search

unjs / crossws

🔌 Cross-platform WebSocket Servers for Node.js, Deno, Bun and Cloudflare Workers.
https://crossws.unjs.io
Other
395 stars 17 forks source link

Describe how authentication should be handled #88

Open benmccann opened 2 weeks ago

benmccann commented 2 weeks ago

Describe the change

I'm not super familiar with web sockets and am not sure if crossws might have any of its own requirements.

If you want a secure connection do you use wss:// and then return the response from handleUpgrade if the user is authenticated and there's an upgrade header and a 403 response if not authenticated even when there's an upgrade header?

URLs

No response

Additional information

LukeHagar commented 2 weeks ago

I also would appreciate some more detail on the flow mentioned here.

What exactly is the difference in intention between returning a response or just the headers of a response? Is returning a Response intended to always abort the upgrade request? What if the response is a 101?

Personally I think a more explicit accept() or upgrade() combined with an explicit reject() or abort() to specify the action being taken in the upgrade handler would be much easier for most people to understand.

For context I am currently exploring integrating native WebSocket support into SvelteKit, and this package seems to be a pretty fantastic fit.

LukeHagar commented 2 weeks ago

Even if accept(), upgrade(), reject(), or abort() are all just wrappers for creating and returning a response or headers