Open Raynos opened 10 years ago
One benefit of the low level api is that I could create a websocket server that accepts all streams. MuxDemux it and then try authenticate just sub streams.
This means we can have both public and authenticated websocket apis in one server.
We may also want to consider simplifying the authHandler
like (req, cb) {}
.
There is also an alternative type of authentication you can do which would look like (stream, cb) {}
where stream
is a websocket connection. i.e. authentication could be a handshake over the websocket connection. This would require handling the upgrade for all websockets and then doing auth.
worked on this a little, try cloning and doing npm install
and npm start
in one tab, and npm run watch
in another
then open:
http://localhost:8080/socket.html (user should be null)
and
http://localhost:8080/socket.html?hello=hello (user should be 'bob')
also I couldn't get wss.on("connection"
to fire when using wss.handleUpgrade
, maybe its a bug in ws
??
ahh they emit it here https://github.com/einaros/ws/blob/master/lib/WebSocketServer.js#L72-L75
but if you use handleUpgrade manually it won't emit a connection event :(
ok just published v1.0.0, check it out :D
@maxogden I had to emit a connection event myself ( https://gist.github.com/Raynos/7651349#file-auth-socket-js-L29 )
@maxogden nice. the client one looks good. the doorknob / persona one doesn't use auth yet.
We talked about changing the API up to be more forgiving for other authentication services.
I made a gist ( https://gist.github.com/Raynos/7651349 )
The idea is simple, auth-socket at it's simplest should be
function auth(req, socket, head, callback) {}
and it should do
callback(err)
orcallback(err, user)
orcallback(err, null)
wherenull
means anonymousAs a user you want to do something like
With that kind of API you don't have to build a massive switch in auth-socket to support doorknob & github oauth & redsess & level-session & bla bla.
In the gist i also showed this example
Which is the higher level way of using it with
auth.handleUpgrade
. Note this api meansauth-socket
does not depend onhttp
orws
and nor does it create servers for you.We can have an even less lines of code api similar to the current api if wanted