Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Errors thrown by middlewares do not get captured or reported #5263

Open
knackstedt opened this issue Dec 17, 2024 · 1 comment
Open

Errors thrown by middlewares do not get captured or reported #5263

knackstedt opened this issue Dec 17, 2024 · 1 comment
Labels
to triage Waiting to be triaged by a member of the team

Comments

@knackstedt
Copy link

Describe the bug
If an unexpected error is thrown inside of a middleware, the error is completely ignored and not logged to any output stream or file. This makes errors impossible to debug without adding breakpoints into the dependency. This is obviously bad practice for a production system as rare errors will all get swept under the rug.

See here:

socket.io/packages/engine.io/lib/server.ts

Line 772 in 7427109

callback(Server.errors.BAD_REQUEST, { name: "MIDDLEWARE_FAILURE" });

To Reproduce

Please fill the following code example:

Socket.IO server version: 4.8.x

Server

import { Server } from "socket.io";

const io = new Server(3000, {});
io.engine.use((req, res, next) => {
    if (!req.session?.hasSocketAccess) {
        return next(new Error("You do not have access"));
    }
    next();
});

io.on("connection", (socket) => {
  console.log(`connect ${socket.id}`);

  socket.on("disconnect", () => {
    console.log(`disconnect ${socket.id}`);
  });
});

Socket.IO client version: 4.8.x

Client

import { io } from "socket.io-client";

const socket = io("ws://localhost:3000/", {});

socket.on("connect", () => {
  console.log(`connect ${socket.id}`);
});

socket.on("disconnect", () => {
  console.log("disconnect");
});

Expected behavior
When the error is thrown in the middleware, it is able to be logged in some manner. Given that the current behavior tries to respond to the open HTTP connection and throws (yet another) error "Cannot set headers after they are sent to the client", I think socket.io needs to support being provided an error logger and if not provided, automatically log such errors to console.error.

Platform:

  • Device: Irrelevant.
  • OS: Irrelevant.

Additional context
I would have made a PR to resolve this, but I'm sure the current maintainers would have a preferred implementation for satisfying this need. The underlying "Cannot set headers after they are sent" error is probably an artifact of the implementation here, which might be resolved anyway by adding this logging support. I'm not totally sure what the intention is for that specific method, so I'll leave that up to the maintainers.
@knackstedt knackstedt added the to triage Waiting to be triaged by a member of the team label Dec 17, 2024
@knackstedt
Copy link
Author

Edit: Also affects this closure.

socket.io/packages/engine.io/lib/server.ts

Line 815 in 7427109

this._applyMiddlewares(req, res as unknown as ServerResponse, (err) => {

(GitHub is currently quite laggy so I can't modify the original post :/ )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
to triage Waiting to be triaged by a member of the team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@knackstedt