Skip to content

fix: Improve security of socket.io transport layer#894

Merged
delucis merged 17 commits into
masterfrom
delucis/fix/socket-transport-security
Jan 21, 2021
Merged

fix: Improve security of socket.io transport layer#894
delucis merged 17 commits into
masterfrom
delucis/fix/socket-transport-security

Conversation

@delucis
Copy link
Copy Markdown
Member

@delucis delucis commented Jan 21, 2021

Closes #889

There is still no expiration of client connections, so hypothetically the transport is still vulnerable to a client that keeps open its connection after leaving a credentialed match that someone else then joins (see #889 for discussion). The only way to avoid that currently would be to re-authenticate each client when sending anything to them, which would add significant overhead to what is supposed to be a lightweight transport layer. I think ultimately there should be a way for the lobby API to ping the transport and say that a specific playerID’s credentials have expired at which point clients with that playerID could be re-authenticated or removed.

delucis added 17 commits January 20, 2021 23:13
@delucis
test: Restructure simultaneous socket test
1fc33bc
@delucis
test: Add ability to override random delays in async test storage
604e07e
@delucis
test: Write tests cases for inauthentic client connection
e45b01e 
This implements several tests for the data leaking scenarios discussed 
in #889
@delucis
refactor: Remove unnecessary use of apply
9481829
@delucis
refactor: Add addClient/removeClient methods for clarity and consistency
02b276f
@delucis
fix: Remove clients if the master reports they are inauthentic
9f05d4f 
This addresses inauthentic clients receiving a sync triggered by a later 
authentic client’s sync (as described in #889).
@delucis
refactor: Extract the emit logic in TransportAPI
ff2edb3
@delucis
refactor: Don’t use send in socket transport’s sendAll
74d0f99 
Both `send` and `sendAll` use loops to iterate over the registered 
clients and emit events. Using `sendAll` would emit an exponential 
number of events if multiple clients were connected with the same 
`playerID`.
@delucis
refactor: Make send and sendAll consistent with each other
6512dea
@delucis
style: Add blank line between event handlers
21c6801
@delucis
refactor: Enable TransportAPI to send to a provisional client
2eb59f5 
A provisional client is a client that hasn’t yet been authenticated by 
the game master. Adding it to `clientInfo` could be risky becase it 
could receive payloads intended for a specific playerID before it has 
been authenticated for that playerID. With this approach, the 
provisional client is sandboxed until it is authenticated.
@delucis
fix: Only add clients to clientInfo after initial authentication
04148d7 
This prevents a race condition whereby if an inauthentic client synced 
just before an authentic client, but its authentication process took 
longer than the authentic client’s sync, it could receive the authentic 
client’s sync payload.
@delucis
refactor: Remove unnecessary removeClient call
c83f249
@delucis
refactor: Destructure variables in addClient for readability
855b9c1
@delucis
fix: Clean up roomInfo entries for empty matches
902e228 
Memory overhead for a bunch of empty Sets is probably marginal, but it 
seems like these should be removed nonetheless.
@delucis
refactor: Rename variable
0b5a137
@delucis
style: Whitespace and variable rename
5a8fce5
@delucis delucis merged commit 3d614b8 into master Jan 21, 2021
@delucis delucis deleted the delucis/fix/socket-transport-security branch January 21, 2021 01:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Unauthenticated client is allowed to connect at the moment when an authenticated client connects

1 participant

@delucis