Merge pull request #43439 from mkouba/ws-next-ignore-nonws-conection

WebSockets Next: ignore non-websocket connections
quarkusio · Sep 23, 2024 · 8b3da76 · 8b3da76
2 parents 13f979a + 44ce63e
commit 8b3da76
Show file tree

Hide file tree

Showing 4 changed files with 66 additions and 1 deletion.
diff --git a/...uarkus/websockets/next/test/nonwebsocketconnection/NonWebSocketConnectionIgnoredTest.java b/...uarkus/websockets/next/test/nonwebsocketconnection/NonWebSocketConnectionIgnoredTest.java
@@ -0,0 +1,47 @@
+package io.quarkus.websockets.next.test.nonwebsocketconnection;
+
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.CoreMatchers.is;
+
+import jakarta.enterprise.event.Observes;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.test.QuarkusUnitTest;
+import io.quarkus.websockets.next.OnTextMessage;
+import io.quarkus.websockets.next.WebSocket;
+import io.vertx.ext.web.Router;
+
+public class NonWebSocketConnectionIgnoredTest {
+
+    @RegisterExtension
+    public static final QuarkusUnitTest test = new QuarkusUnitTest()
+            .withApplicationRoot(root -> {
+                root.addClasses(Echo.class);
+            });
+
+    @Test
+    void testNonWebSocketConnection() {
+        given().when()
+                .get("/echo")
+                .then()
+                .statusCode(200)
+                .body(is("ok"));
+    }
+
+    @WebSocket(path = "/echo")
+    public static class Echo {
+
+        @OnTextMessage
+        String process(String message) {
+            return message;
+        }
+
+    }
+
+    static void registerRoute(@Observes Router router) {
+        router.route("/echo").handler(rc -> rc.response().end("ok"));
+    }
+
+}
diff --git a/.../test/java/io/quarkus/websockets/next/test/security/HttpUpgradeRedirectOnFailureTest.java b/.../test/java/io/quarkus/websockets/next/test/security/HttpUpgradeRedirectOnFailureTest.java
@@ -58,6 +58,8 @@ public void testRedirectOnFailure() {
         // test redirected on failure
         RestAssured
                 .given()
+                // without this header the client would receive 404
+                .header("Sec-WebSocket-Key", "foo")
                 .redirects()
                 .follow(false)
                 .get(endUri)

diff --git a/.../test/java/io/quarkus/websockets/next/test/upgrade/HttpUpgradeCheckHeaderMergingTest.java b/.../test/java/io/quarkus/websockets/next/test/upgrade/HttpUpgradeCheckHeaderMergingTest.java
@@ -39,7 +39,14 @@ public class HttpUpgradeCheckHeaderMergingTest {
     public void testHeadersMultiMap() {
         // this is a way to test scenario where HttpUpgradeChecks set headers
         // but the checks itself did not reject upgrade, the upgrade wasn't performed due to incorrect headers
-        var headers = RestAssured.given().get(headersUri).then().statusCode(400).extract().headers();
+        var headers = RestAssured.given()
+                // without this header the client would receive 404
+                .header("Sec-WebSocket-Key", "foo")
+                .get(headersUri)
+                .then()
+                .statusCode(400)
+                .extract()
+                .headers();
 
         assertNotNull(headers);
         assertTrue(headers.size() >= 3);

diff --git a/...ext/runtime/src/main/java/io/quarkus/websockets/next/runtime/WebSocketServerRecorder.java b/...ext/runtime/src/main/java/io/quarkus/websockets/next/runtime/WebSocketServerRecorder.java
@@ -8,6 +8,8 @@
 
 import jakarta.enterprise.inject.Instance;
 
+import org.jboss.logging.Logger;
+
 import io.quarkus.arc.Arc;
 import io.quarkus.arc.ArcContainer;
 import io.quarkus.runtime.annotations.Recorder;
@@ -16,6 +18,7 @@
 import io.quarkus.security.spi.runtime.SecurityCheck;
 import io.quarkus.vertx.core.runtime.VertxCoreRecorder;
 import io.quarkus.vertx.http.runtime.security.QuarkusHttpUser;
+import io.quarkus.websockets.next.HandshakeRequest;
 import io.quarkus.websockets.next.HttpUpgradeCheck;
 import io.quarkus.websockets.next.HttpUpgradeCheck.CheckResult;
 import io.quarkus.websockets.next.HttpUpgradeCheck.HttpUpgradeContext;
@@ -34,6 +37,8 @@
 @Recorder
 public class WebSocketServerRecorder {
 
+    private static final Logger LOG = Logger.getLogger(WebSocketServerRecorder.class);
+
     private final WebSocketsServerRuntimeConfig config;
 
     public WebSocketServerRecorder(WebSocketsServerRuntimeConfig config) {
@@ -95,6 +100,10 @@ public Handler<RoutingContext> createEndpointHandler(String generatedEndpointCla
 
             @Override
             public void handle(RoutingContext ctx) {
+                if (!ctx.request().headers().contains(HandshakeRequest.SEC_WEBSOCKET_KEY)) {
+                    LOG.debugf("Non-websocket client request ignored:\n%s", ctx.request().headers());
+                    ctx.next();
+                }
                 if (httpUpgradeChecks != null) {
                     checkHttpUpgrade(ctx, endpointId).subscribe().with(result -> {
                         if (!result.getResponseHeaders().isEmpty()) {