Open faceless2 opened 3 years ago
Feel free to open a PR to add the example
I like this - creative thinking. I'm in the process of updating a mosca production system to aedes. The very fact that we can adapt so easily to different scenarios is such a bonus - I can do far more in 40 lines of JS with aedes that I could ever do with mosquito or any commercial equivalent subpub solution.
I use JWTs to authenticate clients, but also then capture the decoded token into the client to authorize subscribe and publish. But it did occur to me that I have JWTs for web authentication against http endpoints. A solid example of how to use http authentication to refuse a ws: at the point of UPGRADE would be a useful addition to aedes examples - so that the client did not even get near MQTT if they failed the first test at establishing a ws: connection. Of course, I've not looked at client code to see if this is easy at that end....
@btsimonh Maybe checking how aedes-server-factory works could help: https://github.com/moscajs/aedes-server-factory/blob/main/index.js#L61
Not exactly a feature request, but: the supplied examples are very simple and didn't cover a use case I wanted, which was to allow a WebSocket connection to pre-log-in with an HTTP form and store the session details in a cookie, rather than by using the username/password in MQTT
CONNECT
. This way the login session can survive a page reload.I've trimmed this down to the absolute basics and am posting here for posterity - if it forms the basis of an official example, great, but if not perhaps it will be useful for someone searching the issues.
Either way I don't require any action so please feel free to close this issue.