├── conf ├── messages ├── routes ├── application.conf └── logback.xml ├── project ├── build.properties └── plugins.sbt ├── README.md ├── public ├── images │ └── favicon.png ├── stylesheets │ └── main.css └── javascripts │ ├── app.js │ └── modernizr-3.5.0.js ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── .gitignore ├── scripts ├── test-sbt └── test-gradle ├── NOTICE ├── app ├── controllers │ ├── InputSanitizer.scala │ ├── RequestMarkerContext.scala │ └── HomeController.scala ├── filters │ └── ContentSecurityPolicyFilter.scala └── views │ └── index.scala.html ├── .mergify.yml ├── .travis.yml ├── test └── controllers │ ├── WebSocketClient.java │ └── HomeControllerSpec.scala ├── gradlew.bat ├── .github └── settings.yml ├── gradlew └── LICENSE /conf/messages: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /project/build.properties: -------------------------------------------------------------------------------- 1 | sbt.version=1.2.8 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | MOVED TO https://github.com/playframework/play-samples 2 | -------------------------------------------------------------------------------- /project/plugins.sbt: -------------------------------------------------------------------------------- 1 | addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.7.0") 2 | -------------------------------------------------------------------------------- /public/images/favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/playframework/play-scala-chatroom-example/2.7.x/public/images/favicon.png -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/playframework/play-scala-chatroom-example/2.7.x/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | build 2 | logs 3 | target 4 | /.idea 5 | /.idea_modules 6 | /.classpath 7 | /.gradle 8 | /.project 9 | /.settings 10 | /RUNNING_PID 11 | -------------------------------------------------------------------------------- /scripts/test-sbt: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | echo "+----------------------------+" 4 | echo "| Executing tests using sbt |" 5 | echo "+----------------------------+" 6 | sbt ++$TRAVIS_SCALA_VERSION test 7 | -------------------------------------------------------------------------------- /public/stylesheets/main.css: -------------------------------------------------------------------------------- 1 | html, body { 2 | height: 100%; 3 | } 4 | 5 | .wrap { 6 | min-height: 100%; 7 | height: 100%; 8 | margin: 0 auto -60px; 9 | } 10 | 11 | .footer { 12 | height: 60px; 13 | } -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https\://services.gradle.org/distributions/gradle-4.9-bin.zip 2 | distributionBase=GRADLE_USER_HOME 3 | distributionPath=wrapper/dists 4 | zipStorePath=wrapper/dists 5 | zipStoreBase=GRADLE_USER_HOME 6 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Written by Lightbend 2 | 3 | To the extent possible under law, the author(s) have dedicated all copyright and 4 | related and neighboring rights to this software to the public domain worldwide. 5 | This software is distributed without any warranty. 6 | 7 | You should have received a copy of the CC0 Public Domain Dedication along with 8 | this software. If not, see . 9 | -------------------------------------------------------------------------------- /scripts/test-gradle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Using cut because TRAVIS_SCALA_VERSION is the full Scala 4 | # version (for example 2.12.4), but Gradle expects just the 5 | # binary version (for example 2.12) 6 | scala_binary_version=$(echo $TRAVIS_SCALA_VERSION | cut -c1-4) 7 | 8 | echo "+------------------------------+" 9 | echo "| Executing tests using Gradle |" 10 | echo "+------------------------------+" 11 | ./gradlew -Dscala.binary.version=$scala_binary_version check -i --stacktrace 12 | -------------------------------------------------------------------------------- /conf/routes: -------------------------------------------------------------------------------- 1 | # Routes 2 | # This file defines all application routes (Higher priority routes first) 3 | # ~~~~ 4 | 5 | # An example controller showing a sample home page 6 | GET / controllers.HomeController.index 7 | GET /chat controllers.HomeController.chat 8 | 9 | # Map static resources from the /public folder to the /assets URL path 10 | GET /assets/*file controllers.Assets.at(path="/public", file) 11 | 12 | -> /webjars webjars.Routes 13 | -------------------------------------------------------------------------------- /app/controllers/InputSanitizer.scala: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import org.jsoup.Jsoup 4 | import org.jsoup.safety.Whitelist 5 | import play.api.inject._ 6 | 7 | /** 8 | * To provide sanitization for chat messages. 9 | */ 10 | trait InputSanitizer { 11 | def sanitize(input: String): String 12 | } 13 | 14 | class JSoupInputSanitizer extends InputSanitizer { 15 | override def sanitize(input: String): String = { 16 | Jsoup.clean(input, Whitelist.basic()) 17 | } 18 | } 19 | 20 | class InputSanitizerModule extends SimpleModule( 21 | bind[InputSanitizer].to[JSoupInputSanitizer] 22 | ) 23 | -------------------------------------------------------------------------------- /app/controllers/RequestMarkerContext.scala: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import play.api.MarkerContext 4 | import play.api.mvc._ 5 | 6 | import scala.language.implicitConversions 7 | 8 | /** 9 | * Provide host and path logging on the request, available in application.json 10 | */ 11 | trait RequestMarkerContext { 12 | 13 | implicit def requestHeaderToMarkerContext(implicit request: RequestHeader): MarkerContext = { 14 | import net.logstash.logback.marker.LogstashMarker 15 | import net.logstash.logback.marker.Markers._ 16 | 17 | val requestMarkers: LogstashMarker = append("host", request.host) 18 | .and(append("path", request.path)) 19 | 20 | MarkerContext(requestMarkers) 21 | } 22 | 23 | } -------------------------------------------------------------------------------- /conf/application.conf: -------------------------------------------------------------------------------- 1 | // Enable richer akka logging 2 | akka { 3 | loggers = ["akka.event.slf4j.Slf4jLogger"] 4 | loglevel = "DEBUG" 5 | logging-filter = "akka.event.slf4j.Slf4jLoggingFilter" 6 | } 7 | 8 | // https://www.playframework.com/documentation/2.6.x/SecurityHeaders 9 | // Disable the out of the box content security policy in SecurityHeadersFilter 10 | play.filters.headers.contentSecurityPolicy = null 11 | 12 | // https://www.playframework.com/documentation/2.6.x/AllowedHostsFilter 13 | play.filters.hosts.allowed = ["localhost:9000", "localhost:19001"] 14 | 15 | // Add CSP header in explicitly in a custom filter. 16 | play.filters.enabled += filters.ContentSecurityPolicyFilter 17 | 18 | play.modules.enabled += controllers.InputSanitizerModule 19 | -------------------------------------------------------------------------------- /app/filters/ContentSecurityPolicyFilter.scala: -------------------------------------------------------------------------------- 1 | package filters 2 | 3 | import javax.inject.Inject 4 | 5 | import controllers.routes 6 | import play.api.mvc.{EssentialAction, EssentialFilter, RequestHeader} 7 | 8 | import scala.concurrent.ExecutionContext 9 | 10 | /** 11 | * Set up a more flexible content security policy that points to self and the given 12 | * websocket URL. 13 | */ 14 | class ContentSecurityPolicyFilter @Inject()(implicit ec: ExecutionContext) extends EssentialFilter { 15 | 16 | override def apply(next: EssentialAction): EssentialAction = EssentialAction { request: RequestHeader => 17 | val webSocketUrl = routes.HomeController.chat().webSocketURL()(request) 18 | next(request).map { result => 19 | result.withHeaders("Content-Security-Policy" -> s"connect-src 'self' $webSocketUrl") 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /.mergify.yml: -------------------------------------------------------------------------------- 1 | pull_request_rules: 2 | - name: Merge PRs that are ready 3 | conditions: 4 | - status-success=Travis CI - Pull Request 5 | - status-success=typesafe-cla-validator 6 | - "#approved-reviews-by>=1" 7 | - "#review-requested=0" 8 | - "#changes-requested-reviews-by=0" 9 | - label!=status:block-merge 10 | actions: 11 | merge: 12 | method: squash 13 | strict: smart 14 | 15 | - name: Merge TemplateControl's PRs that are ready 16 | conditions: 17 | - status-success=Travis CI - Pull Request 18 | - "#review-requested=0" 19 | - "#changes-requested-reviews-by=0" 20 | - label!=status:block-merge 21 | - label=status:merge-when-green 22 | - label!=status:block-merge 23 | actions: 24 | merge: 25 | method: squash 26 | strict: smart 27 | 28 | - name: Delete the PR branch after merge 29 | conditions: 30 | - merged 31 | actions: 32 | delete_head_branch: {} 33 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: scala 2 | scala: 2.12.8 3 | script: $SCRIPT 4 | 5 | env: 6 | matrix: 7 | - SCRIPT=scripts/test-sbt TRAVIS_JDK=adopt@1.8.202-08 8 | - SCRIPT=scripts/test-sbt TRAVIS_JDK=adopt@1.11.0-2 9 | - SCRIPT=scripts/test-gradle TRAVIS_JDK=adopt@1.8.202-08 10 | - SCRIPT=scripts/test-gradle TRAVIS_JDK=adopt@1.11.0-2 11 | 12 | matrix: 13 | fast_finish: true 14 | allow_failures: 15 | - env: SCRIPT=scripts/test-gradle TRAVIS_JDK=adopt@1.8.202-08 # current gradle doesn't support play 2.7 16 | - env: SCRIPT=scripts/test-gradle TRAVIS_JDK=adopt@1.11.0-2 # current gradle doesn't support play 2.7 17 | - env: SCRIPT=scripts/test-sbt TRAVIS_JDK=adopt@1.11.0-2 # not fully supported but allows problem discovery 18 | 19 | before_install: curl -Ls https://git.io/jabba | bash && . ~/.jabba/jabba.sh 20 | install: jabba install "$TRAVIS_JDK" && jabba use "$_" && java -Xmx32m -version 21 | 22 | cache: 23 | directories: 24 | - "$HOME/.gradle/caches" 25 | - "$HOME/.ivy2/cache" 26 | - "$HOME/.jabba/jdk" 27 | - "$HOME/.sbt" 28 | 29 | before_cache: 30 | - find $HOME/.ivy2 -name "ivydata-*.properties" -delete 31 | - find $HOME/.sbt -name "*.lock" -delete 32 | -------------------------------------------------------------------------------- /public/javascripts/app.js: -------------------------------------------------------------------------------- 1 | $( document ).ready(function() { 2 | if ("WebSocket" in window) { 3 | console.log("WebSocket is supported by your Browser!"); 4 | } else { 5 | console.log("WebSocket NOT supported by your Browser!"); 6 | return; 7 | } 8 | var getScriptParamUrl = function() { 9 | var scripts = document.getElementsByTagName('script'); 10 | var lastScript = scripts[scripts.length-1]; 11 | return lastScript.getAttribute('data-url'); 12 | }; 13 | 14 | var send = function() { 15 | var text = $message.val(); 16 | $message.val(""); 17 | connection.send(text); 18 | }; 19 | 20 | var $messages = $("#messages"), $send = $("#send"), $message = $("#message"); 21 | 22 | var url = getScriptParamUrl(); 23 | var connection = new WebSocket(url); 24 | 25 | $send.prop("disabled", true); 26 | 27 | connection.onopen = function() { 28 | $send.prop("disabled", false); 29 | $messages 30 | .prepend($("
  • Connected
    • ")); 31 | $send.on('click', send); 32 | $message.keypress(function(event) { 33 | var keycode = (event.keyCode ? event.keyCode : event.which); 34 | if (keycode == '13') { 35 | send(); 36 | } 37 | }); 38 | }; 39 | connection.onerror = function(error) { 40 | console.log('WebSocket Error ', error); 41 | }; 42 | connection.onmessage = function(event) { 43 | $messages.append($("
  • " + event.data + "
    • ")) 44 | } 45 | 46 | console.log( "chat app is running!" ); 47 | }); -------------------------------------------------------------------------------- /public/javascripts/modernizr-3.5.0.js: -------------------------------------------------------------------------------- 1 | /*! modernizr 3.5.0 (Custom Build) | MIT * 2 | * https://modernizr.com/download/?-websockets-setclasses !*/ 3 | !function(e,n,s){function o(e,n){return typeof e===n}function a(){var e,n,s,a,t,l,c;for(var r in f)if(f.hasOwnProperty(r)){if(e=[],n=f[r],n.name&&(e.push(n.name.toLowerCase()),n.options&&n.options.aliases&&n.options.aliases.length))for(s=0;s 2 | 3 | 4 | 5 | 6 | 7 | ${application.home:-.}/logs/application.log 8 | 9 | %date [%level] from %logger in %thread - %message%n%xException 10 | 11 | 12 | 13 | 14 | ${application.home:-.}/logs/application.json 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | %coloredLevel %logger{15} - %message%n%xException{10} 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /test/controllers/WebSocketClient.java: -------------------------------------------------------------------------------- 1 | package controllers; 2 | 3 | import play.shaded.ahc.org.asynchttpclient.AsyncHttpClient; 4 | import play.shaded.ahc.org.asynchttpclient.BoundRequestBuilder; 5 | import play.shaded.ahc.org.asynchttpclient.ListenableFuture; 6 | import play.shaded.ahc.org.asynchttpclient.netty.ws.NettyWebSocket; 7 | import play.shaded.ahc.org.asynchttpclient.ws.WebSocket; 8 | import play.shaded.ahc.org.asynchttpclient.ws.WebSocketListener; 9 | import play.shaded.ahc.org.asynchttpclient.ws.WebSocketUpgradeHandler; 10 | 11 | import java.util.concurrent.CompletableFuture; 12 | 13 | public class WebSocketClient { 14 | 15 | private AsyncHttpClient client; 16 | 17 | public WebSocketClient(AsyncHttpClient c) { 18 | this.client = c; 19 | } 20 | 21 | public CompletableFuture call(String url, String origin, WebSocketListener listener) { 22 | final BoundRequestBuilder requestBuilder = client.prepareGet(url).addHeader("Origin", origin); 23 | 24 | final WebSocketUpgradeHandler handler = new WebSocketUpgradeHandler.Builder().addWebSocketListener(listener).build(); 25 | ListenableFuture future = requestBuilder.execute(handler); 26 | return future.toCompletableFuture(); 27 | } 28 | 29 | static class LoggingListener implements WebSocketListener { 30 | 31 | private Throwable throwableFound = null; 32 | 33 | public Throwable getThrowable() { 34 | return throwableFound; 35 | } 36 | 37 | @Override 38 | public void onOpen(WebSocket websocket) { 39 | // do nothing 40 | } 41 | 42 | @Override 43 | public void onClose(WebSocket webSocket, int i, String s) { 44 | // do nothing 45 | } 46 | 47 | public void onError(Throwable t) { 48 | //logger.error("onError: ", t); 49 | throwableFound = t; 50 | } 51 | } 52 | 53 | } -------------------------------------------------------------------------------- /app/views/index.scala.html: -------------------------------------------------------------------------------- 1 | @(webSocketUrl: String)(implicit webJarsUtil: org.webjars.play.WebJarsUtil) 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | @webJarsUtil.locate("bootstrap.min.css").css() 10 | @webJarsUtil.locate("bootstrap-theme.min.css").css() 11 | 12 | 13 | 14 | Chat Room 15 | 16 | 17 | 18 | 19 |
    20 |
    21 |
    22 |

    Chat Room

    23 |
    24 | 25 |
    26 |
    27 |
      28 |
    29 |
    30 |
    31 |
    32 |
    33 | 34 |
    35 |
    36 |
    37 | 41 |
    42 | 43 |
    44 | 45 |
    46 |
    47 |
    48 | 49 | @webJarsUtil.locate("jquery.min.js").script() 50 | @webJarsUtil.locate("jquery.flot.min.js").script() 51 | 52 | 53 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME% 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS= 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 67 | 68 | @rem Execute Gradle 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /test/controllers/HomeControllerSpec.scala: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import java.io.IOException 4 | 5 | import org.scalatest.concurrent.PatienceConfiguration.Timeout 6 | import org.scalatest.concurrent.{IntegrationPatience, ScalaFutures} 7 | import org.scalatestplus.play._ 8 | import play.api.inject.guice.GuiceApplicationBuilder 9 | import play.api.test._ 10 | import play.shaded.ahc.org.asynchttpclient.AsyncHttpClient 11 | import play.shaded.ahc.org.asynchttpclient.ws.WebSocket 12 | 13 | import scala.compat.java8.FutureConverters 14 | import scala.concurrent.Await 15 | import scala.concurrent.duration._ 16 | import scala.language.postfixOps 17 | 18 | class HomeControllerSpec extends PlaySpec with ScalaFutures with IntegrationPatience { 19 | 20 | "HomeController" should { 21 | 22 | "reject a websocket flow if the origin is set incorrectly" in WsTestClient.withClient { client => 23 | 24 | // Pick a non standard port that will fail the (somewhat contrived) origin check... 25 | lazy val port: Int = 31337 26 | val app = new GuiceApplicationBuilder().build() 27 | Helpers.running(TestServer(port, app)) { 28 | val myPublicAddress = s"localhost:$port" 29 | val serverURL = s"ws://$myPublicAddress/chat" 30 | 31 | val asyncHttpClient: AsyncHttpClient = client.underlying[AsyncHttpClient] 32 | 33 | val webSocketClient = new WebSocketClient(asyncHttpClient) 34 | try { 35 | val origin = "ws://example.com/ws/chat" 36 | val listener = new WebSocketClient.LoggingListener 37 | val completionStage = webSocketClient.call(serverURL, origin, listener) 38 | val f = FutureConverters.toScala(completionStage) 39 | Await.result(f, atMost = 1000 millis) 40 | listener.getThrowable mustBe a[IOException] 41 | } catch { 42 | case e: IllegalStateException => 43 | e mustBe an [IllegalStateException] 44 | 45 | case e: java.util.concurrent.ExecutionException => 46 | val foo = e.getCause 47 | foo mustBe an [IOException] 48 | } 49 | } 50 | } 51 | 52 | "accept a websocket flow if the origin is set correctly" in WsTestClient.withClient { client => 53 | lazy val port: Int = Helpers.testServerPort 54 | val app = new GuiceApplicationBuilder().build() 55 | Helpers.running(TestServer(port, app)) { 56 | val myPublicAddress = s"localhost:$port" 57 | val serverURL = s"ws://$myPublicAddress/chat" 58 | 59 | val asyncHttpClient: AsyncHttpClient = client.underlying[AsyncHttpClient] 60 | 61 | val webSocketClient = new WebSocketClient(asyncHttpClient) 62 | 63 | val origin = serverURL 64 | val listener = new WebSocketClient.LoggingListener 65 | val completionStage = webSocketClient.call(serverURL, origin, listener) 66 | val f = FutureConverters.toScala(completionStage) 67 | 68 | whenReady(f, timeout = Timeout(1 second)) { webSocket => 69 | webSocket mustBe a [WebSocket] 70 | } 71 | } 72 | } 73 | } 74 | 75 | } 76 | -------------------------------------------------------------------------------- /.github/settings.yml: -------------------------------------------------------------------------------- 1 | # These settings are synced to GitHub by https://probot.github.io/apps/settings/ 2 | repository: 3 | homepage: "https://developer.lightbend.com/start/?group=play" 4 | topics: playframework, example, example-project, sample, sample-app, jvm, webapp 5 | private: false 6 | has_issues: true 7 | # We don't need projects in sample projects 8 | has_projects: false 9 | # We don't need wiki in sample projects 10 | has_wiki: false 11 | has_downloads: true 12 | default_branch: 2.7.x 13 | allow_squash_merge: true 14 | allow_merge_commit: false 15 | allow_rebase_merge: false 16 | 17 | teams: 18 | - name: core 19 | permission: admin 20 | - name: integrators 21 | permission: write 22 | - name: write-bots 23 | permission: write 24 | 25 | branches: 26 | - name: "[0-9].*.x" 27 | protection: 28 | # We don't require reviews for sample applications because they are mainly 29 | # updated by template-control, which is an automated process 30 | required_pull_request_reviews: null 31 | # Required. Require status checks to pass before merging. Set to null to disable 32 | required_status_checks: 33 | # Required. The list of status checks to require in order to merge into this branch 34 | contexts: ["Travis CI - Pull Request", "typesafe-cla-validator"] 35 | 36 | # Labels: tailored list of labels to be used by sample applications 37 | labels: 38 | - color: f9d0c4 39 | name: "closed:declined" 40 | - color: f9d0c4 41 | name: "closed:duplicated" 42 | oldname: duplicate 43 | - color: f9d0c4 44 | name: "closed:invalid" 45 | oldname: invalid 46 | - color: f9d0c4 47 | name: "closed:question" 48 | oldname: question 49 | - color: f9d0c4 50 | name: "closed:wontfix" 51 | oldname: wontfix 52 | - color: 7057ff 53 | name: "good first issue" 54 | - color: 7057ff 55 | name: "Hacktoberfest" 56 | - color: 7057ff 57 | name: "help wanted" 58 | - color: cceecc 59 | name: "status:backlog" 60 | oldname: backlog 61 | - color: b60205 62 | name: "status:block-merge" 63 | oldname: block-merge 64 | - color: b60205 65 | name: "status:blocked" 66 | - color: 0e8a16 67 | name: "status:in-progress" 68 | - color: 0e8a16 69 | name: "status:merge-when-green" 70 | oldname: merge-when-green 71 | - color: fbca04 72 | name: "status:needs-backport" 73 | - color: fbca04 74 | name: "status:needs-forwardport" 75 | - color: fbca04 76 | name: "status:needs-info" 77 | - color: fbca04 78 | name: "status:needs-verification" 79 | - color: 0e8a16 80 | name: "status:ready" 81 | - color: fbca04 82 | name: "status:to-review" 83 | oldname: review 84 | - color: c5def5 85 | name: "topic:build/tests" 86 | - color: c5def5 87 | name: "topic:dev-environment" 88 | - color: c5def5 89 | name: "topic:documentation" 90 | - color: c5def5 91 | name: "topic:jdk-next" 92 | - color: b60205 93 | name: "type:defect" 94 | oldname: bug 95 | - color: 0052cc 96 | name: "type:feature" 97 | - color: 0052cc 98 | name: "type:improvement" 99 | oldname: enhancement 100 | - color: 0052cc 101 | name: "type:updates" 102 | - color: bf0d92 103 | name: "type:template-control" 104 | oldname: template-control 105 | -------------------------------------------------------------------------------- /app/controllers/HomeController.scala: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import java.net.URI 4 | import javax.inject._ 5 | 6 | import akka.actor.ActorSystem 7 | import akka.event.Logging 8 | import akka.stream.Materializer 9 | import akka.stream.scaladsl.{BroadcastHub, Flow, Keep, MergeHub, Source} 10 | import play.api.Logger 11 | import play.api.mvc._ 12 | 13 | import scala.concurrent.{ExecutionContext, Future} 14 | 15 | /** 16 | * A very simple chat client using websockets. 17 | */ 18 | @Singleton 19 | class HomeController @Inject()(val controllerComponents: ControllerComponents, inputSanitizer: InputSanitizer) 20 | (implicit actorSystem: ActorSystem, 21 | mat: Materializer, 22 | executionContext: ExecutionContext, 23 | webJarsUtil: org.webjars.play.WebJarsUtil) 24 | extends BaseController with RequestMarkerContext { 25 | 26 | private type WSMessage = String 27 | 28 | private val logger = Logger(getClass) 29 | 30 | private implicit val logging = Logging(actorSystem.eventStream, logger.underlyingLogger.getName) 31 | 32 | // chat room many clients -> merge hub -> broadcasthub -> many clients 33 | private val (chatSink, chatSource) = { 34 | // Don't log MergeHub$ProducerFailed as error if the client disconnects. 35 | // recoverWithRetries -1 is essentially "recoverWith" 36 | val source = MergeHub.source[WSMessage] 37 | .log("source") 38 | // Let's also do some input sanitization to avoid XSS attacks 39 | .map(inputSanitizer.sanitize) 40 | .recoverWithRetries(-1, { case _: Exception ⇒ Source.empty }) 41 | 42 | val sink = BroadcastHub.sink[WSMessage] 43 | source.toMat(sink)(Keep.both).run() 44 | } 45 | 46 | private val userFlow: Flow[WSMessage, WSMessage, _] = { 47 | Flow.fromSinkAndSource(chatSink, chatSource) 48 | } 49 | 50 | def index: Action[AnyContent] = Action { implicit request: RequestHeader => 51 | val webSocketUrl = routes.HomeController.chat().webSocketURL() 52 | logger.info(s"index: ") 53 | Ok(views.html.index(webSocketUrl)) 54 | } 55 | 56 | def chat(): WebSocket = { 57 | WebSocket.acceptOrResult[WSMessage, WSMessage] { 58 | case rh if sameOriginCheck(rh) => 59 | Future.successful(userFlow).map { flow => 60 | Right(flow) 61 | }.recover { 62 | case e: Exception => 63 | val msg = "Cannot create websocket" 64 | logger.error(msg, e) 65 | val result = InternalServerError(msg) 66 | Left(result) 67 | } 68 | 69 | case rejected => 70 | logger.error(s"Request ${rejected} failed same origin check") 71 | Future.successful { 72 | Left(Forbidden("forbidden")) 73 | } 74 | } 75 | } 76 | 77 | /** 78 | * Checks that the WebSocket comes from the same origin. This is necessary to protect 79 | * against Cross-Site WebSocket Hijacking as WebSocket does not implement Same Origin Policy. 80 | * 81 | * See https://tools.ietf.org/html/rfc6455#section-1.3 and 82 | * http://blog.dewhurstsecurity.com/2013/08/30/security-testing-html5-websockets.html 83 | */ 84 | private def sameOriginCheck(implicit rh: RequestHeader): Boolean = { 85 | // The Origin header is the domain the request originates from. 86 | // https://tools.ietf.org/html/rfc6454#section-7 87 | logger.debug("Checking the ORIGIN ") 88 | 89 | rh.headers.get("Origin") match { 90 | case Some(originValue) if originMatches(originValue) => 91 | logger.debug(s"originCheck: originValue = $originValue") 92 | true 93 | 94 | case Some(badOrigin) => 95 | logger.error(s"originCheck: rejecting request because Origin header value ${badOrigin} is not in the same origin") 96 | false 97 | 98 | case None => 99 | logger.error("originCheck: rejecting request because no Origin header found") 100 | false 101 | } 102 | } 103 | 104 | /** 105 | * Returns true if the value of the Origin header contains an acceptable value. 106 | */ 107 | private def originMatches(origin: String): Boolean = { 108 | try { 109 | val url = new URI(origin) 110 | url.getHost == "localhost" && 111 | (url.getPort match { case 9000 | 19001 => true; case _ => false }) 112 | } catch { 113 | case e: Exception => false 114 | } 115 | } 116 | 117 | } 118 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/" >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="Gradle" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS="" 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn () { 37 | echo "$*" 38 | } 39 | 40 | die () { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save () { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 166 | 167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 169 | cd "$(dirname "$0")" 170 | fi 171 | 172 | exec "$JAVACMD" "$@" 173 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | CC0 1.0 Universal 2 | 3 | Statement of Purpose 4 | 5 | The laws of most jurisdictions throughout the world automatically confer 6 | exclusive Copyright and Related Rights (defined below) upon the creator and 7 | subsequent owner(s) (each and all, an "owner") of an original work of 8 | authorship and/or a database (each, a "Work"). 9 | 10 | Certain owners wish to permanently relinquish those rights to a Work for the 11 | purpose of contributing to a commons of creative, cultural and scientific 12 | works ("Commons") that the public can reliably and without fear of later 13 | claims of infringement build upon, modify, incorporate in other works, reuse 14 | and redistribute as freely as possible in any form whatsoever and for any 15 | purposes, including without limitation commercial purposes. These owners may 16 | contribute to the Commons to promote the ideal of a free culture and the 17 | further production of creative, cultural and scientific works, or to gain 18 | reputation or greater distribution for their Work in part through the use and 19 | efforts of others. 20 | 21 | For these and/or other purposes and motivations, and without any expectation 22 | of additional consideration or compensation, the person associating CC0 with a 23 | Work (the "Affirmer"), to the extent that he or she is an owner of Copyright 24 | and Related Rights in the Work, voluntarily elects to apply CC0 to the Work 25 | and publicly distribute the Work under its terms, with knowledge of his or her 26 | Copyright and Related Rights in the Work and the meaning and intended legal 27 | effect of CC0 on those rights. 28 | 29 | 1. Copyright and Related Rights. A Work made available under CC0 may be 30 | protected by copyright and related or neighboring rights ("Copyright and 31 | Related Rights"). Copyright and Related Rights include, but are not limited 32 | to, the following: 33 | 34 | i. the right to reproduce, adapt, distribute, perform, display, communicate, 35 | and translate a Work; 36 | 37 | ii. moral rights retained by the original author(s) and/or performer(s); 38 | 39 | iii. publicity and privacy rights pertaining to a person's image or likeness 40 | depicted in a Work; 41 | 42 | iv. rights protecting against unfair competition in regards to a Work, 43 | subject to the limitations in paragraph 4(a), below; 44 | 45 | v. rights protecting the extraction, dissemination, use and reuse of data in 46 | a Work; 47 | 48 | vi. database rights (such as those arising under Directive 96/9/EC of the 49 | European Parliament and of the Council of 11 March 1996 on the legal 50 | protection of databases, and under any national implementation thereof, 51 | including any amended or successor version of such directive); and 52 | 53 | vii. other similar, equivalent or corresponding rights throughout the world 54 | based on applicable law or treaty, and any national implementations thereof. 55 | 56 | 2. Waiver. To the greatest extent permitted by, but not in contravention of, 57 | applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and 58 | unconditionally waives, abandons, and surrenders all of Affirmer's Copyright 59 | and Related Rights and associated claims and causes of action, whether now 60 | known or unknown (including existing as well as future claims and causes of 61 | action), in the Work (i) in all territories worldwide, (ii) for the maximum 62 | duration provided by applicable law or treaty (including future time 63 | extensions), (iii) in any current or future medium and for any number of 64 | copies, and (iv) for any purpose whatsoever, including without limitation 65 | commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes 66 | the Waiver for the benefit of each member of the public at large and to the 67 | detriment of Affirmer's heirs and successors, fully intending that such Waiver 68 | shall not be subject to revocation, rescission, cancellation, termination, or 69 | any other legal or equitable action to disrupt the quiet enjoyment of the Work 70 | by the public as contemplated by Affirmer's express Statement of Purpose. 71 | 72 | 3. Public License Fallback. Should any part of the Waiver for any reason be 73 | judged legally invalid or ineffective under applicable law, then the Waiver 74 | shall be preserved to the maximum extent permitted taking into account 75 | Affirmer's express Statement of Purpose. In addition, to the extent the Waiver 76 | is so judged Affirmer hereby grants to each affected person a royalty-free, 77 | non transferable, non sublicensable, non exclusive, irrevocable and 78 | unconditional license to exercise Affirmer's Copyright and Related Rights in 79 | the Work (i) in all territories worldwide, (ii) for the maximum duration 80 | provided by applicable law or treaty (including future time extensions), (iii) 81 | in any current or future medium and for any number of copies, and (iv) for any 82 | purpose whatsoever, including without limitation commercial, advertising or 83 | promotional purposes (the "License"). The License shall be deemed effective as 84 | of the date CC0 was applied by Affirmer to the Work. Should any part of the 85 | License for any reason be judged legally invalid or ineffective under 86 | applicable law, such partial invalidity or ineffectiveness shall not 87 | invalidate the remainder of the License, and in such case Affirmer hereby 88 | affirms that he or she will not (i) exercise any of his or her remaining 89 | Copyright and Related Rights in the Work or (ii) assert any associated claims 90 | and causes of action with respect to the Work, in either case contrary to 91 | Affirmer's express Statement of Purpose. 92 | 93 | 4. Limitations and Disclaimers. 94 | 95 | a. No trademark or patent rights held by Affirmer are waived, abandoned, 96 | surrendered, licensed or otherwise affected by this document. 97 | 98 | b. Affirmer offers the Work as-is and makes no representations or warranties 99 | of any kind concerning the Work, express, implied, statutory or otherwise, 100 | including without limitation warranties of title, merchantability, fitness 101 | for a particular purpose, non infringement, or the absence of latent or 102 | other defects, accuracy, or the present or absence of errors, whether or not 103 | discoverable, all to the greatest extent permissible under applicable law. 104 | 105 | c. Affirmer disclaims responsibility for clearing rights of other persons 106 | that may apply to the Work or any use thereof, including without limitation 107 | any person's Copyright and Related Rights in the Work. Further, Affirmer 108 | disclaims responsibility for obtaining any necessary consents, permissions 109 | or other rights required for any use of the Work. 110 | 111 | d. Affirmer understands and acknowledges that Creative Commons is not a 112 | party to this document and has no duty or obligation with respect to this 113 | CC0 or use of the Work. 114 | 115 | For more information, please see 116 | 117 | --------------------------------------------------------------------------------