Merge pull request #81 from VKCOM/di/fix-websocket-auth-crash/QA-16055

Add try catch to cookie parser
VKCOM · Jan 21, 2025 · ee75e45 · ee75e45
2 parents 33a51ea + 995ccc9
commit ee75e45
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 9 deletions.
diff --git a/bin/stf.mjs b/bin/stf.mjs
@@ -1,3 +1,3 @@
 #!/usr/bin/env -S node --import ./lib/util/instrument.mjs
-console.log('Starting stf')
+console.log('Starting DeviceHub')
 import '../lib/cli/index.js'
diff --git a/lib/units/websocket/index.js b/lib/units/websocket/index.js
@@ -29,7 +29,6 @@ const request = Promise.promisifyAll(postmanRequest)
 export default (function(options) {
     var log = logger.createLogger('websocket')
     var server = http.createServer()
-    console.log(options)
     // eslint-disable-next-line camelcase
     const io_options = {
         serveClient: false

diff --git a/lib/units/websocket/middleware/auth.js b/lib/units/websocket/middleware/auth.js
@@ -1,34 +1,45 @@
 import * as dbapi from '../../../db/api.js'
 import * as jwtutil from '../../../util/jwtutil.js'
 import * as cookie from 'cookie'
+import logger from '../../../util/logger.js'
+
 
 export default (function(options) {
+    const log = logger.createLogger('websocket')
     return function(socket, next) {
         let req = socket.request
-        let token
-        const cookies = cookie.parse(req.headers.cookie)
+        let token, cookies
+        try {
+            cookies = cookie.parse(req.headers.cookie)
+        }
+        catch (e) {
+            return next(new Error('Missing authorization token'))
+        }
         if (cookies.token) {
             token = jwtutil.decode(cookies.token, options.secret)
             req.internalJwt = cookies.token
         }
         else {
-            next(new Error('Missing authorization token'))
+            return next(new Error('Missing authorization token'))
         }
         if (token) {
             return dbapi.loadUser(token.email)
                 .then(function(user) {
                     if (user) {
                         req.user = user
-                        next()
+                        return next()
                     }
                     else {
-                        next(new Error('Invalid user'))
+                        return next(new Error('Invalid user'))
                     }
                 })
-                .catch(next)
+                .catch((e) => {
+                    log.error(e)
+                    return next(new Error('Unknown error'))
+                })
         }
         else {
-            next(new Error('Missing authorization token'))
+            return next(new Error('Missing authorization token'))
         }
     }
 })