Please review, any comments are welcome. The docs still need improvement, working on that.
Currently tackling Socket.IO.
For the record I'd like to mention that using just the "specs" at https://github.com/socketio/engine.io-protocol results in an incorrect implementation.
I tried porting the javascript implementation at first: it resulted in a mess of event-hell.
So, I finally used the specs first, then some good-old-fashioned protocol reverse engineering, sprinkled with an extremely limited glance at the javascript implementation to aid the reverse engineering.
Ironically, one of Engine.IO's main features is listed on https://github.com/socketio/engine.io as having been "Written in readable vanilla JavaScript". It ultimately depends on your definition of "readable", I guess.
Very nice, good work!
I guess the API user could keep track of sid:s and Server objects separately, if they don’t want a .farm? I'd imagine that the globally shared sid lookup mapping might be regarded as a security issue in more complex setups, such as multiple listener ports with different user permissions or whatever. (Although using a TLS port should keep the sid secret enough, I guess.)
/Marty
On 20 Sep 2016, at 10:03 , Stephen R. van den Berg srb@cuci.nl wrote:
Please review, any comments are welcome. The docs still need improvement, working on that.
Currently tackling Socket.IO.
Stephen.
Martin Karlgren wrote:
I guess the API user could keep track of sid:s and Server objects separately, if they don???t want a .farm?
It was/is not intended to be used like that, though the only dependency here is that in the Server object there are exactly three references to the global clients list.
Can you imagine a use case where this is desirable?
I'd imagine that the globally shared sid lookup mapping might be regarded as a security issue
Not really. The global clients mapping with all sids in it, is a private object and thus not accessible for reading or writing from outside of the EngineIO module. The sids cannot be guessed, they are cryptographically secure.
in more complex setups, such as multiple listener ports with different user permissions or whatever. (Although using a TLS port should keep the sid secret enough, I guess.)
Those setups are explicitly supported through the single farm. You only need a single farm, regardless of how many listener ports/urls you are listening on.
Martin Nilsson (Coppermist) @ Pike (-) developers forum wrote:
Please review, any comments are welcome.
This looks wrong:
if (String.width(msg) > 8) msg = string_to_utf8(msg);
You are always utf8-decoding the string, so you should always utf8-encode them.
Well spotted. I think I need to change the width check into a character-range check. If there no characters values >127, then I can skip the encoding step (only). I'll fix it in my development version.
If there are no character values >127, then the encoding step is a no-op, so skipping it buys you nothing except making your code harder to read.
Marcus Comstedt (ACROSS) (Hail Ilpalazzo!) @ Pike (-) developers forum wrote:
If there are no character values >127, then the encoding step is a no-op, so skipping it buys you nothing except making your code harder to read.
I see. I should have guessed that string_to_utf8() is already smart enough. Thanks for the pointer.
Even if it hadn't been, fixing that would have been the correct course of action. ;-)
pike-devel@lists.lysator.liu.se
-
Marcus Comstedt (ACROSS) (Hail Ilpalazzo!) @ Pike (-) developers forum -
Martin Karlgren -
Martin Nilsson (Coppermist) @ Pike (-) developers forum
-
Stephen R. van den Berg