nsocket v1.5.0
nsocket
Distributed socket.io servers with back-logging and access control.
- Multiple masters distributing messages to slaves.
- Accept writing from clients connected to masters
- Access control for all nodes
Usage
Include nsocket.js in html page and call
window.nsocket({
servers: ["//ws1.nsocket.com", "//ws2.nsocket.com"],
namespace: "mynamespace"
}, function(err, client) {
if (err) return console.error(err);
client.on('messages', function(msg) {
// msg can be an object or an array of objects
});
// join only if bearer has read permission on that room
client.emit('join', {
room: "/news-today",
/* optional, date of the last message written to that room, used by backlog */
mtime: page.stamp,
/* optional, setup read permissions for that client in that room */
bearer: window.localStorage.get("nsocket-bearer")
});
client.send({
room: "/news-today",
mtime: record.mtime,
scopes: ["editor"]
});
client.send({
room: "/news-today",
scopes: "world"
});
client.send({
room: "/news-today"
// default "public" scope, must have write permission on "public" scope
});
});
how do i create a jsonwebtoken that allows one to write to default scope ?
var payload = {
scopes: {
public: {write: true}, // anyone has read access to public scope
editor: {read: true, write: true}
},
/* can also contain more application logic */
};
var bearer = jwt.sign(payload, privateKey, {
algorithm: 'RS256',
expiresIn: 60 * 60 * 1000, // one hour
issuer: "mynamespace"
});
how do i create a new room ?
You don't - a room is "created" by joining it, and rooms are garbage collected.
how do i protect a room from unauthorized clients ?
You don't - the sender of the message selects the scopes whom the client need to have read access to; assuming the sender has write access for the scopes listed in the message.
how can clients without bearer, "public" clients, can receive messages ?
All clients are given read access on the scope named "public". A message sent with a null "scopes" key is sent to "public" scope too.
how do i prevent a client from sending a message to a room ?
This is the default behavior.
what is a namespace and what configuration does it hold ?
It is a clean separation for applications.
Each application must register its namespace and its associated jwt public key, so that nsocket can verify the json web tokens sent by clients when they join rooms.
configure systemd services ?
From source dir: NODE_ENV=production make service
fiddle with SITE/service/nsocket-production.service, then
NODE_ENV=production make enable NODE_ENV=production make restart
If running from a user session, don't forget to
loginctl enable-linger eda
as root.
For letsencrypt config, disable https for a moment (either by changing config or by just changing it in lib/express.js), restart nsocket, then do as root
certbot certonly --agree-tos -a webroot --webroot-path=/home/eda/public_nodejs/nsocket/production/ -d ws5.nsocket.com
chmod +rx /etc/letsencrypt/live /etc/letsencrypt/archive
then as normal user, just link to it in SITE/private/:
ln -s /etc/letsencrypt/live/ws5.nsocket.com
The 2 days watchdog on service file will restart nsocket every two days, so updated certificates are eventually picked by that restart of the app.
7 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago