[D8] Live content

Thank you for the contribution!

I have some small notices as recommendations which are not security issues:

• Please, remove in your code all unused function parameters and variables.
• It is always better and more "safely to use single quotes" for simple texts,
  example (to-be): $this->t('WebSocket server port')
• And, always keep attention on your Drupal project's issues.
• It is better to "handle the exception" when persist,
  like on this $this->entityTypeManager->getStorage('node_type')->loadMultiple() usage.

I didn't find any security issues.

Please, be patience through the whole reviewing process.
Good job!

I am changing status as per first point on previous comment.

Thanks for the contribution!

Great work of Ratchet & Websocket integration!

Just a little confusion but it needs to be fixed:
Could you add a Roave/SecurityAdvisories and use it as a firewall for vulnerable components? (see the attachment file)

composer require --dev roave/security-advisories:dev-master

@seroton Thank you for the question! I will try to help.

Sometimes I am using external security testing software & programs.

Yes, I'm also using a dozen of Phpstorm plugins for drupal, symfony, composer, and other security related plugins into it.

And, the most important one is the manual security review, when I can touch and feel the code inside. ;)

I have not found security related issues into the code.

• What follows is a quick review of the project; it doesn't mean to be complete
• For every point, I didn't make a complete list of where the code should be fixed, but an example of what is wrong in the code
• Not all the points are application stoppers; some of them describe changes that would be preferable to make

function live_content_entity_insert(EntityInterface $entity) {
  // Get live content service.
  $live_content_service = \Drupal::service('live_content.feed');
  $live_content_content_types = $live_content_service->getContentTypes();
  if (
    !empty($live_content_content_types) &&
    in_array($entity->bundle(), $live_content_content_types)
  ) {
    if (Node::load($entity->id())->isPublished()) {
      // Push new content feed.
      $live_content_service->send($entity->toLink()->toString());
    }
  }
}

Why is the hook loading a node with the same ID of the inserted entity?
If the purpose is verifying the inserted entity is published, it's enough to check the value returned from $entity->isPublished(), once verified the entity object implements that method. If the hook must be invoked only for nodes, it should verify the entity is effectively a node, or the module should implement hook_ENTITY_TYPE_insert() instead of hook_entity_insert().
Otherwise, the code is assuming that two entities with the same ID are also two entities of the same type, which is incorrect. The ID is merely an integer that can be used from entities of different types.

    foreach ($nodes as $node) {
      $nodeTitles[$node->nid->value] = $node->title->value;
    }

Is necessary to use ->value to get the node ID and the title?

/**
 * Sends a server feed to the client based on admin configuration settings.
 */
class Feed {
}

The class used to implement a service should implement an interface, to allow other modules to change the service implementation.

If the code implements hook_node_insert(), that hook is invoked for every node, independently from its content type. If then the hook should do something only when the content type is a specific one, the code should verify the node content type is that specific one.

if ($node->bundle() == 'the content type I want') {
  // ...
}

The code to get the node ID and the title I would use is similar to the following one.

foreach ($nodes as $node) {
  $node_titles[$node->id()] = $node->getTitle();
}

  public function send($feed) {
    $this->feed = Xss::filterAdmin($feed);
    // Connect to WebSocket and attempt to push message.
    Client\connect($this->protocol . '://' . $this->serverIP . ':' . $this->port)->then(function ($conn) {
      $conn->on('message', function ($msg) use ($conn) {
        echo $this->t('Received: @msg', ['@msg' => $msg]) . PHP_EOL;
        $conn->close();
      });

      $conn->send($this->feed);
    }, function ($e) {
      echo $this->t('Could not connect: @error', ['@error' => $e->getMessage()]) . PHP_EOL;
      \Drupal::logger('live_content')
        ->error('Connection error: @error ', ['@error' => $e->getMessage()]);
    });
  }

The sanitation functions should be used to sanitize data obtained from users when it's output on the browser, not when it's passed to another server.

I didn't find relevant issues that need to be fixed.

Thank you for your contribution! I am going to update your account.

These are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

I thank all the dedicated reviewers as well.