Merge pull request #10 from thejoshwolfe/schema

Server uses jsonschema to validate client requests

Author: thejoshwolfe

.gitignore

@@ -1,3 +1,5 @@
 node_modules/
 *.js
 *.js.map
+*.d.ts
+*.cache.json

package.json

@@ -11,7 +11,8 @@
     "typescript": "^5.3.3"
   },
   "scripts": {
-    "build": "npm install --no-audit --no-fund && npm run build:client && npm run build:server",
+    "build": "npm install --no-audit --no-fund && npm run build:shared && npm run build:client && npm run build:server",
+    "build:shared": "cd src/shared && npm run build",
     "build:client": "cd src/client && npm run build",
     "build:server": "cd src/server && npm run build",
     "run": "cd src/server && npm run run"

src/client/client.ts

@@ -494,7 +494,7 @@ function renderAndMaybeCommitSelection(selection: {[index: ObjectId]: ObjectTemp
   clearNumberBuffer();
 }
 function commitSelection(selection: {[index: ObjectId]: ObjectTempProps}) {
-  let move: any[] = []; // TODO
+  let move: (string | number)[] = [];
   move.push(getMyUserId());
   for (let id in selection) {
     let object = objectsById[id];
@@ -532,14 +532,13 @@ function commitSelection(selection: {[index: ObjectId]: ObjectTempProps}) {
     }
   }
   if (move.length <= 1) return;
-  let message = {
+  sendMessage({
     cmd: "makeAMove",
     args: move,
-  };
-  sendMessage(message);
+  });
   pushChangeToHistory(move);
 }
-function pushObjectProps(move: any[], object: ObjectState) { // TODO
+function pushObjectProps(move: (string | number)[], object: ObjectState) {
   move.push(
     object.id,
     object.prototype,
@@ -549,14 +548,14 @@ function pushObjectProps(move: any[], object: ObjectState) { // TODO
     object.faceIndex);
 }
 const objectPropCount = 6;
-function consumeObjectProps(move: any[], i: number): ObjectState { // TODO
+function consumeObjectProps(move: (string | number)[], i: number): ObjectState {
   let object = makeObject(
-    move[i++], // id
-    move[i++], // prototypeId
-    move[i++], // x
-    move[i++], // y
-    move[i++], // z
-    move[i++], // faceIndex
+    move[i++] as string, // id
+    move[i++] as string, // prototypeId
+    move[i++] as number, // x
+    move[i++] as number, // y
+    move[i++] as number, // z
+    move[i++] as number, // faceIndex
   );
   return object;
 }
@@ -707,7 +706,7 @@ function deleteSelection() {
     partialDeletion = true;
   }
 
-  let move: any[] = []; // TODO
+  let move: (string | number)[] = [];
   objects.forEach(function(object) {
     if (!object.temporary) {
       move.push("d"); // delete

src/client/connection.ts

@@ -1,24 +1,17 @@
-import {programmerError} from "./math.js";
-import {
-  initGame, deleteTableAndEverything,
-  makeAMove,
-} from "./client.js";
-import {
-  UserInfo, UserId,
-  JoinRoomArgs, UserJoinedArgs, UserLeftArgs, ChangeMyNameArgs, ChangeMyRoleArgs, RoleId,
-} from "../shared/protocol.js";
-import {
-  ScreenMode, getScreenMode, setScreenMode,
-  renderUserList,
- } from "./ui_layout.js";
+import { programmerError } from "./math.js";
+import { initGame, deleteTableAndEverything, makeAMove } from "./client.js";
+import { ScreenMode, getScreenMode, setScreenMode, renderUserList } from "./ui_layout.js";
+
+import { UserInfo, UserId, JoinRoomArgs, UserJoinedArgs, UserLeftArgs, ChangeMyNameArgs, ChangeMyRoleArgs, RoleId } from "../shared/protocol.js";
+import { ProtocolMessage } from "../shared/generated-schema.js";
 
 let socket: WebSocket | null = null;
 let isConnected = false;
 let roomCode: string | null = null;
 let myUser: UserInfo | null = null;
 let usersById: {[index: UserId]: UserInfo} = {};
 
-export function sendMessage(message: object) {
+export function sendMessage(message: ProtocolMessage) {
   if (socket == null) programmerError();
   socket.send(JSON.stringify(message));
 }

src/server/package-lock.json

@@ -2,6 +2,7 @@
   "type": "module",
   "dependencies": {
     "express": "^4.18.2",
+    "jsonschema": "^1.4.1",
     "ws": "^8.16.0"
   },
   "devDependencies": {

src/server/package.json

@@ -1,9 +1,12 @@
 import http from "http";
 import express from "express";
 import {WebSocket, WebSocketServer} from "ws";
+import jsonschema from "jsonschema";
 
 import database from "./database.js";
 import defaultRoomState from "./defaultRoom.js";
+import { protocolSchema } from "../shared/schema.js";
+import { ProtocolMessage } from "../shared/generated-schema.js";
 
 const bindIpAddress = "127.0.0.1";
 
@@ -111,25 +114,25 @@ function handleNewSocket(socket: WebSocket) {
   let user: UserInRoom | null = null;
 
   socket.on("message", function(data, isBinary) {
-    if (isBinary) throw new Error("no");
-    const msg = data.toString();
+    try {
+      if (isBinary) throwShenanigan("received binary message");
+      let msg = data.toString();
+      handleMessage(msg);
+    } catch (e) {
+      if (!(e instanceof Shenanigan)) {
+        console.log(e);
+      }
+      disconnect();
+    }
+  });
 
+  function handleMessage(msg: string) {
     if (clientState === ClientState.DISCONNECTING) return;
-    console.log(msg);
-    let allowedCommands = (function() {
-      switch (clientState) {
-        case ClientState.WAITING_FOR_LOGIN:
-          return ["joinRoom"];
-        case ClientState.PLAY:
-          return ["makeAMove", "changeMyName", "changeMyRole"];
-        default: programmerError();
-      }
-    })();
-    let message = parseAndValidateMessage(msg, allowedCommands);
-    if (message == null) return;
+    let message = parseAndValidateMessage(msg);
 
     switch (message.cmd) {
       case "joinRoom": {
+        if (clientState !== ClientState.WAITING_FOR_LOGIN) throwShenanigan("not now kid");
         let roomCode = message.args.roomCode;
         if (roomCode === "new") {
           room = newRoom();
@@ -176,6 +179,7 @@ function handleNewSocket(socket: WebSocket) {
         break;
       }
       case "makeAMove": {
+        if (clientState !== ClientState.PLAY) throwShenanigan("not now kid");
         if (!(user != null && room != null)) programmerError();
         let msg = JSON.stringify(message);
         for (let otherId in room.usersById) {
@@ -186,6 +190,7 @@ function handleNewSocket(socket: WebSocket) {
         break;
       }
       case "changeMyName": {
+        if (clientState !== ClientState.PLAY) throwShenanigan("not now kid");
         if (!(user != null && room != null)) programmerError();
         let newName = message.args;
         user.userName = newName;
@@ -199,6 +204,7 @@ function handleNewSocket(socket: WebSocket) {
         break;
       }
       case "changeMyRole": {
+        if (clientState !== ClientState.PLAY) throwShenanigan("not now kid");
         if (!(user != null && room != null)) programmerError();
         let newRole = message.args;
         user.role = newRole;
@@ -211,10 +217,14 @@ function handleNewSocket(socket: WebSocket) {
         }
         break;
       }
-      default: throw new Error("TODO: handle command: " + message.cmd);
+      default: throw new Error("TODO: handle command: " + msg);
     }
-  });
+  }
 
+  function throwShenanigan(...msgs: any[]): never {
+    console.log("error handling client message:", ...msgs);
+    throw new Shenanigan();
+  }
   function disconnect() {
     // we initiate a disconnect
     socket.close();
@@ -260,74 +270,28 @@ function handleNewSocket(socket: WebSocket) {
     socket.send(msg);
   }
 
-  function parseAndValidateMessage(msg: string, allowedCommands: string[]) {
+  function parseAndValidateMessage(msg: string): ProtocolMessage {
+    // json.
     let message;
     try {
       message = JSON.parse(msg);
     } catch (e) {
-      return failValidation(e);
-    }
-    // TODO: rethink validation so that it only protects the server, not other clients
-    if (typeof message != "object") return failValidation("JSON root data type expected to be object");
-    // ignore all unexpected fields.
-    message = {
-      cmd: message.cmd,
-      args: message.args,
-    };
-    if (allowedCommands.indexOf(message.cmd) === -1) return failValidation("invalid command", message.cmd);
-    switch (message.cmd) {
-      case "createRoom": {
-        if (message.args != null) return failValidation("expected no args. got:", message.args);
-        delete message.args;
-        break;
-      }
-      case "joinRoom": {
-        message.args = {
-          roomCode: message.args.roomCode,
-        };
-        if (typeof message.args.roomCode !== "string") return failValidation("expected string:", message.args.roomCode);
-        // although the room code might be bogus, that's a reasonable mistake, not a malfunction.
-        break;
-      }
-      case "makeAMove": {
-        let move = message.args;
-        if (!Array.isArray(move)) return failValidation("expected args to be an array");
-        break;
-      }
-      case "changeMyName": {
-        let newName = message.args;
-        if (typeof newName !== "string") return failValidation("expected string:", newName);
-        if (newName.length > 16) newName = newName.substring(0, 16);
-        if (newName.length === 0) return failValidation("new name is empty string");
-        message.args = newName;
-        break;
-      }
-      case "changeMyRole": {
-        let newRole = message.args;
-        if (typeof newRole !== "string") return failValidation("expected string:", newRole);
-        message.args = newRole;
-        break;
-      }
-      default: throw new Error("TODO: handle command: " + message.cmd);
+      throwShenanigan(msg + "\n", e);
     }
 
-    // seems legit
-    return message;
+    // json schema.
+    let res = jsonschema.validate(message, protocolSchema, {
+      required: true,
+      nestedErrors: true,
+    });
+    if (!res.valid) throwShenanigan("client message fails validation:", message, res.toString() + "---");
 
-    function failValidation(blurb: string | any, offendingValue?: any) {
-      if (arguments.length >= 2) {
-        if (typeof offendingValue === "string") {
-          // make whitespace easier to see
-          offendingValue = JSON.stringify(offendingValue);
-        }
-        console.log("message failed validation:", blurb, offendingValue);
-      } else {
-        console.log("message failed validation:", blurb);
-      }
-      return null;
-    }
+    console.log(msg);
+    return message;
   }
 }
+class Shenanigan extends Error {}
+
 
 const roomCodeAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
 function generateRoomCode() {

src/server/server.ts

@@ -0,0 +1,47 @@
+import {writeFileSync, statSync, readFileSync} from "fs";
+
+const selfPath = "generate-typescript-interfaces.js"; // we don't have __filename for some reason.
+const inPath = "schema.js";
+const outPath = "generated-schema.d.ts";
+const cachePath = "schema.cache.json";
+
+let cache: {[index: string]: string} = function() {
+  try {
+    return JSON.parse(readFileSync(cachePath, {encoding: "utf8"}));
+  } catch {
+    return {};
+  }
+}();
+
+function checkCache(path: string): boolean {
+  let stats = statSync(path, {throwIfNoEntry: false});
+  if (stats == null) return false;
+  const entry = JSON.stringify([stats.ino, stats.size, stats.mtime]);
+  if (cache[path] === entry) return true;
+
+  // Optimistically put the new entry in case we get around to writing the cache.
+  cache[path] = entry;
+  return false;
+}
+function writeCache() {
+  writeFileSync(cachePath, JSON.stringify(cache) + "\n");
+}
+
+if (checkCache(selfPath) && checkCache(inPath) && checkCache(outPath)) {
+  // up to date.
+  process.exit(0);
+}
+
+// Need to generate.
+console.log("generating schema types");
+import {protocolSchema} from "./schema.js"
+
+// tsc chokes analyzing this dependency, but it works at runtime.
+// Obfuscate the import to disable typescript compile-time analysis.
+const {compile} = await import("" + "json-schema-to-typescript");
+
+let content = await compile(protocolSchema, "ProtocolMessage");
+writeFileSync(outPath, content);
+
+checkCache(outPath);
+writeCache();