From f6387a8fa844cd39d7759efd377dd238dfede95b Mon Sep 17 00:00:00 2001 From: Steven Frew Date: Mon, 24 Jul 2023 13:12:30 +0100 Subject: [PATCH 01/30] fix(types): added module declaration (#879) Co-authored-by: steven.frew --- aedes.d.ts | 4 ++++ test/types/aedes.test-d.ts | 1 - 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/aedes.d.ts b/aedes.d.ts index 1574faf1..3735efdf 100644 --- a/aedes.d.ts +++ b/aedes.d.ts @@ -6,3 +6,7 @@ export * from './types/instance' export * from './types/packet' export * from './types/client' export default Aedes + +declare module 'aedes' { + export = Aedes +} diff --git a/test/types/aedes.test-d.ts b/test/types/aedes.test-d.ts index abac7cae..30e34168 100644 --- a/test/types/aedes.test-d.ts +++ b/test/types/aedes.test-d.ts @@ -1,4 +1,3 @@ - import { IncomingMessage } from 'node:http' import { Socket } from 'node:net' import type { From d0507b6faddb74d6c589ea74fa1ab96cdbf5f913 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Jul 2023 13:36:23 +0200 Subject: [PATCH 02/30] chore(deps-dev): bump mqtt from 4.3.7 to 5.0.0 (#882) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e9ef8998..a2b6b3ac 100644 --- a/package.json +++ b/package.json @@ -105,7 +105,7 @@ "duplexify": "^4.1.2", "license-checker": "^25.0.1", "markdownlint-cli": "^0.33.0", - "mqtt": "^4.3.7", + "mqtt": "^5.0.0", "mqtt-connection": "^4.1.0", "pre-commit": "^1.2.2", "proxyquire": "^2.1.3", From 46af8e6c1bdd75c09751c97735ceffefa4921522 Mon Sep 17 00:00:00 2001 From: Daniel Lando Date: Wed, 26 Jul 2023 13:44:34 +0200 Subject: [PATCH 03/30] chore(deps): bump deps --- package.json | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/package.json b/package.json index a2b6b3ac..bd7805d3 100644 --- a/package.json +++ b/package.json @@ -97,24 +97,24 @@ "node": ">=14" }, "devDependencies": { - "@sinonjs/fake-timers": "^10.0.2", - "@types/node": "^18.14.2", - "@typescript-eslint/eslint-plugin": "^5.54.0", - "@typescript-eslint/parser": "^5.54.0", + "@sinonjs/fake-timers": "^10.3.0", + "@types/node": "^20.4.5", + "@typescript-eslint/eslint-plugin": "^6.2.0", + "@typescript-eslint/parser": "^6.2.0", "concat-stream": "^2.0.0", "duplexify": "^4.1.2", "license-checker": "^25.0.1", - "markdownlint-cli": "^0.33.0", + "markdownlint-cli": "^0.35.0", "mqtt": "^5.0.0", "mqtt-connection": "^4.1.0", "pre-commit": "^1.2.2", "proxyquire": "^2.1.3", - "release-it": "^15.6.1", + "release-it": "^16.1.3", "snazzy": "^9.0.0", - "standard": "^17.0.0", - "tap": "^16.3.4", - "tsd": "^0.28.0", - "typescript": "^5.0.2", + "standard": "^17.1.0", + "tap": "^16.3.7", + "tsd": "^0.28.1", + "typescript": "^5.1.6", "websocket-stream": "^5.5.2" }, "dependencies": { @@ -126,7 +126,7 @@ "fastseries": "^2.0.0", "hyperid": "^3.1.1", "mqemitter": "^5.0.0", - "mqtt-packet": "^8.1.2", + "mqtt-packet": "^8.2.0", "retimer": "^3.0.0", "reusify": "^1.0.4", "uuid": "^9.0.0" From ee1f63b55689ec6d77bee7d3cc792d3c901db03e Mon Sep 17 00:00:00 2001 From: Daniel Lando Date: Wed, 26 Jul 2023 13:49:16 +0200 Subject: [PATCH 04/30] chore!: drop node14 support BREAKING CHANGE: Min node version >= 16 --- .github/workflows/ci.yml | 3 ++- package.json | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a878830..e300e6ff 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,8 +32,9 @@ jobs: contents: read strategy: matrix: - node-version: [14, 16, '*'] + node-version: [16, 18, 20] os: [ubuntu-latest, windows-latest, macOS-latest] + fail-fast: false steps: - uses: actions/checkout@v3 with: diff --git a/package.json b/package.json index bd7805d3..9694dbac 100644 --- a/package.json +++ b/package.json @@ -94,7 +94,7 @@ }, "homepage": "https://github.com/moscajs/aedes#readme", "engines": { - "node": ">=14" + "node": ">=16" }, "devDependencies": { "@sinonjs/fake-timers": "^10.3.0", From c9bddd396ab5889917b40fded29e0d2d541c6d44 Mon Sep 17 00:00:00 2001 From: Daniel Lando Date: Wed, 26 Jul 2023 13:55:44 +0200 Subject: [PATCH 05/30] Release 0.50.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9694dbac..e2dcb36a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "aedes", - "version": "0.49.0", + "version": "0.50.0", "description": "Stream-based MQTT broker", "main": "aedes.js", "types": "aedes.d.ts", From bebf8af048fa191d4ed507c6e0a8179aa91689ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Oct 2023 10:44:03 +0000 Subject: [PATCH 06/30] chore(deps): bump actions/setup-node from 3 to 4 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e300e6ff..a6db3233 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,7 +41,7 @@ jobs: persist-credentials: false - name: Use Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} check-latest: true From 3180f2a52eabbbf846ab6d7f7d7bc880cc3148c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Nov 2023 10:28:32 +0000 Subject: [PATCH 07/30] chore(deps): bump mqtt-packet from 8.2.1 to 9.0.0 Bumps [mqtt-packet](https://github.com/mqttjs/mqtt-packet) from 8.2.1 to 9.0.0. - [Release notes](https://github.com/mqttjs/mqtt-packet/releases) - [Commits](https://github.com/mqttjs/mqtt-packet/compare/v8.2.1...v9.0.0) --- updated-dependencies: - dependency-name: mqtt-packet dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e2dcb36a..5a64b1fa 100644 --- a/package.json +++ b/package.json @@ -126,7 +126,7 @@ "fastseries": "^2.0.0", "hyperid": "^3.1.1", "mqemitter": "^5.0.0", - "mqtt-packet": "^8.2.0", + "mqtt-packet": "^9.0.0", "retimer": "^3.0.0", "reusify": "^1.0.4", "uuid": "^9.0.0" From 6662b371ce790bba7a81781473a922566fcac48a Mon Sep 17 00:00:00 2001 From: hjdhjd Date: Fri, 8 Dec 2023 09:49:51 -0600 Subject: [PATCH 08/30] fix(types): module exports for TypeScript for ES6 compliance. (#918) --- aedes.d.ts | 7 ++----- test/types/aedes.test-d.ts | 5 ++++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/aedes.d.ts b/aedes.d.ts index 3735efdf..fa54adf8 100644 --- a/aedes.d.ts +++ b/aedes.d.ts @@ -1,12 +1,9 @@ import Aedes, { AedesOptions } from './types/instance' -export declare function createBroker (options?: AedesOptions): Aedes +export declare function createBroker(options?: AedesOptions): Aedes export * from './types/instance' export * from './types/packet' export * from './types/client' -export default Aedes -declare module 'aedes' { - export = Aedes -} +export { default } from './types/instance' diff --git a/test/types/aedes.test-d.ts b/test/types/aedes.test-d.ts index 30e34168..744ee3da 100644 --- a/test/types/aedes.test-d.ts +++ b/test/types/aedes.test-d.ts @@ -6,10 +6,13 @@ import type { Client, Connection } from '../../aedes' -import Aedes, { createBroker } from '../../aedes' +import Aedes, { AedesOptions, createBroker } from '../../aedes' import type { AedesPublishPacket, ConnackPacket, ConnectPacket, PingreqPacket, PublishPacket, PubrelPacket, Subscription, SubscribePacket, UnsubscribePacket } from '../../types/packet' import { expectType } from 'tsd' +// Test for createBroker function +expectType<(options?: AedesOptions) => Aedes>(createBroker) + // Aedes server let broker = createBroker() expectType(broker) From 981d071e189309797c3227c9f105862cc23c2576 Mon Sep 17 00:00:00 2001 From: Daniel Lando Date: Mon, 11 Dec 2023 14:00:47 +0100 Subject: [PATCH 09/30] Release 0.50.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 5a64b1fa..50b19bc5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "aedes", - "version": "0.50.0", + "version": "0.50.1", "description": "Stream-based MQTT broker", "main": "aedes.js", "types": "aedes.d.ts", From f625f1b350318397f577e0ece0b38fbd95324f90 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Dec 2023 12:03:43 +0100 Subject: [PATCH 10/30] chore(deps): bump github/codeql-action from 2 to 3 (#922) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/sast.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index f618657f..1deda65d 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -22,8 +22,8 @@ jobs: with: persist-credentials: false - - uses: github/codeql-action/init@v2 + - uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} - - uses: github/codeql-action/analyze@v2 + - uses: github/codeql-action/analyze@v3 From e1ee60c1e429571218b31fb7d52cd518309812c1 Mon Sep 17 00:00:00 2001 From: Gianluca-Casagrande-Stiga <81612076+Gianluca-Casagrande-Stiga@users.noreply.github.com> Date: Fri, 12 Jan 2024 15:56:54 +0100 Subject: [PATCH 11/30] feat: add `opts.keepaliveLimit` (#930) --- aedes.js | 4 +++- docs/Aedes.md | 1 + lib/handlers/connect.js | 8 +++++++- test/connect.js | 34 ++++++++++++++++++++++++++++++++++ test/types/aedes.test-d.ts | 1 + types/instance.d.ts | 1 + 6 files changed, 47 insertions(+), 2 deletions(-) diff --git a/aedes.js b/aedes.js index c02d2898..fd4f9b72 100644 --- a/aedes.js +++ b/aedes.js @@ -29,7 +29,8 @@ const defaultOptions = { trustProxy: false, trustedProxies: [], queueLimit: 42, - maxClientsIdLength: 23 + maxClientsIdLength: 23, + keepaliveLimit: 0 } function Aedes (opts) { @@ -47,6 +48,7 @@ function Aedes (opts) { this.counter = 0 this.queueLimit = opts.queueLimit this.connectTimeout = opts.connectTimeout + this.keepaliveLimit = opts.keepaliveLimit this.maxClientsIdLength = opts.maxClientsIdLength this.mq = opts.mq || mqemitter({ concurrency: opts.concurrency, diff --git a/docs/Aedes.md b/docs/Aedes.md index 67f15e7c..46bc4dc0 100644 --- a/docs/Aedes.md +++ b/docs/Aedes.md @@ -42,6 +42,7 @@ - `heartbeatInterval` `` an interval in millisconds at which server beats its health signal in `$SYS//heartbeat` topic. __Default__: `60000` - `id` `` aedes broker unique identifier. __Default__: `uuidv4()` - `connectTimeout` `` maximum waiting time in milliseconds waiting for a [`CONNECT`][CONNECT] packet. __Default__: `30000` + - `keepaliveLimit` `` maximum client keep alive time allowed, 0 means no limit. __Default__: `0` - Returns `` Create a new Aedes server. diff --git a/lib/handlers/connect.js b/lib/handlers/connect.js index a4c32d05..6e27e6ad 100644 --- a/lib/handlers/connect.js +++ b/lib/handlers/connect.js @@ -36,7 +36,8 @@ const errorMessages = [ 'identifier rejected', 'Server unavailable', 'bad user name or password', - 'not authorized' + 'not authorized', + 'keep alive limit exceeded' ] function handleConnect (client, packet, done) { @@ -66,9 +67,14 @@ function init (client, packet, done) { if (packet.protocolVersion === 3 && clientId.length > client.broker.maxClientsIdLength) { returnCode = 2 } + // check if the client keepalive is compatible with broker settings + if (client.broker.keepaliveLimit && (!packet.keepalive || packet.keepalive > client.broker.keepaliveLimit)) { + returnCode = 6 + } if (returnCode > 0) { const error = new Error(errorMessages[returnCode]) error.errorCode = returnCode + console.error(error) doConnack( { client, returnCode, sessionPresent: false }, done.bind(this, error)) diff --git a/test/connect.js b/test/connect.js index d1607386..fb6de7f9 100644 --- a/test/connect.js +++ b/test/connect.js @@ -97,6 +97,40 @@ test('reject client requested for unsupported protocol version', function (t) { }) }) +test('reject clients that exceed the keepalive limit', function (t) { + t.plan(3) + + const broker = aedes({ + keepaliveLimit: 100 + }) + t.teardown(broker.close.bind(broker)) + + const s = setup(broker) + + s.inStream.write({ + cmd: 'connect', + keepalive: 150 + }) + s.outStream.on('data', function (packet) { + console.log(packet) + t.same(packet, { + cmd: 'connack', + returnCode: 6, + length: 2, + qos: 0, + retain: false, + dup: false, + topic: null, + payload: null, + sessionPresent: false + }, 'unsuccessful connack, keep alive limit exceeded') + }) + broker.on('connectionError', function (client, err) { + t.equal(err.message, 'keep alive limit exceeded') + t.equal(broker.connectedClients, 0) + }) +}) + // Guarded in mqtt-packet test('reject clients with no clientId running on MQTT 3.1.0', function (t) { t.plan(3) diff --git a/test/types/aedes.test-d.ts b/test/types/aedes.test-d.ts index 744ee3da..cc145919 100644 --- a/test/types/aedes.test-d.ts +++ b/test/types/aedes.test-d.ts @@ -23,6 +23,7 @@ broker = new Aedes({ heartbeatInterval: 60000, connectTimeout: 30000, maxClientsIdLength: 23, + keepaliveLimit: 0, preConnect: (client: Client, packet: ConnectPacket, callback) => { if (client.req) { callback(new Error('not websocket stream'), false) diff --git a/types/instance.d.ts b/types/instance.d.ts index f912a95e..22bd3aef 100644 --- a/types/instance.d.ts +++ b/types/instance.d.ts @@ -75,6 +75,7 @@ export interface AedesOptions { concurrency?: number; heartbeatInterval?: number; connectTimeout?: number; + keepaliveLimit?: number; queueLimit?: number; maxClientsIdLength?: number; preConnect?: PreConnectHandler; From f42882c9e20713b450249d60386334b8127c5060 Mon Sep 17 00:00:00 2001 From: Gianluca-Casagrande-Stiga <81612076+Gianluca-Casagrande-Stiga@users.noreply.github.com> Date: Fri, 12 Jan 2024 15:58:02 +0100 Subject: [PATCH 12/30] fix: delete already closed client on closeSameClients (#929) Co-authored-by: Daniel Lando --- aedes.js | 8 +++++++- test/events.js | 17 +++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/aedes.js b/aedes.js index fd4f9b72..956b7409 100644 --- a/aedes.js +++ b/aedes.js @@ -170,7 +170,13 @@ function Aedes (opts) { const clientId = packet.payload.toString() if (that.clients[clientId] && serverId !== that.id) { - that.clients[clientId].close(done) + if (that.clients[clientId].closed) { + // remove the client from the list if it is already closed + delete that.clients[clientId] + done() + } else { + that.clients[clientId].close(done) + } } else { done() } diff --git a/test/events.js b/test/events.js index 40191395..cd2137a1 100644 --- a/test/events.js +++ b/test/events.js @@ -221,3 +221,20 @@ test('Test backpressure aedes published function', function (t) { }) }) }) + +test('clear closed clients when the same clientId is managed by another broker', function (t) { + t.plan(1) + + const clientId = 'closed-client' + const broker = aedes() + + // simulate a closed client on the broker + broker.clients[clientId] = { closed: true } + + // simulate the creation of the same client on another broker of the cluster + broker.publish({ topic: '$SYS/anotherbroker/new/clients', payload: clientId }, () => { + t.equal(broker.clients[clientId], undefined) // check that the closed client was removed + }) + + t.teardown(broker.close.bind(broker)) +}) From f5e6d0e16a4a0edf607deb02e1bbb2de7c069d32 Mon Sep 17 00:00:00 2001 From: Daniel Lando Date: Fri, 12 Jan 2024 15:59:54 +0100 Subject: [PATCH 13/30] Release 0.51.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 50b19bc5..45ce8bc2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "aedes", - "version": "0.50.1", + "version": "0.51.0", "description": "Stream-based MQTT broker", "main": "aedes.js", "types": "aedes.d.ts", From c75240a4c76d0d148ba30b93f4718e5d442a37c4 Mon Sep 17 00:00:00 2001 From: gnought <1684105+gnought@users.noreply.github.com> Date: Thu, 15 Feb 2024 12:15:50 +0800 Subject: [PATCH 14/30] chore: update README.md --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 2a7b7d23..f4771cca 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,10 @@ - + # Aedes ![ci](https://github.com/moscajs/aedes/workflows/ci/badge.svg) -[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/) +[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://standardjs.com/) [![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/moscajs/aedes/graphs/commit-activity) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](https://github.com/moscajs/aedes/pulls)\ -[![Total alerts](https://img.shields.io/lgtm/alerts/g/moscajs/aedes.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/moscajs/aedes/alerts/) -[![Language grade: JavaScript](https://img.shields.io/lgtm/grade/javascript/g/moscajs/aedes.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/moscajs/aedes/context:javascript) [![Coverage Status](https://coveralls.io/repos/moscajs/aedes/badge.svg?branch=main&service=github)](https://coveralls.io/github/moscajs/aedes?branch=main) [![Known Vulnerabilities](https://snyk.io/test/github/moscajs/aedes/badge.svg)](https://snyk.io/test/github/moscajs/aedes)\ ![node](https://img.shields.io/node/v/aedes) @@ -283,7 +281,7 @@ Want to contribute? Check our list of ## Security notice -Messages sent to the broker are considered _valid_ once they pass the [`authorizePublish`](https://github.com/moscajs/aedes/blob/main/docs/Aedes.md#handler-authorizepublish-client-packet-callback) callback. +Messages sent to the broker are considered _valid_ once they pass the [`authorizePublish`](./docs/Aedes.md#handler-authorizepublish-client-packet-callback) callback. In other terms, if permissions for the given client are revoked after the call completes, the message is still considered valid. In case you are sending time-sensitive messages, make sure to use QoS 0 or connect with a clean session. From af96ae94c13017302e2669bd6a12113b37059fcf Mon Sep 17 00:00:00 2001 From: gnought <1684105+gnought@users.noreply.github.com> Date: Thu, 15 Feb 2024 12:56:51 +0800 Subject: [PATCH 15/30] chore(deps): bump deps --- package.json | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/package.json b/package.json index 45ce8bc2..b8e2de2f 100644 --- a/package.json +++ b/package.json @@ -97,24 +97,24 @@ "node": ">=16" }, "devDependencies": { - "@sinonjs/fake-timers": "^10.3.0", - "@types/node": "^20.4.5", - "@typescript-eslint/eslint-plugin": "^6.2.0", - "@typescript-eslint/parser": "^6.2.0", + "@sinonjs/fake-timers": "^11.2.2", + "@types/node": "^20.11.17", + "@typescript-eslint/eslint-plugin": "^7.0.1", + "@typescript-eslint/parser": "^7.0.1", "concat-stream": "^2.0.0", "duplexify": "^4.1.2", "license-checker": "^25.0.1", - "markdownlint-cli": "^0.35.0", - "mqtt": "^5.0.0", + "markdownlint-cli": "^0.39.0", + "mqtt": "^5.3.5", "mqtt-connection": "^4.1.0", "pre-commit": "^1.2.2", "proxyquire": "^2.1.3", - "release-it": "^16.1.3", + "release-it": "^17.0.5", "snazzy": "^9.0.0", "standard": "^17.1.0", - "tap": "^16.3.7", - "tsd": "^0.28.1", - "typescript": "^5.1.6", + "tap": "^16.3.10", + "tsd": "^0.30.4", + "typescript": "^5.3.3", "websocket-stream": "^5.5.2" }, "dependencies": { @@ -124,11 +124,11 @@ "fastfall": "^1.5.1", "fastparallel": "^2.4.1", "fastseries": "^2.0.0", - "hyperid": "^3.1.1", + "hyperid": "^3.2.0", "mqemitter": "^5.0.0", "mqtt-packet": "^9.0.0", - "retimer": "^3.0.0", + "retimer": "^4.0.0", "reusify": "^1.0.4", - "uuid": "^9.0.0" + "uuid": "^9.0.1" } } From dcf95f5d0a7a68cd14316d5d7c12978eac41c806 Mon Sep 17 00:00:00 2001 From: gnought <1684105+gnought@users.noreply.github.com> Date: Thu, 15 Feb 2024 12:57:42 +0800 Subject: [PATCH 16/30] chore: update allowed license, add funding --- package.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index b8e2de2f..166e7816 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "test:typescript": "tsd", "unit": "tap -J test/*.js", "unit:report": "tap -J test/*.js --cov --coverage-report=html --coverage-report=cobertura | tee out.tap", - "license-checker": "license-checker --production --onlyAllow=\"MIT;ISC;BSD-3-Clause;BSD-2-Clause\"", + "license-checker": "license-checker --production --onlyAllow=\"MIT;ISC;BSD-3-Clause;BSD-2-Clause;0BSD\"", "release": "read -p 'GITHUB_TOKEN: ' GITHUB_TOKEN && export GITHUB_TOKEN=$GITHUB_TOKEN && release-it --disable-metrics" }, "release-it": { @@ -89,6 +89,10 @@ } ], "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/aedes" + }, "bugs": { "url": "https://github.com/moscajs/aedes/issues" }, From f98105e5b7ca5aa58f955bb7256500aa4a3151a3 Mon Sep 17 00:00:00 2001 From: gnought <1684105+gnought@users.noreply.github.com> Date: Thu, 15 Feb 2024 12:59:09 +0800 Subject: [PATCH 17/30] chore: update workflows --- .github/dependabot.yml | 21 +++++++++++---------- .github/workflows/ci.yml | 22 +++++++++++----------- .github/workflows/{sast.yml => codeql.yml} | 16 +++++++++++----- .github/workflows/labeler.yml | 13 +++++++++---- 4 files changed, 42 insertions(+), 30 deletions(-) rename .github/workflows/{sast.yml => codeql.yml} (50%) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ae17f3da..e7e07693 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,12 +1,13 @@ version: 2 updates: -- package-ecosystem: github-actions - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 -- package-ecosystem: npm - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily + open-pull-requests-limit: 10 + + - package-ecosystem: npm + directory: / + schedule: + interval: daily + open-pull-requests-limit: 10 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a6db3233..2e864050 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -name: ci +name: CI on: push: @@ -10,33 +10,33 @@ on: - 'docs/**' - '*.md' +permissions: + contents: read + jobs: dependency-review: name: Dependency Review if: github.event_name == 'pull_request' runs-on: ubuntu-latest - permissions: - contents: read steps: - - name: Check out repo - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v4 with: persist-credentials: false - name: Dependency review - uses: actions/dependency-review-action@v2 + uses: actions/dependency-review-action@v4 test: runs-on: ${{ matrix.os }} - permissions: - contents: read strategy: matrix: node-version: [16, 18, 20] os: [ubuntu-latest, windows-latest, macOS-latest] fail-fast: false steps: - - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v4 with: persist-credentials: false @@ -45,6 +45,8 @@ jobs: with: node-version: ${{ matrix.node-version }} check-latest: true + cache: npm + cache-dependency-path: package.json - name: Install run: | @@ -68,8 +70,6 @@ jobs: coverage: needs: test runs-on: ubuntu-latest - permissions: - contents: read steps: - name: Coveralls Finished uses: coverallsapp/github-action@master diff --git a/.github/workflows/sast.yml b/.github/workflows/codeql.yml similarity index 50% rename from .github/workflows/sast.yml rename to .github/workflows/codeql.yml index 1deda65d..0170f08c 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/codeql.yml @@ -1,4 +1,4 @@ -name: sast +name: CodeQL on: push: @@ -11,19 +11,25 @@ jobs: name: Analyze runs-on: ubuntu-latest permissions: + actions: read contents: read security-events: write strategy: fail-fast: true matrix: - language: [ 'javascript' ] + language: [ 'javascript-typescript' ] steps: - - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v4 with: persist-credentials: false - - uses: github/codeql-action/init@v3 + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} - - uses: github/codeql-action/analyze@v3 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index d1b07822..21997102 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -1,10 +1,15 @@ -name: "Pull Request Labeler" +name: Pull Request Labeler + on: pull_request_target +permissions: + contents: read + pull-requests: write + jobs: label: runs-on: ubuntu-latest steps: - - uses: actions/labeler@main - with: - repo-token: "${{ secrets.GITHUB_TOKEN }}" + - uses: actions/labeler@v5 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" From bba422b7733d9946566647c7300c1b293e8cd8cf Mon Sep 17 00:00:00 2001 From: gnought <1684105+gnought@users.noreply.github.com> Date: Thu, 15 Feb 2024 13:40:34 +0800 Subject: [PATCH 18/30] chore: update SECURITY.md --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 5d316923..6000d731 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,4 +2,4 @@ ## Reporting a Vulnerability -Please email daniel.sorridi+aedes@gmail.com; matteo.collina+aedes@gmail.com +Please report all vulnerabilities to [https://github.com/moscajs/aedes/security](https://github.com/moscajs/aedes/security). From ac4f2e07739bbff3f31be47246a08fc02465b44e Mon Sep 17 00:00:00 2001 From: Simon Nilsson Date: Tue, 7 May 2024 11:44:25 +0200 Subject: [PATCH 19/30] fix: remove console.error (#951) (#952) --- lib/handlers/connect.js | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/handlers/connect.js b/lib/handlers/connect.js index 6e27e6ad..43011d23 100644 --- a/lib/handlers/connect.js +++ b/lib/handlers/connect.js @@ -74,7 +74,6 @@ function init (client, packet, done) { if (returnCode > 0) { const error = new Error(errorMessages[returnCode]) error.errorCode = returnCode - console.error(error) doConnack( { client, returnCode, sessionPresent: false }, done.bind(this, error)) From 10476194d940a2634dada8772b8b066c13cb779d Mon Sep 17 00:00:00 2001 From: Daniel Lando Date: Tue, 7 May 2024 11:46:53 +0200 Subject: [PATCH 20/30] Release 0.51.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 166e7816..3edd6120 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "aedes", - "version": "0.51.0", + "version": "0.51.1", "description": "Stream-based MQTT broker", "main": "aedes.js", "types": "aedes.d.ts", From 86e85f5b9f96698f5d2d6009bbae355b4ee09792 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 May 2024 15:02:09 +0200 Subject: [PATCH 21/30] chore(deps): bump mqemitter from 5.0.0 to 6.0.0 (#953) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 3edd6120..ba873f42 100644 --- a/package.json +++ b/package.json @@ -129,7 +129,7 @@ "fastparallel": "^2.4.1", "fastseries": "^2.0.0", "hyperid": "^3.2.0", - "mqemitter": "^5.0.0", + "mqemitter": "^6.0.0", "mqtt-packet": "^9.0.0", "retimer": "^4.0.0", "reusify": "^1.0.4", From c7abedaa56a7adb833ae0bfe008d9b3ec2083138 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 15:18:02 +0800 Subject: [PATCH 22/30] chore(deps-dev): bump markdownlint-cli from 0.39.0 to 0.40.0 (#950) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ba873f42..28fa3293 100644 --- a/package.json +++ b/package.json @@ -108,7 +108,7 @@ "concat-stream": "^2.0.0", "duplexify": "^4.1.2", "license-checker": "^25.0.1", - "markdownlint-cli": "^0.39.0", + "markdownlint-cli": "^0.40.0", "mqtt": "^5.3.5", "mqtt-connection": "^4.1.0", "pre-commit": "^1.2.2", From 27218eda2429da88f589c592cceb6436a346e442 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 May 2024 09:50:59 +0800 Subject: [PATCH 23/30] chore(deps-dev): bump markdownlint-cli from 0.40.0 to 0.41.0 (#956) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 28fa3293..d1e742ec 100644 --- a/package.json +++ b/package.json @@ -108,7 +108,7 @@ "concat-stream": "^2.0.0", "duplexify": "^4.1.2", "license-checker": "^25.0.1", - "markdownlint-cli": "^0.40.0", + "markdownlint-cli": "^0.41.0", "mqtt": "^5.3.5", "mqtt-connection": "^4.1.0", "pre-commit": "^1.2.2", From 1bbff52f9b3c7136f89030dc5f6f4aae88a510d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 May 2024 09:52:38 +0800 Subject: [PATCH 24/30] chore(deps-dev): bump tsd from 0.30.7 to 0.31.0 (#947) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d1e742ec..241913ec 100644 --- a/package.json +++ b/package.json @@ -117,7 +117,7 @@ "snazzy": "^9.0.0", "standard": "^17.1.0", "tap": "^16.3.10", - "tsd": "^0.30.4", + "tsd": "^0.31.0", "typescript": "^5.3.3", "websocket-stream": "^5.5.2" }, From a26b90b5715154a6d44052e91424562cb8b0dd07 Mon Sep 17 00:00:00 2001 From: Brandon Everett Date: Fri, 7 Jun 2024 02:22:12 -0400 Subject: [PATCH 25/30] fix: delete will from persistence on disconnect (#957) Co-authored-by: Daniel Lando --- lib/client.js | 7 +++++++ test/will.js | 23 +++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/lib/client.js b/lib/client.js index 414d8e5f..e5ee42d0 100644 --- a/lib/client.js +++ b/lib/client.js @@ -313,7 +313,14 @@ Client.prototype.close = function (done) { }, noop) } }) + } else if (will) { + // delete the persisted will even on clean disconnect https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc385349232 + that.broker.persistence.delWill({ + id: that.id, + brokerId: that.broker.id + }, noop) } + that.will = null // this function might be called twice that._will = null diff --git a/test/will.js b/test/will.js index d2893d28..368544f6 100644 --- a/test/will.js +++ b/test/will.js @@ -420,6 +420,29 @@ test('does not deliver will when client sends a DISCONNECT', function (t) { }) }) +test('deletes from persistence on DISCONNECT', function (t) { + t.plan(2) + + const opts = { + clientId: 'abcde' + } + const broker = aedes() + t.teardown(broker.close.bind(broker)) + + const s = noError(willConnect(setup(broker), opts, function () { + s.inStream.end({ + cmd: 'disconnect' + }) + }), t) + + s.broker.persistence.getWill({ + id: opts.clientId + }, function (err, packet) { + t.error(err, 'no error') + t.notOk(packet) + }) +}) + test('does not store multiple will with same clientid', function (t) { t.plan(4) From 213d123f7dfcccd2e7954d228ce2ee692c06685e Mon Sep 17 00:00:00 2001 From: Daniel Lando Date: Fri, 7 Jun 2024 08:33:49 +0200 Subject: [PATCH 26/30] Release 0.51.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 241913ec..6e35149f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "aedes", - "version": "0.51.1", + "version": "0.51.2", "description": "Stream-based MQTT broker", "main": "aedes.js", "types": "aedes.d.ts", From 1a191b0dfdfbf17b99120cd1a438de0deb019a88 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 14:02:36 +0200 Subject: [PATCH 27/30] chore(deps): bump uuid from 9.0.1 to 10.0.0 (#958) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 6e35149f..b7487a46 100644 --- a/package.json +++ b/package.json @@ -133,6 +133,6 @@ "mqtt-packet": "^9.0.0", "retimer": "^4.0.0", "reusify": "^1.0.4", - "uuid": "^9.0.1" + "uuid": "^10.0.0" } } From 9b9d52445062a5069f80277f873d2aa6c44f0f2e Mon Sep 17 00:00:00 2001 From: Uladzimir Date: Wed, 28 Aug 2024 08:41:35 +0200 Subject: [PATCH 28/30] fix: memory leak in connected clients counter (#979) Co-authored-by: Uladzimir Danko --- aedes.js | 10 +++++++--- lib/handlers/subscribe.js | 7 +++++++ test/events.js | 14 ++++++++------ 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/aedes.js b/aedes.js index 956b7409..283351b2 100644 --- a/aedes.js +++ b/aedes.js @@ -172,7 +172,7 @@ function Aedes (opts) { if (that.clients[clientId] && serverId !== that.id) { if (that.clients[clientId].closed) { // remove the client from the list if it is already closed - delete that.clients[clientId] + that.deleteClient(clientId) done() } else { that.clients[clientId].close(done) @@ -316,8 +316,7 @@ Aedes.prototype._finishRegisterClient = function (client) { } Aedes.prototype.unregisterClient = function (client) { - this.connectedClients-- - delete this.clients[client.id] + this.deleteClient(client.id) this.emit('clientDisconnect', client) this.publish({ topic: $SYS_PREFIX + this.id + '/disconnect/clients', @@ -325,6 +324,11 @@ Aedes.prototype.unregisterClient = function (client) { }, noop) } +Aedes.prototype.deleteClient = function (clientId) { + this.connectedClients-- + delete this.clients[clientId] +} + function closeClient (client, cb) { this.clients[client].close(cb) } diff --git a/lib/handlers/subscribe.js b/lib/handlers/subscribe.js index 24704274..2ae0a467 100644 --- a/lib/handlers/subscribe.js +++ b/lib/handlers/subscribe.js @@ -155,6 +155,13 @@ function addSubs (sub, done) { func = blockDollarSignTopics(func) } + if (client.closed || client.broker.closed) { + // a hack, sometimes client.close() or broker.close() happened + // before authenticate() comes back + // we don't continue subscription here + return + } + if (!client.subscriptions[topic]) { client.subscriptions[topic] = new Subscription(qos, func, rh, rap, nl) broker.subscribe(topic, func, done) diff --git a/test/events.js b/test/events.js index cd2137a1..76ee9ad1 100644 --- a/test/events.js +++ b/test/events.js @@ -223,18 +223,20 @@ test('Test backpressure aedes published function', function (t) { }) test('clear closed clients when the same clientId is managed by another broker', function (t) { - t.plan(1) + t.plan(2) const clientId = 'closed-client' - const broker = aedes() + const aedesBroker = aedes() // simulate a closed client on the broker - broker.clients[clientId] = { closed: true } + aedesBroker.clients[clientId] = { closed: true, broker: aedesBroker } + aedesBroker.connectedClients = 1 // simulate the creation of the same client on another broker of the cluster - broker.publish({ topic: '$SYS/anotherbroker/new/clients', payload: clientId }, () => { - t.equal(broker.clients[clientId], undefined) // check that the closed client was removed + aedesBroker.publish({ topic: '$SYS/anotherbroker/new/clients', payload: clientId }, () => { + t.equal(aedesBroker.clients[clientId], undefined) // check that the closed client was removed + t.equal(aedesBroker.connectedClients, 0) }) - t.teardown(broker.close.bind(broker)) + t.teardown(aedesBroker.close.bind(aedesBroker)) }) From d0c441404a76f8602fb72f22aad2dd953ec4ca3d Mon Sep 17 00:00:00 2001 From: Daniel Lando Date: Wed, 28 Aug 2024 08:46:55 +0200 Subject: [PATCH 29/30] Release 0.51.3 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index b7487a46..74520c82 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "aedes", - "version": "0.51.2", + "version": "0.51.3", "description": "Stream-based MQTT broker", "main": "aedes.js", "types": "aedes.d.ts", From a63e38703d110a998f5c613de86d21de22aaadc2 Mon Sep 17 00:00:00 2001 From: rajathongal-intangles Date: Wed, 11 Mar 2026 12:08:42 +0530 Subject: [PATCH 30/30] feat: upgrade aedes dependencies to 0.50.0 Upgrade mqtt-packet ^8, mqemitter ^5, aedes-persistence ^9, aedes-packet ^3, uuid ^9, hyperid ^3.1. Remove bulk-write-stream. Node engine bumped to >=16. Enables aedes-otel-instrumentation compatibility (requires mqtt-packet >=8). --- aedes.d.ts | 4 ++++ package.json | 39 +++++++++++++++++++-------------------- 2 files changed, 23 insertions(+), 20 deletions(-) diff --git a/aedes.d.ts b/aedes.d.ts index 1574faf1..3735efdf 100644 --- a/aedes.d.ts +++ b/aedes.d.ts @@ -6,3 +6,7 @@ export * from './types/instance' export * from './types/packet' export * from './types/client' export default Aedes + +declare module 'aedes' { + export = Aedes +} diff --git a/package.json b/package.json index 9799d4f4..919a6dc7 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "aedes", - "version": "0.49.0", + "version": "0.50.0", "description": "Stream-based MQTT broker", "main": "aedes.js", "types": "aedes.d.ts", @@ -94,43 +94,42 @@ }, "homepage": "https://github.com/moscajs/aedes#readme", "engines": { - "node": ">=14" + "node": ">=16" }, "devDependencies": { - "@sinonjs/fake-timers": "^10.0.2", - "@types/node": "^18.14.2", - "@typescript-eslint/eslint-plugin": "^5.54.0", - "@typescript-eslint/parser": "^5.54.0", + "@sinonjs/fake-timers": "^10.3.0", + "@types/node": "^20.4.5", + "@typescript-eslint/eslint-plugin": "^6.2.0", + "@typescript-eslint/parser": "^6.2.0", "concat-stream": "^2.0.0", "duplexify": "^4.1.2", "license-checker": "^25.0.1", - "markdownlint-cli": "^0.33.0", - "mqtt": "^4.3.7", + "markdownlint-cli": "^0.35.0", + "mqtt": "^5.0.0", "mqtt-connection": "^4.1.0", "pre-commit": "^1.2.2", "proxyquire": "^2.1.3", - "release-it": "^15.6.1", + "release-it": "^16.1.3", "snazzy": "^9.0.0", - "standard": "^17.0.0", - "tap": "^16.3.4", - "tsd": "^0.28.0", - "typescript": "^5.0.2", + "standard": "^17.1.0", + "tap": "^16.3.7", + "tsd": "^0.28.1", + "typescript": "^5.1.6", "websocket-stream": "^5.5.2" }, "dependencies": { - "aedes-packet": "^2.3.1", - "aedes-persistence": "8.1.3", - "bulk-write-stream": "^2.0.1", + "aedes-packet": "^3.0.0", + "aedes-persistence": "^9.1.2", "end-of-stream": "^1.4.4", "fastfall": "^1.5.1", "fastparallel": "^2.4.1", "fastseries": "^2.0.0", - "hyperid": "^3.0.0", - "mqemitter": "^4.5.0", - "mqtt-packet": "^7.1.2", + "hyperid": "^3.1.1", + "mqemitter": "^5.0.0", + "mqtt-packet": "^8.2.0", "readable-stream": "^3.6.0", "retimer": "^3.0.0", "reusify": "^1.0.4", - "uuid": "^8.3.2" + "uuid": "^9.0.0" } }