Merge pull request #81 from VKCOM/di/fix-websocket-auth-crash/QA-16055

DaniilSmirnov · web-flow · commit ee75e45a8059 · 2025-01-21T15:15:19.000+03:00
Add try catch to cookie parser
diff --git a/bin/stf.mjs b/bin/stf.mjs
@@ -1,3 +1,3 @@
 #!/usr/bin/env -S node --import ./lib/util/instrument.mjs
-console.log('Starting stf')
+console.log('Starting DeviceHub')
 import '../lib/cli/index.js'
diff --git a/lib/units/websocket/index.js b/lib/units/websocket/index.js
@@ -29,7 +29,6 @@ const request = Promise.promisifyAll(postmanRequest)
 export default (function(options) {
     var log = logger.createLogger('websocket')
     var server = http.createServer()
-    console.log(options)
     // eslint-disable-next-line camelcase
     const io_options = {
         serveClient: false
diff --git a/lib/units/websocket/middleware/auth.js b/lib/units/websocket/middleware/auth.js
@@ -1,34 +1,45 @@
 import * as dbapi from '../../../db/api.js'
 import * as jwtutil from '../../../util/jwtutil.js'
 import * as cookie from 'cookie'
+import logger from '../../../util/logger.js'
+
 
 export default (function(options) {
+    const log = logger.createLogger('websocket')
     return function(socket, next) {
         let req = socket.request
-        let token
-        const cookies = cookie.parse(req.headers.cookie)
+        let token, cookies
+        try {
+            cookies = cookie.parse(req.headers.cookie)
+        }
+        catch (e) {
+            return next(new Error('Missing authorization token'))
+        }
         if (cookies.token) {
             token = jwtutil.decode(cookies.token, options.secret)
             req.internalJwt = cookies.token
         }
         else {
-            next(new Error('Missing authorization token'))
+            return next(new Error('Missing authorization token'))
         }
         if (token) {
             return dbapi.loadUser(token.email)
                 .then(function(user) {
                     if (user) {
                         req.user = user
-                        next()
+                        return next()
                     }
                     else {
-                        next(new Error('Invalid user'))
+                        return next(new Error('Invalid user'))
                     }
                 })
-                .catch(next)
+                .catch((e) => {
+                    log.error(e)
+                    return next(new Error('Unknown error'))
+                })
         }
         else {
-            next(new Error('Missing authorization token'))
+            return next(new Error('Missing authorization token'))
         }
     }
 })
