The URSYS Networking modules and related demo app are ready to use as an integration testbed with third-party authentication systems. With luck, it will be useful for:
prototyping various authentication methods
prototyping deployments to other platforms (e.g. AWS)
demonstrated URSYS Network concepts
WHAT'S NEW
The codebase has been extensively refactored and cleaned-up to be easier to follow, and the accompanying WIKI entries URSYS Network Concepts and Using URSYS Messages have been brought up to date with code examples.
The test app now implements a simple chat application that makes use of the URSYS Messaging System. It's available on the public URSYS test app and also can be run on your local Mac or Linux server. For details on installing URSYS, see the WIKI for Installation Notes.
QUICK PR TESTING on LOCAL MACHINE
Setup
pull the dev-sri/ursys-auth branch (or main if the PR has already been merged)
npm ci; cd _ur;
./ur net start
browse to the localhost address (default is localhost:8080) in three different windows (not tabs)
open the Javascript console in each window
Observations
When the webapp opens, it starts a countdown before it automatically closes the connection (this is not an idle timer).
Type in a message in one window
See it appear in the other windows
Try reloading one window
Shutting Down
ctrl-c or ./ur net stop from another terminal window on the same host
QUICK PR TESTING on SERVER
You can run it in the same way, substituting 127.0.0.1:8080 for the domain name where you are hosting it. You can see what the server is running on in the terminal:
[!NOTE]
The AppServer is compatible with nginx https proxying, and assumes that the websocket server is listening at /urnet-http on the same port. The nginx configuration is documented on the WIKI in Guide: Securing URSYS
AUTHENTICATION METHOD PROTOTYPING
Authentication is part of the URSYS Network connection protocol which uses special NetPackets.
The first packet sent by any client connection is the _auth packet, which contains whatever credentials the server will use to authenticate.
The server returns the client's address (uaddr) and an authorization token (cli_auth) that is automatically sent with every message originating from the client. This cli_auth token is anticipated to be something like a JSON Web Token with its various permissions embedded into it, so there is no need to maintain a stateful authenticated connection.
Currently, there is no actual authentication happening so it always succeeds. There are two placeholder locations.
_handleAuthRequest(pkt,socket) in class-urnet-endpoint.ts
The server invokes this through _ingestClientPacket(json,socket). It's currently coded to allow each socket to authenticate once, setting the authenticated flag on the socket, but this is not a hard requirement.
Connect() in client-http.ts
The client-http module is loaded by the example chat webapp, and exposes the Connect() as part of its API.
In the line commented as // 2. start client; EP handles the rest you can see the auth object being populated with credentials to be sent to the server. This is fed into the Endpoint.connectAsClient(client_sock, auth) call which will do the actual client handshake.
If the authentication fails, then no other packets are accepted. The promise resolves with { error } on rejection. If there is no error property the resolved value is { uaddr, cli_auth } but it is not necessary for you to save them as the Endpoint code will retain it for you.
The URSYS Networking modules and related demo app are ready to use as an integration testbed with third-party authentication systems. With luck, it will be useful for:
WHAT'S NEW
The test app now implements a simple chat application that makes use of the URSYS Messaging System. It's available on the public URSYS test app and also can be run on your local Mac or Linux server. For details on installing URSYS, see the WIKI for Installation Notes.
QUICK PR TESTING on LOCAL MACHINE
Setup
dev-sri/ursys-authbranch (ormainif the PR has already been merged)npm ci; cd _ur;./ur net startlocalhost:8080) in three different windows (not tabs)Observations
Shutting Down
ctrl-cor./ur net stopfrom another terminal window on the same hostQUICK PR TESTING on SERVER
You can run it in the same way, substituting
127.0.0.1:8080for the domain name where you are hosting it. You can see what the server is running on in the terminal:AUTHENTICATION METHOD PROTOTYPING
Authentication is part of the URSYS Network connection protocol which uses special NetPackets.
_authpacket, which contains whatever credentials the server will use to authenticate.uaddr) and an authorization token (cli_auth) that is automatically sent with every message originating from the client. Thiscli_authtoken is anticipated to be something like a JSON Web Token with its various permissions embedded into it, so there is no need to maintain a stateful authenticated connection.Currently, there is no actual authentication happening so it always succeeds. There are two placeholder locations.
_handleAuthRequest(pkt,socket)inclass-urnet-endpoint.tsThe server invokes this through
_ingestClientPacket(json,socket). It's currently coded to allow each socket to authenticate once, setting theauthenticatedflag on the socket, but this is not a hard requirement.Connect()inclient-http.tsThe
client-httpmodule is loaded by the example chat webapp, and exposes theConnect()as part of its API.In the line commented as
// 2. start client; EP handles the restyou can see theauthobject being populated with credentials to be sent to the server. This is fed into theEndpoint.connectAsClient(client_sock, auth)call which will do the actual client handshake.If the authentication fails, then no other packets are accepted. The promise resolves with
{ error }on rejection. If there is noerrorproperty the resolved value is{ uaddr, cli_auth }but it is not necessary for you to save them as the Endpoint code will retain it for you.