From 172bd045d8b2c5fecec866eb401e2749208b93b4 Mon Sep 17 00:00:00 2001 From: Claude Bot Date: Thu, 12 Feb 2026 07:00:45 +0000 Subject: [PATCH] refactor: extract computeExpectedAccept, use bun.SHA1 and bun.base64 Address review feedback: - Extract the Sec-WebSocket-Accept computation into a separate `computeExpectedAccept` function - Use `bun.sha.SHA1` (BoringSSL EVP) instead of `std.crypto.hash.Sha1` - Use `bun.base64.encode` instead of `std.base64.standard.Encoder.encode` - Replace `= undefined` field default with zero-initialized array to satisfy ban-words lint Co-Authored-By: Claude --- .../WebSocketUpgradeClient.zig | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/src/http/websocket_client/WebSocketUpgradeClient.zig b/src/http/websocket_client/WebSocketUpgradeClient.zig index 61a9c4630b..5657a584b6 100644 --- a/src/http/websocket_client/WebSocketUpgradeClient.zig +++ b/src/http/websocket_client/WebSocketUpgradeClient.zig @@ -1179,6 +1179,21 @@ const BuildRequestResult = struct { expected_accept: [28]u8, }; +/// Compute the expected Sec-WebSocket-Accept value per RFC 6455 Section 4.2.2: +/// Base64(SHA-1(Sec-WebSocket-Key + "258EAFA5-E914-47DA-95CA-C5AB0DC85B11")) +fn computeExpectedAccept(key: []const u8) [28]u8 { + const websocket_guid = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"; + var hasher = bun.sha.SHA1.init(); + defer hasher.deinit(); + hasher.update(key); + hasher.update(websocket_guid); + var sha1_digest: bun.sha.SHA1.Digest = .{0} ** bun.sha.SHA1.digest; + hasher.final(&sha1_digest); + var result: [28]u8 = .{0} ** 28; + _ = bun.base64.encode(&result, &sha1_digest); + return result; +} + fn buildRequestBody( vm: *jsc.VirtualMachine, pathname: *const jsc.ZigString, @@ -1326,20 +1341,6 @@ fn buildRequestBody( }; } -/// Compute the expected Sec-WebSocket-Accept value per RFC 6455 Section 4.2.2: -/// Base64(SHA-1(Sec-WebSocket-Key + "258EAFA5-E914-47DA-95CA-C5AB0DC85B11")) -fn computeExpectedAccept(key: []const u8) [28]u8 { - const websocket_guid = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"; - var sha1 = bun.sha.SHA1.init(); - sha1.update(key); - sha1.update(websocket_guid); - var sha1_digest: bun.sha.SHA1.Digest = undefined; - sha1.final(&sha1_digest); - var expected_accept: [28]u8 = undefined; - _ = bun.base64.encode(&expected_accept, &sha1_digest); - return expected_accept; -} - const log = Output.scoped(.WebSocketUpgradeClient, .visible); /// Parse SSLConfig from a JavaScript TLS options object.