From fa3ae55074e9d2c0fe7362bed692bf8a6a4ef740 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Thu, 9 Jul 2020 16:40:31 -0700
Subject: [PATCH] Added websocket per-message deflate support.

---
 meshcentral-config-schema.json | 1 +
 meshcentral.js                 | 2 +-
 package.json                   | 1 +
 webserver.js                   | 8 ++++----
 4 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json
index e2e56098..c930b3e1 100644
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@@ -55,6 +55,7 @@
         "agentPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval." },
         "agentIdleTimeout": { "type": "integer", "minimum": 1 },
         "compression": { "type": "boolean", "default": true, "description": "Enables GZIP compression for web requests." },
+        "wscompression": { "type": "boolean", "default": false, "description": "Enables websocket per-message deflate compression." },
         "meshErrorLogPath": { "type": "string" },
         "npmPath": { "type": "string" },
         "npmProxy": { "type": "string", "format": "uri" },
diff --git a/meshcentral.js b/meshcentral.js
index 570152f8..07793856 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -2595,7 +2595,7 @@ function mainStart() {
             if (config.domains[i].mstsc === true) { mstsc = true; }
             if ((typeof config.domains[i].authstrategies == 'object')) {
                 if (passport == null) { passport = ['passport']; }
-                if ((typeof config.domains[i].authstrategies.twitter == 'object') && (typeof config.domains[i].authstrategies.twitter.apikey == 'string') && (typeof config.domains[i].authstrategies.twitter.apisecret == 'string') && (passport.indexOf('passport-twitter') == -1)) { passport.push('passport-twitter'); }
+                if ((typeof config.domains[i].authstrategies.twitter == 'object') && (typeof config.domains[i].authstrategies.twitter.clientid == 'string') && (typeof config.domains[i].authstrategies.twitter.clientsecret == 'string') && (passport.indexOf('passport-twitter') == -1)) { passport.push('passport-twitter'); }
                 if ((typeof config.domains[i].authstrategies.google == 'object') && (typeof config.domains[i].authstrategies.google.clientid == 'string') && (typeof config.domains[i].authstrategies.google.clientsecret == 'string') && (passport.indexOf('passport-google-oauth20') == -1)) { passport.push('passport-google-oauth20'); }
                 if ((typeof config.domains[i].authstrategies.github == 'object') && (typeof config.domains[i].authstrategies.github.clientid == 'string') && (typeof config.domains[i].authstrategies.github.clientsecret == 'string') && (passport.indexOf('passport-github2') == -1)) { passport.push('passport-github2'); }
                 if ((typeof config.domains[i].authstrategies.reddit == 'object') && (typeof config.domains[i].authstrategies.reddit.clientid == 'string') && (typeof config.domains[i].authstrategies.reddit.clientsecret == 'string') && (passport.indexOf('passport-reddit') == -1)) { passport.push('passport-reddit'); }
diff --git a/package.json b/package.json
index 5a8aefb7..7d0b2e1a 100644
--- a/package.json
+++ b/package.json
@@ -43,6 +43,7 @@
     "multiparty": "^4.2.1",
     "nedb": "^1.8.0",
     "node-forge": "^0.8.4",
+    "permessage-deflate": "^0.1.7",
     "ws": "^6.2.1",
     "xmldom": "^0.1.27",
     "yauzl": "^2.10.0"
diff --git a/webserver.js b/webserver.js
index 8519be44..40086e7b 100644
--- a/webserver.js
+++ b/webserver.js
@@ -4303,7 +4303,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
         // Start the server, only after users and meshes are loaded from the database.
         if (obj.args.notls || obj.args.tlsoffload) {
             // Setup the HTTP server without TLS
-            obj.expressWs = require('express-ws')(obj.app);
+            obj.expressWs = require('express-ws')(obj.app, { wsOptions: { perMessageDeflate: (args.wscompression === true) } });
         } else {
             // Setup the HTTP server with TLS, use only TLS 1.2 and higher with perfect forward secrecy (PFS).
             //const tlsOptions = { cert: obj.certificates.web.cert, key: obj.certificates.web.key, ca: obj.certificates.web.ca, rejectUnauthorized: true, ciphers: "HIGH:!aNULL:!eNULL:!EXPORT:!RSA:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1 }; // This does not work with TLS 1.3
@@ -4315,7 +4315,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
             //obj.tlsServer.on('tlsClientError', function (err) { console.log('tlsClientError', err); });
             obj.tlsServer.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); });
             obj.tlsServer.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); });
-            obj.expressWs = require('express-ws')(obj.app, obj.tlsServer);
+            obj.expressWs = require('express-ws')(obj.app, obj.tlsServer, { wsOptions: { perMessageDeflate: (args.wscompression === true) } });
         }
 
         // Start a second agent-only server if needed
@@ -4328,7 +4328,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
 
             if (agentPortTls == false) {
                 // Setup the HTTP server without TLS
-                obj.expressWsAlt = require('express-ws')(obj.agentapp);
+                obj.expressWsAlt = require('express-ws')(obj.agentapp, { wsOptions: { perMessageDeflate: (args.wscompression === true) } });
             } else {
                 // Setup the agent HTTP server with TLS, use only TLS 1.2 and higher with perfect forward secrecy (PFS).
                 // If TLS is used on the agent port, we always use the default TLS certificate.
@@ -4339,7 +4339,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                 //obj.tlsAltServer.on('tlsClientError', function (err) { console.log('tlsClientError', err); });
                 obj.tlsAltServer.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); });
                 obj.tlsAltServer.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); });
-                obj.expressWsAlt = require('express-ws')(obj.agentapp, obj.tlsAltServer);
+                obj.expressWsAlt = require('express-ws')(obj.agentapp, obj.tlsAltServer, { wsOptions: { perMessageDeflate: (args.wscompression === true) } });
             }
         }