Closed Fede91 closed 4 months ago
@Fede91 thanks for your suggestion This is already under work under this PR: https://github.com/cheshire-cat-ai/core/pull/794
More details in this issue https://github.com/cheshire-cat-ai/core/issues/690#issuecomment-2098217170
You will be able to customize both http and websocket auth ;)
Closing this issue!
Is your feature request related to a problem? Please describe.
The current system does not allow for user authentication during the WebSocket connection process. This creates a security risk as there's no way to check if an individual user is authorized to connect to Cheshire Cat.
Describe the solution you'd like
I would like to add a hook before the WebSocket connection is accepted. This hook will allow for user authentication by checking a session token sent as a query parameter in the WebSocket connection URL. If the user is authenticated, the connection will be accepted; otherwise, it will be rejected.
Describe alternatives you've considered
Currently, there are no alternatives to perform this specific check for each individual user. Using an API key to authorize the entire client is not effective because if a user intercepts the key, they could use it in any other client.
Additional context
I am working on a project where multiple users will have their own profiles and will be able to interact with the Cheshire Cat. My idea is to send the session token as a query parameter in the WebSocket connection URL and develop a plugin to either accept or reject the connection request based on the validity of the session token.