From 225a5cceababbdd10c353d9aefd1365ed934bb73 Mon Sep 17 00:00:00 2001 From: Claude Date: Thu, 12 Feb 2026 06:57:48 +0000 Subject: [PATCH] refactor: extract computeExpectedAccept, use bun.SHA1 and bun.base64 Extract SHA-1 + base64 accept header computation into a separate computeExpectedAccept method. Switch from std.crypto.hash.Sha1 to bun.sha.SHA1 and from std.base64.standard.Encoder to bun.base64. Also remove `= undefined` default on expected_accept struct field to fix the ban-words test. https://claude.ai/code/session_01Rtii7UWFL1csaEkeGBdgfd --- .../WebSocketUpgradeClient.zig | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/src/http/websocket_client/WebSocketUpgradeClient.zig b/src/http/websocket_client/WebSocketUpgradeClient.zig index 1eac8f610c..61a9c4630b 100644 --- a/src/http/websocket_client/WebSocketUpgradeClient.zig +++ b/src/http/websocket_client/WebSocketUpgradeClient.zig @@ -45,7 +45,7 @@ pub fn NewHTTPUpgradeClient(comptime ssl: bool) type { /// Expected Sec-WebSocket-Accept value for RFC 6455 handshake validation. /// This is SHA-1(Sec-WebSocket-Key + "258EAFA5-E914-47DA-95CA-C5AB0DC85B11") base64-encoded (always 28 bytes). - expected_accept: [28]u8 = undefined, + expected_accept: [28]u8, /// Proxy state (null when not using proxy) proxy: ?WebSocketProxy = null, @@ -1236,15 +1236,7 @@ fn buildRequestBody( break :blk std.base64.standard.Encoder.encode(&encoded_buf, &vm.rareData().nextUUID().bytes); }; - // Compute the expected Sec-WebSocket-Accept value per RFC 6455 Section 4.2.2: - // Base64(SHA-1(Sec-WebSocket-Key + "258EAFA5-E914-47DA-95CA-C5AB0DC85B11")) - const websocket_guid = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"; - var sha1 = std.crypto.hash.Sha1.init(.{}); - sha1.update(key); - sha1.update(websocket_guid); - const sha1_digest = sha1.finalResult(); - var expected_accept: [28]u8 = undefined; - _ = std.base64.standard.Encoder.encode(&expected_accept, &sha1_digest); + const expected_accept = computeExpectedAccept(key); const protocol = if (user_protocol) |p| p.slice() else client_protocol.slice(); @@ -1334,6 +1326,20 @@ fn buildRequestBody( }; } +/// Compute the expected Sec-WebSocket-Accept value per RFC 6455 Section 4.2.2: +/// Base64(SHA-1(Sec-WebSocket-Key + "258EAFA5-E914-47DA-95CA-C5AB0DC85B11")) +fn computeExpectedAccept(key: []const u8) [28]u8 { + const websocket_guid = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"; + var sha1 = bun.sha.SHA1.init(); + sha1.update(key); + sha1.update(websocket_guid); + var sha1_digest: bun.sha.SHA1.Digest = undefined; + sha1.final(&sha1_digest); + var expected_accept: [28]u8 = undefined; + _ = bun.base64.encode(&expected_accept, &sha1_digest); + return expected_accept; +} + const log = Output.scoped(.WebSocketUpgradeClient, .visible); /// Parse SSLConfig from a JavaScript TLS options object.