luneski/mqtt-explorer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security hardening: authentication, input validation, OWASP compliance, architecture improvements, and CSP fixes for browser mode (#942)

Browse Source
This commit is contained in:
Copilot
2025-12-22 16:52:42 +01:00
committed by GitHub
parent a7136bd572
commit 6c041cba02
50 changed files with 1943 additions and 734 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
events/EventSystem/BrowserEventBus.ts
View File

@@ -1,29 +0,0 @@
// Browser-specific EventBus implementation using Socket.io
import io from 'socket.io-client'
import { SocketIOClientEventBus } from './SocketIOClientEventBus'
import { Rpc } from './Rpc'
// Get auth from sessionStorage or use empty (will show login dialog)
const username = typeof sessionStorage !== 'undefined' ? sessionStorage.getItem('mqtt-explorer-username') || '' : ''
const password = typeof sessionStorage !== 'undefined' ? sessionStorage.getItem('mqtt-explorer-password') || '' : ''
// Connect to the server (same origin in browser mode)
const socket = io({
auth: {
username,
password,
},
reconnection: true,
reconnectionDelay: 1000,
reconnectionDelayMax: 5000,
reconnectionAttempts: Infinity,
transports: ['websocket', 'polling'],
})
export const rendererEvents = new SocketIOClientEventBus(socket)
export const rendererRpc = new Rpc(rendererEvents)
// In browser mode, the backend is on the server
// For compatibility, export same instances (renderer communicates with server backend via socket)
export const backendEvents = rendererEvents
export const backendRpc = rendererRpc

14
events/EventSystem/SocketIOClientEventBus.ts
View File

@@ -1,13 +1,21 @@
import { Socket } from 'socket.io-client'
import { CallbackStore } from './CallbackStore'
import { EventBusInterface } from './EventBusInterface'
import { Event } from '../Events'
// Generic socket interface that socket.io-client's Socket implements
// This avoids direct dependency on socket.io-client package
export interface SocketLike {
on(event: string, callback: (...args: any[]) => void): any
off(event: string, callback: (...args: any[]) => void): any
removeAllListeners(event: string): any
emit(event: string, ...args: any[]): any
}
export class SocketIOClientEventBus implements EventBusInterface {
private socket: Socket
private socket: SocketLike
private callbacks: Array<CallbackStore> = []
constructor(socket: Socket) {
constructor(socket: SocketLike) {
this.socket = socket
}