fix: abort upgrade on edge case where socket closed early

Author: mikuso

lib/server.js

@@ -110,13 +110,21 @@ class RPCServer extends EventEmitter {
                 }
             };
 
+            socket.on('error', (err) => {
+                abortUpgrade(err);
+            });
+
             try {
                 if (this._state !== OPEN) {
                     throw new WebsocketUpgradeError(500, "Server not open");
                 }
 
-                const headers = request.headers;
+                if (socket.readyState !== 'open') {
+                    throw new WebsocketUpgradeError(400, `Client readyState = '${socket.readyState}'`);
+                }
 
+                const headers = request.headers;
+
                 if (headers.upgrade.toLowerCase() !== 'websocket') {
                     throw new WebsocketUpgradeError(400, "Can only upgrade websocket upgrade requests");
                 }
@@ -163,25 +171,32 @@ class RPCServer extends EventEmitter {
                 const accept = (session, protocol) => {
                     if (resolved) return;
                     resolved = true;
+                    
+                    try {
+                        if (socket.readyState !== 'open') {
+                            throw new WebsocketUpgradeError(400, `Client readyState = '${socket.readyState}'`);
+                        }
 
-                    if (protocol === undefined) {
-                        // pick first subprotocol (preferred by server) that is also supported by the client
-                        protocol = (this._options.protocols ?? []).find(p => protocols.has(p));
-                    } else if (protocol !== false && !protocols.has(protocol)) {
-                        abortUpgrade(new WebsocketUpgradeError(400, `Client doesn't support expected subprotocol`));
-                        return;
-                    }
+                        if (protocol === undefined) {
+                            // pick first subprotocol (preferred by server) that is also supported by the client
+                            protocol = (this._options.protocols ?? []).find(p => protocols.has(p));
+                        } else if (protocol !== false && !protocols.has(protocol)) {
+                            throw new WebsocketUpgradeError(400, `Client doesn't support expected subprotocol`);
+                        }
 
-                    // cache auth results for connection creation
-                    this._pendingUpgrades.set(request, {
-                        session: session ?? {},
-                        protocol,
-                        handshake
-                    });
+                        // cache auth results for connection creation
+                        this._pendingUpgrades.set(request, {
+                            session: session ?? {},
+                            protocol,
+                            handshake
+                        });
 
-                    this._wss.handleUpgrade(request, socket, head, ws => {
-                        this._wss.emit('connection', ws, request);
-                    });
+                        this._wss.handleUpgrade(request, socket, head, ws => {
+                            this._wss.emit('connection', ws, request);
+                        });
+                    } catch (err) {
+                        abortUpgrade(err);
+                    }
                 };
 
                 const reject = (code = 404, message = 'Not found') => {
@@ -198,10 +213,6 @@ class RPCServer extends EventEmitter {
                     reject(400, `Client connection closed before upgrade complete`);
                 });
 
-                socket.on('error', (err) => {
-                    abortUpgrade(err);
-                });
-
                 if (this.authCallback) {
                     await this.authCallback(
                         accept,