fortress-maximus0.0.5 • Public • Published
Despite his great power, size, and rank, Fortress Maximus is a weary and reluctant warrior. Fighting is against his pacifist nature and now spends his time validating.
Whether I am a hero or a coward is not the issue! I am weary! My joints creak from the corrosion of war without end! I... cannot break this ring of hate that surrounds us all -- but I can remove myself from it. No matter what you decide... I am leaving and joining Primus to innovate real-time.
Fortress Maximus validates every incoming message on your Primus server as all user input should be seen as a potential security risk.
This is a plugin for the Primus framework and can be installed using
npm install --save fortress-maximus
npm to automatically add the installed version to your
In order to work with emitted events we assume that you're using the
primus-emit module as emit plugin. Any other plugin will simply be seen and
data event. See http://github.com/primus/emit for more
information about this supported plugin.
As this a plugin for Primus we need to add it. This plugin only has a server
component so it doesn't require you to re-compile your client. To add this
plugin to your Primus server simply call the
.use method on your Primus
And you're server will now require validation for every single incoming message.
If you want every single message to be validated make sure that you've added
fortress-maximus as the first plugin you use:
In the example code above we can successfully intercept emit messages and
validate them before they are processed by the
primus-emit plugin and emitted
on the spark instance. The
primus-emit module has two different modes which
configure on where the events are emitted. On the spark or on the server. We
need to know where so we can correctly validate that there are events registered
for it. That's why it's possible to configure the
directly through the Primus server constructor. The following options are
fortress: Where are the events emitted. Either
primus. Defaults to
Just as a quick reminder, this is how you supply the options to your Primus server:
var primus = httpsserverfortress: 'spark';
After you've added the plugin you can the newly introduced
method to add validators for any given event that is emitted on the spark. The
validate method accepts 2 arguments:
- The name of the event you want to validate. If you are not using custom
events this would only be the
- The function that does the actual validation. The function should accept the same amount of arguments as the event listener + one extra callback function
When we receive a new message on the server we first run some standard checks to see if we've received validate data and we:
- Prevent reserved events from being emitted.
- Only allow events to be emitted when there are listeners.
- Only allow events which are validated.
- Make sure the correct amount of arguments are received.
If all these checks pass we will call the supplied validator function with arguments.
The context of you validate function will be set to the
spark so you could do
some additional validation based on that:
If you are to lazy to create
new Error() objects for every single validation
you can also call the validation function with a boolean
indicate if the event is valid.
When ever we fail to validate an incoming message we will prevent it from being
emitted. And will emit an
invalid event on your Primus server instance. This
invalid event receives 2 arguments:
errAn error instance explaining why the given message was invalid
argsThe arguments that we attempted to validate.
To figure out which event we've validated you can check the supplied error
object. We add an
event property on it with the name of the event we've failed
In addition to the
invalid event, we also log the error with the
module. These debug messages can seen by setting the environment variable
DEBUG=primus:fortress node <your app.js>