From 3ad221665e5c690e4c1047ff1ad17db21f748c2e Mon Sep 17 00:00:00 2001
From: Gabe Kangas <gabek@real-ity.com>
Date: Thu, 25 Mar 2021 19:19:11 -0700
Subject: [PATCH] Handle un-typed or un-parsable chat messages by throwing them
 away and not panicing. Closes #856

---
 core/chat/client.go      | 20 ++++++++++++++------
 test/load/badchatdata.js | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+), 6 deletions(-)
 create mode 100644 test/load/badchatdata.js

diff --git a/core/chat/client.go b/core/chat/client.go
index 2cb950339..8f06ee6c0 100644
--- a/core/chat/client.go
+++ b/core/chat/client.go
@@ -123,7 +123,6 @@ func (c *Client) listenWrite() {
 }
 
 func (c *Client) handleClientSocketError(err error) {
-	log.Warnln("Websocket client error: ", err.Error())
 	_server.removeClient(c)
 }
 
@@ -158,13 +157,22 @@ func (c *Client) listenRead() {
 				c.handleClientSocketError(err)
 			}
 
-			var messageTypeCheck map[string]interface{}
-			err = json.Unmarshal(data, &messageTypeCheck)
-			if err != nil {
-				log.Errorln(err)
+			if !c.passesRateLimit() {
+				continue
 			}
 
-			if !c.passesRateLimit() {
+			var messageTypeCheck map[string]interface{}
+			err = json.Unmarshal(data, &messageTypeCheck)
+
+			// Bad messages should be thrown away
+			if err != nil {
+				log.Debugln("Badly formatted message received from", c.Username, c.ws.Request().RemoteAddr)
+				continue
+			}
+
+			// If we can't tell the type of message, also throw it away.
+			if messageTypeCheck == nil {
+				log.Debugln("Untyped message received from", c.Username, c.ws.Request().RemoteAddr)
 				continue
 			}
 
diff --git a/test/load/badchatdata.js b/test/load/badchatdata.js
new file mode 100644
index 000000000..01bf946aa
--- /dev/null
+++ b/test/load/badchatdata.js
@@ -0,0 +1,38 @@
+// This will send raw, unformatted strings to the websocket to make sure the socket server
+// is handling bad data.
+
+const messages = [
+    'I am a test message',
+    'this is fake',
+    'i write emoji 😀',
+    'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.',
+    'Sed pulvinar proin gravida hendrerit. Mauris in aliquam sem fringilla ut morbi tincidunt augue. In cursus turpis massa tincidunt dui.',
+    'Feugiat in ante metus dictum at tempor commodo ullamcorper. Nunc aliquet bibendum enim facilisis gravida neque convallis a. Vitae tortor condimentum lacinia quis vel eros donec ac odio.',
+  ];
+  
+  var availableMessages = messages.slice();
+  
+  const WebSocket = require('ws');
+  
+  const ws = new WebSocket('ws://localhost:8080/entry', {
+    origin: 'http://watch.owncast.online',
+  });
+  
+  ws.on('open', function open() {
+    setTimeout(sendMessage, 100);
+  });
+  
+  ws.on('error', function incoming(data) {
+    console.log(data);
+  });
+  
+  function sendMessage() {
+    const messageIndex = Math.floor(Math.random() * availableMessages.length);
+    ws.send(JSON.stringify(availableMessages[messageIndex]));
+
+    setTimeout(sendMessage, 100);
+  }
+  
+  
+  
+  
\ No newline at end of file