In the server code that handles websocket messages (mainly socket-connection.ts), there is a lot of annoying code to make sure that the expected fields are present and that they're of the expected type. More importantly, there are cases where this validation is missing, and our code is susceptible to Denial of Service if someone sends us malformed messages.
In the server code that handles websocket messages (mainly socket-connection.ts), there is a lot of annoying code to make sure that the expected fields are present and that they're of the expected type. More importantly, there are cases where this validation is missing, and our code is susceptible to Denial of Service if someone sends us malformed messages.
Since we have types for most websocket messages (see https://github.com/reberhardt7/cplayground/blob/master/src/server/socket-connection.ts), it shouldn't be hard to automate some of this type checking. typed-socket.io seems like a promising library; in particular, we would want to use TypedServer and TypedClient to get runtime validation.