Ws should not open the connection if it fails to validate during the handshake

hello,I have a question. Can you help me solve it?
Is opening a ws connection without validation a bit of a drain on server resources?


    async def _websocket_handler(
        self, handler, request, *args, subprotocols=None, **kwargs
        if self.asgi:
            ws = request.transport.get_websocket_connection()
            await ws.accept(subprotocols)
            protocol = request.transport.get_protocol()
            ws = await protocol.websocket_handshake(request, subprotocols)

        # schedule the application handler
        # its future is kept in self.websocket_tasks in case it
        # needs to be cancelled due to the server being stopped
        fut = ensure_future(handler(request, ws, *args, **kwargs))
        cancelled = False
            await fut
        except (CancelledError, ConnectionClosed):
            cancelled = True
        except Exception as e:
            self.error_handler.log(request, e)
            if cancelled:
                await ws.close()

There’s not enough here to answer your question. How is this function called? Is it set up as a route?

Yes, this is the ws routing interface, and ws objects are opened without handshake validation :‘ws = await protocol. websocket_handshake(request, subprotocols)’, Go directly to the handler ‘handler(request, ws, *args, **kwargs)’. Does this process consume server resources? Is it better for ws to return None rather than frequent opening or closing if validation fails on the handshake?

There’s still not enough information here to answer your question.

If the route never gets called, it won’t consume any resources more than loading the route path into memory when sanic starts, however starting any script, application, or program will consume resources, so it’s still unclear as to what you’re asking.

I mean, the route is called, and ws is opened without authentication. When I verify at the interface layer, ws has been opened. When the user requests a connection to call the route, if the authentication fails during handshake, can’t we directly reject the connection? Why should I open ws every time? What if there is a malicious connection?

Sanic’s websocket support is wrapped around websockets - if what is needed is supported there, there should be a way to capture it and handle it the way that is desired - however if I recall correctly, the upgrade request is a black box.

It sounds like you need more control than that and you will likely need to write a custom websocket implementation.

Correct, the upgrade and handshake all happen under the hood.

  1. You might need to subclass the websocket protocol if you want to handle that
  2. Alternatively, the next release is likely going to contain some more built-in signals around websocket events. This sounds like the perfect use case for that.