engine.io
Advanced tools
Changelog
6.5.4 (2023-11-09)
This release contains some minor changes which should improve the memory usage of the server, notably this.
Dependencies
ws@~8.11.0(no change)
Changelog
6.5.2 (2023-08-01)
Bug Fixes
- webtransport: add proper framing (a306db0)
Dependencies
ws@~8.11.0(no change)
Changelog
6.5.0 (2023-06-16)
Bug Fixes
Features
Support for WebTransport
The Engine.IO server can now use WebTransport as the underlying transport.
WebTransport is a web API that uses the HTTP/3 protocol as a bidirectional transport. It's intended for two-way communications between a web client and an HTTP/3 server.
References:
- https://w3c.github.io/webtransport/
- https://developer.mozilla.org/en-US/docs/Web/API/WebTransport
- https://developer.chrome.com/articles/webtransport/
Until WebTransport support lands in Node.js, you can use the @fails-components/webtransport package:
import { readFileSync } from "fs";
import { createServer } from "https";
import { Server } from "engine.io";
import { Http3Server } from "@fails-components/webtransport";
// WARNING: the total length of the validity period MUST NOT exceed two weeks (https://w3c.github.io/webtransport/#custom-certificate-requirements)
const cert = readFileSync("/path/to/my/cert.pem");
const key = readFileSync("/path/to/my/key.pem");
const httpsServer = createServer({
key,
cert
});
httpsServer.listen(3000);
const engine = new Server({
transports: ["polling", "websocket", "webtransport"] // WebTransport is not enabled by default
});
engine.attach(httpsServer);
const h3Server = new Http3Server({
port: 3000,
host: "0.0.0.0",
secret: "changeit",
cert,
privKey: key,
});
(async () => {
const stream = await h3Server.sessionStream("/engine.io/");
const sessionReader = stream.getReader();
while (true) {
const { done, value } = await sessionReader.read();
if (done) {
break;
}
engine.onWebTransportSession(value);
}
})();
h3Server.startServer();
Added in 123b68c.
Credits
Huge thanks to @OxleyS for helping!
Dependencies
ws@~8.11.0(no change)
Changelog
6.4.2 (2023-05-02)
:warning: This release contains an important security fix :warning:
A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:
TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
at Server.onWebSocket (build/server.js:515:67)
Please upgrade as soon as possible.
Bug Fixes
- include error handling for Express middlewares (#674) (9395782)
- prevent crash when provided with an invalid query param (fc480b4)
- typings: make clientsCount public (#675) (bd6d471)
- uws: prevent crash when using with middlewares (8b22162)
Credits
Huge thanks to @tyilo and @cieldeville for helping!
Dependencies
ws@~8.11.0(no change)
Changelog
6.4.1 (2023-02-20)
This release contains 6e78489, which exports the BaseServer class in order to restore the compatibility with the nodenext module resolution strategy of TypeScript.
Reference: https://www.typescriptlang.org/tsconfig/#moduleResolution
Related: https://github.com/socketio/socket.io/issues/4621
Dependencies
ws@~8.11.0(no change)
Changelog
6.4.0 (2023-02-06)
Features
- add support for Express middlewares (24786e7)
This commit implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle.
A workaround was possible by using the allowRequest option and the "headers" event, but this feels way cleaner and works with upgrade requests too.
Syntax:
engine.use((req, res, next) => {
// do something
next();
});
// with express-session
import session from "express-session";
engine.use(session({
secret: "keyboard cat",
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}));
// with helmet
import helmet from "helmet";
engine.use(helmet());
Dependencies
ws@~8.11.0(no change)