Fetching wildcard causes server to crash

[karth295]

Statebus: 4.0.30 Example repro: fetch('/*')

Server crashes with this error:

assert.js:85
  throw new assert.AssertionError({
  ^
AssertionError: false == true
    at Console.assert (console.js:95:23)
    at Function.fetch (/home/karthik/tawk.space/node_modules/statebus/statebus.js:38:17)
    at SockJSConnection.<anonymous> (/home/karthik/tawk.space/node_modules/statebus/server.js:277:26)
    at emitOne (events.js:96:13)
    at SockJSConnection.emit (events.js:188:7)
    at Session.didMessage (/home/karthik/tawk.space/node_modules/sockjs/lib/transport.js:246:25)
    at WebSocketReceiver.didMessage (/home/karthik/tawk.space/node_modules/sockjs/lib/trans-websocket.js:104:39)
    at WebSocket.<anonymous> (/home/karthik/tawk.space/node_modules/sockjs/lib/trans-websocket.js:70:24)
    at emitOne (events.js:96:13)
    at WebSocket.emit (events.js:188:7)

I see that you have a TODO comment there. However, it seems like a security risk to let users easily crash the server (I accidentally did this to tawk the other day). A couple of temporary solution ideas:

1. Server should throw back a special error state that the client turns into an exception
2. Server returns an array of state it knows about like [{key: '/state1'}, {key: '/state2'}].

[toomim]

Great catch. Let's remove the assertion for now. It can just return {key: '/*'}. I agree in the future it should do option 2! I've been wanting that too.

[toomim]

I'm not sure what regexp language to use, though. Maybe we should define our own. I like using * for "anything" rather than "any number of the previous items" like most regexp langs. They make you use .* for "anything", which is too many characters for the most frequently used feature of the language.

[toomim]

Foxed. https://github.com/invisible-college/statebus/commit/814a6a0af2241c537fb5cec9ef256b862412a088

[toomim]