fix: improve join payload handling (#1501)

filipecabaco · web-flow · commit b500a58f7b7a · 2025-08-29T13:16:23.000+01:00
improves error handling on join by doing basic checks on types received by realtime. it's the scafold for future validations with more informative errors to the users
diff --git a/README.md b/README.md
@@ -225,6 +225,7 @@ This is the list of operational codes that can help you understand your deployme
 | Code                               | Description                                                                                                                                                                                           |
 | ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | TopicNameRequired                  | You are trying to use Realtime without a topic name set                                                                                                                                               |
+| InvalidJoinPayload                 | The payload provided to Realtime on connect is invalid                                                                                                                                                |
 | RealtimeDisabledForConfiguration   | The configuration provided to Realtime on connect will not be able to provide you any Postgres Changes                                                                                                |
 | TenantNotFound                     | The tenant you are trying to connect to does not exist                                                                                                                                                |
 | ErrorConnectingToWebsocket         | Error when trying to connect to the WebSocket server                                                                                                                                                  |
diff --git a/lib/realtime_web/channels/payloads/broadcast.ex b/lib/realtime_web/channels/payloads/broadcast.ex
@@ -0,0 +1,17 @@
+defmodule RealtimeWeb.Channels.Payloads.Broadcast do
+  @moduledoc """
+  Validate broadcast field of the join payload.
+  """
+  use Ecto.Schema
+  import Ecto.Changeset
+  alias RealtimeWeb.Channels.Payloads.Join
+
+  embedded_schema do
+    field :ack, :boolean, default: false
+    field :self, :boolean, default: false
+  end
+
+  def changeset(broadcast, attrs) do
+    cast(broadcast, attrs, [:ack, :self], message: &Join.error_message/2)
+  end
+end
diff --git a/lib/realtime_web/channels/payloads/config.ex b/lib/realtime_web/channels/payloads/config.ex
@@ -0,0 +1,26 @@
+defmodule RealtimeWeb.Channels.Payloads.Config do
+  @moduledoc """
+  Validate config field of the join payload.
+  """
+  use Ecto.Schema
+  import Ecto.Changeset
+  alias RealtimeWeb.Channels.Payloads.Join
+  alias RealtimeWeb.Channels.Payloads.Broadcast
+  alias RealtimeWeb.Channels.Payloads.Presence
+  alias RealtimeWeb.Channels.Payloads.PostgresChange
+
+  embedded_schema do
+    embeds_one :broadcast, Broadcast
+    embeds_one :presence, Presence
+    embeds_many :postgres_changes, PostgresChange
+    field :private, :boolean, default: false
+  end
+
+  def changeset(config, attrs) do
+    config
+    |> cast(attrs, [:private], message: &Join.error_message/2)
+    |> cast_embed(:broadcast, invalid_message: "unable to parse, expected a map")
+    |> cast_embed(:presence, invalid_message: "unable to parse, expected a map")
+    |> cast_embed(:postgres_changes, invalid_message: "unable to parse, expected an array of maps")
+  end
+end
diff --git a/lib/realtime_web/channels/payloads/join.ex b/lib/realtime_web/channels/payloads/join.ex
@@ -0,0 +1,58 @@
+defmodule RealtimeWeb.Channels.Payloads.Join do
+  @moduledoc """
+  Payload validation for the phx_join event.
+  """
+  use Ecto.Schema
+  import Ecto.Changeset
+  alias RealtimeWeb.Channels.Payloads.Config
+  alias RealtimeWeb.Channels.Payloads.Broadcast
+  alias RealtimeWeb.Channels.Payloads.Presence
+
+  embedded_schema do
+    embeds_one :config, Config
+    field :access_token, :string
+    field :user_token, :string
+  end
+
+  def changeset(join, attrs) do
+    join
+    |> cast(attrs, [:access_token, :user_token], message: &error_message/2)
+    |> cast_embed(:config, invalid_message: "unable to parse, expected a map")
+  end
+
+  @spec validate(map()) :: {:ok, %__MODULE__{}} | {:error, :invalid_join_payload, map()}
+  def validate(params) do
+    case changeset(%__MODULE__{}, params) do
+      %Ecto.Changeset{valid?: true} = changeset ->
+        {:ok, Ecto.Changeset.apply_changes(changeset)}
+
+      %Ecto.Changeset{valid?: false} = changeset ->
+        errors = Ecto.Changeset.traverse_errors(changeset, &elem(&1, 0))
+        {:error, :invalid_join_payload, errors}
+    end
+  end
+
+  def presence_enabled?(%__MODULE__{config: %Config{presence: %Presence{enabled: enabled}}}), do: enabled
+  def presence_enabled?(_), do: true
+
+  def presence_key(%__MODULE__{config: %Config{presence: %Presence{key: ""}}}), do: UUID.uuid1()
+  def presence_key(%__MODULE__{config: %Config{presence: %Presence{key: key}}}), do: key
+  def presence_key(_), do: UUID.uuid1()
+
+  def ack_broadcast?(%__MODULE__{config: %Config{broadcast: %Broadcast{ack: ack}}}), do: ack
+  def ack_broadcast?(_), do: false
+
+  def self_broadcast?(%__MODULE__{config: %Config{broadcast: %Broadcast{self: self}}}), do: self
+  def self_broadcast?(_), do: false
+
+  def private?(%__MODULE__{config: %Config{private: private}}), do: private
+  def private?(_), do: false
+
+  def error_message(_field, meta) do
+    type = Keyword.get(meta, :type)
+
+    if type,
+      do: "unable to parse, expected #{type}",
+      else: "unable to parse"
+  end
+end
diff --git a/lib/realtime_web/channels/payloads/postgres_change.ex b/lib/realtime_web/channels/payloads/postgres_change.ex
@@ -0,0 +1,19 @@
+defmodule RealtimeWeb.Channels.Payloads.PostgresChange do
+  @moduledoc """
+  Validate postgres_changes field of the join payload.
+  """
+  use Ecto.Schema
+  import Ecto.Changeset
+  alias RealtimeWeb.Channels.Payloads.Join
+
+  embedded_schema do
+    field :event, :string
+    field :schema, :string
+    field :table, :string
+    field :filter, :string
+  end
+
+  def changeset(postgres_change, attrs) do
+    cast(postgres_change, attrs, [:event, :schema, :table, :filter], message: &Join.error_message/2)
+  end
+end
diff --git a/lib/realtime_web/channels/payloads/presence.ex b/lib/realtime_web/channels/payloads/presence.ex
@@ -0,0 +1,17 @@
+defmodule RealtimeWeb.Channels.Payloads.Presence do
+  @moduledoc """
+  Validate presence field of the join payload.
+  """
+  use Ecto.Schema
+  import Ecto.Changeset
+  alias RealtimeWeb.Channels.Payloads.Join
+
+  embedded_schema do
+    field :enabled, :boolean, default: true
+    field :key, :string, default: UUID.uuid1()
+  end
+
+  def changeset(presence, attrs) do
+    cast(presence, attrs, [:enabled, :key], message: &Join.error_message/2)
+  end
+end
diff --git a/lib/realtime_web/channels/realtime_channel.ex b/lib/realtime_web/channels/realtime_channel.ex
@@ -21,6 +21,7 @@ defmodule RealtimeWeb.RealtimeChannel do
   alias Realtime.Tenants.Authorization.Policies.PresencePolicies
   alias Realtime.Tenants.Connect
 
+  alias RealtimeWeb.Channels.Payloads.Join
   alias RealtimeWeb.ChannelsAuthorization
   alias RealtimeWeb.RealtimeChannel.BroadcastHandler
   alias RealtimeWeb.RealtimeChannel.MessageDispatcher
@@ -54,6 +55,15 @@ defmodule RealtimeWeb.RealtimeChannel do
       |> assign(:private?, !!params["config"]["private"])
       |> assign(:policies, nil)
 
+    case Join.validate(params) do
+      {:ok, _join} ->
+        nil
+
+      {:error, :invalid_join_payload, errors} ->
+        log_params = params |> Map.put("access_token", "<redacted>") |> Map.put("user_token", "<redacted>")
+        log_error(socket, "InvalidJoinPayload", %{changeset_errors: errors, params: log_params})
+    end
+
     with :ok <- SignalHandler.shutdown_in_progress?(),
          :ok <- only_private?(tenant_id, socket),
          :ok <- limit_joins(socket),
diff --git a/mix.exs b/mix.exs
@@ -4,7 +4,7 @@ defmodule Realtime.MixProject do
   def project do
     [
       app: :realtime,
-      version: "2.44.0",
+      version: "2.44.1",
       elixir: "~> 1.17.3",
       elixirc_paths: elixirc_paths(Mix.env()),
       start_permanent: Mix.env() == :prod,
diff --git a/phx_join.schema.json b/phx_join.schema.json
@@ -0,0 +1,139 @@
+{
+    "type": "object",
+    "description": "",
+    "title": "phx_join",
+    "required": [
+        "access_token",
+        "config"
+    ],
+    "properties": {
+        "config": {
+            "title": "config",
+            "$ref": "#/$defs/phx_join_config"
+        },
+        "access_token": {
+            "type": "string",
+            "description": "String, e.g. 'hello'",
+            "title": "access_token"
+        }
+    },
+    "additionalProperties": false,
+    "$defs": {
+        "phx_join_config": {
+            "type": "object",
+            "description": "",
+            "title": "phx_join_config",
+            "properties": {
+                "private": {
+                    "type": "boolean",
+                    "description": "Boolean, e.g. true",
+                    "title": "private",
+                    "default": false
+                },
+                "broadcast": {
+                    "title": "broadcast",
+                    "$ref": "#/$defs/phx_join_broadcast",
+                    "default": {
+                        "self": false,
+                        "ack": false
+                    }
+                },
+                "presence": {
+                    "title": "presence",
+                    "$ref": "#/$defs/phx_join_presence",
+                    "default": {
+                        "enabled": false,
+                        "key": ""
+                    }
+                },
+                "postgres_changes": {
+                    "type": "array",
+                    "title": "phx_join_postgres_changes",
+                    "items": {
+                        "$ref": "#/$defs/phx_join_postgres_changes",
+                        "default": {
+                            "table": "",
+                            "filter": "",
+                            "schema": "",
+                            "event": ""
+                        }
+                    }
+                }
+            },
+            "additionalProperties": false
+        },
+        "phx_join_broadcast": {
+            "type": "object",
+            "description": "",
+            "title": "phx_join_broadcast",
+            "properties": {
+                "self": {
+                    "type": "boolean",
+                    "description": "Boolean, e.g. true",
+                    "title": "self",
+                    "default": false
+                },
+                "ack": {
+                    "type": "boolean",
+                    "description": "Boolean, e.g. true",
+                    "title": "ack",
+                    "default": false
+                }
+            },
+            "additionalProperties": false
+        },
+        "phx_join_postgres_changes": {
+            "type": "object",
+            "description": "",
+            "title": "phx_join_postgres_changes",
+            "required": [
+                "event",
+                "filter",
+                "schema",
+                "table"
+            ],
+            "properties": {
+                "table": {
+                    "type": "string",
+                    "description": "String, e.g. 'hello'",
+                    "title": "table"
+                },
+                "filter": {
+                    "type": "string",
+                    "description": "String, e.g. 'hello'",
+                    "title": "filter"
+                },
+                "schema": {
+                    "type": "string",
+                    "description": "String, e.g. 'hello'",
+                    "title": "schema"
+                },
+                "event": {
+                    "type": "string",
+                    "description": "String, e.g. 'hello'",
+                    "title": "event"
+                }
+            },
+            "additionalProperties": false
+        },
+        "phx_join_presence": {
+            "type": "object",
+            "description": "",
+            "title": "phx_join_presence",
+            "properties": {
+                "enabled": {
+                    "type": "boolean",
+                    "description": "Boolean, e.g. true",
+                    "title": "enabled",
+                    "default": false
+                },
+                "key": {
+                    "type": "string",
+                    "description": "String, e.g. 'hello'",
+                    "title": "key"
+                }
+            },
+            "additionalProperties": false
+        }
+    }
+}
diff --git a/test/realtime_web/channels/payloads/join_test.exs b/test/realtime_web/channels/payloads/join_test.exs

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ defmodule Realtime.MixProject do`
`4`	`4`	`def project do`
`5`	`5`	`[`
`6`	`6`	`app: :realtime,`
`7`		`- version: "2.44.0",`
	`7`	`+ version: "2.44.1",`
`8`	`8`	`elixir: "~> 1.17.3",`
`9`	`9`	`elixirc_paths: elixirc_paths(Mix.env()),`
`10`	`10`	`start_permanent: Mix.env() == :prod,`