ACLs were not considered when processing commands coming over WebSocket
connections. WS commands that are disabled with ACLs are now rejected
with a custom message for JSON and raw WS clients, the two supported
formats for this protocol. For JSON an equivalent HTTP status code is
included in the response, although this is only an indication of how
Webdis would have responded if it came from a regular HTTP request.
Tests are added to validate that DEBUG commands are rejected by Webdis
without even making it to Redis, for both JSON and raw WS clients.
Add DEBUG OBJECT demo to websocket.html: DEBUG is disabled with ACLs
by default in webdis.json. A DEBUG button is added to the WebSocket
HTML demo to show what kind of response is produced when WebSocket
clients attempt to send such a command.
The error responses are documented in the README in the ACL section.
Fixes#240.
The `http_status` code is an indicator of how Webdis would have responded if the client had used HTTP instead of a WebSocket connection, since WebSocket messages do not inherently have a status code.
For raw Redis protocol WebSocket clients, a rejected command will produce this error (sent as a string in a binary frame):
```
-ERR Forbidden\r\n
```
# Environment variables
# Environment variables
Environment variables can be used in `webdis.json` to read values from the environment instead of using constant values.
Environment variables can be used in `webdis.json` to read values from the environment instead of using constant values.