bsergean
commented
3 years ago - Indeed support for what you're trying to do support is missing ; it's a valid use case and maybe it can be implemented. (wrote this long part first, I think you can skip to (2))
I have a websocket service running on the server below, which also require a basic form of authentication. If the url isn't correct a 403 http error is returned right away. The server is coded in python with a library that let me do the kind of things you're trying to do btw / see code here -> https://github.com/machinezone/cobra/blob/master/cobras/server/app.py#L139)
ixwebsocket comes with a cli tool called ws which I just used like that to reproduce your problem.
ws connect 'wss://bavarde.jeanserge.com/v2/?appkey=invalid_appkey'
However this is the error I get:
Connection error: Expecting status 101 (Switching Protocol), got 403 status connecting to wss://bavarde.jeanserge.com/v2/?appkey=invalid_appkey, HTTP Status line: HTTP/1.1 403 Forbidden
Which is different from the normal errors which can be handled through the normal socket, as in the example below:
else if (msg->type == ix::WebSocketMessageType::Error)
{
ss << "Connection error: " << msg->errorInfo.reason << std::endl;
ss << "#retries: " << msg->errorInfo.retries << std::endl;
ss << "Wait time(ms): " << msg->errorInfo.wait_time << std::endl;
ss << "HTTP Status: " << msg->errorInfo.http_status << std::endl;
log(ss.str());
}=== This is where we do the websocket handshake, where potentially we can get this 401 error.
WebSocketInitResult status = _ws.connectToUrl(_url, headers, timeoutSecs);
if (!status.success)
{
// FIXME here we should invoke the callback with type == error.
return status;
}Here I could return the error code. But that's on the client side.
On the server side, we would need a new hook to be able to return something equivalent to what libwebsocket does, HTTP_STATUS_UNAUTHORIZED or similar.
server.setOnConnectionCallback(
[remoteUrl, remoteUrlsMapping](std::weak_ptr<ix::WebSocket> webSocket,
std::shared_ptr<ConnectionState> connectionState) {
auto state = std::dynamic_pointer_cast<ProxyConnectionState>(connectionState);
auto remoteIp = connectionState->getRemoteIp();
xxxx / this is called when a connection is established (before or after handshake ... can't remember)
so here we would need a way to inspect the headers (Authorization) in your case, and close the connection
or rather return an http error code, 401, xxxThis will also require some work but is not impossible. Not sure when I'll get to this though, and if it's needed because ...
- I think you can handle this authorization in a different way, and this is what you're trying to do, by doing it at the WebSocket level, after the handshake, and not at the http level (early)
The deal with websocket error code is that some are reserved. So maybe your problem is simply that you are using the wrong one, you would have to use a value higher than 4000 and below 4999. 401 is probably rejected
https://github.com/Luka967/websocket-close-codes
4000 - 4999 No Yes Available for applications
I just tried to have a client close with error 4500, and the server received it. It should work equally well the other way around.
On Dec 17, 2020, at 1:59 PM, Ludek Vodicka notifications@github.com wrote:
In libWebsocket, there is special handler for checking client headers on the server-side called LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION . In this handler, it's possible to read headers and if necessary, return HTTP_STATUS_UNAUTHORIZED and closed the connection.
In IxWebsocket, I can send HTTP headers via
ix::WebSocketHttpHeaders headers; headers["Authorization"] = userAndPasswordBase64; webSocket.setExtraHeaders(headers); and then read these headers in open handler (msg->type == ix::WebSocketMessageType::Open) from msg->openInfo.headers struct. This works great.
But how to signalize, that authorization failed? I know I can return status and message via close() :
websocket->close(code, "Authorization failed"); but when I set code = 401, I'm receiving "unknow code" on the client-side. So I checked ix::WebSocketCloseConstants but there is no code for authorization failed.
I also checked a link referred from the code (https://developer.mozilla.org/en-US/docs/Web/API/CloseEvent https://developer.mozilla.org/en-US/docs/Web/API/CloseEvent) but they also don't have any authorization-failed header.
Currently, I'm returning ix::WebSocketCloseConstants::kInternalErrorCode but I believe there have to be a better way how to return this code.
Thanks a lot.
PS: As a side node, integration of your library is really fluent and easy compared to libwebsocket ;-)
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/machinezone/IXWebSocket/issues/260, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC2O6UJ6HKG6XAUYDCF4UCLSVJ5MZANCNFSM4VAJ4EQA.
ludekvodicka
github-actions[bot]
In libWebsocket, there is special handler for checking client headers on the server-side called
LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION. In this handler, it's possible to read headers and if necessary, return HTTP_STATUS_UNAUTHORIZED and closed the connection.In IxWebsocket, I can send HTTP headers via
and then read these headers in
openhandler (msg->type == ix::WebSocketMessageType::Open) frommsg->openInfo.headersstruct. This works great.But how to signalize, that authorization failed? I know I can return status and message via close() :
but when I set code = 401, I'm receiving "unknow code" on the client-side. So I checked
ix::WebSocketCloseConstantsbut there is no code for authorization failed.I also checked a link referred from the code (https://developer.mozilla.org/en-US/docs/Web/API/CloseEvent) but they also don't have any authorization-failed header.
Currently, I'm returning
ix::WebSocketCloseConstants::kInternalErrorCodebut I believe there has to be a better way how to return this code.Thanks a lot.
PS: As a side note, the integration of your library is really fluent and easy compared to libwebsocket ;-)