btry
commented
6 years ago Hi
We can use the Cluster module for performance https://nodejs.org/api/cluster.html
The proxy acts as a HTTP proxy, which forwards HTTP request to one of the GLPI instances, defined in a config.js file.
See these resources:
mosquitto
https://github.com/jpmens/mosquitto-auth-plug (readme.md about HTTP auth bachkend) https://github.com/jpmens/mosquitto-auth-plug/blob/master/examples/http-auth-be.py (basic HTTP server example in python)
emq
https://github.com/emqtt/emq-auth-http
There are 3 types of requests
- authentication (credentials challenge)
- super admin right (kind of root access to any topic)
- ACL (read/ write rights on topics)
The 1st one is t he trickiest because when a device authenticates, we cannot detect which GLPI instance. For now we must send the authentication request to all GLPI instances. If one of them succeeds then the proxy must answer HTTP 200 OK. If all fails then the proxy must answer 403 (any 40x is possible, but 403 means : forbidden)
The last one is the easiest: an ACL will have a MQTT prefix. This prefix is expected to be unique among all instances of GLPI declared in the config.js file. The proxy must find to which GLPI instance the request must be forwarded, and return to the requester the HTTP code provided by the selected GLPI instance.
The 2nd request : it seems we must implement it. For now, we don't need it. Return HTTP 403.
Finally! we need to avoit sending a request to all GLPI instances in the 1st type of request. I think we will need to define a username prefix MQTT Accounts of devices, like we are doing for topics. This way, you can detect by the username which GLPI instance to request and not request ALL (and I can also implement some kind of namespace of usernames. This is safer and will avoid username collisions).
Here is in a nutshell the need.
Hi, @btry Could you describe here the information related to design the gateway in Nodejs? Thank you in advance.