Closed powelli13 closed 3 years ago
All the token examples that I'm seeing are using a repo such as Ecto to validate users upon login, I don't know if tokens make sense when all users are essentially anonymous aside from their names.
I've started implementing this using get_session
and put_session
as a plug in pipeline to ensure that all the anonymous users have server assigned GUIDs to identify them while their on the site.
Tokens have been added to the socket to ensure that messages sent to game or lobby channels are from that sender. I followed the examples laid out in the Phoenix documentation to set up the tokens.
Currently the existing games and player queues use the player defined name to identify the players. This should be replaced by a GUID that is generated on the server side. This player ID will always be in the context of the player queue or game and can be assigned to the persistent socket when the user connects. This can be updated in
GameServerWeb.UserSocket
module in theuser_socket.ex
file. I think that the same ID will persist on the socket struct for the duration of the connection, the same value across channels and across different pages. If that is not the case then we'll need a different approach.