Nsocket NPM | npm.io

nsocket

Distributed socket.io servers with back-logging and access control.

Multiple masters distributing messages to slaves.
Accept writing from clients connected to masters
Access control for all nodes

Usage

Include nsocket.js in html page and call

window.nsocket({
	servers: ["//ws1.nsocket.com", "//ws2.nsocket.com"],
	namespace: "mynamespace"
}, function(err, client) {
	if (err) return console.error(err);
	client.on('messages', function(msg) {
		// msg can be an object or an array of objects
	});
	
	// join only if bearer has read permission on that room
	client.emit('join', {
		room: "/news-today",
		/* optional, date of the last message written to that room, used by backlog */
		mtime: page.stamp,
		/* optional, setup read permissions for that client in that room */
		bearer: window.localStorage.get("nsocket-bearer")
	});

	client.send({
		room: "/news-today",
		mtime: record.mtime,
		scopes: ["editor"]
	});
	client.send({
		room: "/news-today",
		scopes: "world"
	});
	client.send({
		room: "/news-today"
		// default "public" scope, must have write permission on "public" scope
	});
});

how do i create a jsonwebtoken that allows one to write to default scope ?

var payload = {
	scopes: {
		public: {write: true}, // anyone has read access to public scope
		editor: {read: true, write: true}
	},
	/* can also contain more application logic */
};
var bearer = jwt.sign(payload, privateKey, {
	algorithm: 'RS256',
	expiresIn: 60 * 60 * 1000, // one hour
	issuer: "mynamespace"
});

how do i create a new room ?

You don't - a room is "created" by joining it, and rooms are garbage collected.

how do i protect a room from unauthorized clients ?

You don't - the sender of the message selects the scopes whom the client need to have read access to; assuming the sender has write access for the scopes listed in the message.

how can clients without bearer, "public" clients, can receive messages ?

All clients are given read access on the scope named "public". A message sent with a null "scopes" key is sent to "public" scope too.

how do i prevent a client from sending a message to a room ?

This is the default behavior.

what is a namespace and what configuration does it hold ?

It is a clean separation for applications.

Each application must register its namespace and its associated jwt public key, so that nsocket can verify the json web tokens sent by clients when they join rooms.

configure systemd services ?

From source dir: NODE_ENV=production make service

fiddle with SITE/service/nsocket-production.service, then

NODE_ENV=production make enable NODE_ENV=production make restart

If running from a user session, don't forget to loginctl enable-linger eda as root.

For letsencrypt config, disable https for a moment (either by changing config or by just changing it in lib/express.js), restart nsocket, then do as root

certbot certonly --agree-tos -a webroot --webroot-path=/home/eda/public_nodejs/nsocket/production/ -d ws5.nsocket.com
chmod +rx /etc/letsencrypt/live /etc/letsencrypt/archive

then as normal user, just link to it in SITE/private/: ln -s /etc/letsencrypt/live/ws5.nsocket.com

The 2 days watchdog on service file will restart nsocket every two days, so updated certificates are eventually picked by that restart of the app.