Unhandled error when sending malicious websocket requests.

[svrnwnsch]

Nes: 9.1.0 Hapi: 17.5.5

I get the following error sometimes when I send some malformed data via an opened websocket.

(node:6327) UnhandledPromiseRejectionWarning: TypeError: this.server.auth.verify is not a function
    at module.exports.internals.Socket.internals.Socket._verifyAuth (/src/node_modules/nes/lib/socket.js:604:32)
    at module.exports.internals.Socket.internals.Socket._lifecycle (/src/node_modules/nes/lib/socket.js:267:16)
    at module.exports.internals.Socket.internals.Socket._onMessage (/src/node_modules/nes/lib/socket.js:233:48)
    at WebSocket._ws.on (/src/node_modules/nes/lib/socket.js:52:46)
    at WebSocket.emit (events.js:182:13)
    at Receiver.receiverOnMessage (/src/node_modules/ws/lib/websocket.js:720:20)
    at Receiver.emit (events.js:182:13)
    at Receiver.dataMessage (/src/node_modules/ws/lib/receiver.js:414:14)
    at Receiver.getData (/src/node_modules/ws/lib/receiver.js:346:17)
    at Receiver.startLoop (/src/node_modules/ws/lib/receiver.js:133:22)
    at Receiver._write (/src/node_modules/ws/lib/receiver.js:69:10)
    at doWrite (_stream_writable.js:413:12)
    at writeOrBuffer (_stream_writable.js:397:5)
    at Receiver.Writable.write (_stream_writable.js:295:11)
    at Socket.socketOnData (/src/node_modules/ws/lib/websocket.js:795:35)
    at Socket.emit (events.js:182:13)
(node:6327) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 10)

Do I need to specify an error handler somewhere? Currently I just set an subscription path. And then connect via a chrome app to the path and then send some data.

[dominykas]

Your hapi version is too old for the nes version. You should upgrade to latest 17.x to make this specific error go away.

Ideally, you should upgrade to hapi 18 + nes 10.

[svrnwnsch]

Hm currently upgrading to a newer version brakes to much stuff in my application. Is there somewhere an overview which Nes version works with which Hapi version?

[dominykas]

Upgrading to a newer 17.x hapi should not break anything?

Other than that, nes exposes the version requirement here: https://github.com/hapijs/nes/blob/master/lib/index.js#L94-L96, but that's fairly recent and it might not always contain the earliest supported version (e.g. the error that you're seeing needs at least hapi 17.8.0 to get fixed with the nes version you have).

[svrnwnsch]

Thank you. I only looked at the (package.json)[https://github.com/hapijs/nes/blob/master/package.json#L29] file which states for my version 17.x.x. But the file you recommended states in my version

    requirements: {
        hapi: '>=17.8.1'
    },

The problem with upgrading is that we use Typescript with older type definitions and upgrading e.g. brakes tests.

Nevertheless it would be easier if releases of new versions would specify the support Hapi version.

[lock[bot]]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.