Added functionality so if 'webSocketMaskOverride' is specified in the db, the optimization to disable masking for TLS protected websockets is disabled

2025-12-22 19:23:31 +00:00 · 2019-02-12 13:43:42 -08:00
parent 92abf51a8d
commit 995c4015b0
4 changed files with 26 additions and 5 deletions
--- a/meshcore/agentcore.c
+++ b/meshcore/agentcore.c
@@ -1702,6 +1702,11 @@ void ILibDuktape_MeshAgent_Init(duk_context* ctx, void *chain, MeshAgentHostCont
 	duk_put_prop_string(ctx, -2, "MeshAgentPtr");	// [stash]
 	duk_pop(ctx);									// ...
 	ILibDuktape_ModSearch_AddHandler(ctx, "MeshAgent", ILibDuktape_MeshAgent_PUSH);
+
+	if (agent->webSocketMaskOverride != 0)
+	{
+		duk_peval_string_noresult(ctx, "Object.defineProperty(require('https'), '_webSocketMaskOverride', { value: true });");
+	}
 }

 /* ------------------------------ 
@@ -3034,6 +3039,8 @@ void MeshServer_ConnectEx(MeshAgentHostContainer *agent)
 	if (meshServer.sin6_family != AF_UNSPEC)
 	{
 		ILibWebClient_AddWebSocketRequestHeaders(req, 65535, MeshServer_OnSendOK);
+		if (agent->webSocketMaskOverride != 0) { ILibHTTPPacket_Stash_Put(req, "_WebSocketMaskOverride", 22, (void*)(UINT_PTR)0x01); }
+
 		reqToken = ILibWebClient_PipelineRequest(agent->httpClientManager, (struct sockaddr*)&meshServer, req, MeshServer_OnResponse, agent, NULL);
 #ifndef MICROSTACK_NOTLS
 		ILibWebClient_Request_SetHTTPS(reqToken, result == ILibParseUriResult_TLS ? ILibWebClient_RequestToken_USE_HTTPS : ILibWebClient_RequestToken_USE_HTTP);
@@ -3105,7 +3112,6 @@ void MeshServer_Connect(MeshAgentHostContainer *agent)
 	agent->logUpdate = ILibSimpleDataStore_Get(agent->masterDb, "logUpdate", NULL, 0);
 	agent->fakeUpdate = ILibSimpleDataStore_Get(agent->masterDb, "fakeUpdate", NULL, 0);

-
 	if (agent->logUpdate != 0) { ILIBLOGMESSSAGE("Attempting to connect to Server..."); }

 	if (agent->retryTime == 0)
@@ -3728,6 +3734,7 @@ int MeshAgent_AgentMode(MeshAgentHostContainer *agentHost, int paramLen, char **
 		// Check if there is a CoreModule in the db
 		char *CoreModule;
 		int CoreModuleLen = agentHost->localScript == 0 ? ILibSimpleDataStore_Get(agentHost->masterDb, "CoreModule", NULL, 0) : 0;
+		agentHost->webSocketMaskOverride = ILibSimpleDataStore_Get(agentHost->masterDb, "webSocketMaskOverride", NULL, 0);

 		if (agentHost->meshCoreCtx != NULL)
 		{
@@ -3744,7 +3751,6 @@ int MeshAgent_AgentMode(MeshAgentHostContainer *agentHost, int paramLen, char **
 			// Create the context for the Local CoreModule, regardless if we have one yet
 			agentHost->meshCoreCtx = ILibDuktape_ScriptContainer_InitializeJavaScriptEngineEx(0, 0, agentHost->chain, NULL, agentHost->masterDb, agentHost->exePath, agentHost->pipeManager, NULL, NULL);
 			ILibDuktape_MeshAgent_Init(agentHost->meshCoreCtx, agentHost->chain, agentHost);
-
 			ILibDuktape_SetNativeUncaughtExceptionHandler(agentHost->meshCoreCtx, MeshAgent_CoreModule_UncaughtException, agentHost);

 			if (CoreModuleLen > 0)
--- a/meshcore/agentcore.h
+++ b/meshcore/agentcore.h
@@ -171,6 +171,7 @@ typedef struct MeshAgentHostContainer
 	int logUpdate;
 	int fakeUpdate;
 	void *coreTimeout;
+	int webSocketMaskOverride;

 	char agentHash[UTIL_SHA384_HASHSIZE];
 	char serverHash[UTIL_SHA384_HASHSIZE];
--- a/microscript/ILibDuktape_HttpStream.c
+++ b/microscript/ILibDuktape_HttpStream.c
@@ -478,7 +478,18 @@ duk_ret_t ILibDuktape_HttpStream_http_onUpgrade(duk_context *ctx)
 	{
 		ILibDuktape_WriteID(ctx, "https.WebSocketStream");
 		ILibDuktape_WebSocket_State *state = Duktape_GetBufferProperty(ctx, -1, ILibDuktape_WebSocket_StatePtr);
-		if (state != NULL) { state->noMasking = 1; }
+		if (state != NULL) 
+		{
+			state->noMasking = 1;
+			if (duk_peval_string(ctx, "(function _getOverride(){return(require('https')._webSocketMaskOverride);})();") == 0)	// [result]
+			{
+				if (duk_to_boolean(ctx, -1))
+				{
+					state->noMasking = 0;
+				}
+			}
+			duk_pop(ctx);																										// ...
+		}
 	}

 	duk_get_prop_string(ctx, -3, ILibDuktape_HTTP2CR);							// [HTTPStream][readable][websocket][clientRequest]
--- a/microstack/ILibWebClient.c
+++ b/microstack/ILibWebClient.c
@@ -211,6 +211,7 @@ typedef struct ILibWebClientDataObject
 	struct sockaddr_in6 proxy;
 	struct ILibWebClientManager *Parent;
 	char* DigestData;
+	int webSocketMaskOverride;

 	int PendingConnectionIndex;

@@ -550,6 +551,7 @@ void ILibWebClient_ResetWCDO(struct ILibWebClientDataObject *wcdo)
 		// Check the cancel request in the timer list
 		if ( plrt->timer != NULL ) ILibLifeTime_Remove(plrt->timer, plrt);
 	}
+	wcdo->webSocketMaskOverride = 0;
 	wcdo->PAUSE = 0;
 	wcdo->CancelRequest = 0;
 	wcdo->Chunked = 0;
@@ -1237,7 +1239,7 @@ ILibAsyncSocket_SendStatus ILibWebClient_WebSocket_Send(ILibWebClient_StateObjec

 #ifndef MICROSTACK_NOTLS
 #ifdef MICROSTACK_TLS_DETECT
-	if (ILibAsyncSocket_IsUsingTls(wcdo->SOCK) == 1) flags = 0; // If we are using TLS, disable websocket masking
+	if (wcdo->webSocketMaskOverride == 0 && ILibAsyncSocket_IsUsingTls(wcdo->SOCK) == 1) flags = 0; // If we are using TLS, disable websocket masking
 #endif
 #endif

@@ -2585,6 +2587,7 @@ ILibWebClient_RequestToken ILibWebClient_PipelineRequest(
 		((ILibWebClient_PipelineRequestToken*)retVal)->WebSocketKey = tokenWebSocketKey;
 		((ILibWebClient_PipelineRequestToken*)retVal)->WebSocketMaxBuffer = u.i;
 		((ILibWebClient_PipelineRequestToken*)retVal)->WebSocketSendOK = ILibHTTPPacket_Stash_Get(packet, "_WebSocketOnSendOK", 18);
+		if (ILibHTTPPacket_Stash_HasKey(packet, "_WebSocketMaskOverride", 22)) { wcdo->webSocketMaskOverride = 1; }

 		for (i = 0; i < wcm->MaxConnectionsToSameServer; ++i)
 		{