node.js - A Case of Socket IO authentication using Passport with Node-Express and MongoDB -


this setup -

three different servers running 3 different node js application on 3 different ec2 servers.

server 1 - running main application.

server 2 - running admin application.

server 3 - running service provider application.

each server using same mongodb database because have share collections.

so have -

server 4 - database server - running mongo db.

in database there 3 collections representing 3 types of users -

1] main user 2] admin user 3] service provider

each type of user logs own nodejs application connecting respective server using different client applications.

for example admin user connects server 2 , logs in admin application.

for login passport used, , sessions stored in mongo db, using connect-mongo . sessions of types of user stored in same sessions collection in mongo db.

the problem -

now want implement notification system using socket.io. each type of user has notification sub-document array in model. -

main user schema 

              {                  ....                   notifications : [{ text : string , date : date}]                }

admin user schema 

              {                  ....                   notifications : [{ text : string , date : date}]                }

service provider schema 

              {                  ....                   notifications : [{ text : string , date : date}]                }

if main user books service of particular service provider, first service booking info stored notification put in service providers notifications array. if service provider online notification should pushed service provider client application.

for trying use socket.io.

my approach

setup of new server push notifications-

server 5 - notification server.

this server runs socket.io server. when ever type of user logs in respective node js application using respective client application, connects notification server after successful login.

now when mainuser books service of particular service provider, main server application put notification particular service providers notification array in document. after send request notification server emit notification on channel specified id of service provider if service provider online receives notification on client application instantly.

but how make sure users connects socket io server legitimate. if user can connect socket io server , listen channel of other user if somehow gets id of other user , notification of other user.what want notification server should @ sessions collection in mongo db database , check if connected user authenticated , has proper user id.

from post i'm assuming using express, express-session , socket.io

you can add middleware socket.io links express session socket.io socket.

the expresssessionmiddleware here instance of "express-session" middleware, should configured identically session middleware in main application.

socketio = require "socket.io" io       = socketio()  io.use (socket, next) ->     expresssessionmiddleware socket.handshake, {}, next

you have access session on socket.handshake.session

an example module can found here: https://github.com/xpepermint/socket.io-express-session


-

Comments

Post a Comment

Popular posts from this blog

amazon web services - S3 Pre-signed POST validate file type? -

i know it's possible put limit on file size content-length-range header. possible validate file type? https://docs.aws.amazon.com/amazons3/latest/dev/httppostforms.html#policyconditions i see there content-type header, if set say, audio/mp3 allow mp3 files , return error if file not mp3? i found previous question answers mention validating file size: s3 direct upload restricting file size , type you can specify content-type @ post request. you can specify @ signature, post must done content-type: { "expiration": "2007-12-01t12:00:00.000z", "conditions": [ {"acl": "public-read" }, {"bucket": "johnsmith" }, {"content-type: "audio/mp3"} ] } creating html form (using aws signature version 4) edit: @ previous question found, checking content-type.
Read more

c# - Check Keyboard Input Winforms -

i wondering if instead of doing this protected override void onkeydown(keyeventargs e) { if (e.keycode == keys.a) console.writeline("the key down."); } i set bool method , this: if(keydown(keys.a)) // whatever here i've been sitting here ages trying figure out how it. can't wrap head around it. in case wondering, plan call bool inside different method, check input. since want perform action after pressing key, using keydown event enough. but in cases suppose want check if specific key down in middle of process, can use getkeystate method way: [dllimport("user32.dll", charset = charset.auto, exactspelling = true)] public static extern short getkeystate(int keycode); public const int key_pressed = 0x8000; public static bool iskeydown(keys key) { return convert.toboolean(getkeystate((int)key) & key_pressed); } you should know, each time check key state using example iskeydown(keys.a) method returns true if ke...
Read more