Fix var→const/let regressions in modernization

Address code review feedback from Gemini regarding var declarations that
were accidentally introduced during the v2.0 modernization work.

Changes:
- WebSocketClient.js: Convert var to const/let (nonce, hostHeaderValue,
  reqHeaders, pathAndQuery, req, connection, self)
- WebSocketConnection.js: Convert var to const/let (frame, self,
  bytesCopied, binaryPayload, cancelled, respondCloseReasonCode, flushed)
- Add braces around case 0x08 block to allow let declaration
- Restore WebSocketRequest.js and WebSocketRouter.js from base branch
  (these files had no changes but were accidentally reverted)

All vars that needed to be mutated were changed to let, immutable vars
changed to const. ESLint no-case-declarations rule now satisfied.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: theturtle32

lib/WebSocketClient.js

@@ -113,7 +113,7 @@ class WebSocketClient extends EventEmitter {
   }
 
   connect(requestUrl, protocols = [], origin, headers, extraRequestOptions) {
-    var self = this;
+    const self = this;
 
     // Create Promise that will be returned (v2.0 feature)
     const promise = new Promise((resolve, reject) => {
@@ -183,19 +183,19 @@ class WebSocketClient extends EventEmitter {
 
       this.url.port ??= defaultPorts[this.url.protocol];
 
-      var nonce = bufferAllocUnsafe(16);
-      for (var i=0; i < 16; i++) {
+      const nonce = bufferAllocUnsafe(16);
+      for (let i=0; i < 16; i++) {
         nonce[i] = Math.round(Math.random()*0xFF);
       }
       this.base64nonce = nonce.toString('base64');
 
-      var hostHeaderValue = this.url.hostname;
+      let hostHeaderValue = this.url.hostname;
       if ((this.url.protocol === 'ws:' && this.url.port !== '80') ||
         (this.url.protocol === 'wss:' && this.url.port !== '443'))  {
         hostHeaderValue += `:${this.url.port}`;
       }
 
-      var reqHeaders = {};
+      const reqHeaders = {};
       if (this.secure && this.config.tlsOptions?.headers) {
         // Allow for additional headers to be provided when connecting via HTTPS
         extend(reqHeaders, this.config.tlsOptions.headers);
@@ -226,7 +226,7 @@ class WebSocketClient extends EventEmitter {
 
       // TODO: Implement extensions
 
-      var pathAndQuery;
+      let pathAndQuery;
       // Ensure it begins with '/'.
       if (this.url.pathname) {
         pathAndQuery = this.url.path;
@@ -268,7 +268,7 @@ class WebSocketClient extends EventEmitter {
         }
       }
 
-      var req = this._req = (this.secure ? https : http).request(requestOptions);
+      const req = this._req = (this.secure ? https : http).request(requestOptions);
       req.on('upgrade', function handleRequestUpgrade(response, socket, head) {
         self._req = null;
         req.removeListener('error', handleRequestError);
@@ -357,7 +357,7 @@ class WebSocketClient extends EventEmitter {
   }
 
   succeedHandshake() {
-    var connection = new WebSocketConnection(this.socket, [], this.protocol, true, this.config);
+    const connection = new WebSocketConnection(this.socket, [], this.protocol, true, this.config);
 
     connection.webSocketVersion = this.config.webSocketVersion;
     connection._addSocketEventListeners();

lib/WebSocketConnection.js

@@ -243,14 +243,14 @@ class WebSocketConnection extends EventEmitter {
     // Receiving/parsing is expected to be halted when paused.
     if (this.inputPaused) { return; }
 
-    var frame = this.currentFrame;
+    const frame = this.currentFrame;
 
     // WebSocketFrame.prototype.addData returns true if all data necessary to
     // parse the frame was available.  It returns false if we are waiting for
     // more data to come in on the wire.
     if (!frame.addData(this.bufferList)) { this._debug('-- insufficient data for frame'); return; }
 
-    var self = this;
+    const self = this;
 
     // Handle possible parsing errors
     if (frame.protocolError) {
@@ -562,8 +562,8 @@ class WebSocketConnection extends EventEmitter {
           // end of fragmented message, so we process the whole
           // message now.  We also have to decode the utf-8 data
           // for text frames after combining all the fragments.
-          var bytesCopied = 0;
-          var binaryPayload = bufferAllocUnsafe(this.fragmentationSize);
+          let bytesCopied = 0;
+          const binaryPayload = bufferAllocUnsafe(this.fragmentationSize);
           const { opcode } = this.frameQueue[0];
           this.frameQueue.forEach((currentFrame) => {
             currentFrame.binaryPayload.copy(binaryPayload, bytesCopied);
@@ -604,7 +604,7 @@ class WebSocketConnection extends EventEmitter {
       if (this._pingListenerCount > 0) {
         // logic to emit the ping frame: this is only done when a listener is known to exist
         // Expose a function allowing the user to override the default ping() behavior
-        var cancelled = false;
+        let cancelled = false;
         const cancel = () => {
           cancelled = true;
         };
@@ -624,7 +624,7 @@ class WebSocketConnection extends EventEmitter {
       this._debug('-- Pong Frame');
       this.emit('pong', frame.binaryPayload);
       break;
-    case 0x08: // WebSocketFrame.CONNECTION_CLOSE
+    case 0x08: { // WebSocketFrame.CONNECTION_CLOSE
       this._debug('-- Close Frame');
       if (this.waitingForCloseResponse) {
         // Got response to our request to close the connection.
@@ -636,12 +636,12 @@ class WebSocketConnection extends EventEmitter {
         this.socket.end();
         return;
       }
-                
+
       this._debug('---- Closing handshake initiated by peer.');
       // Got request from other party to close connection.
       // Send back acknowledgement and then hang up.
       this.state = STATE_PEER_REQUESTED_CLOSE;
-      var respondCloseReasonCode;
+      let respondCloseReasonCode;
 
       // Make sure the close reason provided is legal according to
       // the protocol spec.  Providing no close status is legal.
@@ -681,6 +681,7 @@ class WebSocketConnection extends EventEmitter {
       this.sendCloseFrame(respondCloseReasonCode, null);
       this.connected = false;
       break;
+    }
     default:
       this._debug('-- Unrecognized Opcode %d', frame.opcode);
       this.drop(WebSocketConnection.CLOSE_REASON_PROTOCOL_ERROR,
@@ -705,7 +706,7 @@ class WebSocketConnection extends EventEmitter {
   sendUTF(data, cb) {
     data = bufferFromString(data.toString(), 'utf8');
     this._debug('sendUTF: %d bytes', data.length);
-    var frame = new WebSocketFrame(this.maskBytes, this.frameHeader, this.config);
+    const frame = new WebSocketFrame(this.maskBytes, this.frameHeader, this.config);
     frame.opcode = 0x01; // WebSocketOpcode.TEXT_FRAME
     frame.binaryPayload = data;
 
@@ -728,7 +729,7 @@ class WebSocketConnection extends EventEmitter {
     if (!Buffer.isBuffer(data)) {
       throw new Error('You must pass a Node Buffer object to WebSocketConnection.prototype.sendBytes()');
     }
-    var frame = new WebSocketFrame(this.maskBytes, this.frameHeader, this.config);
+    const frame = new WebSocketFrame(this.maskBytes, this.frameHeader, this.config);
     frame.opcode = 0x02; // WebSocketOpcode.BINARY_FRAME
     frame.binaryPayload = data;
 
@@ -748,7 +749,7 @@ class WebSocketConnection extends EventEmitter {
 
   ping(data) {
     this._debug('ping');
-    var frame = new WebSocketFrame(this.maskBytes, this.frameHeader, this.config);
+    const frame = new WebSocketFrame(this.maskBytes, this.frameHeader, this.config);
     frame.opcode = 0x09; // WebSocketOpcode.PING
     frame.fin = true;
     if (data) {
@@ -768,7 +769,7 @@ class WebSocketConnection extends EventEmitter {
   // ping frame exactly, byte for byte.
   pong(binaryPayload) {
     this._debug('pong');
-    var frame = new WebSocketFrame(this.maskBytes, this.frameHeader, this.config);
+    const frame = new WebSocketFrame(this.maskBytes, this.frameHeader, this.config);
     frame.opcode = 0x0A; // WebSocketOpcode.PONG
     if (Buffer.isBuffer(binaryPayload) && binaryPayload.length > 125) {
       this._debug('WebSocket: Data for pong is longer than 125 bytes.  Truncating.');
@@ -897,7 +898,7 @@ class WebSocketConnection extends EventEmitter {
   sendFrame(frame, cb) {
     this._debug('sendFrame');
     frame.mask = this.maskOutgoingPackets;
-    var flushed = this.socket.write(frame.toBuffer(), cb);
+    const flushed = this.socket.write(frame.toBuffer(), cb);
     this.outputBufferFull = !flushed;
     return flushed;
   }

lib/WebSocketRequest.js

@@ -193,20 +193,20 @@ class WebSocketRequest extends EventEmitter {
     if (!extensionsString || extensionsString.length === 0) {
       return [];
     }
-    var extensions = extensionsString.toLocaleLowerCase().split(headerValueSplitRegExp);
-    extensions.forEach(function(extension, index, array) {
-      var params = extension.split(headerParamSplitRegExp);
-      var extensionName = params[0];
-      var extensionParams = params.slice(1);
-      extensionParams.forEach(function(rawParam, index, array) {
-        var arr = rawParam.split('=');
-        var obj = {
+    const extensions = extensionsString.toLocaleLowerCase().split(headerValueSplitRegExp);
+    extensions.forEach((extension, index, array) => {
+      const params = extension.split(headerParamSplitRegExp);
+      const extensionName = params[0];
+      const extensionParams = params.slice(1);
+      extensionParams.forEach((rawParam, index, array) => {
+        const arr = rawParam.split('=');
+        const obj = {
           name: arr[0],
           value: arr[1]
         };
         array.splice(index, 1, obj);
       });
-      var obj = {
+      const obj = {
         name: extensionName,
         params: extensionParams
       };
@@ -258,7 +258,7 @@ class WebSocketRequest extends EventEmitter {
 
     // TODO: Handle extensions
 
-    var protocolFullCase;
+    let protocolFullCase;
 
     if (acceptedProtocol) {
       protocolFullCase = this.protocolFullCaseMap[acceptedProtocol.toLocaleLowerCase()];
@@ -272,22 +272,23 @@ class WebSocketRequest extends EventEmitter {
     this.protocolFullCaseMap = null;
 
     // Create key validation hash
-    var sha1 = crypto.createHash('sha1');
+    const sha1 = crypto.createHash('sha1');
     sha1.update(this.key + '258EAFA5-E914-47DA-95CA-C5AB0DC85B11');
-    var acceptKey = sha1.digest('base64');
+    const acceptKey = sha1.digest('base64');
 
-    var response = `HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: ${acceptKey}\r\n`;
+    let response = `HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: ${acceptKey}\r\n`;
 
     if (protocolFullCase) {
     // validate protocol
-      for (const character of protocolFullCase) {
-        const charCode = character.charCodeAt(0);
-        if (charCode < 0x21 || charCode > 0x7E || separators.includes(character)) {
+      for (let i=0; i < protocolFullCase.length; i++) {
+        const charCode = protocolFullCase.charCodeAt(i);
+        const character = protocolFullCase.charAt(i);
+        if (charCode < 0x21 || charCode > 0x7E || separators.indexOf(character) !== -1) {
           this.reject(500);
-          throw new Error(`Illegal character "${character}" in subprotocol.`);
+          throw new Error(`Illegal character "${String.fromCharCode(character)}" in subprotocol.`);
         }
       }
-      if (!this.requestedProtocols.includes(acceptedProtocol)) {
+      if (this.requestedProtocols.indexOf(acceptedProtocol) === -1) {
         this.reject(500);
         throw new Error('Specified protocol was not requested by the client.');
       }
@@ -312,8 +313,8 @@ class WebSocketRequest extends EventEmitter {
         this.reject(500);
         throw new Error('Value supplied for "cookies" argument must be an array.');
       }
-      var seenCookies = {};
-      cookies.forEach(function(cookie) {
+      const seenCookies = {};
+      cookies.forEach((cookie) => {
         if (!cookie.name || !cookie.value) {
           this.reject(500);
           throw new Error('Each cookie to set must at least provide a "name" and "value"');
@@ -330,7 +331,7 @@ class WebSocketRequest extends EventEmitter {
         seenCookies[cookie.name] = true;
 
         // token (RFC 2616, Section 2.2)
-        var invalidChar = cookie.name.match(cookieNameValidateRegEx);
+        let invalidChar = cookie.name.match(cookieNameValidateRegEx);
         if (invalidChar) {
           this.reject(500);
           throw new Error(`Illegal character ${invalidChar[0]} in cookie name`);
@@ -348,7 +349,7 @@ class WebSocketRequest extends EventEmitter {
           throw new Error(`Illegal character ${invalidChar[0]} in cookie value`);
         }
 
-        var cookieParts = [`${cookie.name}=${cookie.value}`];
+        const cookieParts = [`${cookie.name}=${cookie.value}`];
 
         // RFC 6265, Section 4.1.1
         // 'Path=' path-value | <any CHAR except CTLs or ';'>
@@ -389,7 +390,7 @@ class WebSocketRequest extends EventEmitter {
         // RFC 6265, Section 4.1.1
         //'Max-Age=' non-zero-digit *DIGIT
         if (cookie.maxage) {
-          var maxage = cookie.maxage;
+          let maxage = cookie.maxage;
           if (typeof(maxage) === 'string') {
             maxage = parseInt(maxage, 10);
           }
@@ -422,7 +423,7 @@ class WebSocketRequest extends EventEmitter {
         }
 
         response += `Set-Cookie: ${cookieParts.join(';')}\r\n`;
-      }.bind(this));
+      });
     }
 
     // TODO: handle negotiated extensions
@@ -437,7 +438,7 @@ class WebSocketRequest extends EventEmitter {
 
     response += '\r\n';
 
-    var connection = new WebSocketConnection(this.socket, [], acceptedProtocol, false, this.serverConfig);
+    const connection = new WebSocketConnection(this.socket, [], acceptedProtocol, false, this.serverConfig);
     connection.webSocketVersion = this.webSocketVersion;
     connection.remoteAddress = this.remoteAddress;
     connection.remoteAddresses = this.remoteAddresses;