validate options passed to socket longpoll / websocket options (#6072)

phoenixframework · Feb 5, 2025 · 91d25f5 · 91d25f5
1 parent 9bd7444
commit 91d25f5
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 3 deletions.
diff --git a/lib/phoenix/endpoint.ex b/lib/phoenix/endpoint.ex
@@ -690,8 +690,43 @@ defmodule Phoenix.Endpoint do
 
   defp socket_paths(endpoint, path, socket, opts) do
     paths = []
-    websocket = Keyword.get(opts, :websocket, true)
-    longpoll = Keyword.get(opts, :longpoll, false)
+
+    common_config = [
+      :path,
+      :serializer,
+      :transport_log,
+      :check_origin,
+      :check_csrf,
+      :code_reloader,
+      :connect_info
+    ]
+
+    websocket =
+      opts
+      |> Keyword.get(:websocket, true)
+      |> maybe_validate_keys(
+        common_config ++
+          [
+            :timeout,
+            :max_frame_size,
+            :fullsweep_after,
+            :compress,
+            :subprotocols,
+            :error_handler
+          ]
+      )
+
+    longpoll =
+      opts
+      |> Keyword.get(:longpoll, true)
+      |> maybe_validate_keys(
+        common_config ++
+          [
+            :window_ms,
+            :pubsub_timeout_ms,
+            :crypto
+          ]
+      )
 
     paths =
       if websocket do
@@ -745,6 +780,9 @@ defmodule Phoenix.Endpoint do
     {conn_ast, path}
   end
 
+  defp maybe_validate_keys(true, _), do: true
+  defp maybe_validate_keys(opts, keys) when is_list(opts), do: Keyword.validate!(opts, keys)
+
   ## API
 
   @doc """

diff --git a/test/phoenix/endpoint/endpoint_test.exs b/test/phoenix/endpoint/endpoint_test.exs
@@ -370,4 +370,22 @@ defmodule Phoenix.Endpoint.EndpointTest do
       Endpoint.static_integrity("//invalid_path")
     end
   end
+
+  test "validates websocket and longpoll socket options" do
+    assert_raise ArgumentError, ~r/unknown keys \[:invalid\]/, fn ->
+      defmodule MyInvalidSocketEndpoint1 do
+        use Phoenix.Endpoint, otp_app: :phoenix
+
+        socket "/ws", UserSocket, websocket: [path: "/ws", check_origin: false, invalid: true]
+      end
+    end
+
+    assert_raise ArgumentError, ~r/unknown keys \[:drainer\]/, fn ->
+      defmodule MyInvalidSocketEndpoint2 do
+        use Phoenix.Endpoint, otp_app: :phoenix
+
+        socket "/ws", UserSocket, longpoll: [path: "/ws", check_origin: false, drainer: []]
+      end
+    end
+  end
 end
diff --git a/test/phoenix/integration/long_poll_socket_test.exs b/test/phoenix/integration/long_poll_socket_test.exs
@@ -67,7 +67,7 @@ defmodule Phoenix.Integration.LongPollSocketTest do
       custom: :value
 
     socket "/custom/:socket_var", UserSocket,
-      longpoll: [path: ":path_var/path", check_origin: ["//example.com"], timeout: 200],
+      longpoll: [path: ":path_var/path", check_origin: ["//example.com"], pubsub_timeout_ms: 200],
       custom: :value
   end