hapi-plugin-websocket
Advanced tools
HAPI plugin for seamless WebSocket integration.
$ npm install hapi hapi-plugin-websocket
This is a small plugin for the HAPI server framework of Node.js for seamless WebSocket protocol integration. It accepts WebSocket connections and transforms between incoming/outgoing WebSocket messages and injected HTTP request/response messages.
The following sample server shows all features at once:
const Boom = require("@hapi/boom")
const HAPI = require("@hapi/hapi")
const HAPIAuthBasic = require("@hapi/basic")
const HAPIWebSocket = require("hapi-plugin-websocket")
const WebSocket = require("ws")
;(async () => {
/* create new HAPI service */
const server = new HAPI.Server({ address: "127.0.0.1", port: 12345 })
/* register HAPI plugins */
await server.register(HAPIWebSocket)
await server.register(HAPIAuthBasic)
/* register Basic authentication strategy */
server.auth.strategy("basic", "basic", {
validate: async (request, username, password, h) => {
let isValid = false
let credentials = null
if (username === "foo" && password === "bar") {
isValid = true
credentials = { username }
}
return { isValid, credentials }
}
})
/* provide plain REST route */
server.route({
method: "POST", path: "/foo",
config: {
payload: { output: "data", parse: true, allow: "application/json" }
},
handler: (request, h) => {
return { at: "foo", seen: request.payload }
}
})
/* provide combined REST/WebSocket route */
server.route({
method: "POST", path: "/bar",
config: {
payload: { output: "data", parse: true, allow: "application/json" },
plugins: { websocket: true }
},
handler: (request, h) => {
let { mode } = request.websocket()
return { at: "bar", mode: mode, seen: request.payload }
}
})
/* provide exclusive WebSocket route */
server.route({
method: "POST", path: "/baz",
config: {
plugins: { websocket: { only: true, autoping: 30 * 1000 } }
},
handler: (request, h) => {
return { at: "baz", seen: request.payload }
}
})
/* provide full-featured exclusive WebSocket route */
server.route({
method: "POST", path: "/quux",
config: {
response: { emptyStatusCode: 204 },
payload: { output: "data", parse: true, allow: "application/json" },
auth: { mode: "required", strategy: "basic" },
plugins: {
websocket: {
only: true,
initially: true,
subprotocol: "quux.example.com",
connect: ({ ctx, ws }) => {
ctx.to = setInterval(() => {
if (ws.readyState === WebSocket.OPEN)
ws.send(JSON.stringify({ cmd: "PING" }))
}, 5000)
},
disconnect: ({ ctx }) => {
if (ctx.to !== null) {
clearTimeout(this.ctx)
ctx.to = null
}
}
}
}
},
handler: (request, h) => {
let { initially, ws } = request.websocket()
if (initially) {
ws.send(JSON.stringify({ cmd: "HELLO", arg: request.auth.credentials.username }))
return ""
}
if (typeof request.payload !== "object" || request.payload === null)
return Boom.badRequest("invalid request")
if (typeof request.payload.cmd !== "string")
return Boom.badRequest("invalid request")
if (request.payload.cmd === "PING")
return { result: "PONG" }
else if (request.payload.cmd === "AWAKE-ALL") {
var peers = request.websocket().peers
peers.forEach((peer) => {
peer.send(JSON.stringify({ cmd: "AWAKE" }))
})
return ""
}
else
return Boom.badRequest("unknown command")
}
})
/* provide exclusive framed WebSocket route */
server.route({
method: "POST", path: "/framed",
config: {
plugins: {
websocket: {
only: true,
autoping: 30 * 1000,
frame: true,
frameEncoding: "json",
frameRequest: "REQUEST",
frameResponse: "RESPONSE"
}
}
},
handler: (request, h) => {
return { at: "framed", seen: request.payload }
}
})
/* start the HAPI service */
await server.start()
})().catch((err) => {
console.log(`ERROR: ${err}`)
})
You can test-drive this the following way (with the help of curl and wscat):
# start the sample server implementation (see source code above)
$ node sample-server.js &
# access the plain REST route via REST
$ curl -X POST --header 'Content-type: application/json' \
--data '{ "foo": 42 }' http://127.0.0.1:12345/foo
{"at":"foo","seen":{"foo":42}}
# access the combined REST/WebSocket route via REST
$ curl -X POST --header 'Content-type: application/json' \
--data '{ "foo": 42 }' http://127.0.0.1:12345/bar
{"at":"bar","mode":"http","seen":{"foo":42}}
# access the exclusive WebSocket route via REST
$ curl -X POST --header 'Content-type: application/json' \
--data '{ "foo": 42 }' http://127.0.0.1:12345/baz
{"statusCode":400,"error":"Bad Request","message":"Plain HTTP request to a WebSocket-only route not allowed"}
# access the combined REST/WebSocket route via WebSocket
$ wscat --connect ws://127.0.0.1:12345/bar
> { "foo": 42 }
< {"at":"bar","mode":"websocket","seen":{"foo":42}}
> { "foo": 7 }
< {"at":"bar","mode":"websocket","seen":{"foo":7}}
# access the exclusive WebSocket route via WebSocket
$ wscat --connect ws://127.0.0.1:12345/baz
> { "foo": 42 }
< {"at":"baz","seen":{"foo":42}}
> { "foo": 7 }
< {"at":"baz","seen":{"foo":7}}
# access the full-featured exclusive WebSocket route via WebSockets
$ wscat --subprotocol "quux.example.com" --auth foo:bar --connect ws://127.0.0.1:12345/quux
< {"cmd":"HELLO",arg:"foo"}
> {"cmd":"PING"}
< {"result":"PONG"}
> {"cmd":"AWAKE-ALL"}
< {"cmd":"AWAKE"}
< {"cmd":"PING"}
< {"cmd":"PING"}
< {"cmd":"PING"}
< {"cmd":"PING"}
# access framed exclusive WebSocket route
$ wscat --connect ws://127.0.0.1:12345/framed
< [ 42, 0, "REQUEST", { "foo": 7 } ]
> [1,42,"RESPONSE",{"at":"framed","seen":{"foo":7}}]
const HAPIWebSocket = require("hapi-plugin-websocket")
await server.register(HAPIWebSocket)
server.register({
plugin: HAPIWebSocket,
options: {
create: (wss) => {
...
}
}
})
server.route({
method: "POST",
path: "/foo",
options: {
plugins: { websocket: true }
},
handler: async (request, h) => {
...
}
})
server.route({
method: "POST",
path: "/foo",
options: {
plugins: {
websocket: {
only: true,
autoping: 10 * 1000,
subprotocol: "quux.example.com",
initially: true,
connect: ({ ctx, wss, ws, req, peers }) => {
...
ws.send(...)
...
},
disconnect: ({ ctx, wss, ws, req, peers }) => {
...
}
}
}
},
handler: async (request, h) => {
let { mode, ctx, wss, ws, req, peers, initially } = request.websocket()
...
}
})
server.route({
method: "POST",
path: "/foo",
options: {
plugins: {
websocket: {
only: true,
frame: true,
frameEncoding: "json",
frameRequest: "REQUEST",
frameResponse: "RESPONSE"
}
}
},
handler: async (request, h) => {
let { mode, ctx, wss, ws, wsf, req, peers, initially } = request.websocket()
...
}
})
With NES there is a popular and elaborated alternative
HAPI plugin for WebSocket integration. The hapi-plugin-websocket
plugin in contrast is a light-weight solution and was developed
with especially six distinct features in mind:
everything is handled through the regular HAPI route API
(i.e. no additional APIs like server.subscribe()),
one can use HAPI route paths with arbitrary parameters,
one can restrict a HAPI route to a particular WebSocket subprotocol,
HTTP replies with status code 204 ("No Content") are explicitly taken into account (i.e. no WebSocket response message is sent at all in this case),
HAPI routes can be controlled to be plain REST, combined REST+WebSocket or WebSocket-only routes, and
optionally, WebSocket PING/PONG messages can be exchanged in an interval to automatically keep the connection alive (e.g. over stateful firewalls) and to better recognize dead connections (e.g. in case of network partitions).
If you want a more elaborate solution, NES should be your choice, of course.
Copyright (c) 2016-2023 Dr. Ralf S. Engelschall (http://engelschall.com/)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
HAPI plugin for seamless WebSocket integration
The npm package hapi-plugin-websocket receives a total of 7,203 weekly downloads. As such, hapi-plugin-websocket popularity was classified as popular.
We found that hapi-plugin-websocket demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.