess the Context for the WebSocket Routes and give access to a random Context of a Request currently executed.
This PR intends to fix the security issue by providing Context for WebSocket Routed, using HttpHeaders provided by VertX. This should erase any remaining Context while handling WebSocket events.
Finally, I think there is somewhere a Context release or cleanup that is not correctly done. This did not appear before as the context is always injected in HttpRequest, thus erasing any previous one, but WebSocket, without Context handling, opened a hole in this process.
As it is deep down in Wisdom, I would really like some review before merge.
Thanks !