[MM-67999] fix websocket crash (#163)

* fix(ios): synchronize WebSocket dictionary access and prevent delegate use-after-free

Add a serial dispatch queue to protect the `webSockets` dictionary in
WebSocketManager from concurrent access across URLSession delegate
callbacks, main queue, and the RN bridge. All reads/writes are now
wrapped in `queue.sync {}` with atomic remove-and-return in
`invalidateClient` and atomic snapshot+removeAll in `invalidateContext`
to eliminate TOCTOU races.

In WebSocketWrapper.didReceive, capture the weak `self.delegate` into
a strong local at method entry so the delegate cannot deallocate
mid-callback, preventing EXC_BAD_ACCESS.

Addresses Sentry issues MATTERMOST-MOBILE-IOS-XHW and
MATTERMOST-MOBILE-IOS-YQG.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(ios): address PR review feedback on WebSocket synchronization

- Restore synchronized early-return in createWebSocket to skip expensive
  option parsing and keychain work when a socket already exists
- Move dictionary removal in invalidateClient back to after disconnect
  and cleanup, so the entry is only removed on success
- Change didReceive delegate capture from required guard to optional
  strong local so internal side effects (errorCounter cleanup,
  client.disconnect on cancel) still execute when delegate is nil

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Willyfrog

ios/WebSocket/WebSocketManager.swift

@@ -5,19 +5,23 @@ import SwiftyJSON
 class WebSocketManager: NSObject {
     static let `default` = WebSocketManager()
     private override init() {}
-    internal var webSockets: [URL: WebSocket] = [:]
-    
+    private var webSockets: [URL: WebSocket] = [:]
+    private let queue = DispatchQueue(label: "com.mattermost.react-native-network-client.websocket-manager")
+
     func webSocketCount() -> Int {
-        return webSockets.count
+        return queue.sync { webSockets.count }
     }
-    
+
     func createWebSocket(for url:URL, withOptions options: Dictionary<String, Any>, withDelegate delegate: WebSocketWrapper) throws -> Void {
-        let existingWebSocket = getWebSocket(for: url)
-        if (existingWebSocket != nil) {
-            existingWebSocket!.delegate = delegate
-            return
+        let reused: Bool = queue.sync {
+            if let existing = webSockets[url] {
+                existing.delegate = delegate
+                return true
+            }
+            return false
         }
-        
+        if reused { return }
+
         var request = URLRequest(url: url)
         var compressionHandler: CompressionHandler? = nil
         var clientCredential: URLCredential? = nil
@@ -30,15 +34,15 @@ class WebSocketManager: NSObject {
                     request.addValue(value.stringValue, forHTTPHeaderField: key)
                 }
             }
-            
+
             if let timeoutInterval = options["timeoutInterval"].double {
                 request.timeoutInterval = timeoutInterval / 1000
             }
-            
+
             if let clientP12Configuration = options["clientP12Configuration"].dictionaryObject as? [String:String] {
                 let path = clientP12Configuration["path"]
                 let password = clientP12Configuration["password"]
-                
+
                 do {
                     try Keychain.importClientP12(withPath: path!, withPassword: password, forHost: url.host!)
                 } catch KeychainError.DuplicateIdentity {
@@ -50,33 +54,34 @@ class WebSocketManager: NSObject {
                 let (identity, certificate) = try Keychain.getClientIdentityAndCertificate(for: url.host!)!
                 clientCredential = URLCredential(identity: identity, certificates: [certificate], persistence: URLCredential.Persistence.permanent)
             }
-            
+
             if options["trustSelfSignedServerCertificate"].boolValue {
                 allowSelfSign = true
             }
         }
 
         let webSocket = WebSocket(request: request, engine: WebSocketEngine(forHost: url.host, clientCredential: clientCredential, allowSelfSignCertificate: allowSelfSign))
         webSocket.delegate = delegate
-        
-        webSockets[url] = webSocket
+
+        queue.sync {
+            if let existing = webSockets[url] {
+                existing.delegate = delegate
+                webSocket.delegate = nil
+            } else {
+                webSockets[url] = webSocket
+            }
+        }
     }
-    
+
     func getWebSocket(for url:URL) -> WebSocket? {
-        return webSockets[url]
-    }
-    
-    func disconnectAll() -> Void {
-        for ws in webSockets {
-            ws.value.disconnect()
-        }
+        return queue.sync { webSockets[url] }
     }
 
     func invalidateClient(for url:URL) -> Void {
         guard let webSocket = getWebSocket(for: url) else {
             return
         }
-        
+
         if let _ = try? Keychain.getClientIdentityAndCertificate(for: url.host!) {
             do {
                 try Keychain.deleteClientP12(for: url.host!)
@@ -88,11 +93,17 @@ class WebSocketManager: NSObject {
         }
         webSocket.forceDisconnect()
         webSocket.delegate = nil
-        webSockets.removeValue(forKey: url)
+        queue.sync { webSockets.removeValue(forKey: url) }
     }
 
     func invalidateContext() -> Void {
-        disconnectAll()
-        webSockets.removeAll()
+        let snapshot: [WebSocket] = queue.sync {
+            let values = Array(webSockets.values)
+            webSockets.removeAll()
+            return values
+        }
+        for ws in snapshot {
+            ws.disconnect()
+        }
     }
 }

ios/WebSocket/WebSocketWrapper.swift

@@ -171,8 +171,8 @@ var READY_STATE = [
     // MARK: WebSocketDelegate methods
 
     public func didReceive(event: WebSocketEvent, client: Starscream.WebSocketClient) {
-        
         guard let url = client.url() else { return }
+        let delegate = self.delegate
 
         switch event {
         case .connected(let headers):