Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I use Yesod's authentication with websockets?

Tags:

I want to make use of websockets in my Yesod application. If my understanding of the websockets package is correct, this means I will need to define a ServerApp, which is a function PendingConnection -> IO () for how to handle connection requests, and then plug it into my application using the settingsIntercept field of my Warp settings. How can I make the handling dependent on Yesod's authentication? For example, if I wanted to reject connections except from clients who are logged in as authorized users, how can I detect the currently logged-in user? Since we aren't working in a Handler monad, it seems like we don't have a way to call functions like maybeAuthId. Is the only alternative to manually look through the headers of the connection request?

like image 581
dphilipson Avatar asked Jan 06 '14 09:01

dphilipson

People also ask

How do you secure WebSockets?

To secure your messages, use WebSockets over SSL/TLS (wss:// instead of ws://). Don't roll your own crypto. Concerning authentication. The big difference between HTTP and WebSockets is that HTTP is a stateless protocol and WebSockets is not.

How does WSS work?

WebSockets are used to provide a connection between a client and a server so that both parties can send data at any time. The client uses a process known as the WebSocket handshake, which helps establish a connection between the server and the client.

What is a WebSocket frame?

A WebSocket frame can be one of 6 types: text , binary , ping , pong , close and continuation . Furthermore, every frame is either a fin frame or not. The first byte of each frame is used to represent the type of frame (known as the op code) as well as whether or not it's a fin frame.

1 Answers

Wether you use websockets or not you still have to use sessions to recognize/authorize clients on server side.

Websockets could replace your api routes but cant replace your server middleware.

And of course, things like authorization and middleware is something you handle once the client is trying any HTTP Verb on your server (get, post ...), once the websocket is up there is no more middleware running and the client should already have an identificated session if he already logged in, and that session is what you need to use each time the client asks the server for more data through the websocket.

like image 170
Rubén Marrero Avatar answered Oct 26 '22 02:10

Rubén Marrero
Sign in to Comment

Related questions

Understanding segment group, bus, device and function numbers from SMBIOS
How to call TryUpdateModel outside a data operation method
Resource structure in Apache Cordova (PhoneGap) and loading the files from the filesystem
How do I get a homebrewed version of GDB working on Mac OS X?
.NET, JSON, Embedded, Free Commercial-Use data management solution? What to do? [closed]
ios - iOS 7 UITextView is slow after typing lots of text
how is it possible to get gccgo produce vectorized code?
Google Speech Recognition API
Xamarin.Forms swipe gesture recognizer
What is setElementConverter and how does it work in Selenium WebDriver?
Tfs online and Install .pfx
Convert C.jstring to native string in Go

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!